all | frequencies |
|
|
exhibits | applications |
---|---|---|---|---|---|
manuals |
app s | submitted / available | |||||||
---|---|---|---|---|---|---|---|---|
1 |
|
Users Manual 1 | Users Manual | 1.94 MiB | ||||
1 |
|
Users Manual 2 | Users Manual | 1.95 MiB | ||||
1 | Parts List/Tune Up Info | |||||||
1 | Attestation Statements | |||||||
1 | Cover Letter(s) | |||||||
1 | Cover Letter(s) | |||||||
1 | External Photos | |||||||
1 | Internal Photos | |||||||
1 | ID Label/Location Info | |||||||
1 | Cover Letter(s) | |||||||
1 | Test Report | |||||||
1 | Test Setup Photos |
1 | Users Manual 1 | Users Manual | 1.94 MiB |
BiPAC 7404V(G)OX BiPAC 7404V(G)PX VoIP/(802.11g) ADSL2+ (VPN) Firewall Router User Manual Version release 5.53.s5.rc3 Last Revised Date 23-10-2008 Table of Contents Chapter 1: Introduction .....................................................................1 Introduction to your Router ..................................................................1 Features ............................................................................................1 Chapter 2: Installing the Router .......................................................5 Important note for using this router ....................................................5 Package Contents .................................................................................5 The Front LEDs. ...............................................................................6 The Rear Ports ...................................................................................7 Cabling................................................................................................8 Chapter 3: Basic Installation ...........................................................9 Connecting Your Router .....................................................................10
........................................................................ 11 Factory Default Settings..................................................................17 Information from your ISP ............................................................18
.................................................19
...............................................................20 Status .....................................................................................................21 ADSL Status......................................................................................21 ARP Table .........................................................................................22 DHCP Table .....................................................................................22 Routing Table ....................................................................................24 NAT Sessions....................................................................................25 UPnP Portmap ..................................................................................25 PPTP Status ....................................................................................26 IPSec Status .....................................................................................27 L2TP Status .....................................................................................27 Email Status......................................................................................28 VoIP Status .......................................................................................28 VoIP Call Log ....................................................................................28 Event Log..........................................................................................29 Error Log...........................................................................................30 Diagnostic .........................................................................................30 Quick Start ............................................................................................31
........................................................................................35 LAN - Local Area Network.................................................................36
................................................................................36 Ethernet ..........................................................................................37 IP Alias ...........................................................................................37 Ethernet Client Filter..........................................................................38
..........................................................................................40
..............................................................................42
....................................................45
...............................................................................................46 Port Setting ....................................................................................47 DHCP Server ..................................................................................48
................................................................49
..................................................................................49
.....................................................................................51
.....................................................................................61 System..............................................................................................62 Time Zone .......................................................................................62 Remote Access.................................................................................63 Firmware Upgrade ............................................................................63
..............................................................................64 Restart Router..................................................................................65
.............................................................................66 Firewall and Access Control..............................................................68 General Settings ...............................................................................69 Packet Filter.....................................................................................70 Intrusion Detection ............................................................................78 URL Filter ........................................................................................81
..............................................................................84 Firewall Log .....................................................................................85 VPN - Virtual Private Networks (Only available for BiPAC 7404V(G)OX) 86 PPTP (Point-to-Point Tunneling Protocol) ..............................................86 IPSec (IP Security Protocol)................................................................95 L2TP (Layer Two Tunneling Protocol) .................................................104 VoIP - Voice over Internet Protocol ................................................. 116 SIP Device Parameters ................................................................... 117 SIP Accounts .................................................................................120 Phone Port ....................................................................................121 PSTN Dial Plan (Router with LINE port only)........................................123 VoIP Dial Plan ...............................................................................127 Call Feature ..................................................................................130 Speed Dial.....................................................................................130 Ring & Tone ...................................................................................131 QoS - Quality of Service..................................................................133 Prioritization ..................................................................................133
.................................................134
...................................................136 Virtual Server (known as Port Forwarding) .....................................142 Add Virtual Server ...........................................................................143
................................................................................145 Edit One-to-One NAT (Network Address Translation).............................146 Time Schedule ................................................................................149 Advanced ........................................................................................152 Static Route ..................................................................................152 Dynamic DNS.................................................................................153 Check Email...................................................................................154
.......................................................................155
............................................................................................158
..................................................................................158 Logout ..................................................................................................159 Chapter 5: Troubleshooting..........................................................160 Appendix: Product Support & Contact ........................................162 Chapter 1: Introduction Introduction to your Router
ADSL router, combining an ADSL modem, ADSL router and Ethernet network switch functionalities, providing everything you need to get the machines on your network connected to the Internet over
and network. Features Express Internet Access The router complies with ADSL worldwide standards.
Users enjoy not only high-speed ADSL services but also broadband multimedia applications such as interactive gaming, video streaming and real-time
Issue 2; G.dmt (ITU G.992.1); G.lite (ITU G.992.2); G.hs (ITU G994.1); G.dmt.bis (ITU G.992.3);
G.dmt.bis.plus (ITU G.992.5)). 802.11g Wireless AP with WPA Support (Wireless Router only)
access among wired network, wireless network and broadband connection (ADSL) with single
the security Fast Ethernet Switch A 4 and
directly for auto detection. 1 Multi-Protocol to Establish a Connection It sn
and IPoA (RFC1577) to establish a connection with the ISP. The product also supports VC-based and LLC-based multiplexing. Quick Installation Wizard It s information easily which they get from their ISP, then surf the Internet immediately. Universal Plug and Play (UPnP) and UPnP NAT Traversal This protocol is used to enable simple and robust connectivity among stand-alone devices and PCs from many different vendors. It makes network simple and affordable for users. UPnP
connect to Net Network Address Translation (NAT) Allows multi-users to access outside resources such as the Internet simultaneously with one IP
others. SOHO Firewall Security with DoS and SPI
The router is built with Stateful Packet Inspection (SPI) to determine if a data packet is allowed through the to the private LAN. Domain Name System (DNS) Relay It provides an easy way to map the domain name (a friendly name for users such as www.yahoo.
in the outside network. Dynamic Domain Name System (DDNS) The Dynamic DNS service allows you to alias a dynamic IP address to a static hostname. This
supported. 2 Quality of Service (QoS)
the router, ensuring important data like gaming packets, customer information, or management information move through the router ay lightning speed, even under heavy load. The QoS features
the speed at which different types of outgoing data pass through the router, to ensure P2P users
t bring client web serving to a halt. In addition, or alternatively, you can simply change the priority of different types of upload data and let the router sort out the actual speeds. Virtual Server (port forwarding) Users can specify some services to be visible from outside users. The router can detect incoming
s
expose it to the outside network. Outside users can browse inside web servers directly while it is
network, Internet. Rich Packet Filtering
filter packets from and to the Internet, and also provides a higher level of security control.
automatically. In the LAN site, the DHCP server can allocate a range of client IP addresses and distribute them including IP address, subnet mask as well as DNS IP address to local computers. It provides an easy way to manage the local IP network. Static and RIP1/2 Routing It has routing capability and supports . Simple Network Management Protocol (SNMP) It is an Web based GUI It s
manage this product. 3 Firmware Upgradeable
Rich Management Interfaces It s
Virtual Private Network (VPN) (BiPAC 7404V(G)OX only) It allows user to make a tunnel with a remote site directly to secure the data transmission among
supported by this router to make a VPN connection or users can run the PPTP client in PC and the router already provides IPSec and PPTP pass through function to establish a VPN connection if the user likes to run the PPTP client in his local computer. 4 Chapter 2: Installing the Router Important note for using this router Package Contents CD-ROM containing the online manual RJ-11 ADSL/telephone Cable Ethernet (CAT-5) Cable Console kit Power adapter A detachable antenna Quick Start Guide 5 The Front LEDs. 1 2 3 5 6 7 8 9 LED Power Meaning Lit when power is ON. Lit red means system failure. Restart the device
Ethernet Port 1X 4X
(RJ-45 connector) Lit when one of LAN ports is connected to an Ethernet device.
USB 4 Wireless
Lit green when a wireless connection is established.
Phone 1x-2x
(RJ-11 connector) Lit green when phone is off hook. Line
(Router with LINE port only) Lit when the inbound and outbound calls are transmitted through PSTN.
is off hook but will lit orange for phone 2. Note: Orange light also means when both Phone 1 and 2 are registered OK at the same time. Lit Green when the device is successfully connected to an ADSL
Lit red whenfails to get IP address. Lit green when gets IP address successfully. VoIP 1x-2x
(RJ-11 connector) DSL Internet 6 The Rear Ports Port 1 Antenna
3 2 DSL Line
(Router with LINE port only) Phone 1X-2X (RJ-11 connector) 4 5 USB 6 Ethernet 1X 4X
(RJ-45 connector) 7 WPS 8 RESET 9 Power 10 Power Switch Meaning Connect the detachable antenna to this port. Connect this port to the 11 cable (telephone) provided. Connect this port to the telephone jack on the wall with RJ-11 cable. Connect this port to an analog phone set with RJ-11 cable.
Connect a UTP Ethernet cable (Cat-5 or Cat-5e) to one of
Caution: Port 4 can be either a LAN or Console port at a time but not both.
To be sure the device is being turned on press RESET button for:
6 seconds and above, power off, power on the device: restore to factory default settings. (Cannot login to the router or forgot
button for more than 6 seconds). Caution: After pressing the RESET button for more than 6 seconds, to be sure you power cycle the device again. Connect it with the supplied power adapter.
7 Cabling One of the most common causes of problem is bad cabling or ADSL line(s) connected devices are turned on. On the front panel of your router is a bank of LEDs. Verify that the LAN Link and ADSL line LEDs are lit. If they are not, verify if you are using the proper cables.
(e.g. telephones, fax machines, analogue modems) connected to the same telephone line as your router
and that
8 Chapter 3: Basic Installation
eb browser. A web browser is included as a standard
etc. The product provides an P
manuals. There are ways to connect the router, either through an external repeater hub or connect directly to your PCs. However, make sure that your PCs have an Ethernet interface installed properly prior to connecting the router device. You ought to your PCs to obtain an IP address through
address of the router is 192.168.1.254 and the subnet mask is 255.255.255.0 (i.e. any attached PC must be in the same subnet, and have an IP address in the range of 192.168.1.1 to 192.168.1.253).
using DHCP. If you encounter any problem accessing the router web interface it is advisable to
of the router. Users should make their own decisions on what is best to protect their network. Please follow the following steps 9 Connecting Your Router 1. 2. 3. 4. 5. LANADSL) net Connect this router to a work. Power on the device.
Connect your router to the telephone jack on the wall with RJ-11 cable.
Power LED lit steadily and that the LAN LED is lit. 10
1. 2. Go to Start. Click on Network. Then click on Network and Sharing Center at the top bar. 3.
Center window pops up, select and
tions on the left window column. 4. Select the Local Area Connection, and right click the icon to select Properties. 11 5. Select Internet Protocol Version 4
6. 7.
select the Obtain an IP address au-
tomatically and Obtain DNS Server address automatically radio but-
ting.
Connection Properties window to
12 1.
Go to Start > Control Panel (in Classic View). In the Control Panel, double-click on Network Connections Double-click Local Area Connection. 2. 3. In the Local Area Connection Status window, click Properties. 4.
click Properties. 5. 6. Select the Obtain an IP address auto-
matically and the Obtain DNS server address automatically radio buttons.
13
1. 2. Go to Start > Settings > Control Panel. In the Control Panel, double-click on Network and Dial-up Connections. Double-click Local Area Connection. 3. In the Local Area Connection Status window click Properties. 4.
click Properties. 5. 6. Select the Obtain an IP address auto-
matically and the Obtain DNS server address automatically radio buttons.
14
1. 2. Go to Start > Settings > Control Panel. In the Control Panel, double-click on
tab.
or the name of your Network Interface Card (NIC) in your PC. 3. Select the Obtain an IP address auto-
matically radio button. 4. 5.
Select the Disable DNS radio button
15
1. 2. Go to Start > Settings > Control Panel. In the Control Panel, double-click on Network and choose the Protocols tab.
erties. 3. Select the Obtain an IP address from a DHCP server radio button and click
16 Factory Default Settings
router, you need to know the following default settings. Web Interface (Username and Password) Username: admin Password: admin
adminadmin Device LAN IP settings IP Address: 192.168.1.254
ISP setting in WAN site PPPoE DHCP server DHCP server is enabled. Start IP Address: 192.168.1.100 IP pool counts: 100 LAN and WAN Port Addresses
the tale. IP address
DHCP server function IP addresses for distribution to PCs LAN Port 192.168.1.254 255.255.255.0 Enabled 100 IP addresses continuing from 192.168.1.100 through 192.168.1.199
The PPPoE function is enabled to automatically get
from the ISP. 17 Information from your ISP
out what kind of service is provided such as DHCP (Obtain an IP Address Automatically, Static IP
(Fixed IP Address) or PPPoE. Gather the information as illustrated in the following table and keep it for reference. PPPoE(RFC2516)
Name, and Domain Name System (DNS) IP address (it can be automatically assigned by your ISP when you connect or be set manually). PPPoA(RFC2684)
Domain Name System (DNS) IP address (it can be automatically assigned by your ISP when you connect or be set manually).
RFC2684)
Gateway address, and Domain Name System (DNS) IP address (it is a
IPoA(RFC1577)
Gateway address, and Domain Name System (DNS) IP address (it is a
18
Open your web browser, enter the IP address of your router, which by default is 192.168.1.254,
Congratulations! You are now successfully logon to the 3G/VoIP/(802.11g) ADSL2+ (VPN) Firewall Router!
19
Status ADSL Table ARP Table DHCP Table Routing Table NAT Sessions UpnP Portmap PPTP Status IPSec Status L2TP Status Email Status VoIP Status VoIP Call Log Event Log Error Log Diagnostic Quick Start
LAN
System Firewall VPN VoIP QoS Virtual Server Time Schedule Advanced Language (provides user interface in English and French languages) 20 Status ADSL Status This section displays the ADSL overall status, which shows a number of helpful information such
Status: The current status of the 3G card. Signal Strength: The signal strength bar indicates current 3G signal strength. Network Name: The network name that the device is connected to. 21 ARP Table
feature. IP Address: A list of IP addresses of devices on your LAN (Local Area Network). MAC Address: Interface: The interface name (on the router) that this IP Address connects to. Static: Static status of the ARP table entry:
no
yes DHCP Table Leased: The DHCP assigned IP addresses information. Expired: The expired IP addresses information. Permanent:. 22 Leased Table IP Address: The IP address that assigned to client. MAC Address: Client Host Name: The Host Name (Computer Name) of client. Expiry: The current lease time of client. 23 Routing Table Routing Table Valid: It indicates a successful routing status. Destination: The IP address of the destination network. Netmask: The destination Netmask address. Gateway/Interface: The IP address of the gateway or existing interface that this route will use. Cost: The number of hops counted as the cost of the route. RIP Routing Table Destination: The IP address of the destination network. Netmask: The destination Netmask address. Gateway: The IP address of the gateway that this route will use. Cost: The number of hops counted as the cost of the route. 24 NAT Sessions
(LAN). UPnP Portmap The section lists all port-mapping established using UPnP (Universal Plug and Play. See Advanced
25 PPTP Status
Name: Type: The type of connection (dial--out). Enable:e connection is currently enabled. Active: Tunnel Connected:Tunnel is currently connected. Call Connected: If the Call for this VPN entry is currently connected. Encryption: The encryption type used for this VPN connection. 26 IPSec Status
Name: The name you assigned to the particular VPN entry. Active: Connection State: Statistics: Statistics for this VPN Connection. Local Subnet: The local IP Address or Subnet used. Remote Subnet: The Subnet of the remote site. Remote Gateway: The Remote Gateway IP address. SA: The Security Association for this VPN entry. L2TP Status
L2TP VPN Connections. Name: The name you assigned to the particular L2 Type: The type of connection (dial--out). Enable: e connection is currently enabled. Active: Tunnel Connected: Tunnel is currently connected. Call Connected: If the Call for this VPN entry is currently connected. Encryption: The encryption type used for this VPN connection. 27 Email Status
Advanced section of this manual for details on this function. VoIP Status VoIP Call Log 28 Event Log
Please see the Firewall section of this manual for more details on how to enable Firewall logging. 29 Error Log Any errors encountered by the router (e.g. invalid names given to entries) are logged to this window. Diagnostic It tests the connection to computer(s) which is connected to the connection. If PING www.google.com is shown FAIL and the rest is PASS, you ought to check your
30 Quick Start 1. Click Quick Start. Select the connect mode you want. There are 2 options to choose from: ADSL or 3G. Select ADSL mode from the drop down menu and click Continue. 2. If your ADSL line is not ready, you need to check your ADSL line has been set or not. 3. If your ADSL line is ready, the screen appears ADSL Line is Ready. Choose Auto radio button
5.) 4.
and click Apply. 31 5.
and click Apply to continue.
Select the connection mode. There is ADSL. Protocol: Select the protocol mode. The default mode is PPPoE. VPI/VCI: Enter the VPI and VCI information provided by your ISP. Username: Enter the username provided by your ISP. Password: Enter the password provided by your ISP. Service Name information. Authentication Protocol: Default is Auto. Your ISP advises on using Chap or Pap. IP Address: from your ISP. Obtain DNS automatically: Click to activate DNS and to enable the system to automatically detect DNS. Primary DNS / Secondary DNS: Enter the IP addresses of the DNS servers. The DNS servers are passed to the DHCP clients along with the IP address and the netmask. 32 6.
WLAN Service: Default setting is set to Enable. If you want to use wireless, both 802.11g and 802.11b device in your network, you can select Enable. ESSID: The ESSID is thedistinguished from another. For securitywhich is already built-in to the . It is case sensitive and must not excess 32 characters. ake sure your wireless clients have exactly the ESSID as the device, in order to get connected to your network. ESSID Broadcast: It is function in which transmits its ESSID to the air so that when wireless client searches for a network, router can then be discovered and recognized. Default setting is Enable. Enable: locate the Access Point (AP) of your router. Disable: one will be able to locate the Access Point (AP) of your router. Regulation Domain: There are seven Regulation Domains for you to choose from, including North America (N.America), Europe, France, etc. The Channel ID will be different based on this setting. Channel ID: Select the ID channel that you would like to use. Security Mode: default mode of wireless security is Disable. 7. Set up VoIP. 33 SIP: To use VoIP SIP as VoIP call signaling protocol. Default is set to Disable. Region: This selection is a drop-down box, which allows user to select the country for which the
loaded. SIP Service Provider: is done, respective parameters below are automatically displayed. Phone Number: This parameter holds the registration ID of the user within the VoIP SIP registrar. Username: space with your username given by your VoIP provider. Password: This parameter holds the password used for authentication within VoIP SIP registrar. Display Name: This parameter will be appeared on the Caller ID. 8.
9.
34
LAN, WAN, System, Firewall, VoIP, QoS, Virtual Server, Time Schedule and Advanced
35 LAN - Local Area Network Here are the items within the LAN section: Bridge Interface, Ethernet, IP Alias, Ethernet Client Filter, Wireless, Wireless Security, Wireless Client Filter, WPS, Port Setting and DHCP Server. Bridge Interface
two VLAN groups need to be created. Ethernet: P1 (Port 1) Ethernet1: Note: You should setup each VLAN group with caution. Each Bridge Interface is arranged in this order.
ethernet ethernet1 ethernet2 ethernet3 VLAN Port (Always starts with)
P4 Management Interface: To specify which VLAN group has possibility to do device management, like doing web management. Note: NAT/NAPT can be applied to management interface only. 36 Ethernet Primary IP Address IP Address: The default IP on this router. Subnet Mask: The default subnet mask on this router. RIP: IP Alias This function creates multiple virtual IP interfaces on this router. It helps to connect two or more local networks to the ISP or remote n IP Address: Specify an IP address on this virtual interface. SubNetmask: Specify a subnet mask on this virtual interface. Security Interface: Internal: out to Internet if NAT is enabled. External: be used when providing multiple public IP addresses by ISP. In this case, you can use public IP address in local network which gateway IP address point to the IP address on this interface. DMZ: 37 Ethernet Client Filter The Ethernet Client Filter supports up to 16 Ethernet network machines that helps you to manage
machine(s) to access your LAN.
Ethernet Client Filter: Default setting is set Disable. Allowed:
Blocked:
hexadecimal characters. The number 0 - 9 and letters a - f are acceptable. Note: Follow the MAC Address Format xx:xx:xx:xx:xx:xx. Semicolon ( : ) must be included. Candidates: automatically detects devices connected to the router through the Ethernet. Click the Candidate button to access the Active PC in LAN window. Active PC in LAN: 38
You can easily by checking the box next to the IP address to be blocked or allowed. Then, Add to insert to the Ethernet Client Filter table. The maximum Ethernet client is 16. 39 Wireless Parameters WLAN Service: Default setting is set to Enable. If you do not have any wireless, both 802.11g and 802.11b, device in your network, select Disable. Mode: 11b devices in your network, then keep the default in mixed mode. From the drop-down manual, you can select 802.11g if you have only 11g card. If you have only 11b card, then select 802.11b. ESSID: The ESSID is thedistinguished from another. For security purpose, change the default built-in to the . It is case sensitive and must not excess 32 characters.
ake sure your wireless clients have exactly the ESSID as the device, in order to get connected to your network. Note: It is case sensitive and must not excess 32 characters. ESSID Broadcast: It is function in which transmits its ESSID to the air so that when wireless client searches for a network, router can then be discovered and recognized. Default setting is Enabled. Disable: cannot discover the Access Point (AP) of your router. Enable: Any client that using the any setting can discover the Access Point (AP). Regulation Domain: There are seven Regulation Domains for you to choose from, including North America (N.America), Europe, France, etc. The Channel ID will be different based on this setting. Channel ID: Select the wireless connection ID channel that you would like to use. 40 Note: Wireless performance may degrade if select ID channel is already being occupied by other AP(s). TX PowerLevel: It is a function that enhances the wireless transmitting signal strength. User may adjust this power level from minimum 1 up to maximum 127. Note: The Power Level maybe different in each access network user premises environment and choose the most suitable level for your network. Connected: Representing in true or false. That it is the connection status between the system and the build-in wireless card. AP MAC Address: AP Firmware Version: Wireless Distribution System (WDS) It is a wireless access point mode that enables wireless link and communication with other access point. It isconnected advantages of cost saving and flexibility whichbridge between two access points and extending an existing wired or wireless infrastructure network to create a larger network. It can connect up to 4 wireless APs for extending cover range at the same time. In addition, be the same for both access points. WDS Service: The default setting is Disabled. Check Enable radio button to activate this function. 1. 2. 3. Peer WDS MAC Address:
each other. Peer WDS MAC Address:
Peer WDS MAC Address:
Peer WDS MAC Address:
4. Note: For MAC Address, Semicolon ( : ) must be included.
41 Wireless Security
The default mode of wireless security is disabled. 42 WPA-PSK / WPA2-PSK Security Mode: default mode of wireless security is Disable. WPA Algorithms:
encrypted algorithms, which incorporates
Authentication Code Protocol) of the AES (Advanced Encryption Security) algorithms. WPA Shared Key: The key for network authentication. The input format is in character style and key size should be in the range between 8 and 63 characters. Group Key Renewal: The period of renewal time for changing the security key automatically between wireless client and Access Point (AP). Default value is 600 seconds. WEP WEP Authentication: To prevent unauthorized wireless stations from accessing data transmitted
security for transmissions, there are two options to select from: Open System, Share key. WEP Encryption: To prevent unauthorized wireless stations from accessing data transmitted over the network, the router security for transmissions, there are two alternatives to select from: WEP 64 and WEP 128.
64. 43 Passphrase: This is
Default Used WEP Key: Select the encryption key ID; please refer to Key (1~4) below. Key (1-4):
the same as the router. There are four keys
44 Wireless Client / MAC Address Filter
control to accept to restrict unwanted machine(s) to access your LAN.
rules to meet your
Wireless Client Filter: Default setting is set to Disable. Allowed:
Blocked:
The maximum client is 16. addresses are 6 bytes long; they are presented only in hexadecimal characters. The number 0 - 9 and letters a - f are acceptable. Note: Follow the MAC Address Format xx:xx:xx:xx:xx:xx. Semicolon ( : ) must be included. Candidates: Click the Candidate button to access the Associated Wireless Client window. Associate Wireless Client: Displays a list of individual wireless device 45 connects to the router.
maximum WPS
easily
It is reduced by half the user steps to
nd network and enable security. 46 Port Setting This section the ports to solve some of the compatibility problems that may be encountered while connecting to the Internet, as well allowing users to tweak the performance of their network. Port # Connection Type: There are Six options to choose from: A
full-duplexthere are Ethernet compatibility problems with legacy Ethernet devices, and y solve compatibility issues. problems with PCs not being able to access your LAN. IPv4 TOS priority Control (Advanced users): TOS, Type of Services, is the 2nd octet of an IP packet. its 6-7 of this octet are reserved and bit 0-5 are used to specify the priority of the packet.
nd matches the checked values in the table (0 to 63), this packet will be treated as high priority. 47 DHCP Server
network, and set the default gateway for each PCs to the IP address of the router (by default this is 192.168.1.254).
parameters of the DHCP Server including the IP pool (starting IP address and ending IP address to be allocated to PCs on your network), lease time for each assigned IP address (the period of time the IP address assigned will be valid), DNS IP address and the gateway IP address. These details
If you check DHCP Relay Agent and click Next, then you will have to enter the IP address of the DHCP server which will assign an IP address back to the DHCP client in the LAN. Use this function only if advised to do so by your network administrator or ISP. Click Apply to enable this function. 48 WAN - Wide Area Network
the Internet. Here are the items within the and ADSL Mode. WAN Interface WAN Connection-ADSL Mode
Main Port: User can select either ADSL or 3G mode. Failover / Failback: Backup Port:
Connectivity Decision: Set how many times of probing failed to switch backup port. Failover Probe Cycle: Set the time duration for the Failover Probe Cycle to determine when the router will switch to the backup connection (backup port) once the main connection (main port) fails. Note: The time set is for each probe cycle, but the decision to change to the backup port is determined by Probe Cycle duration multiplied by connection Decision amount (e.g. From the image above it will be 12 seconds multiplied by 5 consecutive fails). Failback Probe Cycle: Set the time duration for the Failback Probe Cycle to determine when the router will switch back to the main connection (main port) from the backup connection (backup port) once the main connection is communicating again. Note: The time set is for each probe cycle, but the decision to change to the backup port is determined by Probe Cycle duration multiplied by Connection Decision amount (e.g. From ge above it will be 3 seconds multiplied by 5 consecutive fails). Detect Rule:
49 Rule 1. ADSL Down Rule 2. Ping Fail No Ping: It will not send any ping packet to determine the connection. It means to disable the ping fail detection. Ping Gateway: It will send ping packet to gateway and wait response from gateway in every
Ping Host: The host must be an IP address. WAN Connection-3G Mode
50
PPPoE Connection PPPoE (PPP over Ethernet) provides access control in a manner which is similar to dial-up services using PPP.
Protocol: Description: A given name for the connection. VPI/VCI: Enter the information provided by your ISP. ATM Class: Username: Enter the username provided by your ISP. You can input up to 128 alphanumeric
Password: Enter the password provided by your ISP. You can input up to 128 alphanumeric characters (case sensitive). Service Name:
15 alphanumeric characters. NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single IP account, sharing the single IP address. If users on your LAN have public IP addresses and can access the Internet directly, the NAT function can be disabled. IP (0.0.0.0:Auto): address from your ISP. 51 Auth. Protocol: Default is Auto. Your ISP should advise you on whether to use Chap or Pap. Connection:
Always on: If you want the router to establish a PPPoA session when starting up and to au-
tomatically re-establish the PPPoA session when disconnected by the ISP. Connect on Demand: If you want to establish a PPPoA session only when there is a packet
the Internet). Idle Timeout: Auto-disconnect the when there is no activity on the line for a predetermined period of time. Detail:
MTU: headers) that IP will attempt to send through the interface. RIP: TCP MSS Clamp: This option helps to discover the optimal enabled.
Obtain DNS: A Domain Name System (DNS) contains a mapping table for domain name and IP addresses. to obtain DNS automatically. Primary DNS: Enter the primary DNS. Secondary DNS: Enter the secondary DNS 52 PPPoA Connection
Protocol: Description: A given name for the connection. VPI/VCI: Enter the information provided by your ISP. ATM Class: Username: Enter the username provided by your ISP. You can input up to 128 alphanumeric
Password: Enter the password provided by your ISP. You can input up to 128 alphanumeric characters (case sensitive). NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single IP account, sharing the single IP address. If users on your LAN have public IP addresses and can access the Internet directly, the NAT function can be disabled. IP (0.0.0.0:Auto): address from your ISP. Auth. Protocol: Default is Auto. Your ISP should advises you on whether to use Chap or Pap. Connection:
Always on: If you want the router to establish a PPPoA session when starting up and to au-
tomatically re-establish the PPPoA session when disconnected by the ISP. Connect on Demand: If you want to establish a PPPoA session only when there is a packet
the Internet). Idle Timeout: Auto-disconnect the when there is no activity on the line for a predetermined period of time. 53 Detail:
MTU: headers) that IP will attempt to send through the interface. RIP: TCP MSS Clamp: This option helps to discover the optimal enabled. Obtain DNS: A Domain Name System (DNS) contains a mapping table for domain name and IP addresses. to obtain DNS automatically. Primary DNS: Enter the primary DNS. Secondary DNS: Enter the secondary DNS. 54 MPoA Connection
Protocol: Description: A given name for the connection. VPI/VCI: Enter the information provided by your ISP. ATM Class: NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single IP account, sharing a single IP address. If users on your LAN have public IP addresses and can access the Internet directly, the NAT function can be disabled. Encap. mode: Choose whether you want the as bridged packet or routed packet. MTU: headers) that IP will attempt to send through the interface. IP (0.0.0.0:Auto): Specify an IP address allowed to logon and Note: IP 0.0.0.0 indicates all users who are connected to this router are allowed to logon the device and modify data. Netmask: The default is 255.255.255.0. User can change it to other such as 255.255.255.128. Type the subnet mask assigned to you by your ISP (if given). Gateway: Enter the IP address of the default gateway (if given). RIP: TCP MSS Clamp: This option helps to discover the optimal enabled. 55
Obtain DNS: A Domain Name System (DNS) contains a mapping table for domain name and IP addresses. to obtain DNS automatically. Primary DNS: Enter the primary DNS. Secondary DNS: Enter the secondary DNS. 56 IPoA Routed Connection
Protocol: Description: A given name for the connection. VPI/VCI: Enter the information provided by your ISP. ATM Class: NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single IP account, sharing a single IP address. If users on your LAN have public IP addresses and can access the Internet directly, the NAT function can be disabled. MTU: headers) that IP will attempt to send through the interface. IP (0.0.0.0:Auto): Specify an IP address allowed to logon and Note: IP 0.0.0.0 indicates all users who are connected to this router are allowed to logon the device and modify data. Netmask: The default is 255.255.255.0. User can change it to other such as 255.255.255.128. Type the subnet mask assigned to you by your ISP (if given). Gateway: Enter the IP address of the default gateway (if given). RIP: TCP MSS Clamp: This option helps to discover the optimal enabled. Obtain DNS: A Domain Name System (DNS) contains a mapping table for domain name and IP addresses. to obtain DNS automatically. Primary DNS: Enter the primary DNS. Secondary DNS: Enter the secondary DNS. 57 Pure Bridge
Protocol: Description: A given name for this connection. VPI/VCI: Enter the information provided by your ISP. ATM Class: Encap. mode: Choose whether you want the as bridged packet or routed packet. Acceptable Frame Type: only VLAN tagged. Filter Type: All Ip Pppoe Allows all types of ethernet packets through the port.
Allows only PPPoE types of ethernet packets through the port. 58 3G TEL No.: mobile service provider. APN:
internet portal which they connect a DHCP Server to, giving you access to the internet i.e. Some
Username: Enter the username provided by your service provider. Password: Enter the password provided by your service provider. Authentication Type: Authentication Protocol) or PAP (Password Authentication Protocol) if you know which type the server is using (when acting as a client), or else the authentication type you want clients
unencrypted, whilst CHAP encrypts the password before sending, and also allows for challenges at different periods to ensure that an intruder has not replaced the client. PIN: systems as a password to gain access, and authenticate. In mobile phones a PIN code locks the
59 Connection:
Always On:
Keep Alive: Set Enable to allow the router automatically reconnects the connection when ISP disconnects it. Connect to Demand:-
Internet). In this mode, you must set Idle Timeout value at same time. Enabling Connect on Demand will give you an option of Idle Timeout. Idle Timeout: Auto-disconnect the connection when there is no activity on this call for a pre-
determined period of time. The default value is 10 seconds. Obtain DNS Automatically: Select this check box to use DNS. Primary DNS/ Secondary DNS: Enter the IP addresses of the DNS servers. The DNS servers are passed to the DHCP clients along with the IP address and the subnet mask. Note: If you dont know how to set these values and please keep them untouched. 60 ADSL Mode Connect Mode:
the symptom of synchronization problem. Modulation: It will automatically detect capability of your ADSL line mode. Please keep the factory setting unless ADSL is detected as the symptom of synchronization problem.
Please keep the factory settings unless ADSL is detected as the symptom of low link
Activate Line: Aborting (false) your ADSL line and making it active (true) again for taking effect
Coding Gain: It reduces routers transmit power which will effect to routers downstream performance. Higher the gain will increase the downstream rate but it sometimes causes unstable ADSL line. The cis 7. 61 System Here are the items within the System section: Time Zone, Remote Access, Firmware Upgrade, Backup/Restore, Restart and User Management. Time Zone The router does not have a real time clock on board; instead, it uses the Simple Network Time Protocol (SNTP) to get the current time from an SNTP server outside your network. Choose your local time zone, click Enable and click the Apply button. After a successful connection to the Internet,
to specify an SNTP server other than those in the list, simply enter its IP address as shown above. Your ISP may provide an SNTP server for you to use.
summer time to move one hour of daylight from morning to the evening in local standard time. Check Enable box to set your local time. Resync Period (in minutes) is the periodic interval the router will wait before it re-synchronizes the
absolute minimum every few hours or even days. 62 Remote Access To temporarily permit remote administration of the router (i.e. from outside your LAN), select a time
section of the GUI. If you wish to permanently enable remote access, choose a time period of 0 minute. Firmware Upgrade
this software may be improved and revised, and your router allows you to upgrade the software it runs to take advantage of these changes.
63 Backup / Restore
to restore a previously saved backup. This is useful if you wish to experiment with different settings, knowing that you have a backup handy in the case of any mistakes. It is advisable to backup your
router. 64 Restart Router Click Restart with option Current Settings to reboot your router (and restore your last saved
factory default settings. You may also reset your router to factory settings by holding the small Reset pinhole button more than 6 seconds on the back of your router. Caution: After pressing the RESET button for more than 6 seconds, to be sure you power cycle the device again. 65 User Management
to login with a password. You can set up multiple user accounts, each with their own password. You are able to Edit existing users and Add interface. Once you have clicked on Edit, you are shown the following options:
valid, as well as add a comment to each user account.You cannot delete the default admin account, if you do you will be log out. However, you can delete any other created accounts by clicking Delete when editing the user. You are strongly advised to change the password
to Factory Defaults. 66
create a user account
add your new user account. To delete a user account, click on the Delete radio button on the right column of the account you
67 Firewall and Access Control
from your LAN, as well as helping to prevent attacks from hackers. when using NAT, the
that cannot be directly accessed from the Internet. Firewall: Prevent outsiders from accessing your local network. The router provides three levels of security support:
Firewall Security and Policy (General Settings): Inbound direction of Packet Filter rules to prevent unauthorized computers or applications to access your local network from the Internet. Intrusion Detection: Enable Intrusion Detection to detect, prevent and log malicious attacks. Access Control: Prevent access from PCs on your local network:
Firewall Security and Policy (General Settings): Outbound direction of Packet Filter rules to prevent unauthorized computers or applications from accessing the Internet. URL Filter: To block PCs on your local network from unwanted websites. 68 Listed are the items under the Firewall section: General Settings, Packet Filter, Intrusion Detection, URL Filter, IM/P2P Blocking and Firewall Log. General Settings You can or
There are four options when you enable the Firewall, they are:
all inbound (Internet to LAN) and outbound (LAN to Internet) packets will be blocked. Users
High/Medium/Low security level: security are displayed in Port Filters of Packet Filter.
even and do
69
Packet Filter This function is only available when the Firewall is enabled and one of these four security levels is
preset
more detail information. 70 Example:
Protocol Port Firewall - Low Firewall - Medium Firewall High Number Start End Inbound Outbound Inbound Outbound Inbound Outbound Table 1:
Port Filter Application HTTP(80) TCP(6) 80 DNS (53) UDP(17) 53 DNS (53) TCP(6) FTP(21) TCP(6) Telnet(23) TCP(6)
TCP(6) 53 21 23 25 80 53 53 21 23 25 POP3(110) TCP(6) 110 110 NO NO NO NO NO NO NO YES YES YES YES YES YES YES NO NO NO NO NO NO NO YES YES YES YES YES YES YES NO NO NO NO NO NO NO YES YES YES NO NO YES YES TCP(6) 119 119 NO YES NO YES NO NO
(Network News Transfer Protocol)
RealVideo
(7070) UDP(17) 7070 7070 YES YES YES YES PING
NO H.323(1720) TCP(6) 1720 1720 YES T.120(1503) TCP(6) 1503 1503 YES SSH(22) TCP(6) 22 22 NTPSNTP UDP(17) 123 123
Proxy (8080) TCP(6) 8080 8080 HTTPS(443) TCP(6) 443 443 NO NO NO NO ICQ (5190) TCP(6) 5190 5190 YES
(1863) TCP(6) 1863 1863 YES
(7001) UDP(17) 7001 7001 YES
TCP(6) 9000 9000 NO
(9000) NO NO NO NO NO NO NO
YES YES YES YES YES NO YES
YES YES YES YES YES YES YES YES YES YES YES 71 NO NO NO NO NO NO NO N
NO YES NO NO NO YES NO
Inbound: Internet to LAN Outbound: LAN to Internet YES: Allowed NO: N/A: Not Applicable Packet Filter Add TCP/UDP Filter Rule Name Helper:Select drop-down menu Time Schedule: prioritization policy. For setup and detail, refer to Time Schedule section Source IP Address(es) / Destination IP Address(es): This is the Address-Filter used to allow or
the Address-Filter rule. Tip:
Type: It is the packet protocol type used by the application, select TCP, UDP Protocol Number: Insert the port number. Source Port: connect to the application. Default is set from range 0 ~ 65535. It is recommended that this option
Destination Port: Inbound / Outbound:
Click Add button to apply your changes. 72 Packet Filter Add Raw IP Filter Go to Type drop-down menu, select Use Protocol Number. Rule Name Helper:choosing Select drop-down menu Time Schedule: prioritization policy. For setup and detail, refer to Time Schedule section Source IP Address(es) / Destination IP Address(es): This is the Address-Filter used to allow or
the Address-Filter rule. Tip: To block access, to/from a single IP address, enter that IP address as the Host IP Address and use a Host Subnet Mask of 255.255.255.255. Type: It is the packet protocol type used by the application, select TCP, UDP Protocol Number: Insert the port number, i.e. GRE 47. Source Port: connect to the application. Default is set from range 0 ~ 65535. It is recommended that this option
Destination Port: Inbound / Outbound:
Click the Add button to apply your changes. Example:
set to a high, medium or low security level. To setup a web server located on the local network when
73
HTTP to your router is not allowed. Note: Inbound indicates accessing from Internet to LAN and Outbound is from LAN to the Internet. 74
1.
this case for the low security level), shown below:
2.
delete the existing HTTP rule. 3.
Inbound and Outbound. 75 Example:
Application: Cindy_HTTP Time Schedule: Always On
Source Port: 0-65535 (I allow all ports to connect with the application))
1.
2.
port 80 will be forwarded to the PC running your web server:
76 77 Intrusion Detection
attempts or other connections that the router determines to be suspicious. Blacklist: If the router detects a possible attack, the source IP or destination IP address will be
Intrusion Detection: If enabled, IDS will block Smurf attack attempts. Default is false. Block Duration:
Victim Protection Block Duration: This is the duration for blocking Smurf attacks. Default value is 600 seconds. Scan Attack Block Duration: This is the duration for blocking hosts that attempt a possible Scan attack. Scan attack types include Xmas scan, IMAP SYN/FIN scan and similar attempts. Default value is 86400 seconds. DoS Attack Block Duration: This is the duration for blocking hosts that attempt a possible Denial of Service (DoS) attack. Possible DoS attacks this attempts to block include Ascend Kill and WinNuke. Default value is 1800 seconds. Max TCP Open Handshaking Count: This is a threshold value to decide whether a SYN Flood attempt is occurring or not. Default value is 100 TCP SYN per seconds. Max PING Count: This is a threshold value to decide whether an ICMP Echo Storm is occurring or not. Max ICMP Count: This is a threshold to decide whether an is occurring or not. Default
78 cannot protect against such attacks. Table 2: Hacker attack types recognized by the IDS Drop Packet Intrusion Name Detect Parameter Blacklist Type of Block Ascend Kill
Duration Src IP DoS Show Log Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Src IP DoS Dst IP Victim Protection Src IP Src IP Src IP Scan Scan Scan Src IP Scan Src IP Scan Yes Yes SrcIP Scan Yes Yes WinNuke Smurf Land attack Echo/CharGen Scan Echo Scan CharGen Scan Xmas Tree Scan IMAP SYN/FIN Scan SYN/FIN/RST/ACK Scan Net Bus Scan TCP Port 135, 137~139, Flag:
URG
Des IP is broadcast SrcIP = DstIP UDP Echo Port and CharGen Port UDP Dst Port =
Echo(7) UDP Dst Port =
CharGen(19)
FIN DstPort:
SrcPort: 0 or 65535 TCP, No Existing session And Scan Hosts more than
TCP No Existing session
12345,12346, 3456
SYN Flood UDP, DstPort
(31337)
Handshaking Count (Default
SrcIP Scan Yes Yes Yes 79 ICMP Flood ICMP Echo
sec)
Src IP: Source IP Src Port: Source Port Dst Port: Destination Port Dst IP: Destination IP Yes Yes 80
1 | Users Manual 2 | Users Manual | 1.95 MiB |
URL Filter
Enable/Disable: To enable or disable URL Filter feature. Block Mode: The default is set to Always On. Disabled: Always On: the day. TimeSlot1 ~ TimeSlot16:
Time Schedule section.
browser (HTTP) connection attempts using port 80 only. For example, if the URL is http://www.abc.com/abcde.html, it will be dropped as the keyword
81 Domains Filtering: This function checks the whole URL not the IP address, in URLs accessed
or dropped (Forbidden). For this function to be activated, both check-boxes must be checked. Here is the checking procedure:
1. 2. 3. 4. Check the domain in the URL to determine if it is in the trusted list. If yes, the connection attempt is sent to the remote web server. If not, check if it is listed in the forbidden list. If yes, then the connection attempt will be dropped. If the packet does not match either of the above two items, it is sent to the remote web server.
www.google.com.auwww.googlewww.google.com
www.abc.com will be sent to the remote web server
www.google or www.google.com will be dropped, because www.google is in the forbidden list. 82 Example:
from accessing other sites. Restrict URL Features: This function enhances the restriction to your URL rules. Block Java Applet: to prevent someone who wants to damage your system via standard HTTP protocol.
Preventing someone who uses the IP address as URL for skip-
ping Domains Filtering function. Activates only and if Domain Filtering enabled. 83 IM / P2P Blocking
client program software that allows users to communicate
applications make communication faster and easier but your network can become increasingly insecure at the same
Instant Message Blocking: The default is set to Disabled. Disabled: Always On: Action is enabled. TimeSlot1 ~ TimeSlot16: period to trigger the blocking, i.e. during working hours. For setup and detail, refer to Time Schedule section. Yahoo/MSN Messenger: Check the box to block be sure you enabled the Instant Message Blocking Peer to Peer Blocking: The default is set to Disabled. Disabled: Always On: Action is enabled. TimeSlot1 ~ TimeSlot16: This is the trigger the blocking, i.e. during working hours. For setup and detail, refer to Time Schedule section. BitTorrent / eDonkey: Check the box to block sure you enabled 84 Firewall Log
Check the Enable box to activate the logs. Log information can be seen in the Status Event Log after enabling. 85 VPN - Virtual Private Networks (Only available for BiPAC 7404V(G)OX)
network via the Internet. Your router supports three main types of VPN (Virtual Private Network):
PPTP, IPSec and L2TP. PPTP (Point-to-Point Tunneling Protocol) There are two types of PPTP VPN supported; Remote Access and LAN-to-LAN (please refer
Name: A given name for the connection. Active: This function activates or deactivates the PPTP connection. Check Active checkbox if you want the protocol of tunnel to be activated and vice versa. Note: When the Active checkbox is checked, the function of Edit and Delete will not be available. Connection Type: It informs your PPTP tunnel connection condition. Type: This refers to your router operates as a client or a server, Dialout or Dialin respectively. PPTP Connection - Remote Access Name: Connection Type: Remote Access or LAN to LAN. Type: Check Dial Out if you want your router to operate as a client (connecting to a remote
you wish to connect to.
User. 86 Username: If you are a Dial-Out user (client), enter the username provided by your Host. If you are a Dial-In user (server), enter your own username. Password: If you are a Dial-Out user (client), enter the password provided by your Host. If you are a Dial-In user (server), enter your own password. Authentication Type: Default is Auto if you want the router to determine the authentication type to use, or else manually specify CHAP (Challenge Handshake Authentication Protocol) or PAP
(Password Authentication Protocol) if you know which type the server is using (when acting as a client), or else the authentication type you want clients connecting to you to use (when acting as a
before sending, and also allows for challenges at different periods to ensure that an intruder has not replaced the client. Data Encryption: Default is Auto, so that this setting is negotiated when establishing a connection, or else you can manually Enable or Disable encryption. Key Length: Auto, it is negotiated when establishing a connection. 128 bit keys provide stronger encryption than 40 bit keys. Mode: You may select Stateful or Stateless mode. The key will be changed every 256 packets when you select Stateful mode. If you select Stateless mode, the key will be changed in each packet. Active as default route: Commonly used by the Dial-out connection which all packets will route through the VPN tunnel to the Internet; therefore, active the function may degrade the Internet performance. Active: This function activates or deactivates the PPTP connection. Check Active checkbox if you want the protocol of tunnel to be activated and vice versa. Note: When the Active checkbox is checked, the function of Edit and Delete will not be available.
87
88
can either input the IP address (69.1.121.33 in this case) or hostname to reach the server. Function Description VPN_PPTP Remote Access Select Remote Access from the Connection Type drop-down Given name of PPTP connection Name Connection Type Type IP Address (or Domain name) Username Password Auth.Type Data Encryption Auto Auto
stateful
Dial out 69.121.1.33 Username 123456 Chap(Auto) menu Select Dial out from the Type drop-down menu An Dialed server IP A given username & password
client will determine the value automatically. Refer to manual for details if you want to change the setting. 89 PPTP Connection - LAN to LAN
Name: Connection Type: Remote Access or LAN to LAN. Type: Check Dial Out if you want your router to operate as a client (connecting to a remote
you wish to connect to.
User. Peer Network IP: Enter Peer network IP address. Netmask: Enter the subnet mask of peer network based on the Peer Network IP setting. Username: If you are a Dial-Out user (client), enter the username provided by your Host. If you are a Dial-In user (server), enter your own username. Password: If you are a Dial-Out user (client), enter the password provided by your Host. If you are a Dial-In user (server), enter your own password. Authentication Type: Default is Auto if you want the router to determine the authentication type to use, or else manually specify CHAP (Challenge Handshake Authentication Protocol) or PAP
(Password Authentication Protocol) if you know which type the server is using (when acting as a client), or else the authentication type you want clients connecting to you to use (when acting as a
before sending, and also allows for challenges at different periods to ensure that an intruder has not replaced the client. Data Encryption: Default is Auto, so that this setting is negotiated when establishing a connection, or else you can manually Enable or Disable encryption. Key Length: Auto, it is negotiated when establishing a connection. 128 bit keys provide stronger encryption 90 than 40 bit keys. Mode: You may select Stateful or Stateless mode. The key will be changed every 256 packets when you select Stateful mode. If you select Stateless mode, the key will be changed in each packet. Active as default route: Commonly used by the Dial-out connection which all packets will route through the VPN tunnel to the Internet; therefore, active the function may degrade the Internet performance. Active: This function activates or deactivates the PPTP connection. Check Active checkbox if you want the protocol of tunnel to be activated and vice versa. Note: When the Active checkbox is checked, the function of Edit and Delete will not be available.
91
92
Function Description
LAN to LAN Name Connection Type Type IP Address Peer Network IP Netmask Username Password Auth.Type Data Encryption Auto Auto
stateful
Dial in 192.168.1.200 192.168.0.0 255.255.255.0 Username 123456 Chap(Auto) Given name of PPTP connection Select LAN to LAN from the Connection Type drop-down menu Select Dial in from the Type drop-down menu
network.
client will determine the value automatically. Refer to manual for details if you want to change the setting. 93
registered the DDNS (please refer to the DDNS section of this manual), you can also use the domain name instead of the IP address to reach the router. Function Description
LAN to LAN Dial out 69.121.1.33 192.168.1.0 Name Connection Type Type IP Address (or Domain Name) Peer Network IP Netmask Username Password Auth.Type Data Encryption Auto Auto
stateful
255.255.255.0 Username 123456 Chap(Auto) Given name of PPTP connection Select LAN to LAN from the Connection Type drop-down menu Select Dial out from the Type drop-down menu
network.
client will determine the value automatically. Refer to manual for details if you want to change the setting. 94 IPSec (IP Security Protocol) Active: This function activates or deactivates the IPSec connection. Check Active checkbox if you want the protocol of tunnel to be activated and vice versa. Note: When the Active checkbox is checked, the function of Edit and Delete will not be available. Name: This is a given name of the connection. Local Subnet: Displays IP address and subnet of the local network. Remote Subnet: Displays IP address and subnet of the remote network. Remote Gateway: This is the IP address or Domain Name of the remote VPN device that is connected and established a VPN tunnel. IPSec Proposal: This is selected IPSec security method. 95 IPSec VPN Connection Name: Local Network: Set the IP address, subnet or address range of the local network. Single Address: The IP address of the local host. Subnet: The subnet of the local network. For example, IP: 192.168.1.0 with netmask
to 192.168.1.254). IP Range: The IP address range of the local network. For example, IP: 192.168.1.1, end IP:
192.168.1.10. Remote Secure Gateway Address (or Domain Name): The IP address or hostname of the remote VPN device that is connected and establishes a VPN tunnel. Remote Network: Set the IP address, subnet or address range of the remote network. IKE (Internet key Exchange) Mode:
Pre-shared Key:
can be passed, each router must be able to verify the identity of its peer. This can be done by manually entering the pre-shared key into both sides (router or hosts). Local ID:
Content: Input www.ipsectest.com. 96 Remote ID:
Hash Function:
MD5: SHA1: Encryption: Select the encryption method from the pull-down menu. There are several options, DES, 3DES and AES (128, 192 and 256). 3DES and AES are more powerful but increase latency. DES: Stands for Data Encryption Standard, it uses 56 bits as an encryption method. 3DES: Stands for Triple Data Encryption Standard, it uses 168 (56*3) bits as an encryption method. AES: Stands for Advanced Encryption Standards, you can use 128, 192 or 256 bits as en-
cryption method.
It is a public-key cryptography protocol that allows two parties to establish a shared secret over an unsecured communication channel (i.e. over the Internet). There are
Exponentiation Groups. IPSec Proposal: Select the IPSec security method. There are two methods of checking the authentication information, AH (authentication header) and ESP (Encapsulating Security Payload). Use ESP for greater security so that data will be encrypted and authenticated. Using AH data will be authenticated but not encrypted. Authentication: Authentication establishes the integrity of the datagram and ensures it is not
slower. MD5: SHA1: Encryption: Select the encryption method from the pull-down menu. There are several options, DES, 3DES, AES (128, 192 and 256) and NULL. NULL means it is a tunnel only with no encryption. 3DES and AES are more powerful but increase latency. DES: Stands for Data Encryption Standard, it uses 56 bits as an encryption method. 3DES: Stands for Triple Data Encryption Standard, it uses 168 (56*3) bits as an encryption method. AES: Stands for Advanced Encryption Standards, you can use 128, 192 or 256 bits as en-
cryption method. Perfect Forward Secrecy: cryptography to change encryption keys during the second phase of VPN negotiation. This function cryptography protocol that allows two parties to establish a shared secret over an 97
SA Lifetime: Specify the number of minutes that a Security Association (SA) will stay active
Phase 1 (IKE): be from 5 to 15,000 minutes, and the default is 480 minutes. Phase 2 (IPSec): To negotiate and establish secure authentication. The range can be from 5 to 15,000 minutes, and the default is 60 minutes. A short SA time increases security by forcing the two parties to update the keys. However, every time the VPN tunnel re-negotiates, access through the tunnel will be temporarily disconnected. PING for Keep Alive:
None: The default setting is None. To this mode, it will not detect the remote IPSec peer has
mote IPSec will be disconnected afther the time you set in this function. PING: This mode will detect the remote IPSec peer has lost or not by pinging specify IP ad-
dress. DPD: Dead peer detection (DPD) is a keeping alive mechanism that enables the router to be detected lively when the connection between the router and a remote IPSec peer has lost. Please be noted, it must be enabled on the both sites. PING to the IP: the connection fails. Once alter message is received, Router will drop this tunnel connection.
Interval: This sets the time interval between Pings to the IP function to monitor the connection status. Default interval setting is 10 seconds. Time interval can be set from 0 to 3600 second, 0 second disables the function. Ping to the IP Interval (sec) 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx (A valid IP Address) xxx.xxx.xxx.xxx(A valid IP Address) 0 2000 0 2000 Ping to the IP Action No No No Yes, activate it in every 2000 second.
time is beyond the Disconnection time set, Router will automatically halt the tunnel connection and re-establish it base on the Reconnection Time set. 180 seconds is minimum time interval for this function. Reconnection Time: It is the reconnecting time interval after NO TRAFFIC is initiated. 3 minutes is minimum time interval for this function.
98
69.1.121.30
69.1.121.3 12345678 Tunnel mode
69.1.121.3
69.1.121.30 12345678 Tunnel mode
Local Network ID Local Router IP Remote Network ID Remote Router IP IKE Pre-shared Key VPN Connection Type Security Algorithm 99
Function Name Local Network
Subnet IP Address Netmask Remote Secure Gateway IP (or Hostname) Remote Network IP Address Netmask
Authentication Encryption Prefer Forward Security 192.168.1.0 255.255.255.0 69.121.1.30 Subnet 192.168.0.0 255.255.255.0 12345678
3DES None Description Give a name of IPSec Connection Select Subnet from Local Network drop-down menu.
side) Select Subnet from Remote Network drop-
down menu
Security plan 100
Function Name Local Network
Subnet IP Address Netmask Remote Secure Gateway IP (or Hostname) Remote Network IP Address Netmask
Authentication Encryption Prefer Forward Security 192.168.0.0 255.255.255.0 69.121.1.3 Subnet 192.168.1.0 255.255.255.0 12345678
3DES None Description Give a name of IPSec Connection Select Subnet from Local Network drop-down menu.
side) Select Subnet from Remote Network drop-
down menu
Security plan 101
102
Name Local Network IP Address Netmask Remote Secure Gateway IP (or Hostname) Remote Network IP Address
Authentication Encryption Prefer Forward Security Function IPSec Subnet 192.168.1.0 255.255.255.0 69.121.1.30 Single Address 69.121.1.30 12345678
3DES None Description Give a name of IPSec Connection Select Subnet from Local Network drop-down menu.
side) Select Single Address from Remote Network drop-down menu Remote worker's IP address Security plan 103 L2TP (Layer Two Tunneling Protocol) Two types of L2TP VPN are supported Remote Access and LAN-to-LAN (please refer below for more information.). Fill in the blank with information you need and click Add to create a new VPN connection account. Active: This function activates or deactivates the PPTP connection. Check Active checkbox if you want the protocol of tunnel to be activated and vice versa. Note: When the Active checkbox is checked, the function of Edit and Delete will not be available. Name: This is a given name of the connection. Connection Type: Displays the condition of your L2TP tunneling connection. Type: This refers to your router whether it operates as a client or a server, Dial-out or Dial-in respectively. L2TP Connection-Remote Access 104 Connection Type: Remote Access or LAN to LAN Name: Connection Type: Remote Access or LAN to LAN. Type: Check Dial Out if you want your router to operate as a client (connecting to a remote VPN
wish to connect to.
User. Username: If you are a Dial-Out user (client), enter the username provided by your Host. If you are a Dial-In user (server), enter your own username. Password: If you are a Dial-Out user (client), enter the password provided by your Host. If you are a Dial-In user (server), enter your own password. Authentication Type: Default is Auto if you want the router to determine the authentication type to use, or else manually specify CHAP (Challenge Handshake Authentication Protocol) or PAP
(Password Authentication Protocol) if you know which type the server is using (when acting as a client), or else the authentication type you want clients connecting to you to use (when acting as a
before sending, and also allows for challenges at different periods to ensure that an intruder has not replaced the client. Tunnel Authentication: This enables router to authenticate both the L2TP remote and L2TP host. This is only valid when L2TP remote supports this feature. Secret: The secure password length should be 16 characters which may include numbers and characters. Active as default route: Commonly used by the Dial-out connection which all packets will route through the VPN tunnel to the Internet; therefore, active the function may degrade the Internet performance. Remote Host Name (Optional): from the Remote VPN device matches with the Remote hostname provided. If remote hostname matches, tunnel will be connected; otherwise, it will be dropped. Cautious: This is only when the router performs as a VPN server. This option should be used by advanced users only. Local Host
home.gateway. IPSec: Enable for enhancing your L2TP VPN security. Authentication: Authentication establishes the integrity of the datagram and ensures it is not
slower. MD5: 105 SHA1: Encryption: Select the encryption method from the pull-down menu. There are four options, DES, 3DES, AES and NULL. NULL means it is a tunnel only with no encryption. 3DES and AES are more powerful but increase latency. DES: Stands for Data Encryption Standard, it uses 56 bits as an encryption method. 3DES: Stands for Triple Data Encryption Standard, it uses 168 (56*3) bits as an encryption method. AES: Stands for Advanced Encryption Standards, it uses 128 bits as an encryption method. Perfect Forward Secrecy: cryptography to change encryption keys during the second phase of VPN negotiation. This
public-key cryptography protocol that allows two parties to establish a shared secret over an
Pre-shared Key:
can be passed, each router must be able to verify the identity of its peer. This can be done by manually entering the pre-shared key into both sides (router or hosts).
106
connected to a couple of PCs and Servers. 107
The input IP address 192.168.1.200 will be assigned to the remote worker. Please make sure this
Function Name Connection Type VPN_L2TP Remote Access Type IP Address Username Password Auth. Type IPSec Authentication Encryption Perfect Forward Secrecy
Dial in 192.168.1.200 username 123456 Chap (Auto) Enable
3DES None 12345678 Description Give a name of L2TP Connection Select Remote Access from the Connection Type drop-down menu Select Dial in from the Type drop down menu An IP assigned to the remote client Enter the username and password to authenticate a remote client
Enable this to enhance your L2TP VPN security
108
109
The input IP address 192.168.1.200 will be assigned to the remote worker. Please make sure this
Function Name Connection Type VPN_L2TP Remote Access Type IP Address (or Hostname) Username Password Auth. Type IPSec Authentication Encryption Perfect Forward Secrecy
Dial out 69.121.1.33 username 123456 Chap (Auto) Enable
3DES None 12345678 Description Give a name of L2TP Connection Select Remote Access from the Connection Type drop-down menu Select Dial out from the Type drop down menu A Dialed Server IP An assigned username and password
Enable this to enhance your L2TP VPN security
110 L2TP Connection - LAN to LAN L2TP VPN Connection Name: A given name for the connection Connection Type: Remote Access or LAN to LAN. Type: Check Dial Out if you want your router to operate as a client (connecting to a remote VPN
IP Address (or Hostname) you wish to connect to.
Address assigned to the Dial in User. Peer Network IP: Enter Peer network IP address. Netmask: Enter the subnet mask of peer network based on the Peer Network IP setting. Username: If you are a Dial-Out user (client), enter the username provided by your Host. If you are a Dial-In user (server), enter your own username. Password: If you are a Dial-Out user (client), enter the password provided by your Host. If you are a Dial-In user (server), enter your own password. Authentication Type: Default is Auto if you want the router to determine the authentication type to use, or else manually specify CHAP (Challenge Handshake Authentication Protocol) or PAP
(Password Authentication Protocol) if you know which type the server is using (when acting as a client), or else the authentication type you want clients connecting to you to use (when acting as a
before sending, and also allows for challenges at different periods to ensure that the client has not been replaced by an intruder. Tunnel Authentication: This enables router to authenticate both the L2TP remote and L2TP host. This is only valid when L2TP remote supports this feature. Secret: The secure password length should be 16 characters which may include numbers and characters. 111 Active as default route: Commonly used by the Dial-out connection which all packets will route through the VPN tunnel to the Internet; therefore, active the function may degrade the Internet performance. Remote Host Name (Optional): from the Remote VPN device matches with the Remote hostname provided. If remote hostname matches, tunnel will be connected; otherwise, it will be dropped. Cautious: This is only when the router performs as a VPN server. This option should be used by advanced users only. Local Host
home.gateway. IPSec: Enable for enhancing your L2TP VPN security. Authentication: Authentication establishes the integrity of the datagram and ensures it is not
slower. MD5: SHA1: Encryption: Select the encryption method from the pull-down menu. There are four options, DES, 3DES, AES and NULL. NULL means it is a tunnel only with no encryption. 3DES and AES are more powerful but increase latency. DES: Stands for Data Encryption Standard, it uses 56 bits as an encryption method. 3DES: Stands for Triple Data Encryption Standard, it uses 168 (56*3) bits as an encryption method. AES: Stands for Advanced Encryption Standards, it uses 128 bits as an encryption method. Perfect Forward Secrecy: cryptography to change encryption keys during the second phase of VPN negotiation. This
public-key cryptography protocol that allows two parties to establish a shared secret over an
Pre-shared Key:
can be passed, each router must be able to verify the identity of its peer. This can be done by manually entering the pre-shared key into both sides (router or hosts).
112
113
Function Name Connection Type
LAN to LAN Type IP Address Peer Network IP Username Password Auth. Type IPSec Authentication Encryption Perfect Forward Secrecy
Dial in 192.168.1.200 192.168.0.0 username 123456 Chap (Auto) Enable
3DES None 12345678 Description Give a name of L2TP Connection Select LAN to LAN from the Connection Type drop-down menu Select Dial in from the Type drop down menu
An assigned username and password to
Enable this to enhance your L2TP VPN security
114
registered the DDNS (please refer to the DDNS section of this manual), you can also use the domain name instead of the IP address to reach the router. Name Connection Type Type IP Address (or Hostname) Peer Network IP Netmask Username Password Auth. Type IPSec Authentication Encryption Perfect Forward Secrecy
Function
LAN to LAN Dial out 69.121.1.33 192.168.1.0 255.255.255.0 username 123456 Chap (Auto) Enable
3DES None 12345678 Description Give a name of L2TP Connection Select LAN to LAN from the Connection Type drop-down menu Select Dial out from the Type drop down menu
An assigned username and password to
Enable this to enhance your L2TP VPN security
115 VoIP - Voice over Internet Protocol VoIP enables telephone calls through existing Internet connection instead of going through the PSTN (Public Switched Telephone Network). It is not only cost-effective, especially for a long
Here are the items within the VoIP section: SIP Device Parameters, SIP Accounts, Phone Port, PSTN Dial Plan, VoIP Dial Plan, Call Features, Speed Dial and Ring &Tone. 116 SIP Device Parameters This section provides easy setup for your VoIP service. Phone port 1 and 2 can be registered to different SIP Service Provider. SIP Device Parameters SIP: To use VoIP SIP as VoIP call signaling protocol. Default is set to Disable. Silence Suppression (VAD): Voice Activation Detection (VAD) prevents transmitting the nature silence to consume the bandwidth. It is also known as Silence Suppression which is a software application that ensures the bandwidth is reserved only when voice activity is activated. Default is set to Enable. Echo Cancellation: G.168 echo canceller is an ITU-T standard. It is used for isolating the echo
phone while you talk. Default is set to Enable. RTP Port: Provide the based value from the media (RTP) ports that are assigned for various endpoints and the different call sessions that may exist within an end-point. (Range from 5100 to 65535, default value is 5100) Region: This selection is a drop-down box, which allows user to select the country for which the
loaded. Voice QoS, DSCP Marking:
application to be executed in priority by the next Router based on the DSCP value. See Table 4. T Note: To be sure the router(s) in the backbones network have the capability in executing and checking the DSCP through-out the QoS network. 117 Advanced Parameters VoIP through IP Interface: ipwan and iplan. Easy way to select the interface is to check the location of the SIP server. If it locates some where in the Internet then select ipwan. If the VoIP SIP server is on the local Network then select iplan. Voice Frame Size: Frame size is available from 10ms to 60ms. Frame size meaning how many
size in both of Caller and Receiver. Dial Plan Priority: PSTN Auto-fallback: IP responses error and error code matching with the codes in the Edit section, the VoiP calls will automatically fallback to PSTN. In the other word, the call will be called via the PSTN when VoIP SIP returns an error code. Click the Edit to add or remove the responses code. To be sure the code is separated by a comma (,). For more information about SIP responses codes, please check org/wiki/view/sip+response+codes where you can get to know the meaning of each error code. to link to http://voip-info. T.38 Fax Relay: It allows the transfer of facsimile documents in real-time between two standard Group 3 facsimile terminals over the Internet or other networks using IP protocols. It will only function when both sites are support this feature and enabled. Advanced PSTN Environment Adjustment PSTN Environment Adjustment options will help you to adjust the onhook and offhook voltage detection values for your environment. You should use these if the default values are incorrect and result in PSTN calls not being detected properly, e.g. calls being terminated within 5 seconds of being answered. The actual levels are determined by your environment including the number and type of telephones used. Note: ONHOOK means hung up. 118
Note: The detected values will not automatically be set by the Check Level function; you must enter the lowest level detected after testing all your telephones. 119 SIP Accounts
U Registrar Address (or Hostname): Indicate the VoIP SIP registrar IP address. Registrar Port: Specify the port of the VoIP SIP registrar on which it will listen for register
Expire: Expire time for the registration message sending. User Domain/Realm: Set different domain name for the VoIP SIP proxy server. Outbound Proxy Address: Indicate the VoIP SIP outbound proxy server IP address. This parameter is very useful when VoIP device is behind a NAT. Outbound Proxy Port: Specify the port of the VoIP SIP outbound proxy on which it will listen for messages. Phone Number: This parameter holds the registration ID of the user within the VoIP SIP registrar. Username: Same as Phone Number. Password: This parameter holds the password used for authentication within VoIP SIP registrar. Display Name: This parameter will be appeared on the Caller ID. Direct in Dial: Select the ringing port when getting an incoming VoIP call. 120 Phone Port This section displays status and allows you to edit the account information of your Phones. Click Edit to update your phone information. Port:
*69 (Return Call): Dial *69 to return the last missed call. It is only available for VoIP call(s).
*20 (Do not Disturb ON): Dial *20 to set the No Disturb on. Your phone will not ring if someone calls.
*80 (Do not Disturb OFF): Dial *80 to set the No Disturb off. Your will be able to hear ring tone when someone calls.
*90x (Blind Call Transfer): feature is enabled by default. x# Speed Dial (x:2..9):
## Redial: Press ## to redial the latest number you dialed. This feature is enabled by default.
*74<x><number>#: Use your phone key pad to insert a phone number to the Speed Dial phone book. Or you can update your Speed Dial phone number manually. Refer to the Phone Port section in the
*67 Anonymous Call: Hide the own phone number for each call and it will not be displayed on the remote site. It is only applied to the next call when you enter this control character. The detailed operation procedure is Off Hook -> *67 -> On Hook -> Off Hook -> Dial. This feature is disabled by default. Phone Number + #: This is the fast dial which you can dial out a phone number immediately 121 without waiting. Note: Refer to Special Dial Code section in this Manual for more details. Codec Preference Codec is known as Coder-Decoder used for data signal conversion. Set the priority of voice compression; Priority 1 owns the top priority. G.729: It is used to encoder and decoder voice information into a single packet which reduces the bandwidth consumption.
G.711A-LAW:A
G.726-32: It is used to encoder and decoder voice information into a single packet which reduces the bandwidth consumption. DTMF Method: The Inband, RFC 2833 and SIP INFO (RFC 2976) are supported. Volume Control
level.
122 PSTN Dial Plan (Router with LINE port only)
essential key to make a distinguishing between VoIP and Regular phone call. If actual numbers
PSTN to make a regular call. Otherwise, the number will be routed to the VoIP networks. Reminder! In order to utilize this feature, you must have registered and connected to your SIP Server first.
Specify number(s) for switching to a PSTN call. Number of Digits: Action: Specify a dialing method you wish to make PSTN call(s).
The dialed number with Note: The actual dialed number of valid digits length requires matching in the Number of
The dialed number will be sent call through the PSTN without Note: The actual dialed number of valid digits length requires matching in the Number of
Dial at Timeout: The dialed number will be sent call through the PSTN with
Note: The actual dialed number of valid digits length MUST NOT exceed in the Number of
The dialed number will be sent call through the PSTN without
duration. Note: The actual dialed number of valid digits length MUST NOT exceed in the Number of
123 124 PSTN Dial Plan Examples:
1.
call. 2.
3. Dial at Timeout If you only dial 01223 7070 and no more numbers, after the timeout activates, 012237070 will be
125
is still a valid phone number since it has not exceeded 6 digits. 4.
If you only dial 97070 and no more numbers, after the timeout activates, 7070 will be dialed
is still a valid phone number since it has not exceed 6 digits. 126 VoIP Dial Plan This section helps you to make a telephony number dialed as making a regular call via VoIP. You no longer need to memorize a long dial string of number for making a VoIP call. Go to
> VoIP > VoIP Dial Plan. Dial Plan Rules
Prepend xxx unconditionally: xxx number is appended unconditionally to the front of the dialing number when making a call. character such as
+, *, #. Note: For special service with +, *, #, you may need to check with your VoIP or Local Telephone Service Provider for information.
from the dialing numbers before making a call.
making a call.
127 Main Digit Sequence: The call(s) can be called out via SIP or PSTN or ENUM. x: Any numeric number between 0 and 9. ( period ): Repeat numeric number(s) between 0 and 9.
* (asterisk sign): It is normal character * on phone key pad. Please check if special service(s) is provided by your VoIP Service Provider or your Local Telephone Service Provider.
# (pound sign): It is normal character # on phone key pad. Please check if it is provided by your VoIP Service Provider or Local Telephone Service Provider for special service(s).
Referring to the VoIP account registered on the VoIP Wizard
<@ PSTN>:
<@ENUM>: callee. ElectronicNetwork System) based technology to map between a traditional phone number
<@ SIPgateway>: It is used for the Intelligent Call Routing feature where you need to set up
information. Dial-Plan Examples:
Description x. xxx xxxx. 123x.
[xx]x. For example: [124]x.
[x-x]x. For example: [1-3]x. x[x-x]x. For example: 9[4-6]8x. Special Dial Plan Examples:
*xx*x.
*xx
length is 16. Any 3 digit number only between 0 and 9. Total length is 3. Note: No period is needed (.) Any number between 0 and 9 with variable length but no shorter than 3
16.
16. Any number (0-9) starting with 9, the second number between
Description Starting with * signny two digit numbers
Starting with * signny 2 digit numbers between 0 and 9. Total length including the * is 3. Note: No period is needed (.) 128
**xx*x.
#xx.
##xx*x. Starting with ** signny two digit numbers between 0 number (0-9) Starting with # signny digit number (0-9) in variable length but no shorter than 1 digits Starting with ## signny two digit numbers * sign number (0-9) 129 Call Feature
also comes with several enhanced features that allows you to further customize their settings to suit your personal needs such as call forwarding setting, call waiting time length, conference call feature, anonymous call feature and incoming no answer timer. Speed Dial
number from 0 to 9 and the pound sign (#) on the phone keypad to activate the function. For example, speed dial to phone number lists on 9, just press keypad 9 then #. Your router will automatically call out to number listed on entry 9. 130 Ring & Tone
various ring tones (dial tone, busy tone, answer tone and etc.)
Region: Select a country ring-tone, from the drop-down list, where you are located. This VoIP router provides default parameter of ring tones according to different countries. The ring-tone
the list, you may manually create ring-tone parameters. Ring Parameters Ring Cadence (in ms):
milliseconds. 131 Tone Parameters You may need to check with your local telephone service provider for such information. Also, it is
d user unless you are instructed to do so. Click Apply to apply the settings. 132 QoS - Quality of Service
through put for each application when the system is running with full loading of upstream. Here are the items within the QoS section: Prioritization, Outbound IP Throttling & Inbound IP Throttling (bandwidth management). Prioritization There are three priority settings to be provided in the Router:
High Normal Low And the balances of utilization for each priority are High (60%), Normal (30%) and Low (10%).
Name: U Time Schedule: Scheduling your prioritization policy. Priority adjust this Protocol: The name of supported protocol. Source IP Address Range: The source IP address or range of packets to be monitored. Source Port: The source port of packets to be monitored. 133 Destination IP address Range: The destination IP address or range of packets to be monitored. Destination Port: The destination port of packets to be monitored. DSCP Marking
application to be executed in priority by the next Router based on the DSCP value. See Table 4 for DSCP Mapping Table. Note: To be sure the router(s) in the backbones network have the capability in executing and checking the DSCP through-out the QoS network. Table 4: DSCP Mapping Table DSCP Mapping Table
Disabled
Premium Gold service (L)
Gold service (H) Silver service (L)
Silver service (H)
Standard DSCP None
Express Forwarding (101110) Class 1, Gold (001010) Class 1, Silver (001100)
Class 2, Gold (010010) Class 2, Silver (010100)
Class 3, Gold (011010) Class 3, Silver (011100)
Outbound IP Throttling (LAN to WAN)
Name: Uname. Time Schedule: Scheduling your prioritization policy. Refer to Time Schedule for more 134 information. Protocol: The name of supported protocol. Rate Limit Source IP Address Range: The source IP address or range of packets to be monitored. Source Port(s): The source port of packets to be monitored. Destination IP Address Range: The destination IP address or range of packets to be monitored. Destination Port(s): The destination port of packets to be monitored. 135 Inbound IP Throttling (WAN to LAN)
Name: U Time Schedule: Scheduling your prioritization policy. Refer to Time Schedule for more information. Protocol: The name of supported protocol. Rate Limit Source IP Address Range: The source IP address or range of packets to be monitored. Source Port(s): The source port of packets to be monitored. Destination IP Address Range: The destination IP address or range of packets to be monitored. Destination Port(s): The destination port of packets to be monitored. 136 Example: QoS for your Network Connection Diagram VoIP Normal PCs Restricted PC 137 Information and Settings Upstream: 928 kbps
VoIP User : 192.168.1.1 Normal Users : 192.168.1.2~192.168.1.5 Restricted User: 192.168.1.100 138 Mission-critical application
The mission-critical application must be sent out smoothly without any dropping. Set priority as high level for preventing any other applications to saturate the bandwidth. Voice application
packets as high priority.
Restricted Application Some of companies will setup FTP server for customer downloading or home user sharing their
139
only limit utilization at daytime. Advanced setting by using IP throttling
located in the same level. Upstream: 928kbps (29*32kbps)
Voice Application: 128kbps (4*32kbps) Restricted Application: 160kbps (5*32kbps) Other Applications: 448kbps (14*32kbps)
140
saturate your downstream bandwidth. The settings below help you to limit bandwidth for the restricted application. 141 Virtual Server (known as Port Forwarding)
(usually a server) incoming connections should be delivered to. Some ports have numbers that are pre-assigned to them by the IANA (the Internet Assigned Numbers Authority), and these are
locate them.
machines on the Internet that are outside your local network), or any application that can accept
ports to the PC on your network running the application. You will also need to use port forwarding if you want to host an online game server. The reason for this is that when using NAT, your publicly accessible IP address will be used by and
142 Add Virtual Server
accessed by outside users when using NAT, as all incoming connection attempts will point to your
network.
Application drop-down menu
Protocol: It is the supported protocol for the virtual server. In addition to specifying the port number to be used, you will also need to specify the protocol used. The protocol used is
Time Schedule: User schedule or Always on for the usage of this Virtual Server Entry. For setup and detail, refer to Time Schedule section External Port: Redirect Port: The Port number used by the Local server in the LAN network. Internal IP Address: The private IP in the LAN network, which will be providing the virtual server List all existing PCs connecting to the network. You may assign a PC with IP application.
Example:
I 143
Application: HTTP_Sever Time Schedule: Always On Protocol: tcp External Port: 80-80 Redirect Port: 80-80 IP Address: 192.168.1.254 Add: Click it to apply your settings. Edit/Delete: Click it to edit or delete this virtual server application. 144 Edit DMZ Host
used by any other Virtual Server entries. Cautious: This Local computer exposing to the Internet may face varies of security risks.
> Virtual Server > Enabled: Disabled: Internal IP Address: Enabled radio button is
List all existing PCs connecting to the network. You may assign a PC with IP address from this list. Select the Apply button to apply your changes. 145 Edit One-to-One NAT (Network Address Translation)
to utilize these IP addresses.
> Virtual Server > Edit One-to-one NAT NAT Type: Select desired NAT type. As set in default setting, it disables the One-to-One NAT function. Global IP Address:
Subnet: -
vided this information, you may insert it here. Otherwise, use IP Range method. IP Range: 192.168.1.1, end IP: 192.168.1.10 Select the Apply button to apply your changes. Check to create a new One-to-One NAT rule:
146 Application
drop-down menu to
Protocol: It is the supported protocol for the virtual server. In addition to specifying the port number to be used, you will also need to specify the protocol used. The protocol used is
Time Schedule: User schedule or Always on for the usage of this Virtual Server Entry. For setup and detail, refer to Time Schedule section Global IP:
External Port: Redirect Port: The Port number used by the Local server in the LAN network. Internal IP Address: The private IP in the LAN network, which will be providing the virtual server List all existing PCs connecting to the network. You may assign a PC with IP application. address from this list. Select the Add button to apply your changes. 147 Example: List of some well-known and registered port numbers. The Internet Assigned Numbers Authority (IANA) is the central coordinator for the assignment
The remaining ports, referred to as dynamic or private ports, are numbered from 49152 through 65535.
http://www.iana.org/assignments/port-
numbers For help on determining which private port numbers are used by common applications on this list,
http://www.billion.com Table 5: Well-known and registered Ports Port Number Protocol Description 20 21 22 23 25 53 69 80 110 119 123 161 443 1503 1720 4000 7070 TCP TCP TCP & UDP TCP TCP TCP & UDP UDP TCP TCP TCP UDP TCP TCP & UDP TCP TCP TCP UDP FTP Data FTP Control SSH Remote Login Protocol Telnet
DNS (Domain Name Server) TFTP (Trivial File Transfer Protocol)
NTP (Network Time Protocol) Time Protocol)
HTTPS T.120 H.323 ICQ RealAudio 148 Time Schedule The Time Schedule supports up to 16 time slots which helps you to manage your Internet
restrict or allowing the usage of the Internet by users or applications.
clock on board; it uses the Simple Network Time Protocol (SNTP) to get the current time from an SNTP server from the Internet. Refer to Time Zone for details. You router time should correspond with your local time. If the time is not set correctly, your Time Schedule will not function properly. 149
Edit a Time Slot 1. Choose any Time Slot (ID 1 to ID 16) to edit, click Edit radio button. Note: Watch it carefully, the days you have selected will present in capital letter. Lower case letter shows the day(s) is not selected, and no rule will apply on this day(s). 2. A detailed setting of this Time Slot will be shown. ID: This is the index of the time slot. Name: Day in a week: schedule to be applied. Start Time: End Time: Choose Edit radio button and click button to apply your changes. 150 Delete a Time Slot Select the Delete radio button of the selected Time Slot under the Time Slot section, and click the
Delete button
151 Advanced
the more advanced features of the router. Users who do not understand the features should not
Here are the items within the Advanced section: Static Route, Dynamic DNS, Check Email, Device Management, IGMP and VLAN Bridge. Static Route
Destination: This is the destination subnet IP address. Netmask: Subnet mask of the destination IP addresses based on above destination subnet IP. Gateway: This is the gateway IP address to which packets are to be forwarded. Interface: Select the interface through which packets are to be forwarded. Cost: This is the same meaning as Hop. This should usually be left at 1. 152 Dynamic DNS The Dynamic DNS function allows you to alias a dynamic IP address to a static hostname, allowing users whose ISP does not assign them a static IP address to use a domain name. This is especially useful for hosting servers via your ADSL connection, so that anyone wishing to connect to you may use your domain name, rather than having to use your dynamic IP address, which
assigned to you by your ISP.
website, for example http://www.dyndns.org/
There are more than 5 DDNS services supported. Dynamic DNS:
Disable: Check to disable the Dynamic DNS function. Enable:
Dynamic DNS Server: Select the DDNS service you have established an account with. Domain Name, Username and Password: Enter your registered domain name and your username and password for this service. Period: Set the time period between updates, for the Router to exchange information with the DDNS server. In addition to updating periodically as per your settings, the router will perform an update when your dynamic IP address changes. 153 Check Email This function allows you to have the router check your POP3 mailbox for new Email messages.
may also view the status of this function using the Status Email Checking section of the web interface, which also provides details on the number of new messages waiting. See the Status section of this manual for more information. Check Email:
Disable: Enable: -
Account Name: Enter the name (login) of the POP3 account you wish to check. Normally, it is the
ISP. Password: POP3 Mail Server: Enter your (POP) mail server name. You Internet Service Provider (ISP) or network administrator will be able to supply you with this. Period: Enter the value in minutes between periodic mail checks. Dial-out for checking emails: your ISP automatically to check emails if your Internet connection dropped. Please be careful when using this feature if your ADSL service is charged by time online. 154 Device Management
security options and device monitoring features. Device Host Name Host Name: Assign it a name.
(The Host Name cannot be used with one word only. There are two words should be connected with a . at least. Example:
Host Name: homegateway ==> Incorrect Host Name: home.gateway or my.home.gateway ==> Correct) Embedded Web Server ( 2 Management IP Accounts) HTTP Port:
alternative if, for example, they are running a web server on a PC within their LAN. Management IP Address: You may specify an IP address allowed to logon and access the
users to login from any IP address. Expire to auto-logout: session. 155 For Example: User A changes HTTP port number to 100 of 192.168.1.55, and sets the logout time to be 100 seconds. The router will only allow User A access from the IP address 192.168.1.55 http://192.168.1.254:100 in their web browser. After 100 seconds, the device will automatically logout User A. Universal Plug and Play (UPnP) UPnP offers peer-to-peer network connectivity for PCs and other network devices, along with control and data transfer between devices. UPnP offers many advantages for users running NAT routers through UPnP NAT Traversal, and on supported systems makes tasks such as port
Disable: Enable: UPnP Port: Its default setting is 2800. It is highly recommended for users to use this port value. If
SNMP Access Control (Software on a PC within the LAN is required in order to utilize this function) Simple Network Management Protocol. SNMP V1 and V2:
Read Community:
string name is matched, user obtains this IP address will be able to view the data. Write Community:
string name is matched, users from this IP address will be able to view and modify the data. Trap Community:
SNMP V3:
address. Once the authentication has succeeded, users from this IP address will be able to view and modify the data. SNMP Version: SNMPv2c and SNMPv3
156
monitoring. Traps supported: Cold Start, Authentication Failure.
From RFC 1213 (MIB-II)System group From RFC 1472 (PPP/Security MIB) System group Interface group PPP security group Address Translation group From RFC 1473 (PPP/IP MIB) IP group ICMP Group TCP group UDP group EGP (not applicable) Transmission
From RFC 1650 (EtherLike-MIB) dot3stats From RFC 1493 (Bridge MIB)
dot1 dTp group PPP IP group From RFC 1474 (PPP/Bridge MIB)
From RFC 1573 (IfMIB)
From RFC 1695 (atmMIB)
From RFC 1907 (SNMPv2) only snmpSetSerialNo OID
ning tree) From RFC 1471 (PPP/LCP MIB) pppLink group pppLgr group (not applicable) 157 IGMP
multicast group. IGMP Forwarding: Accepting multicast packet. Default is set to Enable. IGMP Snooping: Allowing switched Ethernet to check and make correct forwarding decisions. Default is set to Disable. VLAN Bridge This section allows you to create VLAN group and specify the member. Edit: Edit your member ports in selected VLAN group. Create VLAN: To create another VLAN group. 158 Logout
logging out of the system.
Therefore when a PC has logged into the system interface, the other users cannot access the system interface until the current user has logged out of the system. If the previous user forgets to
period which is by default 3 minutes. You can however modify the value of the auto logout period
Advanced section of this manual for more information. 159 Chapter 5: Troubleshooting If your router is not functioning properly, please refer to the suggested solutions provided in this chapter. If your problems persist or the suggested solutions do not meet your needs, please kindly
Problems with the router Problem Suggested Action None of the LEDs lit when the router is turned on. You have forgotten your login username or password Check the connection between the router and the adapter. If the problem persists, most likely it is due to the malfunction of your hardware. Please contact
Try the default username & password (Please refer to Chapter 3). If this fails, restore your router to its default setting by pressing the reset button for more than 6 seconds. Problems with WAN interface Problem Suggested Action Initialization of PVC connection (line-
sync)fail Frequent loss of ADSL linesync
(disconnection)
nected between the ADSL port and the wall jack. The ADSL LED on the front panel should lit. Check that your VPI, VCI, encapsulation type and type of multi-
plexing settings are the same as those provided by your ISP. Reboot the router GE. If you still have prob-
lem, you may need to verify these settings with your ISP.
chine, analogue modems) that are connected to the
nected between them and the wall outlet (unless your are using a Central Splitter or Central Filter installed by
tions. 160 Problem with LAN interface Problem Cannot PING any PC on LAN Suggested Action Check the Ethernet LEDs on the front panel. The LED should be on for the port that has a PC connected. If it does not lit, check to see if the cable between your router and the
Verify that the IP address and the subnet mask are consis-
tent for both the router and the workstations. 161 Appendix: Product Support & Contact Following the suggestions listed in the Troubleshooting section of the user manual can help you solve most of your problems. However if your problems persist or you come across other technical issues that are not listed in the Troubleshooting section, please contact the dealer from where you purchased your product. Contact Billion Worldwide:
http://www.billion.com
162
frequency | equipment class | purpose | ||
---|---|---|---|---|
1 | 2009-02-18 | 2412 ~ 2462 | DTS - Digital Transmission System | Original Equipment |
app s | Applicant Information | |||||
---|---|---|---|---|---|---|
1 | Effective |
2009-02-18
|
||||
1 | Applicant's complete, legal business name |
Billion Electric Co., Ltd.
|
||||
1 | FCC Registration Number (FRN) |
0022602114
|
||||
1 | Physical Address |
8F, No. 192, Sec. 2, Zhongxing Road, Xindian Dist.
|
||||
1 |
New Taipei City, N/A 231
|
|||||
1 |
Taiwan
|
|||||
app s | TCB Information | |||||
1 | TCB Application Email Address |
b******@phoenix-testlab.de
|
||||
1 | TCB Scope |
A4: UNII devices & low power transmitters using spread spectrum techniques
|
||||
app s | FCC ID | |||||
1 | Grantee Code |
QI3
|
||||
1 | Equipment Product Code |
BIL-7404VGOX
|
||||
app s | Person at the applicant's address to receive grant or for contact | |||||
1 | Name |
T**** H********
|
||||
1 | Title |
CTO
|
||||
1 | Telephone Number |
886-2********
|
||||
1 | Fax Number |
886-2********
|
||||
1 |
t******@billion.com.tw
|
|||||
app s | Technical Contact | |||||
1 | Firm Name |
Compliance Certification Services Inc.
|
||||
1 | Name |
C**** H******
|
||||
1 | Physical Address |
No.8, Jiu Cheng Ling
|
||||
1 |
Tainan, 712
|
|||||
1 |
Taiwan
|
|||||
1 |
a******@ccsrf.com
|
|||||
app s | Non Technical Contact | |||||
n/a | ||||||
app s | Confidentiality (long or short term) | |||||
1 | Does this application include a request for confidentiality for any portion(s) of the data contained in this application pursuant to 47 CFR § 0.459 of the Commission Rules?: | Yes | ||||
1 | Long-Term Confidentiality Does this application include a request for confidentiality for any portion(s) of the data contained in this application pursuant to 47 CFR § 0.459 of the Commission Rules?: | No | ||||
if no date is supplied, the release date will be set to 45 calendar days past the date of grant. | ||||||
app s | Cognitive Radio & Software Defined Radio, Class, etc | |||||
1 | Is this application for software defined/cognitive radio authorization? | No | ||||
1 | Equipment Class | DTS - Digital Transmission System | ||||
1 | Description of product as it is marketed: (NOTE: This text will appear below the equipment class on the grant) | (3G)/VoIP/802.11g ADSL2+(VPN) Firewall Router | ||||
1 | Related OET KnowledgeDataBase Inquiry: Is there a KDB inquiry associated with this application? | No | ||||
1 | Modular Equipment Type | Does not apply | ||||
1 | Purpose / Application is for | Original Equipment | ||||
1 | Composite Equipment: Is the equipment in this application a composite device subject to an additional equipment authorization? | No | ||||
1 | Related Equipment: Is the equipment in this application part of a system that operates with, or is marketed with, another device that requires an equipment authorization? | No | ||||
1 | Grant Comments | Power Output listed is Conducted. The antenna(s) used for this transmitter must be installed to provide a separation distance of at least 20 cm from all persons and must not be co-located or operating in conjunction with any other antenna or transmitter. End-users and installers must be provided with antenna installation instructions and transmitter operating conditions for satisfying RF exposure compliance. | ||||
1 | Is there an equipment authorization waiver associated with this application? | No | ||||
1 | If there is an equipment authorization waiver associated with this application, has the associated waiver been approved and all information uploaded? | No | ||||
app s | Test Firm Name and Contact Information | |||||
1 | Firm Name |
Compliance Certification Services Inc.
|
||||
1 | Name |
A**** C******
|
||||
1 | Telephone Number |
886-6******** Extension:
|
||||
1 | Fax Number |
886-6********
|
||||
1 |
a******@tw.ccsemc.com
|
|||||
Equipment Specifications | |||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Line | Rule Parts | Grant Notes | Lower Frequency | Upper Frequency | Power Output | Tolerance | Emission Designator | Microprocessor Number | |||||||||||||||||||||||||||||||||
1 | 1 | 15C | 68 | 2412.00000000 | 2462.00000000 | 0.0800000 |
some individual PII (Personally Identifiable Information) available on the public forms may be redacted, original source may include additional details
This product uses the FCC Data API but is not endorsed or certified by the FCC