FCC ID: QI3BEC-4700A Wireless Outdoor Router

by: Billion Electric Co., Ltd. latest update: 2020-11-20 model: BEC-4700A

Two grants have been issued under this FCC ID on 11/20/2020 (this is one of seven releases in 2020 for this grantee). Public details available include frequency information, manuals, and internal & external photos. some products also feature user submitted or linked instructions, warrantee terms, drivers, troubleshooting guides, & password defaults.

permalink for this FCC identifier

search for: Repair details

from iFixIt

Replacement

on Amazon

Trade-in? Recycling locations

eg is reader-supported. when you buy through links on our site, we may earn an affiliate commission.

eg for Slack usage

all	frequencies							exhibits	applications
		manuals		photos		labels

all exhibits 19
1 ~ 2020-11-20 17
2 ~ 2020-11-20 18

app s				submitted / available
1 2	4700A- UserMan-20201118-Part 1	Users Manual	pdf	5.46 MiB	November 19 2020 / November 20 2020
1 2	4700A- UserMan-20201118-Part 2	Users Manual	pdf	4.34 MiB	November 19 2020 / November 20 2020
1 2	4700A- Inpho	Internal Photos	pdf	1.70 MiB	November 19 2020 / November 20 2020
1 2	4700A- Expho	External Photos	pdf	408.94 KiB	November 19 2020 / November 20 2020
1 2	4700A- FCC- LabelLoc	ID Label/Location Info	pdf	140.46 KiB	November 19 2020 / November 20 2020
1 2	4700A- FCC- Labelsmpl	ID Label/Location Info	pdf	110.01 KiB	November 19 2020 / November 20 2020
1 2	4700A- ATTESTATION	Cover Letter(s)	pdf	108.00 KiB	November 19 2020 / November 20 2020
1 2	4700A- Confidentiality Request	Cover Letter(s)	pdf	127.17 KiB	November 19 2020 / November 20 2020
1 2	4700A- DTS-UNII Declaration letter	Cover Letter(s)	pdf	139.04 KiB	November 19 2020 / November 20 2020
1 2	4700A- Declaration of authorization	Cover Letter(s)	pdf	291.16 KiB	November 19 2020 / November 20 2020
1 2	4700A- Professional Installation Attestation-20201119	Cover Letter(s)	pdf	187.03 KiB	November 19 2020 / November 20 2020
1 2	4700A- RFExp	RF Exposure Info	pdf	197.00 KiB	November 19 2020 / November 20 2020
1 2	4700A- TestRpt-15.247	Test Report	pdf	4.17 MiB	November 19 2020 / November 20 2020
1 2	4700A- Tsup	Test Setup Photos	pdf	466.44 KiB	November 19 2020 / November 20 2020
1 2	Confidential 4700A- BlkDia	Block Diagram	pdf		November 19 2020	confidential
1 2	Confidential 4700A- OPDes-20201118	Operational Description	pdf		November 19 2020	confidential
1 2	Confidential 4700A- Schem	Schematics	pdf		November 19 2020	confidential
1 2	4700A- TestRpt-15.407-Part 1-20201118	Test Report	pdf	5.52 MiB	November 19 2020 / November 20 2020
1 2	4700A- TestRpt-15.407-Part 2-20201118	Test Report	pdf	1.02 MiB	November 19 2020 / November 20 2020

exhibit
download
text

1 2

4700A- UserMan-20201118-Part 1

Users Manual

pdf

5.46 MiB

November 19 2020 / November 20 2020

User Manual BEC 4700A/AZ

(4G/LTE) Wireless Outdoor Router Last revised: July 2020 Version release: v2.1 Copyright Notice Copyright@ 2020 BEC Technologies Inc. All rights reserved. BEC Technologies reserves the right to change and make improvement to this manual at any time without prior notice. No part of this document may be reproduced, copied, transmitted in any form or by any means without prior written permission from BEC Technologies, Inc. Support Contact Information Contact Support: http://bectechnologies.net/support/. Telephone: +1 972 422 0877 TABLE OF CONTENTS COPYRIGHT NOTICE ....................................... 1 SUPPORT CONTACT INFORMATION ............. 1 CHAPTER 1: INTRODUCTION ......................... 1 INTRODUCTION TO YOUR ROUTER .............................................................. 1 FEATURES & SPECIFICATIONS .................................................................... 3 HARDWARE SPECIFICATIONS ..................................................................... 6 APPLICATION DIAGRAM ........................................................................... 7 CHAPTER 2: PRODUCT OVERVIEW ............... 8 IMPORTANT NOTE FOR USING THIS ROUTER ................................................. 8 PACKAGE CONTENTS ............................................................................... 8 DEVICE DESCRIPTION .............................................................................. 9 Hardware Overiew (BEC 4700AZ) ...................................................................... 9 Hardware Overiew (BEC 4700A) ...................................................................... 11

........................................................................................................................ 11 MOUNTING KIT INSTALLATION ................................................................ 13 ROUTER INSTALLATION INSTRUCTIONS ...................................................... 19 SYSTEM RECOVERY PROCEDURES ............................................................. 23 CHAPTER 3: BASIC INSTALLATION ............ 24 NETWORK CONFIGURATION IPV4 .......................................................... 25 Configuring PC in Windows 10 (IPv4) .............................................................. 25 Configuring PC in Windows 7/8 (IPv4) ............................................................. 27 Configuring PC in Windows Vista (IPv4) ........................................................... 29 NETWORK CONFIGURATION IPV6 .......................................................... 31 Configuring PC in Windows 10 (IPv6) .............................................................. 31 Configuring PC in Windows 7/8 (IPv6) ............................................................. 33 Configuring PC in Windows Vista (IPv6) ........................................................... 35 DEFAULT SETTINGS ............................................................................... 37 INFORMATION FROM YOUR ISP ............................................................... 38 CHAPTER 4: DEVICE CONFIGURATION ...... 39 LOGIN TO YOUR DEVICE ......................................................................... 39 STATUS .............................................................................................. 42 Device Info ...................................................................................................... 42 System Status .................................................................................................. 44 System Log ...................................................................................................... 44 4G/LTE Status .................................................................................................. 45 Wireless Status ................................................................................................ 47 Hotspot Status ................................................................................................. 48 Statistics .......................................................................................................... 49 DHCP Table ...................................................................................................... 53 IPSec Status ..................................................................................................... 53 PPTP Status...................................................................................................... 54 L2TP Status ...................................................................................................... 55 GRE Status ....................................................................................................... 55 OpenVPN Status .............................................................................................. 56 ARP Table ........................................................................................................ 57 VRRP Status ..................................................................................................... 57 QUICK START ...................................................................................... 58 CONFIGURATION .................................................................................. 61 Interface Setup ................................................................................................ 61 Internet ......................................................................................................................... 61 LAN ............................................................................................................................... 71 Wireless 2.4GHz ............................................................................................................ 75 Wireless MAC Filter ...................................................................................................... 80 Wireless 5GHz............................................................................................................... 81 Wireless 5G MAC Filter ................................................................................................. 89 Wireless 5G Repeater ................................................................................................... 90 Loopback ...................................................................................................................... 91 Dual WAN ........................................................................................................ 92 General Setting ............................................................................................................. 92 Outbound Load Balance ............................................................................................... 96 Protocol Binding ........................................................................................................... 97 Hotspot ........................................................................................................... 99 General Setting ............................................................................................................. 99 Built-in User Account .................................................................................................. 102 Authorized of Client .................................................................................................... 103 Walled Garden ............................................................................................................ 104 Advertisement ............................................................................................................ 105 Hotspot Status Log ..................................................................................................... 106 Customization ............................................................................................................. 107 Advanced Setup ............................................................................................ 109 Firewall ....................................................................................................................... 109 Static Routing ............................................................................................................. 110 Dynamic Routing ........................................................................................................ 111 NAT ............................................................................................................................. 113 VRRP ........................................................................................................................... 118 Static DNS ................................................................................................................... 119 QoS ............................................................................................................................. 120 Interface Grouping ...................................................................................................... 123 Port Isolation .............................................................................................................. 126 Time Schedule ............................................................................................................. 127 Mail Alert ................................................................................................................... 128 VPN ............................................................................................................... 129 IPSec ........................................................................................................................... 129 PPTP Server ................................................................................................................ 139 PPTP Client ................................................................................................................. 141 L2TP ............................................................................................................................ 148 GRE Tunnel ................................................................................................................. 156 OpenVPN .................................................................................................................... 164 OpenVPN Server ......................................................................................................... 164 OpenVPN Client .......................................................................................................... 168 Access Management ..................................................................................... 176 Device Management ................................................................................................... 176 SNMP.......................................................................................................................... 177 Syslog (System Log) .................................................................................................... 179 Universal Plug & Play .................................................................................................. 180 Dynamic DNS (DDNS) .................................................................................................. 181 Access Control ............................................................................................................ 183 Packet Filter ................................................................................................................ 186 CWMP (TR-069) .......................................................................................................... 191 Parental Control ......................................................................................................... 193 BECentral Management.............................................................................................. 194 Maintenance ................................................................................................. 195 User Management ...................................................................................................... 195 Certificate Management ............................................................................................. 197 Time Zone ................................................................................................................... 199 License ........................................................................................................................ 200 Firmware & Configuration .......................................................................................... 201 System Restart ............................................................................................................ 202 Auto Reboot ................................................................................................................ 203 Diagnostics Tool .......................................................................................................... 204 CHAPTER 5: TROUBLESHOOTING ............ 206 Problems with the Router ............................................................................. 206 Problem with LAN Interface .......................................................................... 206 Recovery Procedures ..................................................................................... 207 APPENDIX: PRODUCT SUPPORT & CONTACT

....................................................................... 208 FCC STATEMENT ................................................................................ 209 Introduction 1 CHAPTER 1: INTRODUCTION Introduction to your Router Congratulations on your purchase of the BEC 4700A / AZ ((4G/LTE) Wireless Outdoor Router). This unit is a lightweight, an industrial-grade outdoor fixed wireless router with an IP68 rated enclosure to withstand extreme weather conditions and harsh rugged deployments. With integrated IEEE802.3at power over Ethernet (PoE) support, the BEC 4700A/AZ provides an easy installation from eliminating the need for a separate power and data cable. Lightweight, Compact, and unobtrusive Design With multiple mounting options and a lightweight, it is easily to install the BEC 4700 A/AZ by single person. The BEC 4700 A/AZ also has a built-in passive Gigabit Power of Ethernet (GPoE) so both data and power can be sent from the unit. Designed for Challenging / Rugged Deployments The BEC 4700 A/AZ is designed for the toughest industrial environments. With IP68 hardened enclosure with industrial-grade components, the BEC 4700 A/AZ can be installed in manufacturing plants, industrial automation, stadiums, convention halls, stadium facilities, school campuses, etc. 4G/LTE Mobility (BEC 4900AZ Only) With 4G/LTE-based Internet connection (4G/LTE embedded module, requires an additional SIM card), you can access to the Internet through 4G/LTE whether you are seated at your desk or taking a cross-

country trip. 4G/LTE Management Center (BEC 4900AZ Only) BEC 4700AZ Mobile Management Center visually displays its current 4G/LTE signal status also calculates the total amount of hours or data traffic used per month, allowing you to manage your 4G/LTE monthly subscriptions. New Experience with Wi-Fi Speed and Coverage With the next wireless generation, 802.11ac, integrated in the BEC 4700 A/AZ, the router delivers fast Wi-Fi speeds of up to 2000Mbps. The BEC 4700 A/AZ supports a link rate up to 300Mbps in 2.4GHz frequency range & 1700Mbps in 5GHz range and is also backward compatible with existing 802.11 a

/ b / g / n wireless equipment in the network. The Wireless Protected Access (WPA-PSK/WPA2-PSK) and Wireless Encryption Protocol (WEP) features enhance the level of transmission security and access control over Wireless LAN. BEC 4700 A/AZ also supports the Wi-Fi Protected Setup (WPS) standard for easy and secure establishment of a wireless home network. If the users network requires BEC 4700A / 4700AZ User Manual wider coverage, the built-in Wireless Distribution System (WDS) repeater function expands the wireless network without needing any external wires or cables. Introduction 2 IPv6 Supported Internet Protocol version 6 (IPv6) is a version of the Internet Protocol that is designed to succeed IPv4. IPv6 has a vastly larger address space than IPv4. The router is already supporting IPv6, you can use it in IPv6 environment no need to change device. The dual-stack protocol implementation in an operating system is a fundamental IPv4-to-IPv6 transition technology. It implements IPv4 and IPv6 protocol stacks either independently or in a hybrid form. The hybrid form is commonly implemented in modern operating systems supporting IPv6. Quick Start Wizard Support a WEB GUI page to install this device quickly. With this wizard, simple steps will get you connected to the Internet immediately. Firmware Upgradeable Device can be upgraded to the latest firmware through the WEB based GUI. BEC 4700A / 4700AZ User Manual Introduction Features & Specifications 3 Features & Specifications High-speed 4G connection up to downlink 100/300Mbps and uplink 50Mbps data rate (4700AZ) Outdoor 4G for high speed mobile connectivity (4700AZ) 4G embedded with a built-in SIM card slot (4700AZ) 4G Management Center for connection monitoring (4700AZ) Concurrent 2.4GHz & 5GHz Wi-Fi Connections Firewall security with DoS prevention and SPI Quality of Service control Syslog monitoring Ease of Use with Quick Installation Wizard Ideal for boat marina, campgrounds, RV parks, public parks, urban space, remote connectivity Operational Mode Bridge or Routed mode Network Protocols and Features IPv4, IPv6 or IPv4 / IPv6 Dual Stack NAT, static (v4/v6) routing and RIP-1 / 2 DHCPv4 / v6 Universal Plug and Play (UPnP) Compliant Dynamic Domain Name System (DDNS) Virtual Server and DMZ SNTP, DNS proxy IGMP snooping and IGMP proxy MLD snooping and MLD proxy BEC 4700A / 4700AZ User Manual Introduction Features & Specifications 4 Firewall Built-in NAT Firewall Stateful Packet Inspection (SPI) DoS attack prevention including Land Attack, Ping of Death, etc. Access control IP&MAC filter, URL Content Filter Password protection for system management VPN pass-through Quality of Service Control Carrier Grade Wireless LAN Compliant with IEEE 802.11 a/b/g/n/ac standards 2.4GHz & 5GHz frequency range 20/40-MHz channel bandwidth Up to 300Mbps (2.4GHz) & 1700Mbps (5GHz) wireless data phy rate 64/128 bits WEP supported for encryption Wireless security with WPA-PSK, WPA2-PSK, Mixed WPA/WAP2-PSK, 802.1x/Radius AP, Client Bridge and WDS Operational Modes Traffic prioritization management based-on Protocol, Port Number, and IP Address (IPv4/ IPv6) Multiple SSID (4 SSIDs), BSSID Wireless MAC filtering Wireless Client Isolation Support up to 32 Connected Clients Wi-Fi client rate-limiting Management Quick Installation wizard BEC 4700A / 4700AZ User Manual Web-based GUI for remote and local management (IPv4/IPv6) Firmware upgrades and configuration data upload and download via web-based GUI Introduction Features & Specifications 5 Supports DHCP server / client / relay Supports SNMP v1, v2, v3, MIB-I and MIB-II TR-069 supports remote management BEC 4700A / 4700AZ User Manual Introduction Hardware Specifications 6

(2) 10/100/1000 Gigabit Ethernet LAN with IEEE802.3at compliant Gigabit PoE PD Hardware Specifications Physical interface IEEE 802.3at PD complaint (25.5W)

(6) Wireless N-Type Connectors with arrester SIM slot (for the SIM from Telco / ISP) (4700AZ) Reset Button LED Indicators:

Physical Specifications

(4700AZ) Power/Boot, LAN(PoE), EWAN, WI-FI(2.4GHz & 5GHz), LTE RSSI, and Internet

(4700A) Power/Boot, LAN(PoE), WAN, Wi-Fi Internet Dimensions (W*H*D): 8.5" x 7.5" x 3"(257mm x 227mm x 91mm) Weight: 2kgs (4.4lbs) (Without Mount) Industrial-grade IP68 and Vent integration enclosure Top cover material UL-746C compliant for UV-resistant BEC 4700A / 4700AZ User Manual Introduction Application Diagram 7 Application Diagram 4700AZ BEC 4700A / 4700AZ User Manual Product Overview 8 CHAPTER 2: PRODUCT OVERVIEW Important Note for Using This Router Do not remove, open or repair the case yourself. Contact with your Internet Service Provider or have it repaired at a qualified service center. Use the supplied PoE (Power-over-Ethernet) injector for indoor only or Attention with any 802.3at capable PoE injectors to connect with the BEC 4700A/AZ. It is mandatory to earth ground the BEC 4700A/AZ. Improper grounding not only could damage the unit but also all equipment connected to it. Package Contents The BEC 4700A / AZ (4G/LTE) Wireless Outdoor Router x 1 M25 Cable Gland x 2 Quick Start Guide x 1 Outdoor LAN Cable x 1 Gigabit Power-over-Ethernet (PoE) Injector x 1 Grounding Wire x 1 2.4GHz/5GHz Wi-Fi Antennas x 6 Mounting Kit x 1 BEC 4700A / 4700AZ User Manual Product Overview Device Description (Hardware Overview (BEC 4700A)) 9 Device Description Hardware Overiew (BEC 4700AZ) 2 3 1 6 5 4 7 8 4 9 4 10 1 11 11 11 11 PORT & LED 1 Antenna WIFI Connectors

* Power off the BEC 4700AZ before inserting or removing the SIM card(s) 4 2.4GHz WIFI LED 5 5GHz WIFI LED Green Blinking Green Blinking Wireless connection established Data being transmitted / received Wireless connection established Data being transmitted / received BEC 4700A / 4700AZ User Manual Product Overview Device Description (Hardware Overview (BEC 4700A)) 10 PORT & LED MEANING Green RSSI greater than -69 dBm. Excellent signal condition LTE LED 6

(Received Signal Strength Indicator) Green Flashing Quickly RSSI from -81 to -69 dBm. Good signal condition Orange Flashing Quickly RSSI from -99 to -81 dBm. Fair signal condition Orange Flashing Slowly RSSI less than -99 dBm. Poor signal condition 7 Power LED No signal and the 4G LTE module is in service No LTE module or LTE module fails System is up and ready Boot failure IP connected; WAN connection is ready 8 Internet LED Red IP request failed Off Either in bridged mode or WAN connection is not available Use an outdoor Ethernet cable to connect with to an internet device. Note: The EWAN port is a configurable LAN/WAN port, which automatically becomes an EWAN port when EWAN internet interface is being selected in the GUI. 9 Gb WAN Ethernet Green Transmission speed is at Gigabit speed (1000Mbps) Transmission speed is at 10/100Mbps Data being transmitted/received LAN & PoE interface. Connect to the supplied 802.3at Gb PoE injector to provide power &

data 10 Gb Ethernet Green LAN/PoE Transmission speed is at Gigabit speed (1000Mbps) Transmission speed is at 10/100Mbps Data being transmitted/received 11 WIFI Antenna Connectors

(5GHz) Screw the supplied Wi-Fi antennas onto those 4 antenna connectors. Orange Off Green Red Green Orange Blinking Orange Blinking BEC 4700A / 4700AZ User Manual Product Overview Device Description (Hardware Overview (BEC 4700A)) 11 Hardware Overiew (BEC 4700A) 2 5 4 3 1 6 4 7 4 8 1 9 9 9 9 PORT & LED 1 WIFI Antenna Connectors

(2.4GHz) MEANING Screw the supplied 2.4GHz antennas onto the antenna connectors on both sides. 2 RESET After the device is powered on, press it 6 seconds or above: to restore to factory default settings (this is used when you cannot login to the router, e.g. forgot your password) 3 2.4GHz LED Green WIFI 4 5GHz WIFI LED Blinking Green Blinking Wireless connection established Data being transmitted / received Wireless connection established Data being transmitted / received BEC 4700A / 4700AZ User Manual Product Overview Device Description (Hardware Overview (BEC 4700A)) 12 MEANING System is up and ready Boot failure IP connected; WAN connection is ready 6 Internet LED Red IP request failed Off Either in bridged mode or WAN connection is not available Use an outdoor Ethernet cable to connect to any Ethernet equipment. WAN & PoE interface. Connect to the supplied 802.3at Gb PoE injector to provide power &

data. Transmission speed is at Gigabit speed (1000Mbps) Transmission speed is at 10/100Mbps Data being transmitted/received Transmission speed is at Gigabit speed (1000Mbps) Transmission speed is at 10/100Mbps Data being transmitted/received Screw the supplied Wi-Fi antennas onto those 4 antenna connectors. PORT & LED 5 Power LED 7 Gb Ethernet LAN Gb Ethernet WAN/PoE IN 8 9 WIFI Antenna Connectors

(5GHz) Green Red Green Green Orange Blinking Green Orange Blinking BEC 4700A / 4700AZ User Manual Product Overview Mounting Kit Installation 13 Mounting Kit Installation Mounting Kit includes:

Articulation Pole x 1 T-formed Bracket x 1 Stainless Hose Clamp x 2 M8x40 Screw Bolt x 1 M8 Nut x 1 M8 Washer x 1 M6 Washer x 4 Spring Washer M8 x 1 Spring Washer M6 x 4 M6x16 Screw x 4 Articulation Pole x 1 M8 Nut x 1 M8 Washer x 1 M6 Washer x 4 T-form Bracket x 1 Spring Washer M8 x 1 Spring Washer M6 x 4 M8x40 Screw Bolt x 1 M6 x 16 Screw x 4 For Wall Mount Installation, you will need:

Wood Screw x 4 Wood / Gyprock x 4 Wood Screw x 4 Wood / Gyprock Plug x 4 For Pole Mount Installation, you will need:

W-Bar x 1 M6 x 60 Screw Bolts x 2 M6 Washer x 2 Spring Washer x 2 Stainless Hose Clamp x 2 BEC 4700A / 4700AZ User Manual W-Bar x 1 Hose Clamp x 2 M6 x 60 Screw Bolt x 2 M6 Washer x 2 Spring Washer M6 x 2 Product Overview Mounting Kit Installation 14 1. Attach the Articulation Pole to the Enclosure Attach the articulation pole to the back of the BEC 4700A/AZ enclosure using the supplied M6 screws, M6 spring washers and M6x16 screws which are included in the mounting kit. 1 2 M6x16 Screw M6 Spring Washer M6 Washer 3 Tool Advice:

Use #10 HEX. Wrench to tighten or loosen the bolt(s). BEC 4700A / 4700AZ User Manual Note: The flexible mounting kit can be adjusted in multiple angles to align with the base station for higher efficiency. Product Overview Mounting Kit Installation 15 45 BEC 4700A / 4700AZ User Manual 45 45 45 Product Overview Mounting Kit Installation 16 2. Wall or Pole Mount Installation 2.1 Mounting on Wall Fix the T-formed Bracket to the wall by using wood screws and Gyprock plugs. 2.2 Mounting on a Pole between 1.5 to 2 (38.1 ~ 50.8mm) Attach the T-formed Bracket and the W-bar to the pole then use M6x60 bolts, M6 spring washers and M6 washers to fix the mounting kit onto the pole. 2.3 Mounting on a Pole between 1 to 3 (25.4 ~ 76.2mm) BEC 4700A / 4700AZ User Manual Product Overview Mounting Kit Installation 17 Use the stainless hose clamps through the T-formed Bracket. Fix the T-formed Bracket to the pole by using the supplied stainless hose clamps. Use a flat-head screwdriver to turn the head of the screw clockwise to tighten it. 3. Install the Articulation Pole with the T-formed Bracket Attach the articulation pole (BEC 4700A/AZ enclosure) to the T-formed bracket using the supplied M8 nut, M8 spring washer, M8 washer and M8x40 screw bolt. 3 M8 Washer M8 Nut 4 M8 Spring Washer 2 M8x40 Screw Bolt 1 4. Grounding the BEC 4700A/AZ to Complete the Installation BEC 4700A / 4700AZ User Manual Attach the grounding wire to the BEC 4700A/AZ and tighten the screw Product Overview Mounting Kit Installation 18 5. Position Adjustment Adjust the 4700A/AZ until it reaches the desire elevation and depression angle, then tight the M8 nut (see Install the Articulation Pole with the T-formed Bracket for more information) BEC 4700A / 4700AZ User Manual Product Overview Router Installation Instructions 19 Router Installation Instructions 1. Power on your BEC 4700A/AZ Step 1: Assemble M25 cable gland Step 2:

Unscrew the WAN/PoE IN port and insert the supplied outdoor Ethernet cable (RJ-45) through material A-D, and then connect the RJ-45 Ethernet cable into the WAN/PoE IN port. Step 3:

3.1: Insert C at the back end of D 3.2: clip B on C 3.3: keep B close to D 3.4: then tighten A BEC 4700A / 4700AZ User Manual Product Overview Router Installation Instructions 20 Step 4:

Powering via PoE Injector: Insert the other end of outdoor Ethernet cable (RJ-45) to the supplied Gigabit PoE injector Data+Power port. Connect another Ethernet cable (RJ-45) directly to the Data port and the other end of cable to a switch or broadband router. Powering via a PoE Switch: Connect the Ethernet cable (RJ-45) from the 4700A/AZ directly to a PoE port on the switch. IMPORTANT: It is recommended to put the Gigabit PoE Injector on an UPS or Surge Protector. Use a grounding wire to ground your BEC 4G/LTE ODU is REQUIRED!

2. Set up Your Internet Connection BEC 4700A / 4700AZ User Manual Step 1 (4700AZ Only): Unscrew the cap of SIM card slot. Product Overview Router Installation Instructions 21 Step 2 (4700AZ Only): Slide the SIM card with the mental contacts (gold plate) facing down to the SIM slot then push it all the way in until you hear the clicking sound. It is recommended to use an industrial-grade SIM card. BEC 4700A / 4700AZ User Manual Product Overview Router Installation Instructions 22 Step 3 (4700AZ Only): Screw the cap back tightly. Please power off the device before inserting or removing the SIM card. BEC 4700A / 4700AZ User Manual System Recovery Procedures Product Overview System Recovery Procedure 23 The purpose is to allow users to restore the BEC 4700A/AZ to its initial stage when the device is outage, upgraded to a wrong / broken firmware, cannot access to the GUI with wrong username and/or password, etc. Step 1 Configure your PC Network IP Address Before performing the system recovery, assign this IP address and Netmask to your PC, 192.168.1.100 and 255.255.255.0 respectively. Step 2 Reset your BEC 4700A/AZ Device 2.1 Power off your BEC 4700A/AZ 2.2 Power on the BEC 4700A/AZ while pushing the RESET button with a small pointed object (such as paper clip, needle, toothpick, and etc.). 2.3 When the POWER LED turns RED, keep holding and pushing the RESET button for more 6 seconds then release it. The INTERNET LED will flash in GREEN afterward. Step 3 Restore your BEC 4700A/AZ Device With INTERNET light flashes green, BEC 4700A/AZ is in recovery mode and ready for a new Firmware. 3.1 Open a web browser and type the IP address, 192.168.1.1, to access to the recovery page. NOTE: In the recovery mode, BEC 4700A/AZ will not respond to any PING or other requests. 3.2 Browse to the new Firmware image file then click Upload to start the upgrade process. 3.3 INTERNET LED turns red means the Firmware upgrade is in process. DO NOT power off or reboot the device, it would permanently damage your BEC 4700A/AZ. 3.4 INTERNET LED turns green after the Firmware upgrade completed 3.5 Power cycle on & off to regain access to the BEC 4700A/AZ. BEC 4700A / 4700AZ User Manual CHAPTER 3: BASIC INSTALLATION Basic Installation 24 The router can be configured with your web browser. A web browser is included as a standard application in the following operating systems: Windows 7 / 8 / 10, Linux, Mac OS, etc. The product provides an easy and user-friendly interface for configuration. PCs must have an Ethernet interface installed properly and be connected to the router either directly or through an external repeater hub and have TCP/IP installed or configured to obtain an IP address through a DHCP server or a fixed IP address that must be in the same subnet as the router. The default IP address of the router is 192.168.1.254 and the subnet mask is 255.255.255.0 (i.e. any attached PC must be in the same subnet and have an IP address in the range of 192.168.1.1 to 192.168.1.253). The best and easiest way is to configure the PC to get an IP address automatically from the router using DHCP. If you encounter any problems accessing the routers web interface it may also be advisable to uninstall any kind of software firewall on your PCs, as they can cause problems accessing the 192.168.1.254 IP address of the router. Users should make their own decisions on how to best protect their network. Please follow the steps below for your PCs network environment installation. First of all, please check your PCs network components. The TCP/IP protocol stack and Ethernet network adapter must be installed. If not, please refer to your Windows-related or other operating system manuals. Any TCP/IP capable workstation can be used to communicate with or through the BEC 4700A/AZ. To configure other types of workstations, please consult the manufacturers documentation. Attention BEC 4700A / 4700AZ User Manual Basic Installation Network Configuration Windows 10 (IPv4) 25 4. Under Related settings, Network and Sharing Center select Network Configuration IPv4 Configuring PC in Windows 10 (IPv4) 1. Click

. 2. Click 3. Then click on Network and Internet. 5. When the Network and Sharing Center window pops up, select and click on Change adapter settings on the left window panel. 6. Select the Local Area Connection, and right click the icon to select Properties. BEC 4700A / 4700AZ User Manual Basic Installation Network Configuration Windows 10 (IPv4) 26 7. Select Internet Protocol Version 4

(TCP/IPv4) then click Properties. In the TCP/IPv4 properties window, select the Obtain an IP address automatically and Obtain DNS Server address automatically radio buttons. Then click OK to exit the setting. 8. 9. Click OK again in the Local Area Connection Properties window to apply the new configuration. BEC 4700A / 4700AZ User Manual Basic Installation Network Configuration Windows 7/8 (IPv4) 27 Configuring PC in Windows 7/8 (IPv4) 1. Go to Start. Click on Control Panel. 2. Then click on Network and Internet. 3. When the Network and Sharing Center window pops up, select and click on Change adapter settings on the left window panel. 4. Select the Local Area Connection, and right click the icon to select Properties. BEC 4700A / 4700AZ User Manual Basic Installation Network Configuration Windows 7/8 (IPv4) 28 5. Select Internet Protocol Version 4

(TCP/IPv4) then click Properties. In the TCP/IPv4 properties window, select the Obtain an IP address automatically and Obtain DNS Server address automatically radio buttons. Then click OK to exit the setting. 7. Click OK again in the Local Area Connection Properties window to apply the new configuration. 6. BEC 4700A / 4700AZ User Manual Basic Installation Network Configuration Windows Vista (IPv4) 29 Configuring PC in Windows Vista (IPv4) 1. Go to Start. Click on Network. 2. Then click on Network and Sharing Center at the top bar. 3. When the Network and Sharing Center window pops up, select and click on Manage network connections on the left window panel. 4. Select the Local Area Connection, and right click the icon to select Properties. BEC 4700A / 4700AZ User Manual Basic Installation Network Configuration Windows Vista (IPv4) 30 5. Select Internet Protocol Version 4

(TCP/IPv4) then click Properties. the Obtain an In the TCP/IPv4 properties window, select IP address automatically and Obtain DNS Server address automatically radio buttons. Then click OK to exit the setting. 6. 7. Click OK again in the Local Area to Connection Properties window apply the new configuration. BEC 4700A / 4700AZ User Manual Basic Installation Network Configuration Windows 10 (IPv6) 31 Network Configuration IPv6 Configuring PC in Windows 10 (IPv6) 1. Click

. 2. Click 3. Then click on Network and Internet. 5. When the Network and Sharing Center window pops up, select and click on Change adapter settings on the left window panel. 4. Under Related settings, Network and Sharing Center select 6. Select the Local Area Connection, and right click the icon to select Properties. BEC 4700A / 4700AZ User Manual Basic Installation Network Configuration Windows 10 (IPv6) 32 7. Select Internet Protocol Version 6

(TCP/IPv6) then click Properties. In the TCP/IPv6 properties window, select the Obtain an IPv6 address automatically and Obtain DNS Server address automatically radio buttons. Then click OK to exit the setting. 8. 9. Click OK again in the Local Area Connection Properties window to apply the new configuration. BEC 4700A / 4700AZ User Manual Basic Installation Network Configuration Windows 7/8 (IPv6) 33 Configuring PC in Windows 7/8 (IPv6) 1. Go to Start. Click on Control Panel. 2. Then click on Network and Internet. 3. When the Network and Sharing Center window pops up, select and click on Change adapter settings on the left window panel. 4. Select the Local Area Connection, and right click the icon to select Properties. BEC 4700A / 4700AZ User Manual Basic Installation Network Configuration Windows 7/8 (IPv6) 34 5. Select Internet Protocol Version 6

(TCP/IPv6) then click Properties. In the TCP/IPv6 properties window, select the Obtain an IPv6 address automatically and Obtain DNS Server address automatically radio buttons. Then click OK to exit the setting. 6. 7. Click OK again in the Local Area Connection Properties window to apply the new configuration. BEC 4700A / 4700AZ User Manual Basic Installation Network Configuration Windows Vista (IPv6) 35 Configuring PC in Windows Vista (IPv6) 1. Go to Start. Click on Network. 2. Then click on Network and Sharing Center at the top bar. 3. When the Network and Sharing Center window pops up, select and click network connections on the left window panel. on Manage 4. Select the Local Area Connection, and right click the icon to select Properties. BEC 4700A / 4700AZ User Manual Basic Installation Network Configuration Windows Vista (IPv6) 36 5. Select Internet Protocol Version 6

(TCP/IPv6) then click Properties. the Obtain an In the TCP/IPv6 properties window, select IP address automatically and Obtain DNS Server address automatically radio buttons. Then click OK to exit the setting. 6. 7. Click OK again in the Local Area to Connection Properties window apply the new configuration. BEC 4700A / 4700AZ User Manual Basic Installation Default Settings 37 Default Settings Before configuring the router, you need to know the following default settings. Web Interface: (Username and Password) Administrator Username: admin Password: admin If you ever forget the username/password to login to the router, you may press the RESET button up to 6 seconds then release it to restore the factory default settings. Caution: After pressing the RESET button for more than 6 seconds then release it, to be sure you power cycle the device again. Device LAN IP Settings IP Address: 192.168.1.254 Subnet Mask: 255.255.255.0 DHCP Server:

DHCP server is enabled. Start IP Address: 192.168.1.100 IP pool counts: 100 BEC 4700A / 4700AZ User Manual Basic Installation Default Settings 38 Information from Your ISP Before configuring this device, you have to check with your ISP (Internet Service Provider) what kind of service is provided, Dynamic IP address, Static IP address, PPPoE or Bridge Mode). Gather the information as illustrated in the following table and keep it for reference. PPPoE Username, Password, Service Name, and Domain Name System (DNS) IP address (it can be automatically assigned by your ISP when you connect or be set manually). Dynamic IP Address you connect or be set manually). DHCP Client (it can be automatically assigned by your ISP when Static IP Address System (DNS) IP address (it is fixed IP address). IP address, Subnet mask, Gateway address, and Domain Name BEC 4700A / 4700AZ User Manual Device Configuration Login to Your Device 39 CHAPTER 4: DEVICE CONFIGURATION Login to your Device Open your web browser, enter the IP address of your router, which by default is 192.168.1.254, and click Go, a username and password window prompt appears. The default username & password is admin & admin respectively for the Administrator. NOTE: This username / password may vary by different Internet Service Providers. Congratulations! You have successfully logged on to your BEC 4700A/AZ BEC 4700A / 4700AZ User Manual Once you have logged on to your BEC 4700A/AZ via your web browser, you can begin to set it up according to your requirements. On the configuration homepage, the left navigation pane links you directly to the setup pages, which includes:

Device Configuration Login to Your Device 40 Section Status Configuration Quick Start

(Wizard Setup) 4G-LTE Status (4700AZ) Device Info System Status System Log Wireless Status Hotspot Status Statistics DHCP Table IPSEC Status PPTP Status L2TP Status GRE Status OpenVPN Status ARP Table VRRP Status Sub-

Items BEC 4700A / 4700AZ User Manual Loopback Internet LAN Interface Setup

- Wireless 2.4G / 5G

- Wireless 2.4G / 5G MAC Filter

- Wireless 5G Repeater

Dual WAN (4700AZ)

- General Setting

- Outbound Load Balance

- Protocol Binding Hotspot

- General Setting

- Built-in User Account

- Authorized of Client

- Walled Garden

- Advertisement

- Hotspot Status Log

- Customization Advanced Setup

- Firewall

- Routing

- Dynamic Routing

- NAT

- VRRP

- Static DNS

- QoS

- Port Isolation

- Time Schedule

- Mail Alert VPN

- PPTP Server & Client

L2TP

- GRE

- OpenVPN Server / Client Access Management

- Device Management

- SNMP

- Syslog

- Universal Plug & Play (UPnP)

- Dynamic DNS

- Access Control

- Packet Filter

- CWMP (TR-069)

- Parental Control

- BECentral Management Maintenance

- User Management

- Certificate Management

- Time Zone

Interface Grouping (4700AZ) License IPSec Device Configuration Login to Your Device 41

- Firmware & Configuration

- System Restart

- Auto Reboot

- Diagnostic Tool Please see the relevant sections of this manual for detailed instructions on how to configure your BEC 4700A/AZ. BEC 4700A / 4700AZ User Manual Device Configuration Status Device Info 42 Status Device Info It provides brief status summary of the device. Device Information Model Name: Name of the router for identification purpose. Firmware Version: Software version currently loaded in the router. MAC Address: A unique number that identifies the router. Data Time: Setup correct time on the BEC 4700A/AZ with your PC. Check on Time Zone section for more configuration information. System Uptime: Display how long the BEC 4700A/AZ has been powered on. Physical Port StatusDisplay available connection interfaces supported in the 4700A/AZ. Physical Port Status WAN Interface: List current available WAN connections. Protocol: Display selected WAN connection protocol Connection: The current connection status. BEC 4700A / 4700AZ User Manual Device Configuration Status Device Info 43 IP Address: WAN port IP address. Default Gateway: The IP address of the default gateway. LAN IP Address: LAN port IPv4 address. Subnet Mask/Prefix Length: Display LAN port IP subnet mask of IPv4 and/or Prefix length of IPv6. DHCP Server: Display LAN DHCP status of IPv4 and IPv6. Enable / 192.168.1.100~199: DHCPv4 server status on or off / DHCP IP range. Enable / Stateless: DHCPv6 server status on or off / DHCPv6 server Type. Wireless Mode: Display selected Wireless mode. SSID: Display the name of the Wireless AP(s) to use. Channel: Display radio frequency to be used for this wireless link. Security: Display security method to be used for this wireless link. BEC 4700A / 4700AZ User Manual Device Configuration Status System Status & System Log 44 System Status System status displays the current router system (CPU and Memory) usage. Usage: Display the amount of CPUs processing capacity is being used in percentage (%). Higher the % rate may result in slow Internet loading, experiencing video lags, etc. To reduce high CPU consumption by resetting the device, power off and on, the easiest way to regain the service. Total / Free / Cached (in Kbyte): Display the memory consumptions in kilobytes (kB). Click Refresh button to update the status. CPU Memory System Log In system log, you can check the operations status and any glitches to the router. Refresh: Press this button to refresh the statistics. Backup: Press to save the System log, log.cfg, to your PC. BEC 4700A / 4700AZ User Manual 4G/LTE Status This page contains 4G/LTE connection information. Device Configuration Status 4G-LTE Status 45 Status: Display current status of the 4G/LTE connection. SIM Status: Identify current status of the SIM, Activate or SIM Card Not Found. Signal Strength: The signal strength bar and dBm value indicates the current 4G/LTE signal strength. The front panel 4G/LTE Signal Strength LED indicates the signal strength as well. Network Name: The name of the LTE network the router is connecting to. Cell ID: The ID of base station that the device is connected to. Card IMEI: The unique identification number that is used to identify the 4G/LTE module. Card IMSI: The international mobile subscriber identity used to uniquely identify the 4G/LTE module. SIM Card Number (ICCID): It is a unique and specific serial number, consists of 19 or 20 characters, assigned to your SIM card. Network Mode: Display current network operating mode. Network Band: Indicated the current radio frequency band used. Auto Refresh: Select Disable or Enable to reload the mobile status information. Refresh: Click to refresh the statistics. Usage Allowance To enable this feature, please go to Configuration >> Interface Setup >> Internet >> click Usage Allowance >> enable Save the statistics to ROM BEC 4700A / 4700AZ User Manual Device Configuration Status 4G-LTE Status 46 Amount Used: Display the amount of mobile data used and remaining in current billing cycle. Billing Cycle: Display the start date and number of days remaining in current billing cycle. Clean: Reset current saved mobile usage. Save: Click to save current mobile status to ROM. BEC 4700A / 4700AZ User Manual Wireless Status Device Configuration Status Wireless Status 47 MAC: The MAC of the connected wireless device. SSID: Display the total bytes transmitted till the latest second for the current connection for the current connection. RSSI: Display the signal strength between the wireless client and the AP (Access Point). RX / TX Rate: Display the current data reception (RX) and transmission (TX) rate, in Mbps, of the Wi-Fi client can use. Also display the MCS (Modulation and Coding Scheme) index and Channel Bandwidth are used. Connected Time: Display the total amount of time the wireless client has connected with the wireless AP. Host Name: Display the hostname of the Wi-Fi client. IP Address: The LAN IP address assigned to the wireless device. Expire Time: Display remaining time before connection expires or timeout. Refresh: Click to refresh the statistics. BEC 4700A / 4700AZ User Manual Hotspot Status The status table displays a list of connected Wi-Fi clients via the hotspot. Device Configuration Status Hotspot Status 48 Action: Click Drop to terminate the Wi-Fi connection of the client to the wireless network. MAC Address: The MAC of the connected wireless device. IP Address: The LAN IP address assigned to the wireless device. Authentication: Identification of the wireless device is being authorized or not. Username: The authentication username used to login to the hotspot. Go to Built-in User Account for detailed login account list. Duration Time (remaining time / available session time interval): Display remaining interval available before session expires/timeout. Idle Time (current idle time / total idle timeout period): Display current idle time of the Wi-Fi device. If it reaches to total idle timeout period, the Internet connection will get disconnected immediately. Upload / Download (used / available bandwidth in %): Display current used bandwidths, in upload and download, out of the maximum allow usage in %. Total Data Usage: Display total data usage of the Wi-Fi user. Refresh: Click to refresh the statistics. BEC 4700A / 4700AZ User Manual Device Configuration Status Statistics (4G/LTE) 49 Statistics 4G-LTE Status Take 4G/LTE as an example to describe the following connection transmission information. Traffic Statistics Transmit Statistics Interface: List all available network interfaces in the router. You are currently checking on the physical status of CBRS interface. Transmit Frames of Current Connection: Display the total number of 4G/LTE frames transmitted until the latest second for the current connection. Transmit Bytes of Current Connection: Display the total bytes transmitted till the latest second for the current connection for the current connection. Transmit Total Frames: Display the total number of frames transmitted till the latest second since system is up. Transmit Total Bytes: Display the total number of bytes transmitted until the latest second since system is up. Transmit Speed: Display the data rate can be transferred to the server, the mobile Internet. Receive Statistics Receive Frames of Current Connection: Display the number of frames received until the latest second for the current connection. Receive Bytes of Current Connection: Display the total bytes received till the latest second for the current connection. Receive Total Frames: Display the total number of frames received until the latest second since system is up. Receive Total Bytes: Display the total frames received till the latest second since system is up. Receive Speed: Display the data rate receives from the mobile Internet. Auto Refresh: Select a time interval to refresh the data automatically or none to disable the feature. Refresh: Click to manually refresh the data. BEC 4700A / 4700AZ User Manual Ethernet WAN Device Configuration Status Statistics (Ethernet WAN) 50 Traffic Statistics Transmit Statistics Interface: List all available network interfaces in the router. You are currently checking on the physical status of the WAN port. Transmit Frames: Display the number of frames transmitted until the latest second. Transmit Multicast Frames: Display the number of multicast frames transmitted until the latest second. Transmit Total Bytes: Display the number of bytes transmitted until the latest second. Transmit Collision: Numbers of collisions have occurred on this port. Transmit Error Frames: Display the number of error packets on this port. Receive Statistics Receive Frames: Display the number of frames received until the latest second. Receive Multicast Frames: Display the number of multicast frames received until the latest second. Receive Total Bytes: Display the number of bytes received until the latest second. Receive CRC Errors: Display the number of error packets on this port. Receive Under-size Frames: Display the number of under-size frames received until the latest second. Traffic Speed Transmit Speed: Display the data rate can be transferred to the server, the Broadband Internet Service Provider. Receive Speed: Display the data rate receives from the Broadband Internet Service Provider. Refresh: Click to manually refresh the data. Auto Refresh: Select a time interval to refresh the data automatically or none to disable the feature. BEC 4700A / 4700AZ User Manual Ethernet Device Configuration Status Statistics (Ethernet LAN) 51 Traffic Statistics Transmit Statistics Interface: List all available network interfaces in the router. You are currently checking on the physical status of the Ethernet port. Transmit Frames: Display the number of frames transmitted until the latest second. Transmit Multicast Frames: Display the number of multicast frames transmitted until the latest second. Transmit Total Bytes: Display the number of bytes transmitted until the latest second. Transmit Collision: Numbers of collisions have occurred on this port. Transmit Error Frames: Display the number of error packets on this port. Receive Statistics Receive Frames: Display the number of frames received until the latest second. Receive Multicast Frames: Display the number of multicast frames received until the latest second. Receive Total Bytes: Display the number of bytes received until the latest second. Receive CRC Errors: Display the number of error packets on this port. Receive Under-size Frames: Display the number of under-size frames received until the latest second. Traffic Speed Transmit Speed: Display the data rate can be transferred to the server, the Broadband Internet Service Provider. Receive Speed: Display the data rate receives from the Broadband Internet Service Provider. Auto Refresh: Select a time interval to refresh the data automatically or none to disable the feature. Refresh: Click to manually refresh the data. BEC 4700A / 4700AZ User Manual Wireless 2.4G/5G Device Configuration Status Statistics (Wireless 2.4G/5G) 52 Interface: List all available network interfaces in the router. You are currently checking on the physical status of the Wireless 5G. Traffic Statistics Transmit Statistics Receive Statistics Traffic Speed Transmit Frames: Display the number of frames transmitted until the latest second. Transmit Error Frames: Display the number of error frames transmitted until the latest second. Transmit Drop Frames: Display the number of drop frames transmitted until the latest second. Receive Frames: Display the number of frames received until the latest second. Receive Error Frames: Display the number of error frames received until the latest second. Receive Drop Frames: Display the number of drop frames received until the latest second. Transmit Speed: Display the data rate can be transferred to the server, the Wireless AP. Receive Speed: Display the data rate receives from the Wireless AP. Refresh: Click to manually refresh the data. Auto Refresh: Select a time interval to refresh the data automatically or none to disable the feature. BEC 4700A / 4700AZ User Manual Device Configuration Status DHCP Server & IPSec Status 53 DHCP Table DHCP table displays the devices connected to the router with clear information. Index #: The indication of the rule number. Host Name: Show the hostname of the PC. IP Address: The IP allocated to the device. MAC Address: The MAC of the connected device. Expire Time: The total remaining interval since the IP assignment to the PC. IPSec Status Index #: The numeric IPSec VPN tunnel/ rule. Action: Display Connect or Drop the connection. Connection Name: The profile name of the VPN connection/tunnel. Active: Display Yes or No to indicate the profile is enabled or disabled. Connection State: Display statuses of IPSec phase 1 and phase 2 connections. Statistics: Display upstream/downstream traffic per session in KB. The value clears when session disconnects. Remote Gateway: Display remote gateway IP address. Remote Network: Display remote local IP address and Netmask. Local Network: Display local IP address and Netmask. Refresh: Click to refresh the page. BEC 4700A / 4700AZ User Manual Device Configuration Status PPTP Status (PPTP Server & PPTP Client) 54 PPTP Status PPTP Server Index #: The numeric PPTP VPN tunnel/ rule. Connection Name: The profile name of the VPN connection/tunnel. Active: Display Yes or No to indicate the profile is enabled or disabled. Connection State: Display the VPN connection status. Connection Type: Display if VPN connection is for single PC use (Remote Access) or multi-user use

(LAN to LAN). Assigned IP Address: Display the IP address assigned to the client by the PPTP Server. Remote Network: Display the remote network and subnet mask in LAN to LAN PPTP connection. Refresh: Click to refresh the page. PPTP Client Index #: The numeric PPTP VPN tunnel/ rule. Connection Name: The profile name of the VPN connection/tunnel. Active: Display Yes or No to indicate the profile is enabled or disabled. Connection State: Display Yes/No to indicate the VPN connection status. Connection Type: Display if VPN connection is for single PC use (Remote Access) or multi-user use

(LAN to LAN). Server IP Address: Display the WAN IP address of remote PPTP Server. Remote Network: Display the remote network address and subnet mask in LAN to LAN PPTP connection. Refresh: Click to refresh the page. BEC 4700A / 4700AZ User Manual L2TP Status Device Configuration Status L2TP Status / GRE Status 55 Index #: The numeric L2TP VPN tunnel/rule indication. Connection Name: The profile name of the VPN connection/tunnel. Active: Display Yes or No to indicate the profile is enabled or disabled. Connection State: Display Yes/No to indicate the VPN connection status. Connection Mode: Display if L2TP mode is a dial-in or dial-out. Connection Type: Display if VPN connection is for single PC use (Remote Access) or multi-user use

(LAN to LAN). Tunnel Remote IP Address: Display the remote tunnel IP address. Refresh: Click to refresh the page. GRE Status Index #: The numerical GRE tunnel/rule indication. Connection Name: The profile name of the VPN connection/tunnel. Active: Display Yes or No to indicate the profile is enabled or disabled. Connection State: Display Yes/No to indicate the VPN connection status. Remote Gateway IP: Display the remote gateway IP address. Remote Network: Display the remote local network IP address / Netmask. BEC 4700A / 4700AZ User Manual Device Configuration Status OpenVPN Server / OpenVPN Client 56 OpenVPN Status OpenVPN Server Index #: The numeric OpenVPN tunnel/ rule. Connection Name: The profile name of the VPN connection/tunnel. Active: Display Yes or No to indicate the profile is enabled or disabled. Service Port: Display the port/protocol (1194/udp) used for OpenVPN connection. Tunnel Network: Display the virtual tunnel IP address and Netmask of the OpenVPN server. Status: Display the status of the profile/rule Refresh: Click to refresh the page. OpenVPN Client Index #: The numeric OpenVPN tunnel/ rule. Connection Name: The profile name of the VPN connection/tunnel. Active: Display Yes or No to indicate the profile is enabled or disabled. Remote Server: Display the remote server public IP address and used port/protocol for this connection. Status: Display the status of the profile/rule Refresh: Click to refresh the page. Detailed Info: Display detailed IP assignment and routing information of this VPN connection. BEC 4700A / 4700AZ User Manual Device Configuration Status ARP Table / VRRP Status 57 This section displays the routers ARP (Address Resolution Protocol) Table, which shows the mapping of Internet (IP) addresses to Ethernet (MAC) addresses. This is useful as a quick way of determining the MAC address of the network interface of your PCs to use with the routers Firewall - MAC Address Filter function. See the Firewall section of this manual for more information on this feature. Index #: The indication of the APR table number. IP Address: It is IP Address of internal host that join this network. MAC Address: The MAC address of internal host. ARP Table VRRP Status Current Status: Display current VRRP status, Master or Backup. Current Master: Display the IP address of the Master. BEC 4700A / 4700AZ User Manual Device Configuration Quick Start 58 Quick Start This is a useful and easy utility to help you to setup the router quickly and to connect to your ISP

(Internet Service Provider) with only a few steps. It will guide you step by step to setup password, time zone, wireless, and WAN settings of your device. The Quick Start Wizard is a helpful guide for the first-time users to the device. For detailed instructions on configuring WAN settings, see refer to the Interface Setup section. Click NEXT to move on to Step 1. Step 1 Password Set new password of the admin account to access for router management. The default is admin. Once changed, please use this new password next time when accessing to the router. Click NEXT to continue. Step 2 Time Zone Choose your time zone. Click NEXT to continue. Set up your wireless connection if you want to connect to the Internet wirelessly on your PCs. Click NEXT to continue. Step 3 Wireless BEC 4700A / 4700AZ User Manual Device Configuration Quick Start 59 Step 4 ISP Connection Type Set up your WAN Internet connection. 4.1 Select an appropriate WAN connection protocol then click NEXT to continue. 4.2 If selected 4G/LTE (for example) Input all relevant 4G/LTE parameters from your ISP. Click Next to save changes. BEC 4700A / 4700AZ User Manual 4.3 If selected EWAN / PPPoE, please enter PPPoE account information provided by your ISP. Click NEXT to continue. Device Configuration Quick Start 60 Step 5 Quick Start Completed The Setup Wizard has completed. Click on BACK to make changes or correct mistakes. Click NEXT to save the current settings and complete the Quick Start setups. Go back to the Status > Device Info to view the status. BEC 4700A / 4700AZ User Manual Device Configuration Interface Setup Internet (4G/LTE) 61 Click to access and configure the available features in the following: Interface Setup, Dual WAN

(4700AZ), Hotspot, Advanced Setup, VPN, Access Management, and Maintenance. These functions are described in the following sections. Here are the features under Interface Setup: Internet, LAN, Wireless 2.4G, Wireless MAC Filter, Wireless 5G, Wireless 5G MAC Filter, Wireless 5G Repeater, and Loopback. Configuration Interface Setup Internet 4G/LTE 4G/LTE (Cont.) BEC 4700A / 4700AZ User Manual Device Configuration Interface Setup Internet (4G/LTE) 62 Status: Choose Activated to enable the 4G/LTE connection. Usage Allowance: Click Enable to activate the feature. Click the link to setup the usage settings. Period: Pick a period, Month or Day. Mode: Include Volume-based and Time-based control. Volume-based include only Download, "only Upload, and Download and Upload to limit BEC 4700A / 4700AZ User Manual the flow. Device Configuration Interface Setup Internet (4G/LTE) 63 Time-based control the flow by providing specific hours per month. 720 hours if selected period Month 12 hours if selected period Day The billing period begins on the beginning day of billing each month. Over usage allowance action: Here are actions to perform when mobile data usage, defined in Mode, reached to its maximum. None: No action taken Disconnect: Disconnect mobile connection Email Alert: Send an e-mail alert and keep the mobile connection alive. Email Alert and Disconnect: Disconnect mobile connection after an alert e-mail is being sent. Save the statistics to ROM:

Every hour: Activate the 4G/LTE statistics on data usage and this info will get updated and saved to the internal memory (ROM) in every hour. Once the feature is turned on, you can see the amount of data used and how many days left before next billing cycle starts. Go to Status >> 4G/LTE Status page for details. NOTE: This statistic information will get deleted after a factory reset. Disable: No action taken IP Pass-Through Mode: When enabled, BEC 4700A/AZ is in bridge mode and will not obtain a WAN IP address, features such as routing capabilities, NAT, firewall, etc., will be disabled by default. However, the client router behind the BEC 4700A/AZ can get a WAN IP address instead. When disabled, BEC 4700A/AZ is in router mode that it handles a WAN IP address and all routing-

related features become available. Network Mode: Select a cellular mode. Select Automatic to auto detect the best mode for you. TEL No.: The dial string to make a 4G/LTE user internetworking call. It may provide by your mobile service provider. Dual APN: BEC 4700A/AZ can support up to two (2) APNs, Single or Dual. APN: An APN is similar to a URL on the WWW; it is what the unit makes a GPRS / UMTS call. The service provider is able to attach anything to an APN to create a data connection, requirements for APNs varies between different service providers. Most service providers have an internet portal which they use to connect to a DHCP Server, thus giving you access to the internet i.e. some mobile/cellular operators use the APN internet for their portal. The default value is internet. Authentication Protocol: Manually specify CHAP (Challenge Handshake Authentication Protocol) or PAP (Password Authentication Protocol). When using PAP, the password is sent unencrypted, while CHAP encrypts the password before sending, and also allows for challenges at different periods to BEC 4700A / 4700AZ User Manual Device Configuration Interface Setup Internet (4G/LTE) 64 ensure that an intruder has not replaced the client. Username/Password: Enter the username and password provided by your service provider. The username and password are case sensitive. PIN: PIN stands for Personal Identification Number. A PIN code is a numeric value used in certain systems as a password to gain access and authenticate. In mobile phones a PIN code locks the SIM card until you enter the correct code. If you enter the PIN code incorrectly into the phone 3 times in a row, then the SIM card will be blocked, and you will require a PUK code from your network/service provider. Connection: Default set to Always on to keep an always-on 4G/LTE connection. Keep Alive: Select Yes to ensure the 4G/LTE internet connection is always available. Keep Alive IP: Enter the IP address that the 4700A/AZ can ping the IP to find whether the connection is on or not, if not, router will recover the connection. Background Ping: Select Yes to keep the 4G/LTE active at all time, prevent 4700A/AZ from entering idle state. Background Ping IP: Enter the IP address that the 4700A/AZ can ping the IP address. Default Route: Select Yes to use this interface as default route interface. NAT: Select this option to Disabled/Enable the NAT (Network Address Translation) function. Enable NAT to grant multiples devices in LAN to access to the Internet through a single WAN IP. MTU: Enter the maximum packet that can be transmitted. Use default 1500 bytes by entering MTU 0. BEC 4700A / 4700AZ User Manual Device Configuration Interface Setup Internet (WAN on Ethernet) 65 Bandwidth: Traffic/data control from WAN to LAN (Downstream) and LAN to WAN (Upload). Status: Select Activate / Deactivated to enable / disable the WAN service. IP Version: Choose IPv4, IPv4/IPv6, or IPv6 based on your environment. If you dont know which one to choose from, please choose IPv4/IPv6 instead. ISP Connection Type ISP: Select the encapsulation type your ISP uses. Dynamic IP: Select this option if your ISP provides you an IP address automatically. Static IP: Select this option to set static IP information. You will need to enter in the Connection type, IP address, subnet mask, and gateway address, provided to you by your ISP. Each IP address entered in the fields must be in the appropriate IP form. IP address from by four IP octets separated by a dot (xx.xx.xx.xx). The Router will not accept the IP address if it is not in this format. PPPoE: Select this option if your ISP requires you to use a PPPoE connection. 802.1q Options 802.1q: When activated, please enter a VLAN ID. VLAN ID: It is a parameter to specify the VLAN which the frame belongs. Enter the VLAN ID identification, tagged: 0-4095. EWAN IPv4/IPv6 Dynamic IP Address (If selected as WAN Connection Type; otherwise, skip this part) BEC 4700A / 4700AZ User Manual Device Configuration Interface Setup Internet (WAN on Ethernet) 66 Default Route: Select Yes to use this interface as default route interface. TCP MTU Option: Enter the maximum packet that can be transmitted. Default MTU 0 means it is set to 1492 bytes. IPv4 Options NAT: Enable to allow BEC 4700A/AZ to assign private network IPs to all devices in the network for get Internet access. Client ID: It is known as DHCP Option 61. Enter the client identifier from your ISP. Vendor ID: It is known as DHCP Option 60. Enter the vendor identifier from your ISP. Dynamic Route including RIP-1, RIP-2. RIP Version: (Routing Information protocol) Select this option to specify the RIP version, RIP Direction: Select this option to specify the RIP direction.

- None is for disabling the RIP function.

- Both means the router will periodically send routing information and accept routing information then incorporate into routing table.

IN only means the router will only accept but will not send RIP packet.

- OUT only means the router will only send but will not accept RIP packet. IGMP Proxy: IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a Multicast group. Choose whether enable IGMP proxy.

IPv6 Options (only when choose IPv4/IPv6 or just IPv6 in IP version field above):

IPv6 Address: Type the WAN IPv6 address from your ISP. BEC 4700A / 4700AZ User Manual Device Configuration Interface Setup Internet (WAN on Ethernet) 67

- Obtain IPv6 DNS: Choose if you want to obtain DNS automatically.

- Primary/Secondary: if you choose Disable in the Obtain IPv6 DNS field, please type the exactly primary and secondary DNS.

- MLD Proxy: MLD (Multicast Listener Discovery Protocol) is to IPv6 just as IGMP to IPv4. It is a Multicast Management protocol for IPv6 multicast packets. Static IP Address (If selected as WAN Connection Type; otherwise, skip this part) Default Route: Select Yes to use this interface as default route interface. TCP MTU Option: Enter the maximum packet that can be transmitted. Default MTU 0 means it is set to 1492 bytes. IPv4 Options Static IP Address: If Static is selected in the above field, please enter the specific IP address you get from ISP and the following IP subnet mask and gateway address. IP Subnet Mask: The default is 0.0.0.0. User can change it to other such as 255.255.255.0.Type the subnet mask assigned to you by your ISP (if given). Gateway: Enter the specific gateway IP address you get from ISP. Primary / Secondary DNS Server: Enter the IP addresses of the DNS servers. The DNS servers are passed to the DHCP clients along with the IP address and the subnet mask. BEC 4700A / 4700AZ User Manual Device Configuration Interface Setup Internet (WAN on Ethernet) 68 NAT: Enable to allow BEC 4700 to assign private network IPs to all devices in the network for get Internet access. Dynamic Route including RIP-1, RIP-2. RIP Version: (Routing Information protocol) Select this option to specify the RIP version, RIP Direction: Select this option to specify the RIP direction.

None is for disabling the RIP function.

- Both means the router will periodically send routing information and accept routing information then incorporate into routing table.

IN only means the router will only accept but will not send RIP packet.

IPv6 Address/Default Gateway: Type the WAN IPv6 address and gateway IP from your ISP.

- Obtain IPv6 DNS: Choose if you want to obtain DNS automatically.

- Primary/Secondary: if you choose Disable in the Obtain IPv6 DNS field, please type the exactly primary and secondary DNS.

- MLD Proxy: MLD (Multicast Listener Discovery Protocol) is to IPv6 just as IGMP to IPv4. It is a Multicast Management protocol for IPv6 multicast packets. PPPoE (If selected PPPoE as WAN Connection Type; otherwise, skip this part) BEC 4700A / 4700AZ User Manual Device Configuration Interface Setup Internet (WAN on Ethernet) 69 Default Route: Select Yes to use this interface as default route interface. TCP MTU Option: Enter the maximum packet that can be transmitted. Default MTU 0 means it is set to 1492 bytes. IPv4 Options Get IP Address: Choose Static or Dynamic Static IP Address: If Static is selected in the above field, please enter the specific IP address you get from ISP and the following IP subnet mask and gateway address. IP Subnet Mask: The default is 0.0.0.0. User can change it to other such as 255.255.255.0.Type the subnet mask assigned to you by your ISP (if given). Gateway: Enter the specific gateway IP address you get from ISP. NAT: Select Enable if you use this router to hold a group of PCs to get access to the internet. Dynamic Route including RIP-1, RIP-2. RIP Version: (Routing Information protocol) Select this option to specify the RIP version, RIP Direction: Select this option to specify the RIP direction.

- None is for disabling the RIP function.

- Both means the router will periodically send routing information and accept routing information then incorporate into routing table.

IN only means the router will only accept but will not send RIP packet.

- OUT only means the router will only send but will not accept RIP packet. IGMP Proxy: IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish BEC 4700A / 4700AZ User Manual membership in a Multicast group. Choose whether enable IGMP proxy. Device Configuration Interface Setup Internet (WAN on Ethernet) 70 IPv6 Options (only when choose IPv4/IPv6 or just IPv6 in IP version field above):

IPv6 Address: Type the WAN IPv6 address from your ISP. Obtain IPv6 DNS: Choose if you want to obtain DNS automatically. Primary/Secondary: if you choose Disable in the Obtain IPv6 DNS field, please type the exactly primary and secondary DNS. MLD Proxy: MLD (Multicast Listener Discovery Protocol) is to IPv6 just as IGMP to IPv4. It is a Multicast Management protocol for IPv6 multicast packets. Click Save to apply settings. BEC 4700A / 4700AZ User Manual Device Configuration Interface Setup LAN 71 LAN IPv4 Parameters A Local Area Network (LAN) is a shared communication system to which many computers are attached and is limited to the immediate area, usually the same building or floor of a building. IP Address: Enter the IP address of Router in dotted decimal notation, for example, 192.168.1.254

(factory default). IP Subnet Mask: The default is 255.255.255.0. User can change it to other such as 255.255.255.128. Alias IP Address: This is for local networks virtual IP interface. Specify an IP address on this virtual interface. Alias IP Subnet Mask: Specify a subnet mask on this virtual interface. IGMP Snooping: Select Activated to enable IGMP Snooping function, Without IGMP snooping, multicast traffic is treated in the same manner as broadcast traffic - that is, it is forwarded to all ports. With IGMP snooping, multicast traffic of a group is only forwarded to ports that have members of that group. Dynamic Route:

including RIP-1, RIP-2. RIP Version: (Routing Information protocol) Select this option to specify the RIP version, RIP Direction: Select this option to specify the RIP direction.

- None is for disabling the RIP function.

- Both means the router will periodically send routing information and accept routing information then incorporate into routing table.

IN only means the router will only accept but will not send RIP packet.

- OUT only means the router will only send but will not accept RIP packet. DHCPv4 Server BEC 4700A / 4700AZ User Manual DHCP (Dynamic Host Configuration Protocol) allows individual clients to obtain TCP/IP configuration at start-up from a server. Device Configuration Interface Setup LAN 72 DHCPv4 Server: If set to Enabled, your BEC 4700A/AZ can assign IP addresses, default gateway and DNS servers to the DHCP client. If set to Disabled, the DHCP server will be disabled. If set to Relay, the BEC 4700A/AZ acts as a surrogate DHCP server and relays DHCP requests and responses between the remote server and the clients. Enter the IP address of the actual, remote DHCP server in the Remote DHCP Server field in this case. When DHCP is used, the following items need to be set. Start IP: This field specifies the first of the contiguous addresses in the IP address pool. IP Pool Count: This field specifies the count of the IP address pool. Lease Time: The current lease time of client. DNS Relay:

Select Automatic detection or Manually specific Primary and Secondary DNS IP addresses Primary / Secondary DNS Server: Enter the IP addresses of the DNS servers. The DNS servers are passed to the DHCP clients along with the IP address and the subnet mask. Option 66: Set the IP or hostname of the TFTP server for devices, like IPTV Set Box, to get configuration settings from the TFTP server. Option 160: Set the IP or hostname of the TFTP server for devices, like IPTV Set Box, to get configuration settings from the TFTP server. (The option 160 is an extended feature in DHCP option, similar to option 66, but using http or https protocols.) Fixed Host In this field, users can map the specific IP (must in the DHCP IP pool) for some specific MAC, and this information can be listed in the following table. BEC 4700A / 4700AZ User Manual IP Address: Enter the specific IP. For example: 192.168.1.110. MAC Address: Enter the responding MAC. For example: 00:0A:F7:45:6D:ED When added, you can see the ones listed as showed below:

Device Configuration Interface Setup LAN 73 IPv6 Parameters The IPv6 address composes of two parts, thus, the prefix and the interface ID. Interface Address / Prefix Length: Enter a static LAN IPv6 address. If you are not sure what to do with this field, please leave it empty as if contains false information it could result in LAN devices not being able to access other IPv6 device. Router will take the same WANs prefix to LAN side if the field is empty. DHCPv6 Server There are two methods to dynamically configure IPv6 address on hosts, Stateless and Stateful. Stateless auto-configuration requires no manual configuration of hosts, minimal (if any) configuration of routers, and no additional servers. The stateless mechanism allows a host to generate its own addresses using a combination of locally available information (MAC address) and information

(prefix) advertised by routers. Routers advertise prefixes that identify the subnet(s) associated with a link, while hosts generate an "interface identifier" that uniquely identifies an interface on a subnet. An address is formed by combining the two. When using stateless configuration, you neednt configure anything on the client. Stateful configuration, for example using DHCPv6 (which resembles its counterpart DHCP in IPv4.) In the stateful auto configuration model, hosts obtain interface addresses and/or configuration BEC 4700A / 4700AZ User Manual Device Configuration Interface Setup LAN 74 information and parameters from a DHCPv6 server. The Server maintains a database that keeps track of which addresses have been assigned to which hosts. DHCPv6 Server: Click Enable to activate the DHCPv6 server. DHCPv6 Server Type: Select Stateless or Stateful. When DHCPv6 is enabled, this parameter is available. Stateless: If selected, the PCs in LAN are configured through RA mode, thus, the PCs in LAN are configured through RA mode, to obtain the prefix message and generate an address using a combination of locally available information (MAC address) and information (prefix) advertised by routers, but they can obtain such information like DNS from DHCPv6 Server. Stateful: If selected, the PCs in LAN will be configured like in IPv4 mode, thus obtain addresses and DNS information from DHCPv6 server. Start interface ID: enter the start interface ID. The IPv6 address composed of two parts, thus, the prefix and the interface ID. Interface is like the Host ID compared to IPv4. End interface ID: enter the end interface ID. Leased Time (seconds): the leased time, similar to leased time in DHCPv4, is a time limit assigned to clients, when expires, the assigned ID will be recycled and reassigned. Router Advertisement: Check to Enable or Disable the Issue Router Advertisement feature. This feature is to send Router Advertisement messages periodically which would multicast the IPv6 Prefix information (similar to v4 network number 192.168.1.0) to all LAN devices if the field is enabled. We suggest enabling this field. Click Save to apply settings. BEC 4700A / 4700AZ User Manual Device Configuration Interface Setup Wireless 2.4GHz 75 Wireless 2.4GHz This section introduces the wireless LAN and some basic configurations. Wireless LANs can be as complex as a number of computers with wireless LAN cards communicating through access points which bridge network traffic to the wired LAN. NOTE: WLAN (or BEC)1 / 2 / 3 / 4 Interface refers to as SSID1 / 2 / 3 / 4 Wi-Fi networks. Access Point Settings Site Survey: Click to view all other available Wireless-AP devices near the BEC 4700A/AZ. CH (Channel): Channel ID used. SSID: The name of the wireless AP. BSSID: The MAC address of the wireless AP. Security: The security mode in the wireless AP. Signal (%): Signal strength of the wireless AP. Signal increases means the wireless AP is closer to your BEC 4700A/AZ and may cause interferences. Access Point: Default setting is set to Activated. If you want to close the wireless interface, select Deactivated. AP MAC Address: The MAC address of wireless AP. Wireless Mode: The default setting is 802.11b+g+n (Mixed mode). If you do not know or have both 11g and 11b devices in your network, then keep the default in mixed mode. From the drop-down manual, you can select 802.11g if you have only 11g card. If you have only 11b card, then select BEC 4700A / 4700AZ User Manual Device Configuration Interface Setup Wireless 2.4GHz 76 802.11b and if you only have 802.11n then select 802.11n. Channel: The range of radio frequencies used by IEEE 802.11b/g/n wireless devices is called a channel. There are Regulation Domains and Channel ID in this field. The Channel ID will be different based on Regulation Domains. Select a channel from the drop-down list box. Beacon Interval: The Beacon Interval value indicates the frequency interval of the beacon. Enter a value between 20 and 1000. A beacon is a packet broadcast by the Router to synchronize the wireless network. RTS/CTS Threshold: The RTS (Request to Send) threshold (number of bytes) for enabling RTS/CTS handshake. Data with its frame size larger than this value will perform the RTS/CTS handshake. Enter a value between 1500 and 2347. Fragmentation Threshold: The threshold (number of bytes) for the fragmentation boundary for directed messages. It is the maximum data fragment size that can be sent. Enter a value between 256 and 2346, even number only. DTIM Interval: This value, between 1 and 255, indicates the interval of the Delivery Traffic Indication Message (DTIM). TX Power: The transmission power of the antennas, ranging from 1-100, the higher the more powerful of the transmission performance. IGMP Snooping: Enable or disable the IGMP Snooping function for wireless. Without IGMP snooping, multicast traffic is treated in the same manner as broadcast traffic - that is, it is forwarded to all ports. With IGMP snooping, multicast traffic of a group is only forwarded to ports that have members of that group. 11n Settings Channel Bandwidth: Select 20 MHz, 40 MHz, or 20/40 MHz for the channel bandwidth. The wider the Channel bandwidth the better the performance will be. Extension Channel (20/40 MHz Only): Select either Auto or Above the control channel. Guard Interval: Select either 800nsec or Automatic for the guard interval. The guard interval is here to ensure that data transmission do not interfere with each other. It also prevents propagation delays, echoing and reflections. The shorter the Guard Interval, the better the performance will be. We recommend users to select Auto. MCS (Modulation and Coding Scheme): There are options 0~7 and AUTO to select from. AUTO is most recommended. BEC 4700A / 4700AZ User Manual SSID Settings Device Configuration Interface Setup Wireless 2.4GHz 77 Available SSID: User can determine how many virtual SSIDs to be used. Default is 1, maximum is 4. SSID Index: Select the number of SSIDs you want to use; up to 4 SSIDs are available in the list. SSID: The SSID is the unique name of a wireless access point (AP) to be distinguished from another. For security propose, change the default SSID to a unique ID name to the AP which is already built-in to the routers wireless interface. Make sure your wireless clients have exactly the SSID as the device, in order to get connected to your network. Broadcast SSID: Select Yes to make the SSID visible so a station can obtain the SSID through passive scanning. Select No to hide the SSID in so a station cannot obtain the SSID through passive scanning. Client Isolation: (Known as AP Isolation) After enabling this feature, all Wi-Fi clients connect to the same Access Point, in the same local wireless network, cannot interact with each another. SSID Activated: Select the time period during which the SSID is active. Default is always which means the SSID will be active all the time without time control. See Time Schedule to set the timeslot to flexibly control when the SSID functions. Security Settings Security Type: You can disable or enable wireless security for protecting wireless network. The default type of wireless security is OPEN and to allow all wireless stations to communicate with the access points without any data encryption. To prevent unauthorized wireless stations from accessing data transmitted over the network, the router offers secure data encryption, known as WEP and WPA. There are five alternatives to select from: Open (no security protected), WEP 64-bit, WEP 128-bit, WPA-PSK, WPA2-PSK and Mixed WPA/WPA2-PSK. If you require high security for transmissions, please select WPA-PSK, WPA2-PSK or WPA/WPA2-PSK. BEC 4700A / 4700AZ User Manual Security Type - WEP Device Configuration Interface Setup Wireless 2.4GHz 78 WEP Authentication Method: WEP authentication method, there are two methods of authentication used, Open System authentication (OPENWEB) and Share Key authentication (SHAREDWEB). We suggest you select OPENWEB. Key 1 to Key 4: Enter the key to encrypt wireless data. To allow encrypted data transmission, the WEP Encryption Key values on all wireless stations must be the same as the router. There are four keys for your selection. The input format is in HEX style, 5 and 13 HEX codes are required for 64-

bitWEP and 128-bitWEP respectively. If you chose WEP 64-bit, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-

F"). If you chose WEP 128-bit, then enter 13 ASCII characters or 26 hexadecimal characters ("0-9", "A-

F"). You must configure all four keys, but only one key can be activated at any one time. The default key is key 1. NOTE: When you enable WPS function, this WEP function will be invalid. And if you select one of WEP-64Bits/ WEP-128Bits, the following prompt box will appear to notice you. Security Type - WPA-PSK / WPA2-PSK / Mixed WPA & WPA2 WPA Algorithms: TKIP (Temporal Key Integrity Protocol) or AES (Advanced Encryption System) utilizes a stronger encryption method and incorporates Message Integrity Code (MIC) to provide protection against hackers. Pre-Shared key: The key for network authentication. The input format should be 8-63 ASCII characters or 64 hexadecimal characters Key Renewal Interval: The time interval for changing the security key automatically between wireless client and AP. BEC 4700A / 4700AZ User Manual WDS Settings Device Configuration Interface Setup Wireless 2.4GHz 79 WDS (Wireless distributed system) is a wireless access point mode that enables wireless link and communication with other access point. It is easy to be installed, just define the peers MAC of the connected AP. WDS Mode: select Activated to enable WDS feature and Deactivated to disable this feature. MAC Address: Enter the AP MAC addresses (in XX:XX:XX:XX:XX:XX format) of the peer connected AP. Click Save to apply settings. BEC 4700A / 4700AZ User Manual Device Configuration Interface Setup Wireless 2.4G MAC Filter 80 Wireless MAC Filter The MAC filter screen allows you to configure the router to give exclusive access to up to 8 devices

(Allow Association) or exclude up to 8 devices from accessing the router (Deny Association). Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:AA:BB:00:00:02. You need to know the MAC address of the devices you wish to filter. SSID Index: Select the targeted SSID you want the MAC filter rules to apply to. Active: Select Activated to enable MAC address filtering. Action: Define the filter action for the list of MAC addresses in the MAC address filter table. Select Deny to block access to the AP, MAC addresses not listed will be allowed to access the Select Allow to permit access to the router, MAC addresses not listed will be denied access to MAC Address: Enter the MAC addresses (in XX:XX:XX:XX:XX:XX format) of the wireless station that are allowed or denied access to the specified in these address fields. router. the router. Click Save to apply settings. BEC 4700A / 4700AZ User Manual Device Configuration Interface Setup Wireless 5GHz 81 Wireless 5GHz Access Point Settings Site Survey: Click to view all other available Wireless-AP devices near the BEC 4700A/AZ. CH (Channel): Channel ID used. SSID: The name of the wireless AP. BSSID: The MAC address of the wireless AP. Security: The security mode in the wireless AP. RSSI Signal (%): Signal strength of the wireless AP. Signal increases means the wireless AP is closer to your BEC 4700A/AZ and may cause interferences. Access Point: Default setting is set to Activated. If you want to close the wireless interface, select Deactivated. AP MAC Address: The MAC address of wireless AP. Wireless Mode: The default setting is 802.11b+g+n (Mixed mode). If you do not know or have both 11g and 11b devices in your network, then keep the default in mixed mode. From the drop-down manual, you can select 802.11g if you have only 11g card. If you have only 11b card, then select 802.11b and if you only have 802.11n then select 802.11n. Channel: The range of radio frequencies used by IEEE 802.11b/g/n wireless devices is called a channel. There are Regulation Domains and Channel ID in this field. The Channel ID will be different based on Regulation Domains. Select a channel from the drop-down list box. Beacon Interval: The Beacon Interval value indicates the frequency interval of the beacon. Enter a value between 20 and 1000. A beacon is a packet broadcast by the Router to synchronize the wireless network. RTS/CTS Threshold: The RTS (Request to Send) threshold (number of bytes) for enabling RTS/CTS handshake. Data with its frame size larger than this value will perform the RTS/CTS handshake. Enter BEC 4700A / 4700AZ User Manual Device Configuration Interface Setup Wireless 5GHz 82 a value between 1500 and 2347. Fragmentation Threshold: The threshold (number of bytes) for the fragmentation boundary for directed messages. It is the maximum data fragment size that can be sent. Enter a value between 256 and 2346, even number only. DTIM Interval: This value, between 1 and 255, indicates the interval of the Delivery Traffic Indication Message (DTIM). Channel Bandwidth: Select 20 MHz, 40 MHz or 80MHz for the channel bandwidth. The wider the Channel bandwidth the better the performance will be. SSID Settings SSID Index: 5GHz only support up to 1 SSID. SSID: The SSID is the unique name of a wireless access point (AP) to be distinguished from another. For security propose, change the default SSID to a unique ID name to the AP which is already built-in to the routers wireless interface. Make sure your wireless clients have exactly the SSID as the device, in order to get connected to your network. Broadcast SSID: Select Yes to make the SSID visible so a station can obtain the SSID through passive scanning. Select No to hide the SSID in so a station cannot obtain the SSID through passive scanning. Client Isolation: (Known as AP Isolation) After enabling this feature, all Wi-Fi clients connect to the same Access Point, in the same local wireless network, cannot interact with each another. WPS Settings WPS (Wi-Fi Protected Setup) feature is a standard protocol created by Wi-Fi Alliance. This feature greatly simplifies the steps needed to create a Wi-Fi network for a residential or an office setting. WPS supports 2 types of configuration methods which are commonly known among consumers: PIN Method

(Personal Information Number) & PBC Method (Push Button Configuration). BEC 4700A/AZ offers PIN Method only. BEC 4700A / 4700AZ User Manual Device Configuration Interface Setup Wireless 5GHz 83 Use WPS: Yes to enable the WPS. WPS State: Configured means Wi-Fi clients will use the default security setting of the SSID. WPS Mode: Pin Code means enrollee PIN code is required. WPS Progress: Click Start WPS to begin the WPS pairing process. Security Settings Security Type: You can disable or enable wireless security for protecting wireless network. The default type of wireless security is OPEN and to allow all wireless stations to communicate with the access points without any data encryption. Security Type - WPA-PSK / WPA2-PSK / Mixed WPA & WPA2 WPA Algorithms: TKIP (Temporal Key Integrity Protocol) or AES (Advanced Encryption System) utilizes a stronger encryption method and incorporates Message Integrity Code (MIC) to provide protection against hackers. Pre-Shared key: The key for network authentication. The input format should be 8-63 ASCII characters or 64 hexadecimal characters WDS Settings WDS (Wireless distributed system) is a wireless access point mode that enables wireless link and communication with other access point. It is easy to be installed, just define the peers MAC of the connected AP. BEC 4700A / 4700AZ User Manual Device Configuration Interface Setup Wireless 5GHz 84 WDS Mode: select Activated to enable WDS feature and Deactivated to disable this feature. MAC Address: Enter the AP MAC addresses (in XX:XX:XX:XX:XX:XX format) of the peer connected AP. Click Save to apply settings. BEC 4700A / 4700AZ User Manual Device Configuration Interface Setup Wireless (Example on WPS using PIN) 85 Example: WPS using PIN Method (Personal Information Number) PIN Method Configure BEC 4700A/AZ as a Registrar 1. Jot down the clients Pin (e.g. 04640776) from the WPS utility (e.g. Ralink Utility) 2. Enter the Enrollee (Client) PIN code and then press Start WPS. 3. Go back to the wireless clients WPS utility (e.g. Ralink Utility). Set the Config Mode as Enrollee, press the WPS button on the top bar, select the AP (e.g. Billion_AP) from the WPS AP List column. Then press the PIN button located on the middle left of the page to run the scan. BEC 4700A / 4700AZ User Manual Device Configuration Interface Setup Wireless (Example on WPS using PIN) 86 4. The clients SSID and security setting will now be configured to match the SSID and security setting of the registrar, the BEC 4700A/AZ router. BEC 4700A / 4700AZ User Manual Device Configuration Interface Setup Wireless (Example on WPS using PIN) 87 PIN Method Configure BEC 4700A/AZ as an Enrollee 1. Jot down the AP PIN Code (e.g. 03454435) from the BEC 6300VNL. Press Start WPS. 2. Launch the wireless clients WPS utility (e.g. Ralink Utility). Set the Config Mode as Registrar. Enter the PIN number in the PIN Code (e.g. 03454435) column then choose the correct AP (e.g. Billion_AP) from the WPS AP List before pressing the PIN button to run the scan. BEC 4700A / 4700AZ User Manual Device Configuration Interface Setup Wireless (Example on WPS using PIN) 88 3. The routers (APs) SSID and security setting will now be configured to match the SSID and security setting of the registrar (client). BEC 4700A / 4700AZ User Manual Device Configuration Interface Setup Wireless 5G MAC Filter 89 Wireless 5G MAC Filter The MAC filter screen allows you to configure the router to give exclusive access to up to 8 devices

(Allow Association) or exclude up to 8 devices from accessing the router (Deny Association). Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:AA:BB:00:00:02. You need to know the MAC address of the devices you wish to filter. Active: Select Activated to enable MAC address filtering. Action: Define the filter action for the list of MAC addresses in the MAC address filter table. Select Deny to block access to the AP, MAC addresses not listed will be allowed to access the Select Allow to permit access to the router, MAC addresses not listed will be denied access to MAC Address: Enter the MAC addresses (in XX:XX:XX:XX:XX:XX format) of the wireless station that are allowed or denied access to the specified in these address fields. router. the router. Click Save to apply settings. BEC 4700A / 4700AZ User Manual Device Configuration Interface Setup Wireless 5G Repeater 90 Wireless 5G Repeater Use the BEC 4700A/AZ as a repeater to extend the wi-fi signal of the primary AP. Manually Fill-in SSID: Enter the SSID of the primary AP. Security Type: Enter the Wi-Fi security type of the primary AP. WPA Algorithms: Enter the WPA algorithms of the primary AP. Pre-Shared Key: Enter the Wi-Fi password/pre-shared key of the primary AP. Automatically Scan: Click to view all other available Wireless-AP devices near the BEC 4700A/AZ. Select the desired AP you wish to extend the signal. CH (Channel): Channel ID used. SSID: The name of the wireless AP. BSSID: The MAC address of the wireless AP. Security: The security mode in the wireless AP. Signal (%): Signal strength of the wireless AP. Signal increases means the wireless AP is closer to your BEC 4700A/AZ and may cause interferences. Click Save to apply settings. BEC 4700A / 4700AZ User Manual Device Configuration Interface Setup Loopback 91 Loopback Loopback interface is a widely known virtual interface, not the physical interface, on router and is highly robust and always up. The loopback interface has its own IP and subnet mask, often used for router management as Telnet management IP and involved in BGP as BGP Update-Source and OSPF as Router ID. IP Address: Enter a dedicated IP address for the loopback interface. IP Subnet Mask: Enter the subnet mask for the loopback interface. Click Save to apply settings BEC 4700A / 4700AZ User Manual Device Configuration Dual WAN General Setting 92 Dual WAN General Setting Dual WAN, is a feature to have two independent Internet connection connected concurrently, offers a reliable Internet connectivity and maximize bandwidth utilization for critical applications delivery. Mode: Select a mode then click Save to proceed. BEC 4700A / 4700AZ User Manual Device Configuration Dual WAN General Setting (Failover & Failback) 93 Failover & Failback Auto failover/failback ensures always-online network connectivity. When primary WAN link (WAN1) fails, all traffic will switch over to the backup WAN (WAN2) seamlessly. Again, when the primary link is restored, traffic will be handled over from WAN2 to WAN1. WAN Port Service Detection Policy WAN1 (Primary): Choose a desired WAN as the primary WAN Link from the list. WAN2 (Backup): Choose a desired WAN as the backup WAN Link from the list. Keep Backup Interface Connected: Select the following option whether to keep the backup WAN

(WAN2) interface connected to the Internet. Disable: Inactivate this feature. Always: Keep the backup WAN (WAN2) interface always connected to the Internet By Signal Strength: Enable and initiate automatic backup WAN to connect to the Internet at all time until the RSRP / RSSI of primary WAN is greater than the Minimum RSRP / RSSI. Minimum RSRP / RSSI: Set a minimum requirement for RSRP and RSSI for the primary WAN. Value range from -111 ~ -5. 0 means dont care/no need to check this value. NOTE: Both the RSRP and RSSI cannot be 0 at the same time. Connectivity Decision & Probe Cycle: Set a number of times and time in seconds to determine when to switch to the backup link (WAN2) when primary link (WAN1) fails and vice versa. Example, Auto failover takes place after straight 3 consecutive failures in every 30 seconds meaning all traffic will hand over to backup link (WAN2) after primary link fails to response in total of 90 seconds, 30 seconds for 3 consecutive failures. Note: Failover and Failback follow the same Connectivity Decision & Probe Cycle rule to failover from WAN1 to WAN2 or fallback from WAN2 to WAN1. BEC 4700A / 4700AZ User Manual Device Configuration Dual WAN General Setting (Failover & Failback) 94 Failover/Fallback Rule Decisions:

1. Probe by Ping: Enable Ping to the gateway or an IP address Gateway: Internal system will wait for responses to the pings from the gateway of the WAN. Host: Internal system will wait for responses to the pings from a fixed IP address. Timeout X Seconds: Ping response time for each reply. Maximum timeout up to 5 seconds. 2. Probe by Signal Strength: Enable to measure the LTE signal strength Minimum RSRP / RSSI: Set a minimum requirement for RSRP and RSSI for initiating automatic WAN failback or failover procedures. The valid range is from -111 ~ -5. 0 means dont care/no need to check this value. NOTE: Both the RSRP and RSSI cannot be 0 at the same time. Click Save to apply settings. BEC 4700A / 4700AZ User Manual Device Configuration Dual WAN General Setting (Load Balance) 95 Load Balance Load balance aggregates the bandwidth of the two WAN links to optimize traffic distribution. NOTE: Go setup Outbound Load Balance mechanism after saving the settings. WAN Port Service Detection Policy WAN1 (Primary): Choose a desired WAN as the primary WAN Link from the list. WAN2 (Secondary): Choose a desired WAN as the backup WAN Link from the list. Service Detection: Enable to detect WAN connectivity automatically. Connectivity Decision: Set a number of times and time in seconds to determine when to turn-off the Load Balancing service. Example, Disable Load Balance after straight 3 consecutive failures in every 30 seconds meaning all traffic will hand over to backup link (WAN2) after primary link fails to response in total of 90 seconds, 30 seconds for 3 consecutive failures. Probe Ping on WAN 1 / WAN2: Enable Ping to the gateway or an IP address Gateway: Internal system will wait for responses to the pings from the gateway of the WAN. Host: Internal system will wait for responses to the pings from a fixed IP address. Click Save to apply settings BEC 4700A / 4700AZ User Manual Device Configuration Dual WAN Outbound Load Balance 96 Outbound Load Balance The connections are distributed over WAN1 and WAN2 so that it can utilize bandwidth of both WAN ports. With Outbound load balance, traffic may be routed to a faster link when one of the WAN links is slower or congested so that user gains better throughput and less delay. NOTE: Load Balancing must be enabled first. User can distribute outbound traffic based on Session Mechanism or IP Hash Mechanism. Base on Session Mechanism:

Balance by Session (Round Robin): Automatically assign requests/traffics to each WAN interface based on real-time WAN traffic-handling capacity. Balance by Session weight: Manually Balance session traffic based on a weight ratio. Example: Session weight by 3:1 meaning forward 3 requests to WAN1 and 1 request to WAN2. Base on IP Hash Mechanism:

Balance by weight: Use an IP hash to balance traffic based on a ratio. It is to guarantee requests from the same IP address get forward to the same WAN interface. Click Save to apply settings OR BEC 4700A / 4700AZ User Manual Device Configuration Dual WAN Protocol Binding 97 Protocol Binding Protocol Binding lets you direct specific traffic to go out from a specific WAN port. Policies determine how specific types of internet traffic are routed, for example, traffic from a specific IP address is granted access to only one WAN port rather than using both of the WAN ports as with load balancing. Rule Index: The numeric rule indicator. The maximum entry is up to 16. Active: Click YES to activate the rule Bind Interface: The dedicated WAN interface that guarantees to handle this traffic request. Source IP Address: Enter the local network, known as source, IP address of the origin of a traffic/packet. 0.0.0.0 means any IP address in the network. Subnet Mask: Enter the subnet of the source network. Port Number: Enter the port number which defines the application. Destination IP Address: Enter the destination / remote WAN IP address where the traffic/packet is going to. Enter 0.0.0.0 if no need to route to a specific IP address Subnet Mask: Enter the subnet of the designation network. Port Number: Enter the port number which defines the application. DSCP: The DSCP value. Value Range from 0~64; 64 means any value/unspecified Protocol: Select a protocol, TCP, UDP, ICMP, to use for this traffic. All traffics from IP 192.168.1.100/255.255.255.0 with port 8080 will go through WAN1 interface. The only time it would go through WAN2 interface is when WAN1 has no Internet connection. Click Save to apply settings Example:

BEC 4700A / 4700AZ User Manual Device Configuration Dual WAN Protocol Binding 98 BEC 4700A / 4700AZ User Manual Device Configuration Hotspot General Setting 99 Hotspot General Setting The Wi-Fi hotspot offers Internet access for mobile devices like smart phones, laptops, or smart pad to connect wirelessly in public locations such as in coffee shops, train station, airport, hotel, and much more. A captive portal with a login page will prompt on the mobile devices and require all Wi-Fi clients to accept the term of use before accessing to the Internet. Hotspot: Activate to enable the Wi-Fi hotspot feature. Interface: Select Wi-Fi interface(s), example: BEC110 (2.4GHz) to handles the hotspot traffic. IP Address: The IP address for the Wi-Fi hotspot network. IP Subnet Mask: Enter the subnet of the network. Primary / Secondary DNS Server: Enter the IP addresses of the DNS servers. The DNS servers are passed to the DHCP clients along with the IP address and the subnet mask. Login Mode: Two (2) types of login modes to join the network. Authentication: Username and Password (credential) is required to join the hotspot network. Go down to the Authentication section below and select a method. Agreement: No Username and Password is required. Automatically login to the hotspot network after accepting and agreeing to the terms (Terms) of use. Redirect URL after Successful Login: Enter the URL (http:// is not required). After Wi-Fi client is successful login to the network, the page will get redirected to this URL. OR leave it blank to stay in current page. NOTE: This new URL will be added to the Walled Garden automatically. BEC 4700A / 4700AZ User Manual Authentication Device Configuration Hotspot General Setting 100 Authentication Methods: Two (2) network authentication methods, local built-in user account or a remote, external RADIUS server. If the credential matches, the Wi-Fi client is granted access to the network. RADIUS (an external authentication server) Primary RADIUS Server: The main IP address of the server. Secondary RADIUS Server: The backup IP address of the server, if any. Shared Secret Key: Enter the shared Secret given by the server Built-in User Account (local database handled by the BEC 4700A/AZ) Go to the Built-in User Account to setup account usernames and passwords for the hotspot. Authentication Protocol: Manually specify CHAP (Challenge Handshake Authentication Protocol) or PAP (Password Authentication Protocol). When using PAP, the password is sent unencrypted, while CHAP encrypts the password before sending, and also allows for challenges at different periods to ensure that an intruder has not replaced the client. Session Settings Session Timeout (in seconds): The time period of a Wi-Fi client is allowed to access to the Internet. After this timeout period, a new authentication is required. Idle Timeout (in seconds): The allowed inactivity time of a Wi-Fi client. After this timeout period, a new authentication is required. Upload / Download Bandwidth (in Kbps): The maximum upload and download link speed, value range from 0 ~ 5120Kbps; 0 means no speed limitation. Maximum Upload / Download Data Usage (in MBytes): Pre-configure a maximum upload and download data allowed for each session. value range from 0 ~ 5120MB; 0 means no speed limitation. BEC 4700A / 4700AZ User Manual

exhibit
download
text

1 2

4700A- UserMan-20201118-Part 2

Users Manual

pdf

4.34 MiB

November 19 2020 / November 20 2020

Maximum Total Data Usage (in MBytes): Pre-configure total data usage allowed for each session. value range from 0 ~ 5120MB; 0 means no speed limitation. Device Configuration Hotspot General Setting 101 Captive Portal UAM Server: Select a server you wish to use, Build-in, External or Socifi. Fill in the blanks to use External UAM server. UAM Server: Built-in & External Login URL: Enter the login URL offered by the UAM server. Shared Secret: Set the shared secret password offered. NAS ID: An assigned string for identification. Location Name: An assigned string for identification. UAM Server: Socifi SOCIFI is a cloud-based technology platform that enables the monetization of 4G/WiFi networks. Regin: Select your location. Login URL: Enter the new login page of Socifi if different. Shared Secret: Enter the shared secret given from Socifi. NAS ID: It is the device MAC address. Use this MAC address to create or add a new hotspot in your Socifi dashboard. Location Name: It is not used by Socifi. Use it if needed. Click Save to apply settings. BEC 4700A / 4700AZ User Manual Device Configuration Hotspot Built-in User Account 102 Built-in User Account It is a local database on the router with pre-defined user accounts authorized by the BEC 4700A/AZ to grant and provide Wi-Fi hotspot access for Wi-Fi capable devices/users. 16, maximum, accounts are allowed. Rule Index: The indication of the rule number. The maximum entry is up to 16. Active: Select Yes to enable the rule of the account. Username / Password: Create a username and password for this user account. Save: Click the Save button to apply the settings Delete: Use the Rule Index to select an unwanted rule then click Delete button to remove it from the Account list. Click Save to apply the settings BEC 4700A / 4700AZ User Manual Device Configuration Hotspot Authorized of Client 103 Authorized of Client Add and predefine a trusted wireless MAC address of a Wi-Fi capable device for an immediate hotspot/Internet access. Hotspot/Internet access requires no authentication. 16, maximum, accounts are allowed. Authorized of Client: Select Activated to enable this feature. Rule Index: The indication of the rule number. The maximum entry is up to 16. Active: Select Yes to enable the rule of the client. MAC Address: Enter the wireless MAC address of the Wi-Fi device. Save: Click the Save button to apply settings Delete: Use the Rule Index to select an unwanted rule then click Delete button to remove it from the Client list. BEC 4700A / 4700AZ User Manual Device Configuration Hotspot Walled Garden 104 Walled Garden Add and predefine websites (domain names) or web IP address to allow Wi-Fi devices / clients to access to. Web site access requires no authentication. 16, maximum, websites / domains are allowed. Rule Index: The indication of the rule number. The maximum entry is up to 16. Active: Select Yes to enable the rule of the walled garden. Allow Type: Either a Host/Network or Domain. Host / Domain Name: Enter a valid domain, network, or website for unauthorized clients to access to. Save: Click the Save button to apply the settings Delete: Use the Rule Index to select an unwanted rule then click Delete button to remove it from the Walled Garden list. BEC 4700A / 4700AZ User Manual Device Configuration Hotspot Advertisement 105 Advertisement Add pop-ups ads and redirects to BEC 4700A/AZ Wi-Fi Hotspot, and only a random ad will be displayed per a login. 16, maximum, ads are allowed. Advertisement: Select Activated to enable this feature. Mode: Two (2) web advertising methods are available. Frame: Redirect to a random ad site, a full-page ad, before reaching to the login page. This full-page ad will get redirect to the login page after 5-10 seconds. Popups: A random pop-up ad display in a separate window after the login page. Rule Index: The indication of the rule number. The maximum entry is up to 16. Active: Select Yes to enable the rule. URL: Enter a valid Save: Click the Save button to apply settings Delete: Use the Rule Index to select an unwanted rule then click Delete button to remove it from the Walled Garden list. BEC 4700A / 4700AZ User Manual Device Configuration Hotspot Hotspot Status Log 106 Hotspot Status Log Record all hotspot access information and e-mail the statistics report of the hotspot clients in a specific duration. Session Log: Select Activated to enable this feature. Log Session Data in every (minute): Input session log time duration, (min)1 to (max) 60 minutes. Mail Session Log File in every (minute): BEC 4700A/AZ will send all access information, such as access IP addresses, NAT tables, etc., to the administrators mailbox in the specific time/minute. NOTE: Please set up a dedicated or administrator e-mail account to receive Hotspot access information in the Mail Alert. Click Save to apply settings. BEC 4700A / 4700AZ User Manual Customization Allow modification to some of the captive portal settings. Device Configuration Hotspot Customization 107 Customization: Select Activated to enable this feature. Title: The Banner message. Default is Hotspot Login Subtitle: Default is Welcome to my Hotspot Term Part 1 / 2 / 3: Create your own Terms and Conditions. To use default, same terms, please skip this part. NOTE: No newline is accepted in each text box. Login Successfully Message: BEC 4700A/AZ will send all access information, such as access to IP addresses, NAT the administrators mailbox specific time/minute. tables, etc., the in BEC 4700A / 4700AZ User Manual Login Successfully Message: A greeting message after successful login to the Wi-Fi hotspot. Default is Success!

Footnote: Additional information, if needed. Default is This service is provided for free and used at your own risk. Show Logo: Select Activated to display company Logo on the portal. (To change logo, please contact with BEC technical support for more information). Click Save to apply settings. Device Configuration Hotspot Customization 108 BEC 4700A / 4700AZ User Manual Device Configuration Advanced Setup Firewall 109 Advanced Setup Firewall Advanced Setup provides advanced features including Firewall, Routing, Dynamic Routing, NAT, VRRP, Static DNS, QoS, Interface Grouping, Port Isolation, Time Schedule, and Mail Alert for advanced users. Your router includes a firewall for helping to prevent attacks from hackers. In addition to this, when using NAT (Network Address Translation) the router acts as a natural Internet firewall, since all PCs on your LAN use private IP addresses that cannot be directly accessed from the Internet. Firewall: To automatically detect and block Denial of Service (DoS) attacks, such as Ping of Death, SYN Flood, Port Scan and Land Attack. SPI: If you enabled SPI, all traffics initiated from WAN would be blocked, including DMZ, Virtual Server, and ACL WAN side. Enabled: Activate your firewall function. Disabled: Deactivate the firewall function. Enabled: Activate your SPI function. Disabled: Deactivate the SPI function. Click Save to apply settings. BEC 4700A / 4700AZ User Manual Device Configuration Advanced Setup Routing 110 Static Routing This is static route feature. You are equipped with the capability to control the routing of all the traffic across your network. With each routing rule created, user can specifically assign the destination where the traffic will be routed to. Index #: The indication of the routing table number. Destination IP Address: IP address of the destination network Subnet Mask: The subnet mask of destination network. Gateway IP Address: IP address of the gateway or existing interface that this route uses. Metric: It represents the cost of transmission for routing purposes. The number need not be precise, but it must be between 1 and 15. Interface: Media/channel selected to append the route. Edit: Edit the route; this icon is not shown for system default route. Drop: Drop the route; this icon is not shown for system default route. Destination IP Address: This is the destination subnet IP address. Destination Subnet Mask: The subnet mask of destination network. Gateway IP Address or Interface: This is the gateway IP address or existing interface to which packets are to be forwarded. Metric: It represents the cost of transmission for routing purposes. The number need not be precise, but it must be between 1 and 15. Add Route Click Save to add this route. BEC 4700A / 4700AZ User Manual Device Configuration Advanced Setup Dynamic Routing (OSPF) 111 Dynamic Routing The NAT (Network Address Translation) feature transforms a private IP into a public IP, allowing multiple users to access the internet through a single IP account, sharing the single IP address. NAT break the originally envisioned model of IP end-to-end connectivity across the internet so NAT can cause problems where IPSec/ PPTP encryption is applied or some application layer protocols such as SIP phones are located behind a NAT. And NAT makes it difficult for systems behind a NAT to accept incoming communications. Open Shortest Path First (OSPF) OSPF: Enable to activate OSPF routing. Rule Index: The indication of the rule number. The maximum entry is up to 10, ranging from 0 to 9. Interface: Set the interface which runs the OSPF process (involved in OSPF routing). It can be WAN interfaces or established GRE tunnels. Area ID: The OSPF area identifier. It is a decimal number in the range of 0-4294967295. Enter the area ID in which the interface belongs to. The area with area-id=0 is the backbone area. If the router has networks in more than one area, then an area with area-id=0 (the backbone) must always be present. All other areas are connected to it. The backbone is responsible for distributing routing information between non-backbone areas. The backbone must be contiguous, i.e. there must be no disconnected segments. However, area border routers do not need to be physically connected to the backbone - connection to it may be simulated using a virtual link. Click Save to apply settings. BEC 4700A / 4700AZ User Manual Device Configuration Advanced Setup Dynamic Routing (BGP) 112 Border Gateway Protocol (BGP) A standardized exterior gateway protocol (an uniquely TCP based inter-Autonomous System routing protocol) designed to allow setting up an inter-domain dynamic routing system that automatically updates routing tables of devices running BGP in case of network topology changes. BGP: Enable to activate BGP routing. AS Number: Designate the AS number of the local router. The AS number is used to identify the IBGP or EBGP your neighbor is running. The same AS number means the IBGP, and the different means EBGP. Rule Index: The indication of the rule number. The maximum entry is up to 10, ranging from 0 to 9. Neighbor IP: Enter the neighbor IP address. Neighbor AS Number: Enter the neighbor AS number. Allowas-in: Enable to allow inter-communication between devices in the same AS. If the local and neighbor AS number are the same, thus, an inter-AS communication, please enable the allowas-in. Otherwise, the router only support EBGP routing between different domains. Next-Hop-Self: Enable to use the routers own loopback address as the next-hop address. Soft-reconfiguration inbound: Enable to save, pre-stored, a new inbound policy to the BGP table without interrupting the network when applying this new policy. EBGP (External BGP)-multihop: Enable to build up peer connection/information with external neighbors. Click Save to apply settings. BEC 4700A / 4700AZ User Manual Device Configuration Advanced Setup NAT 113 The NAT (Network Address Translation) feature transforms a private IP into a public IP, allowing multiple users to access the internet through a single IP account, sharing the single IP address. NAT break the originally envisioned model of IP end-to-end connectivity across the internet so NAT can cause problems where IPSec/ PPTP encryption is applied or some application layer protocols such as SIP phones are located behind a NAT. And NAT makes it difficult for systems behind a NAT to accept incoming communications. NAT Status: Enabled. (Disabled if WAN connection is in BRIDGE mode) VPN Passthrough: VPN pass-through is a feature of routers which allows VPN client on a private network to establish outbound VPNs unhindered. SIP ALG: Enable the SIP ALG when SIP phone needs ALG to pass through the NAT. Disable the SIP ALG when SIP phone includes NAT-Traversal algorithm. Interface: Select a WAN interface connection to allow external access to your internal network. Click DMZ parameters, which are represented in the following scenario. or Virtual Server to move on to set the DMZ or Virtual Server NAT BEC 4700A / 4700AZ User Manual Device Configuration Advanced Setup NAT (DMZ) 114 DMZ NOTE: This feature disables automatically if WAN connection is in BRIDGE mode or NAT is being turned OFF. The DMZ Host is a local computer which has all UDP and TCP ports exposed to the Internet. When setting an internal IP address as the DMZ Host, all incoming packets will be forwarded to this local host device. Packet filter or virtual server entries will take priority over forwarding internet packets to the DMZ host. DMZ for (via a WAN Interface): Allows outside network to connect in and communicate with internal LAN devices via a specific WAN interface. DMZ Host IP Address: Give a static IP address to the DMZ Host when Enabled radio button is checked. Be aware that this IP will be exposed to the WAN/Internet. DMZ:

Enabled: Activate the DMZ function. Disabled: Deactivate the DMZ function. Click Save to apply settings. Except Ports Port: Enter port to be monitored. Protocol: Enter the protocol to be monitored. Description: Enter a description to this rule. BEC 4700A / 4700AZ User Manual Except Ports: Bypass UDP or/and TCP ports, in the list, being forwarded to the DMZ host. Example: Skip port 80 (UDP/TCP) in the list. All Incoming request to access to port 80 (Web GUI) will be forwarded to the embedded HTTP server of BEC 4700A/AZ instead of the DMZ host. Click Add to add an entry to the Except Listing. Device Configuration Advanced Setup NAT (Virtual Server) 115 Virtual Server NOTE: This feature disables automatically if WAN connection is in BRIDGE mode or NAT is being turned OFF. Virtual Server is also known as Port Forwarding that allows BEC 4700A/AZ to direct all incoming traffic to the servers on the LAN. Configure a virtual rule in BEC 4700A/AZ for remote users accessing services such as Web or FTP services via the public (WAN) IP address that can be automatically redirected to local servers in the LAN network. Depending on the requested service (TCP/UDP port number), the device redirects the external service request to the appropriate server within the LAN network. Virtual Server for: Indicate the related WAN interface to allow outside network to communicate with the internal LAN device. Protocol: Choose the application protocol. Start / End Port Number: Enter a port or port range you want to forward.

(Example: Start / End: 1000 or Start: 1000 & End: 2000). The starting port must be greater than zero (0). The end port must be greater than or equal to the start port. Local IP Address: Enter the server IP address in the network to receive the traffic/packets. Start / End Port Number (Local): Enter the start / end port number of the local application (service). Click Save to apply settings. BEC 4700A / 4700AZ User Manual Device Configuration Advanced Setup NAT (Virtual Server) 116 Examples of well-known and registered port numbers are shown below. For further information, please see IANAs website at http://www.iana.org/assignments/port-numbers Well-known and Registered Ports Port Number Protocol Description 21 22 23 25 53 69 80 110 443 1503 1720 7070 TCP FTP Control TCP & UDP SSH Remote Login Protocol TCP & UDP DNS (Domain Name Server) Telnet SMTP (Simple Mail Transfer Protocol) TFTP (Trivial File Transfer Protocol) World Wide Web HTTP POP3 (Post Office Protocol Version 3) TCP & UDP HTTPS T.120 H.323 RealAudio TCP TCP UDP TCP TCP TCP TCP UDP Using port forwarding does have security implications, as outside users will be able to connect to PCs on your network. For this reason you are advised to use specific Virtual Server entries just for the ports your application requires, instead of using DMZ. As doing so will result in all connections from the WAN attempt to access to your public IP of the DMZ PC specified. Attention If you have disabled the NAT option in the WAN-ISP section, the Virtual Server function will hence be invalid. If the DHCP server option is enabled, you have to be very careful in assigning the IP addresses of the virtual servers in order to avoid conflicts. The easiest way of configuring Virtual Servers is to manually assign static IP address to each virtual server PC, with an address that does not fall into the range of IP addresses that are to be issued by the DHCP server. You can configure the virtual server IP address manually, but it must still be in the same subnet as the router. BEC 4700A / 4700AZ User Manual Device Configuration Advanced Setup NAT (Example) 117 Example: How to setup Port Forwarding for port 21 (FTP server) If you have FTP server in your LAN network and want others to access it through WAN. Step 1: Assign a static IP to your local computer that is hosting the FTP server. Step 2: Login to the Gateway and go to Configuration / Advanced Setup / NAT / Virtual Server. FTP server uses TCP protocol with port 21. Enter 21 to Start and End Port Number. The BEC 4700A/AZ will accept port 21 requests from WAN side. Enter the static IP assigned to the local PC that is hosting the FTP server. Ex: 192.168.1.111 Enter 21 to Local Start and End Port number. The BEC 4700A/AZ will forward port 21 request from WAN to the specific LAN PC (Example: 192.168.1.111) in the network. Step 3: Click Save to save settings. BEC 4700A / 4700AZ User Manual Device Configuration Advanced Setup VRRP 118 VRRP VRRP is designed to eliminate the single point of failure inherent in the static default routed environment. VRRP specifies an election protocol that dynamically assigns responsibility for a virtual router to one of the VRRP routers in a LAN. The VRRP router controlling the IP address associated with a virtual router is called the Master, and forwards packets sent to these IP addresses. The election process provides dynamic fail-over in the forwarding responsibility should the Master become unavailable. Any of the virtual router's IP addresses in a LAN can then be used as the default first hop router by end-hosts. The advantage gained from using VRRP is a higher availability default path without requiring configuration of dynamic routing or router discovery protocols on every end-host. VRRP: Click to activate the feature. VRID: Virtual Router Identifier, range from 1-255 (decimal). A master or backup router running the VRRP protocol may participate in one VRID instance. Priority: Specifies the sending VRRP router's priority for the virtual router. Higher values equal higher priority. The priority value for the VRRP router that owns the IP address associated with the virtual router MUST be 255. VRRP routers backing up a virtual router MUST use priority values between 1 and 254. The default priority value for VRRP routers backing up a virtual router is 100. The priority value zero (0) has special meaning indicating that the current Master has stopped participating in VRRP. This is used to trigger Backup routers to quickly transition to Master without having to wait for the current Master to timeout. Preempt Mode: When preempt mode is activated, a backup router always takes over the responsibility of the master router. When deactivated, the lower priority backup is left in the master state. VRIP: An IP address which is associated with the virtual router. Advertisement period: Indicates the time interval in seconds between advertisements. Default in 1 second. Click Save to apply settings. BEC 4700A / 4700AZ User Manual Device Configuration Advanced Setup Static DNS 119 Static DNS The Domain Name System (DNS) is a hierarchical naming system built on a distributed database for computers, services, or any resource connected to the Internet or a private network associated with various information with domain names assigned to each of the participating entities. Most importantly, it translates domain names meaningful to humans into the numerical identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide. An often-used analogy to explain the Domain Name System is that it serves as the phone book for the Internet by translating human-friendly computer hostnames into IP addresses. For example, the domain name www.example.com can be translated into the addresses 192.0.32.10 (IPv4). IP Address: Enter a static DNS IP address. Domain Name: Enter a domain name which can be converted to the IP address from above. Click Save to apply settings. BEC 4700A / 4700AZ User Manual Device Configuration Advanced Setup QoS 120 QoS QoS helps you control the upload traffic of each application from LAN (Ethernet and/or Wireless) to WAN (Internet). It facilitates you the features to control the quality of throughput for each application. This is useful when there on certain types of data you want giver higher priority to, such as voice data packets given higher priority than web data packets. SW QoS: Select Activate to enable the feature. Bandwidth Limitation LAN to WAN (Bandwidth): Display maximum upstream bandwidth. WAN to LAN (Bandwidth): Display maximum downstream bandwidth. Specify Bandwidth Limitation: Click to update/change the allowed bandwidth. LAN to WAN (Upstream): Enter the maximum upstream bandwidth. WAN to LAN (Downstream): Enter the maximum downstream bandwidth. Click Bandwidth Save to save settings. Specify LAN Host Bandwidth: Allow specific LAN device(s) to skip the bandwidth control. Index: The rule indicator (1-32) for identifying each host device. MAC Address: Enter the hosts MAC address. For example: 00:04:ed:12:34:56 Upload / Download (Bandwidth): Enter maximum available upload and download bandwidth for the specific device. Click Save to apply settings. BEC 4700A / 4700AZ User Manual Device Configuration Advanced Setup QoS 121 SW QoS Rule Rule Index: Index marking for each rule up to maximum of 16. Application: Assign a name that identifies the new QoS application rule, e.g. FTP, HTTP, etc. Direction: Shows the direction mode of the QoS application WAN Interface: Select a WAN interface connection to allow external access to your internal network. QoS Type: Choose Limited (Maximum) or Guaranteed (Minimum) to specify the date rate is allowed for this policy. Priority: Set the priority given to each policy/application. Specify the priority for the use of bandwidth. You can specify which application can have higher priority to acquire the bandwidth. Its default setting is set to High. You may adjust this setting to fit your policy / application. Bandwidth Type: It is available when select Limited (Maximum) of QoS Type. Share Bandwidth The specific bandwidth, can be configured below, is shared by all devices within the internal IP address/range. BEC 4700A / 4700AZ User Manual Device Configuration Advanced Setup QoS 122 o Example: Share Bandwidth, Bandwidth set to 100Mbps, Internal IP Address:

192.168.1.100-104 (total of 5). Result: IP 192.168.100-104, those 5 devices will share bandwidth of 100Mbps. Bandwidth per Host Each of the LAN devices within the internal IP address/range obtain the specific bandwidth configured below. o Example: Bandwidth per Host, Bandwidth set to 50Mbps, Internal IP Address:

192.168.1.100-104 (total of 5). Result: The IP address/device, 192.168.100-104, each will obtain up to 50Mbps bandwidth/data to access to the Internet. Bandwidth (Mbps): Specify the bandwidth for this application. DSCP Marking: Differentiated Services Code Point (DSCP), it is the first 6 bits in the ToS byte. DSCP Marking allows users to classify the traffic of the application to be executed according to the DSCP value. Protocol: Select a protocol from the drop-down list Internal IP Address: The IP address values for Local LAN devices you want to give control. Internal Port: The Port number on the LAN side, it is used to identify an application. External IP Address: The IP address on remote / WAN side. External Port: The Port number on the remote / WAN side. Click Save to apply settings. To Remove a Policy: Simply select the Index then hit the Delete button to remove from the list. BEC 4700A / 4700AZ User Manual Device Configuration Advanced Setup Interface Grouping 123 Interface Grouping Interface grouping is a function to group interfaces, known as VLAN. A Virtual LAN, commonly known as a VLAN, is a group of hosts with the common set of requirements that communicate as if they were attached to the same broadcast domain, regardless of the physical location. A VLAN has the same attributes as a physical LAN, but it allows for end stations to be grouped together even if they are not located on the same network switch. Similarly, they may also have been split into two different groups, even if they are on the same switch. Each group will perform as an independent network. To support this feature, you must create mapping groups with appropriate LAN and WAN interfaces using the Save button. Interface Grouping: Select Yes to enable Interface Grouping feature. Group Index: The index number indicating the current group ranging from 0 to 15. EWAN Service: The available EWAN interface. Move to Interface Setup to add another EWAN interface. 4G-LTE / GRE Tunnel / OpenVPN Tunnel / Ethernet LAN / Wireless LAN: If the interface is ready/available, the click box will be shown. Group Summary: Click to review all configured grouping information. BEC 4700A / 4700AZ User Manual Device Configuration Advanced Setup Interface Grouping (Example) 124 Example: Create two WAN services, 4G/LTE and EWAN You are going to group the ports and services into two working group, as shown below. Group Index 0 1 Group Port 4G-LTE, LAN2 EWAN, Wi-Fi BEC 4700A / 4700AZ User Manual Device Configuration Advanced Setup Interface Grouping (Example) 125 Click Group Summary to show the configuration results. BEC 4700A / 4700AZ User Manual Device Configuration Advanced Setup Port Isolation 126 Port Isolation Port isolation is to prevent LAN (Wired or Wireless) devices, e.g. PC, Notebook, to associate or communicate with each other devices. By default, all ports (LAN port and WLAN port) are sharing one group, and devices in all these ports can have access to each other. Available LAN interfaces of the BEC 4700A/AZ are LAN, Wireless 2.4G, and Wireless 5G. BEC 4700A / 4700AZ User Manual Device Configuration Advanced Setup Time Schedule 127 Time Schedule The Time Schedule supports up to 16 timeslots which helps you to manage your Internet connection. In each time profile, you may schedule specific day(s) i.e. Monday through Sunday to restrict or allowing the usage of the Internet by users or applications. This Time Schedule correlates closely with routers time, since router does not have a real time clock on board; it uses the Simple Network Time Protocol (SNTP) to get the current time from an SNTP server from the Internet. Time Index: The rule indicator (1-16) for identifying each timeslot. Name: User-defined identification for each time period. Day of Week: Mon. to Sun. Specify the time interval for each timeslot from Day of Week. Start Time: The starting point of the interval for the timeslot, anytime in 00:00 24:00. End Time: The ending point of the interval for the timeslot, anytime in 00:00 24:00. Click Save to apply your settings. Example, you can add a timeslot named TimeSlot1 which features a period from 9:00 of Monday to 18:00 of Tuesday. TimeSlot2 from 09:00 to 18:00 of Wednesday BEC 4700A / 4700AZ User Manual Device Configuration Advanced Setup Mail Alert 128 Mail Alert Mail alert is designed to keep system administrator or other relevant personnel alerted of any unexpected events that might have occurred to the network computers or server for monitoring efficiency. With this alert system, appropriate solutions may be tackled to fix problems that may have arisen so that the server can be properly maintained. SMTP Server: Enter the SMTP server that you would like to use for sending emails. Username: Enter the username of your email account to be used by the SMTP server. Password: Enter the password of your email account. Senders Email: Enter your email address. SSL/TLS: Check to whether to enable SSL encryption feature. Port: the port, default is 25. WAN IP Change Alert Account Test: Click the button to test the connectivity and feasibility to your senders e-mail. WAN IP Change Alert (Recipients Email): Enter a valid e-mail address to receive an alert message when WAN IP change has been detected. 4G/LTE Usage Allowance (Recipients Email): Enter a valid e-mail address to receive an alert message when the 4G/LTE data usage is over the maximum (See Interface Setup > Internet (4G/LTE)

> Usage Allowance)Hotspot Status Log (Recipients Email): Enter a valid e-mail address to receive hotspot status log. Click Apply button to save settings. BEC 4700A / 4700AZ User Manual Device Configuration VPN IPSec 129 VPN A Virtual Private Network (VPN) is a private network that interconnects remote (and often geographically separate) networks through primarily public communication infrastructures such as the Internet. VPNs provide security through tunneling protocols and security procedures such as encryption. For example, a VPN could be used to securely connect the branch offices of an organization to a Headquarter office network through the public Internet. BEC 4700A/AZ supports IPSec, PPTP, L2TP, GRE, and OpenVPN Server / Client VPN features. IPSec Internet Protocol Security (IPSec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPSec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPSec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite. It can be used in protecting data flows between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). A total of 8 IPSec tunnels can be added. Click Add New Connection to create a new IPSec profile. BEC 4700A / 4700AZ User Manual IPSec Connection Setting Device Configuration VPN IPSec 130 Connection Name: Enter a description for this connection/profile. Active: Yes to activate the connection. Interface: Select a WAN interface to establish a tunnel with the remote VPN device. Auto allows system to automatically initiate a connection via current connected WAN interface. Remote Gateway IP: The WAN IP address of the remote VPN device. Enter 0.0.0.0 for unknown remote WAN IP address only the peer can initiate the tunnel connection. Local Access Range: Set the IP address or subnet of the local network. Single IP: The IP address of the local host, for establishing an IPSec connection between a security gateway and a host (network-to-host). Subnet: The subnet of the local network, for establishing an IPSec tunnel between a pair of security gateways (network-to-network) Remote Access Range: Set the IP address or subnet of the remote network. Single IP: The IP address of the local host, for establishing an IPSec connection between a security gateway and a host (network-to-host). If the remote peer is a host, select Single Address. Subnet: The subnet of the local network, for establishing an IPSec tunnel between a pair of security gateways (network-to-network), if the remote peer is a network, select Subnet. BEC 4700A / 4700AZ User Manual IPSec Phase 1(IKE) Device Configuration VPN IPSec 131 IKE Mode: IKE, Internet Key Exchange, is the mechanism to negotiate and exchange parameters and keys between IPSec peers to establish security associations (SA). Select Main or Aggressive mode. Local ID Type / Remote ID Type: When the mode of IKE is aggressive, Local and Remote peers can be identified by other IDs. IDContent: Enter IDContent the name you want to identify when the Local and Remote Type are Domain Name; Enter IDContent IP address you want to identify when the Local and Remote Type are IP addresses (IPv4 and IPv6 supported). Pre-Shared Key: This is for the Internet Key Exchange (IKE) protocol, a string from 4 to 128 characters. Both sides should use the same key. IKE is used to establish a shared security policy and authenticated keys for services (such as IPSec) that require a key. Before any IPSec traffic can be passed, each router must be able to verify the identity of its peer. This can be done by manually entering the pre-shared key into both sides (router or hosts). IKE Proposal & Encryption Algorithm: Select the encryption algorithm from the drop-down menu. There are several options: DES and AES (128, 192 and 256). 3DES and AES are more powerful but increase latency. DES: Stands for Data Encryption Standard, it uses 56 bits as an encryption method. 3DES: Stands for Triple Data Encryption Standard, it uses 168 (56*3) bits as an encryption AES: Stands for Advanced Encryption Standards, you can use 128, 192 or 256 bits as method. encryption method. Authentication Algorithm: Authentication establishes the integrity of the datagram and ensures it is not tampered with in transmission. There are 3 options: Message Digest 5 (MD5) and Secure Hash Algorithm (SHA1, SHA256). SHA1 is more resistant to brute-force attacks than MD5. However, it is slower. MD5: A one-way hashing algorithm that produces a 128bit hash. SHA1: A one-way hashing algorithm that produces a 160bit hash. Diffie-Hellman Group: It is a public-key cryptography protocol that allows two parties to establish a shared secret over an unsecured communication channel (i.e. over the Internet). MODP stands for Modular Exponential Groups. IPSec Phase 2(IPSec) IPSec Proposal: Select the IPSec security method. There are two methods of verifying the BEC 4700A / 4700AZ User Manual Device Configuration VPN IPSec 132 authentication information, AH (Authentication Header) and ESP (Encapsulating Security Payload). Use ESP for greater security so that data will be encrypted, and the data origin be authenticated but using AH data origin will only be authenticated but not encrypted. Encryption Algorithm: Select the encryption algorithm from the drop-down menu. There are several options: DES and AES (128, 192 and 256). 3DES and AES are more powerful but increase latency. DES: Stands for Data Encryption Standard, it uses 56 bits as an encryption method. 3DES: Stands for Triple Data Encryption Standard, it uses 168 (56*3) bits as an encryption AES: Stands for Advanced Encryption Standards, you can use 128, 192 or 256 bits as method. encryption method. Authentication Algorithm: Authentication establishes the integrity of the datagram and ensures it is not tampered with in transmission. There are 3 options: Message Digest 5 (MD5) and Secure Hash Algorithm (SHA1, SHA256). SHA1 is more resistant to brute-force attacks than MD5. However, it is slower. MD5: A one-way hashing algorithm that produces a 128bit hash. SHA1: A one-way hashing algorithm that produces a 160bit hash. Perfect Forward Secrecy: It is a public-key cryptography protocol that allows two parties to establish a shared secret over an unsecured communication channel (i.e. over the Internet). MODP stands for Modular Exponentiation Groups. IPSec SA Lifetime SA Lifetime: Specify the number of minutes that a Security Association (SA) will stay active before new encryption and authentication key will be exchanged. There are two kinds of SAs, IKE and IPSec. IKE negotiates and establishes SA on behalf of IPSec, and IKE SA is used by IKE. Phase 1 (IKE): To issue an initial connection request for a new VPN tunnel. The range can be from 5 to 15,000 minutes, and the default is 480 minutes. Phase 2 (IPSec): To negotiate and establish secure authentication. The range can be from 5 to 15,000 minutes, and the default is 60 minutes. A short SA time increases security by forcing the two parties to update the keys. However, every time the VPN tunnel re-negotiates, access through the tunnel will be temporarily disconnected. IPSec Connection Keep Alive Keep Alive:

None: Disable. The system will not detect remote IPSec peer is still alive or lost. The remote peer will get disconnected after the interval, in seconds, is up. PING: This mode will detect the remote IPSec peer has lost or not by pinging specify IP address. DPD: Dead peer detection (DPD) is a keeping alive mechanism that enables the router to be detected lively when the connection between the router and a remote IPSec peer has lost. BEC 4700A / 4700AZ User Manual Device Configuration VPN IPSec 133 Please be noted, it must be enabled on the both sites. PING to the IP: It is able to IP Ping the remote PC with the specified IP address and alert when the connection fails. Once alter message is received, Router will drop this tunnel connection. Reestablish of this connection is required. Default setting is 0.0.0.0 which disables the function Interval: This sets the time interval between Pings to the IP function to monitor the connection status. Default interval setting is 10 seconds. Time interval can be set from 0 to 3600 second, 0 second disables the function. Ping to the IP 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx (A valid IP Address) Interval (sec) 0 2000 0 xxx.xxx.xxx.xxx(A valid IP Address) 2000 Ping to the IP Action No No No Yes, activate it in every 2000 second. Disconnection Time after No Traffic: It is the NO Response time clock. When no traffic stage time is beyond the Disconnection time set, Router will automatically halt the tunnel connection and re-

establish it base on the Reconnection Time set. 180 seconds is minimum time interval for this function. Reconnection Time: It is the reconnecting time interval after NO TRAFFIC is initiated. 3 minutes is minimum time interval for this function. Click Save to apply settings. BEC 4700A / 4700AZ User Manual Device Configuration VPN IPSec (Example on LAN-to-LAN) 134 Examples: IPSec Network (LAN) to Network (LAN) Two of the BEC 4700A/AZ devices want to setup a secure IPSec VPN tunnel NOTE: The IPSec Settings shall be consistent between the two routers. BEC 4700A / 4700AZ User Manual Device Configuration VPN IPSec (Example on LAN-to-LAN) 135 Description Assigned name to this tunnel/profile IP address of the Branch office gateway Headquarter office network Branch office network Security Plan Headquarter office Side:

H-to-B 69.121.1.30 Subnet 192.168.1.0 255.255.255.0 Subnet 192.168.0.0 255.255.255.0 Configuration Settings Connection Name Remote Secure Gateway Access Network Local Access Range Local Network IP Address Local Network Netmask Remote Access Range Remote Network IP Address Remote Network Netmask IPSec Proposal IKE Mode Pre-Shared Key Phase 1 Encryption Phase 1 Authentication Phase 1 Diffie-Hellman Group MODP 1024(group2) Phase 2 Proposal Phase 2 Authentication Phase 2 Encryption Prefer Forward Security ESP SHA1 3DES MODP 1024(group2) Main 1234567890 AES-128 SHA1 BEC 4700A / 4700AZ User Manual Device Configuration VPN IPSec (Example on LAN-to-LAN) 136 Description Assigned name to this tunnel/profile IP address of the Branch office gateway Headquarter office network Branch office network Security Plan Branch Office Side:

B-to-H 69.121.1.3 Subnet 192.168.0.0 255.255.255.0 Subnet 192.168.1.0 255.255.255.0 Configuration Settings Connection Name Remote Secure Gateway Access Network Local Access Range Local Network IP Address Local Network Netmask Remote Access Range Remote Network IP Address Remote Network Netmask IPSec Proposal IKE Mode Pre-Shared Key Phase 1 Encryption Phase 1 Authentication Phase 1 Diffie-Hellman Group MODP 1024(group2) Phase 2 Proposal Phase 2 Authentication Phase 2 Encryption Prefer Forward Security ESP SHA1 3DES MODP 1024(group2) Main 1234567890 AES-128 SHA1 BEC 4700A / 4700AZ User Manual Device Configuration VPN IPSec (Example on Remote Access) 137 Examples: IPSec Remote Employee to BEC 4700A/AZ Connection Router servers as VPN server, and host should install the IPSec client to connect to Headquarter office through IPSec VPN. BEC 4700A / 4700AZ User Manual Device Configuration VPN IPSec (Example on Remote Access) 138 Description Assigned name to this tunnel/profile IP address of the Branch office gateway Headquarter information office LAN network Remote worker IP address Security Plan Headquarter office Side:

H-to-H 69.121.1.30 Subnet 192.168.1.0 255.255.255.0 Signal IP 69.121.1.30 255.255.255.255 Configuration Settings Connection Name Remote Secure Gateway Access Network Local Access Range Local Network IP Address Local Network Netmask Remote Access Range Remote Network IP Address Remote Network Netmask IPSec Proposal IKE Mode Pre-Shared Key Phase 1 Encryption Phase 1 Authentication Phase 1 Diffie-Hellman Group MODP 1024(group2) Phase 2 Proposal Phase 2 Authentication Phase 2 Encryption Prefer Forward Security ESP SHA1 3DES MODP 1024(group2) Main 1234567890 AES-128 SHA1 BEC 4700A / 4700AZ User Manual Device Configuration VPN PPTP Server 139 PPTP Server The Point-to-Point Tunneling Protocol (PPTP) is a Layer2 tunneling protocol for implementing virtual private networks through IP network. In the Microsoft implementation, the tunneled PPP traffic can be authenticated with PAP, CHAP, and Microsoft CHAP V1/V2 . The PPP payload is encrypted using Microsoft Point-to-Point Encryption

(MPPE) when using MSCHAPv1/v2. NOTE: 4 sessions for Client and 4 sessions for Server respectively. PPTP Server: Select Activate / Deactivate to enable or disable the PPTP Server. Authentication Type: Pick an authentication type from the drop-down list. When using PAP, the password is sent unencrypted, whilst CHAP encrypts the password before sending, and also allows for challenges at different periods to ensure that an intruder has not replaced the client. When passed the authentication with MS-CHAPv2, the MPPE encryption is supported. Encryption Key Length: Auto, data encryption and key length, with 40-bit or 128-bit, is automatically negotiated when establish a connection. 128-bit keys provide strong stronger encryption than 40-bit keys. Encryption Mode: The encryption key will be changed every 256 packets with Stateful mode. With Stateless mode, the key will be changed in each packet. CCP (Compression Control Protocol): Enable to compress data to save bandwidth and increase data transfer speed. BEC 4700A / 4700AZ User Manual Device Configuration VPN PPTP Server 140 MS-DNS: Assign a DNS server or use router default IP address to be the MS-DNS server IP address. Rule Index: The indication of the rule number. The maximum entry is up to 4. Connection Name: Enter a description for this connection/profile. Active: Yes to activate the account. PPTP server is waiting for the client to connect to this account. Username / Password: Enter the username / password for this profile. Connection Type: Select Remote Access for single user, Select LAN to LAN for remote gateway. Private IP Address Assigned to Dial-in User: Specify the private IP address to be assigned to dial-

in clients, and the IP should be in the same subnet as local LAN, but not occupied. Remote Network IP Address: Enter the subnet IP of the remote LAN network. Remote Network Netmask: Enter the Netmask of the remote LAN network. Click Save to apply settings. BEC 4700A / 4700AZ User Manual Device Configuration VPN PPTP Client 141 PPTP Client Establish a PPTP tunnel over Internet to connect with a PPTP server. A total of 4 PPTP Client sessions can be created. Rule Index: The indication of the rule number. The maximum entry is up to 4. Connection Name: Enter a description for this connection/profile. Active: Yes to activate the account. PPTP server is waiting for the client to connect to this account. Authentication Type: Pick an authentication type from the drop-down list. When using PAP, the password is sent unencrypted, whilst CHAP encrypts the password before sending, and also allows for challenges at different periods to ensure that an intruder has not replaced the client. When passed the authentication with MS-CHAPv2, the MPPE encryption is supported. Encryption Key Length: Auto, data encryption and key length, with 40-bit or 128-bit, is automatically negotiated when establish a connection. 128-bit keys provide strong stronger encryption than 40-bit keys. Encryption Mode: The encryption key will be changed every 256 packets with Stateful mode. With Stateless mode, the key will be changed in each packet. CCP (Compression Control Protocol): Enable to compress data to save bandwidth and increase data transfer speed. Username / Password: Enter the username / password provided by the PPTP server/host. BEC 4700A / 4700AZ User Manual Device Configuration VPN PPTP Client 142 Connection Type: Select Remote Access for single user, Select LAN to LAN for remote gateway. Server IP Address: Enter the WAN IP address of the PPTP server. Remote Network IP Address: Enter the subnet IP of the server/host LAN network. Remote Network Netmask: Enter the Netmask of the server/host LAN network. Fixed IP: Specific and reserve a LAN IP address from the remote PPTP server. Click Enable then enter the request IP address. Active as Default Route: Enabled to let the tunnel to be the default route for traffic, under this circumstance, all packets will be forwarded to this tunnel and routed to the next hop. DMZ: Specific an internal DMZ host to add an additional layer of protection to the network. All received incoming packets will first go through the Virtual Server list, if no service redirection required, then packets can get forwarded to the DMZ host. Click Enable then enter the DMZ IP address. Virtual Server: Click Enable to enable redirection of Internet packets. Virtual Server Index: Index marking for each rule up to maximum of 4. Protocol: Choose the application protocol. Start / End Port Number: Enter the start / end port number of the local application (service).

(Example: Start / End: 1000 or Start: 1000, End: 2000). The starting greater than zero (0) and the ending port must be the same or larger than the starting port. Local IP Address: Enter the local IP address of the default start/end port of the application / service. Click Save to apply settings. BEC 4700A / 4700AZ User Manual Example: PPTP Remote Employee Dial-in to BEC 4700A/AZ Device Configuration VPN PPTP (Example on Remote Dial-In) 143 The input IP address 192.168.1.2 will be assigned to the remote worker. Please make sure this IP is not used in the Office LAN. Configuration Settings Connection Name Authentication Type Username Password Connection Type Assigned IP HS-RA MS-CHAPv2 test test Remote Access 192.168.1.2 Description Assigned name to this tunnel/profile Authentication type Credential created from the device to a PPTP client to dial-in to the network. Remote access for a dial-in Local IP assigned to the dial-in client BEC 4700A / 4700AZ User Manual Device Configuration VPN PPTP (Example on Remote Dial-Out) 144 Example: PPTP Remote Employee Dial-out to BEC 4700A/AZ A companys office establishes a PPTP VPN connection with a file server located at a separate location. The router is installed in the office, connected to a couple of PCs and Servers. PPTP Server WAN IP address is 61.121.1.33 of the Headquarter office. Configuration Settings Connection Name Authentication Type Username Password Connection Type Server IP HS-RA MS-CHAPv2 test test Remote Access 61.121.1.33 Description Assigned name to this tunnel/profile Authentication type Credential assigned from the PPTP server for PPP client to dial-in to its network. Remote access for a dial-in VPN server WAN IP address BEC 4700A / 4700AZ User Manual Device Configuration VPN PPTP (Example on LAN-to-LAN) 145 Example: PPTP Network (LAN) to Network (LAN) Connection The branch office establishes a PPTP VPN tunnel with Headquarter office to connect two private networks over the Internet. The routers are installed in the Headquarter office and branch offices accordingly. NOTE: Both office LAN networks must be in different subnets with the LAN-LAN application. BEC 4700A / 4700AZ User Manual Device Configuration VPN PPTP (Example on LAN-to-LAN) 146 Configuring PPTP Server in the Headquarter office The IP address 192.168.1.2 will be assigned to the router located in the branch office. Please make sure this IP is not used in the Headquarter office LAN. Configuration Settings Description Connection Name HS-LL Assigned name to this tunnel/profile Authentication Type MS-CHAPv2 Authentication type Username Password test test Credential created for a PPTP client to dial-in to its local network. Connection Type LAN to LAN LAN to LAN connection Assigned IP 192.168.1.2 Local IP assigned to the dial-in client Remote Network IP 129.168.0.0 Remote Network Netmask 255.255.255.0 Remote, Branch office, LAN network IP address and Netmask BEC 4700A / 4700AZ User Manual Device Configuration VPN PPTP (Example on LAN-to-LAN) 147 Configuring PPTP Client in the Branch office The IP address 69.1.121.33 is the Public IP address of the router located in Headquarter office. Configuration Settings Description Connection Name BC-LL Assigned name to this tunnel/profile Authentication Type MS-CHAPv2 Authentication type Username Password test test Credential assigned from the Headquarter Server to dial-in. Connection Type LAN to LAN LAN to LAN connection Server IP 69.121.1.33 Headquarter Serve WAN IP address Remote Network IP 129.168.1.0 Remote Network Netmask 255.255.255.0 Remote, Headquarter office, LAN network IP address and Netmask BEC 4700A / 4700AZ User Manual Device Configuration VPN L2TP 148 L2TP L2TP, Layer 2 Tunneling Protocol is a tunneling protocol used to support virtual private networks

(VPNs). It does not provide any encryption or confidentiality by itself; it relies on an encryption protocol that it passes within the tunnel to provide. NOTE: 4 sessions for dial-in connections and 4 sessions for dial-out connections Rule Index: The indication of the rule number. The maximum entry is up to 8 (4 dial-in and 4 dial-out profiles). Connection Name: Enter a description for this connection/profile. Active: To enable or disable this profile. Connection Mode (Dial in) Connection Mode: Select Dial In to operate as a L2TP server. BEC 4700A / 4700AZ User Manual Device Configuration VPN L2TP 149 Authentication Type: Default in Chap/Pap (CHAP, Challenge Handshake Authentication Protocol. PAP, Password Authentication Protocol). If you want the router to determine the authentication type to use, or else manually specify PAP if you know which type the server is using (when acting as a client), or else the authentication type you want clients connecting to you to use (when acting as a server). Username / Password (Server/Host): Enter the username / password for this profile. Private IP Address Assigned to Dial-in User: The private IP to be assigned to dial-in user by L2TP server. The IP should be in the same subnet as local LAN and should not be occupied. Connection Mode (Dial out) Connection Mode: Choose Dial Out if you want your router to operate as a client (connecting to a remote L2TP Server, e.g., your office server). Server IP Address: Enter the IP address of your VPN Server. Authentication Type: Default is Chap/Pap (CHAP, Challenge Handshake Authentication Protocol. PAP, Password Authentication Protocol). If you want the router to determine the authentication type to use, or else manually specify PAP if you know which type the server is using (when acting as a client), or else the authentication type you want clients connecting to you to use (when acting as a server). Username / Password (Client): Enter the username / password provide by the Server/Host. Connection Type Remote Access: From a single user. Tunnel Authentication and Active LAN to LAN: Enter the peer network information, such as network address and Netmask. Tunnel Authentication: This enables router to authenticate both the L2TP remote and L2TP host. This is only valid when L2TP remote supports this feature. Secret Password: The secure password length should be 16 characters which may include numbers and characters. BEC 4700A / 4700AZ User Manual Device Configuration VPN L2TP 150 Local Host Name: Enter hostname of Local VPN device that is connected / established a VPN tunnel. Remote Host Name: Enter hostname of remote VPN device. It is a tunnel identifier from the Remote VPN device matches with the Remote hostname provided. If remote hostname matches, tunnel will be connected; otherwise, it will be dropped. Active as Default Route: Enabled to let the tunnel to be the default route for traffic, under this circumstance, all packets will be forwarded to this tunnel and routed to the next hop. IPSec: Click the checkbox to establish a L2TP tunnel inside of the IPSec tunnel. Click Save to apply settings. BEC 4700A / 4700AZ User Manual Device Configuration VPN L2TP (Example on Remote Dial-in) 151 Example: L2TP VPN Remote Employee Dial-in to BEC 4700A/AZ A remote worker establishes a L2TP VPN connection with the Headquarter office using Microsoft's VPN Adapter The router is installed in the Headquarter office, connected to a couple of PCs and Servers. The input IP address 192.168.1.200 will be assigned to the remote worker. Please make sure this IP is not used in the Office LAN. Configuration Settings Connection Name Connection Mode Authentication Type Username Password Assigned IP Connection Type HS-RA Dial in Chap/Pap test test 192.168.1.200 Remote Access Description Assigned name to this tunnel/profile Operate as L2TP server Authentication type Credential from the device for remote client to dial-in to the network. An IP assigned to the dial in client Remote access for dial in BEC 4700A / 4700AZ User Manual Device Configuration VPN L2TP (Example on Remote Dial-out) 152 Example: L2TP VPN BEC 4700A/AZ Dial-out to a Server A companys office establishes a L2TP VPN connection with a file server located at a separate location. The router is installed in the office, connected to a couple of PCs and Servers. Item Connection Name Connection Mode Server IP Authentication Type Username Password Connection Type Description HC-RA Dial out 69.121.1.33 Chap/Pap test test Remote Access Assigned name to this tunnel/profile Operate as L2TP client VPN server WAN IP address Authentication type Credential remote clients to dial-in to the network. Remote access for dial out the VPN Server from for BEC 4700A / 4700AZ User Manual Device Configuration VPN L2TP (Example on LAN-to-LAN) 153 Example: L2TP VPN Network (LAN) to Network (LAN) Connection The branch office establishes a L2TP VPN tunnel with Headquarter office to connect two private networks over the Internet. The routers are installed in the Headquarter office and branch office accordingly. NOTE: Both office LAN networks must be in different subnets with the LAN-LAN application. BEC 4700A / 4700AZ User Manual Device Configuration VPN L2TP (Example on LAN-to-LAN) 154 Configuring L2TP VPN Dial-in in the Headquarter office The IP address 192.168.1.200 will be assigned to the router located in the branch office. Item Connection Name Connection Mode Username Password HS-LL Dial in Test Test Description Assigned name to this tunnel/profile Operate as L2TP server Credential for a PPTP client to dial-in to the network. Authentication Type Chap/Pap Authentication type Assigned IP 192.168.1.200 An IP assigned to the dial in client Connection Type LAN to LAN LAN to LAN for dial in Remote Network IP 129.168.0.0 Remote Network Netmask 255.255.255.0 Remote, Branch office, LAN network IP address and Netmask BEC 4700A / 4700AZ User Manual Device Configuration VPN L2TP (Example on LAN-to-LAN) 155 Configuring L2TP VPN Dial-out in the Branch office The IP address 69.1.121.33 is the Public IP address of the router located in Headquarter office. Item Connection Name Connection Mode Description BC-LL Dial out Assigned name to this tunnel/profile Operate as L2TP client Server IP 69.121.1.33 Dialed server IP Authentication Type Chap/Pap Authentication type Username Password test test Credential from the PPTP server to dial-in to the network Connection Type LAN to LAN LAN to LAN for dial out Remote Network IP 129.168.1.0 Remote Network Netmask 255.255.255.0 Remote, Headquarter office, LAN network IP address and Netmask BEC 4700A / 4700AZ User Manual Device Configuration VPN GRE 156 GRE Tunnel Generic Routing Encapsulation (GRE) is a tunneling protocol that can encapsulate a wide variety of network layer protocol packets inside virtual point-to-point links over an IP network. NOTE: Up to 8 GRE tunnels supported. Rule Index: The numeric rule indicator for GRE. The maximum entry is up to 8. Connection Name: Enter a description for this connection/profile. Active: Yes to activate this GRE profile. Tunnel Type: Two types of tunnels, TUN (IP over GRE) and TAP (Ethernet over GRE). BEC 4700A / 4700AZ User Manual TUN (IP over GRE) TUN is in layer 3, networking level which routes packets via GRE tunnels. Device Configuration VPN GRE 157 Interface: Select a WAN interface to establish a tunnel with the remote VPN device. Remote Gateway IP: Enter the remote GRE WAN IP address. Tunnel Local IP Address & Remote IP Address (Virtual Interface): Enter a virtual IP address for local and peer network of the GRE tunnel. Tunnel Network Netmask (Virtual Interface): Enter the Netmask for this virtual interface. NOTE: The virtual Local and Remote IP addresses must in same subnet and cannot be existed or used in both networks. Remote Network IP Address: Enter the actual remote LAN network IP address. Remote Network Netmask: Enter the actual remote LAN network Netmask. Enable Keepalive: Check the box to enable the keepalive. The system will detect remote peer is still alive or lost. If no responses from the remote peer after certain times, #-of-retry-time x interval, the connection will get dropped. Keep-alive Retry Times: Set the keep-alive retry times, default is 3. Keep-alive Interval: Set the keep-alive Interval, unit in seconds. Default is 5 seconds. Example: Keepalive retry time (3) x keepalive interval (5) = 15 seconds. If no responses for 15 seconds, GRE connection will get aborted. MTU: Maximum Transmission Unit in byte. The size of the largest datagram (excluding media-specific headers) an IP attempts to send through the interface. Key: This tunnel key has a maximum string of 5 containing alphanumeric characters. Both sides, local and remote, should use the same key. BEC 4700A / 4700AZ User Manual Active as Default Route: Select if to set the GRE tunnel as the default route. IPSec: Click the checkbox to establish a GRE tunnel inside of the IPSec tunnel. Device Configuration VPN GRE 158 IKE Mode: IKE, Internet Key Exchange, is the mechanism to negotiate and exchange parameters and keys between IPSec peers to establish security associations (SA). Select Main or Aggressive mode. IKE (IPSec) Local ID Type and Remote ID Type: When the mode of IKE is aggressive, Local and Remote peers can be identified by other IDs. IKE (IPSec) Pre-Shared Key: This is for the Internet Key Exchange (IKE) protocol, a string from 4 to 128 characters. Both sides should use the same key. IKE is used to establish a shared security policy and authenticated keys for services (such as IPSec) that require a key. Before any IPSec traffic can be passed, each router must be able to verify the identity of its peer. This can be done by manually entering the pre-shared key into both sides (router or hosts). Click Save to apply settings. BEC 4700A / 4700AZ User Manual TAN (Ethernet over GRE) TAN is in layer 2, Ethernet level which acts as a switch adding Ethernet frame passed over the GRE tunnels. Device Configuration VPN GRE 159 Bridge Mode: Select Yes to enable TAN bridge mode. Bridge Mode No Interface: Select a WAN interface to establish a tunnel with the remote VPN device. Remote Gateway IP: Enter the remote GRE WAN IP address. Remote Network IP Address: Enter the actual remote LAN network IP address. Remote Network Netmask: Enter the actual remote LAN network Netmask. MTU: Maximum Transmission Unit in byte. The size of the largest datagram (excluding media-

specific headers) an IP attempts to send through the interface. Key: This tunnel key has a maximum string of 5 containing alphanumeric characters. Both sides, local and remote, should use the same key. Click Save to apply settings. Bridge Mode Yes Interface: Select a WAN interface to establish a tunnel with the remote VPN device. Remote Gateway IP: Enter the remote GRE WAN IP address. MTU: Maximum Transmission Unit in byte. The size of the largest datagram (excluding media-

BEC 4700A / 4700AZ User Manual specific headers) an IP attempts to send through the interface. Key: This tunnel key has a maximum string of 5 containing alphanumeric characters. Both sides, local and remote, should use the same key. Device Configuration VPN GRE 160 Click Save to apply settings. BEC 4700A / 4700AZ User Manual Device Configuration VPN GRE (Example) 161 Example: GRE VPN Network (LAN) to Network (LAN) Connection The branch office establishes a GRE VPN tunnel with Headquarter office to connect two private networks over the Internet. The routers are installed in the Headquarter office and branch office accordingly. NOTE: Both office LAN networks must be in different subnets with the GRE VPN connection. BEC 4700A / 4700AZ User Manual Device Configuration VPN GRE (Example) 162 Configuring GRE connection in the Headquarter office The IP address 69.1.121.30 is the Public IP address of the router located in branch office. Item Connection Name Remote Gateway IP Tunnel Local IP Address

(Virtual Interface) Tunnel Remote IP Address

(Virtual Interface) Tunnel Network Netmask

(Virtual Interface) HS-LL 69.121.1.30 192.168.100.11 192.168.100.10 Description Assigned name to this tunnel/profile WAN IP address of Branch office Local and remote virtual interface IP address must be in same Netmask. 255.255.255.0 Network Netmask of this virtual interface. Remote Network IP/ Netmask 192.168.0.0/

255.255.255.0 The remote, branch office, LAN network IP and Netmask. BEC 4700A / 4700AZ User Manual Device Configuration VPN GRE (Example) 163 Configuring GRE connection in the Branch office The IP address 69.1.121.3 is the Public IP address of the router located in Headquarter office. Item Connection Name Remote Gateway IP Tunnel Local IP Address

(Virtual Interface) Tunnel Remote IP Address

(Virtual Interface) Tunnel Network Netmask

(Virtual Interface) BC-LL 69.121.1.3 192.168.100.10 192.168.100.11 Description Assigned name to this tunnel/profile WAN IP address of Headquarter office Local and remote virtual interface IP address must be in same Netmask. 255.255.255.0 Network Netmask of this virtual interface. Remote Network IP/ Netmask 192.168.1.0/

255.255.255.0 The remote, Headquarter office, LAN network IP and Netmask. BEC 4700A / 4700AZ User Manual Device Configuration VPN OpenVPN (OpenVPN Server TAN Mode) 164 OpenVPN OpenVPN is an open source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange. OpenVPN can run over User Datagram Protocol (UDP) or Transmission Control Protocol (TCP) transports, multiplexing created SSL tunnels on a single TCP/UDP port. It is capable of traversing network address translation (NAT) and firewalls. OpenVPN allows peers to authenticate each other using a pre-shared secret key, certificates, or username/password. Preshared secret key is the easiest, with certificate based being the most robust and feature-rich. It uses the OpenSSL encryption library extensively, allowing OpenVPN to use all the ciphers available in the OpenSSL package, as well as the SSLv3/TLSv1 protocol, and contains many security and control features. It has integrated with OpenVPN package, allowing users to run OpenVPN in server or client mode from their network routers. OpenVPN Server NOTE: Up to 1 profile. Rule Index: The numeric rule indicator for OpenVPN. Connection Name: Enter a description for this connection/profile. Active: Yes to activate this profile. Device Type: TUN (IP over OpenVPN) and TAN (Ethernet Over OpenVPN) to choose. TUN (IP Over OpenVPN): Layer 3 networking level which routes packets on the VPN (Routing). Local Service Port: Port 1194 is the default assigned port for OpenVPN. Protocol: OpenVPN can run over either UDP or TCP transports. Select the protocol. Tunnel Network (Virtual Interface) IP Address / Netmask: Enter a virtual IP address and Netmask for this tunnel. NOTE: The virtual IP addresses cannot be existed or used in both networks. BEC 4700A / 4700AZ User Manual Device Configuration VPN OpenVPN (OpenVPN Server TAN Mode) 165 Local Access Range IP Address / Netmask: Enter local OpenVPN Servers LAN network IP address and Netmask. Certification Cryptographic Suite Local Certificate / Trusted CA Index: OpenVPN mutually authenticate the server and client based on certificates and CA. Select a certificate and CA. To import certificates and CAs, go to Maintenance >> Certificate Management to upload files. Otherwise, select Default certificate and CA. Cipher: OpenVPN uses all the ciphers available in the OpenSSL package to encrypt both the data and channels. Select an encryption method. Hash: To establish the integrity of the datagram and ensures it is not tampered with in transmission. There are options: Message Digest 5 (MD5) and Secure Hash Algorithm (SHA1, SHA256). SHA1 is more resistant to brute-force attacks than MD5. However, it is slower. Compression: Choose adaptive to use the LZO compression library to compress the data stream. Keepalive: Check the box to enable the keepalive feature. The system will automatically send ping packet to remote peer to keep the tunnel active. Interval: Set the keep-alive Interval, unit in seconds. Default is 10 seconds. Valid interval range is from 0 to 3600 seconds. Timeout: Re-establish tunnel if no responses from peer network after timeout period expires. Default is 120 seconds. Click Save to apply settings. BEC 4700A / 4700AZ User Manual Device Configuration VPN OpenVPN (OpenVPN Server TAP (Serve-Bridge) 166 TAP (Ethernet Over OpenVPN) in Server-Bridge Mode Bridge: No Using its own client IP address. Local Service Port: Port 1194 is the default assigned port for OpenVPN. Protocol: OpenVPN can run over either UDP or TCP transports. Select the protocol. Tunnel Network IP Address / Netmask: Enter a virtual IP address and Netmask for this tunnel. NOTE: The virtual IP addresses cannot be existed or used in both networks. Local IP Address / Netmask: Enter local LAN network IP address and Netmask. TAP (Ethernet Over OpenVPN) in Bridge mode Bridge: Yes Can use local DHCP server on LAN to assign IP address to VPN clients. Local Service Port: Port 1194 is the default assigned port for OpenVPN. Protocol: OpenVPN can run over either UDP or TCP transports. Select the protocol. Certification Local Certificate / Trusted CA Index: OpenVPN mutually authenticate the server and client based on certificates and CA. Select a certificate and CA. To import certificates and CAs, go to Maintenance >> Certificate Management to upload files. Otherwise, select Default certificate and CA. BEC 4700A / 4700AZ User Manual Device Configuration VPN OpenVPN (OpenVPN Server TAP (Serve-Bridge) 167 Cryptographic Suite Cipher: OpenVPN uses all the ciphers available in the OpenSSL package to encrypt both the data and channels. Select an encryption method. Hash: To establish the integrity of the datagram and ensures it is not tampered with in transmission. There are options: Message Digest 5 (MD5) and Secure Hash Algorithm (SHA1, SHA256). SHA1 is more resistant to brute-force attacks than MD5. However, it is slower. Compression: Choose adaptive to use the LZO compression library to compress the data stream. Keepalive: Check the box to enable the keepalive feature. The system will automatically send ping packet to remote peer to keep the tunnel active. Interval: Set the keep-alive Interval, unit in seconds. Default is 10 seconds. Valid interval range is from 0 to 3600 seconds. Timeout: Re-establish tunnel if no responses from peer network after timeout period expires. Default is 120 seconds. Click Save to apply settings. BEC 4700A / 4700AZ User Manual Device Configuration VPN OpenVPN Client (Profile Setup Manually) 168 OpenVPN Client OpenVPN client must match the VPN information / settings with the OpenVPN Server. Rule Index: The indication of the rule number. Maximum up to 4 profile/tunnels Configuration Method: OpenVPN client profiles can be manually entered or imported a pre-

configured client profile. Connection Name: Display the name of the connection or profile. Active: Display whether the connection or profile is set to active or not. Manual Input Client Information Rule Index: The indication of the rule number. Maximum up to 3 profile/tunnels Connection Name: Enter a description for this connection/profile. Active: Yes to activate this profile. Device Type:

TUN (IP Over OpenVPN): Works only in Layer 3 networking level which routes packets on the VPN. Server IP Address or Domain Name: Enter OpenVPN Servers WAN IP address or Domain name. Service Port: Port 1194 is the official assigned port number for OpenVPN. Protocol: OpenVPN can run over either UDP or TCP transports. Select the protocol. BEC 4700A / 4700AZ User Manual Device Configuration VPN OpenVPN Client (Profile Setup Manually) 169 Active as Default Route: Choose Yes to let the OpenVPN tunnel/connection be the default route for traffic, under this circumstance, all outgoing packets will be forwarded to this tunnel and routed to the next hop. Remote Network IP Address / Netmask: Enter the LAN network IP address and Netmask of the OpenVPN Server. One-to-One NAT: Create a one-to-one mapping for a specific or a range of internal LAN IP address of the OpenVPN client to the VPN tunnel. Local IP Address / Netmask: This is the internal LAN network IP address & netmask of the OpenVPN client. OpenVPN tunnel. Mapped Tunnel IP Address / Netmask: This is the IP address & netmask of the TAP (Ethernet Over OpenVPN) in Server-Bridge Mode Bridge: No Using its own client IP address. Local Service Port: Port 1194 is the default assigned port for OpenVPN. Protocol: OpenVPN can run over either UDP or TCP transports. Select the protocol. Tunnel Network IP Address / Netmask: Enter a virtual IP address and Netmask for this tunnel. NOTE: The virtual IP addresses cannot be existed or used in both networks. Local IP Address / Netmask: Enter local LAN network IP address and Netmask. Server IP Address or Domain Name: Enter OpenVPN Servers WAN IP address or Domain name. Bridge: No Using its own client IP address. Local Service Port: Port 1194 is the default assigned port for OpenVPN. Protocol: OpenVPN can run over either UDP or TCP transports. Select the protocol. TAP (Ethernet Over OpenVPN) in Bridge Mode Bridge: Yes if used in bridge. Local Service Port: Port 1194 is the default assigned port for OpenVPN. Protocol: OpenVPN can run over either UDP or TCP transports. Select the protocol. BEC 4700A / 4700AZ User Manual Device Configuration VPN OpenVPN Client (Profile Setup Manually) 170 Certification Local Certificate / Trusted CA Index: OpenVPN mutually authenticate the server and client based on certificates and CA. Select a certificate and CA. To import certificates and CAs, go to Maintenance >> Certificate Management to upload files. Otherwise, select Default certificate and CA. Additional Authentication: Enter the extra credential requested by the OpenVPN server. TLS-Auth / Key Direction / TLS-Auth Key: These are optional functions which must be activated on the server side. Cryptographic Suite Cipher: OpenVPN uses all the ciphers available in the OpenSSL package to encrypt both the data and channels. Select an encryption method. Hash: To establish the integrity of the datagram and ensures it is not tampered with in transmission. There are options: Message Digest 5 (MD5) and Secure Hash Algorithm (SHA1, SHA256). SHA1 is more resistant to brute-force attacks than MD5. However, it is slower. Compression: Choose adaptive to use the LZO compression library to compress the data stream. BEC 4700A / 4700AZ User Manual Device Configuration VPN OpenVPN Client (Profile Setup Manually) 171 Keepalive: Check the box to enable the keepalive feature. The system will automatically send ping packet to remote peer to keep the tunnel active. Interval: Set the keep-alive Interval, unit in seconds. Default is 10 seconds. Valid interval range is from 0 to 3600 seconds. Timeout: Re-establish tunnel if no responses from peer network after timeout period expires. Default is 120 seconds. Click Save to apply settings. BEC 4700A / 4700AZ User Manual Device Configuration VPN OpenVPN (OpenVPN Client (Import a Clint Profile)) 172 Import an OpenVPN Client Profile Rule Index: The indication of the rule number. Connection Name: Enter a description for this connection/profile. Active: Yes to activate this profile. Additional Authentication: Enter the extra credential requested by the OpenVPN server. Configuration File: Click Choose File to find the OpenVPN client profile you want to upload. If the .ovpn file is in zip format, you must extract / decompress / unzip the file prior to the upload. Upload: Click Upload to begin the upload process. BEC 4700A / 4700AZ User Manual Device Configuration VPN OpenVPN (Example) 173 Example: OpenVPN Network (LAN) to Network (LAN) Connection The Branch office establishes a tunnel with Headquarter office to connect two private networks over the OpenVPN. NOTE: Both office LAN networks must be in different subnets. BEC 4700A / 4700AZ User Manual Device Configuration VPN OpenVPN (Example) 174 Configuring OpenVPN server in Headquarter office The IP address 69.1.121.30 is the WAN IP address of the router located in the Branch office. The OpenVPN tunnel network virtual interface is set to 192.168.100.0/24. Item Connection Name Tunnel Network

(Virtual Interface) Local Access Range HS-LL 192.168.100.0/

255.255.255.0 192.168.1.0/

255.255.255.0 Description Assigned name to this tunnel/profile IP address & Netmask of the virtual tunnel. OpenVPN Servers local LAN network. BEC 4700A / 4700AZ User Manual Device Configuration VPN OpenVPN (Example) 175 Configuring OpenVPN client in Branch office The IP address 69.1.121.3 is the WAN IP address of the router located in Headquarter office. Item Connection Name Server IP Address Remote Subnet BC-LL 69.121.1.3 192.168.1.0/

255.255.255.0 Description Assigned name to this tunnel/profile The WAN IP address of OpenVPN server. Local LAN IP & Netmask of the Server office BEC 4700A / 4700AZ User Manual Device Configuration Access Management Device Management 176 Access Management Device Management Device Host Name Host Name: Enter the host name of the router. Default is home.gateway Embedded Web Server HTTP Port: It is the embedded web server (Web GUI) accessing port, default is 80. It can be changed other port other than port 80, e.g. port 8080. HTTPS Port: Similar to HTTP which is an unencrypted communication using port 80. HTTPS is encrypted by SSL using port 443 instead. HTTPS Server Certificate Index: HTTPS known as HTTP-over-SSL tunnel protocol. Select a certificate to identify the system web server. When accessing to the web server (Web GUI), the browser will issue a warning page. To import certificates, go to Maintenance >> Certificate Management to upload files. Otherwise, select Default certificate and CA. Click Save to apply settings. BEC 4700A / 4700AZ User Manual Device Configuration Access Management SNMP 177 SNMP Simple Network Management Protocol (SNMP) is a protocol used for exchanging management information between network devices. Your BEC 4700A/AZ serves as a SNMP agent that allows a manager station to manage and monitor the router through the network. SNMP: Activate to enable SNMP. Get Community: Type the Get Community, which is the password for the incoming Get-and-GetNext requests from the management station. Set Community: Type the Set Community, which is the password for incoming Set requests from the management station. Trap Manager IP: Enter the IP of the server receiving the trap message (when some exception occurs) sent by this SNMP agent. System Name / Location / Contact: String descriptions of the SNMP agent. Interface: Select the access interface. Choices are LAN or ALL (Both LAN and WAN). SNMPv3 SNMPv3: Enable to activate the SNMPv3. Username: Enter the name allowed to access the SNMP agent. Access Permissions: Set the access permissions for the user; RO--read only and RW--read and writer. Authentication Protocol: Select the authentication protocol, MD5 and SHA. SNMP agent can communicate with the manager station through authentication and encryption to secure the message BEC 4700A / 4700AZ User Manual Device Configuration Access Management SNMP 178 exchange. Set the authentication and encryption information here and below. Authentication Key: Set the authentication key, 8-31 characters. Privacy Protocol: Select the privacy mode, DES and AES. Privacy Key: Set the privacy key, 8-31 characters. Click Save to apply settings. BEC 4700A / 4700AZ User Manual Syslog (System Log) Use the Syslog to collect system event information to a remote log server. Device Configuration Access Management Syslog 179 Remote System Log: Select Activated to enable this feature Server IP Address: Assign the remote log server IP address. Server UDP Port: Assign the remote log server port, 514 is commonly used. Click Save to apply settings. BEC 4700A / 4700AZ User Manual Device Configuration Access Management UPnP 180 Universal Plug & Play UPnP offers peer-to-peer network connectivity for PCs and other network devices, along with control and data transfer between devices. UPnP offers many advantages for users running NAT routers through UPnP NAT Traversal, and on supported systems makes tasks such as port forwarding much easier by letting the application control the required settings, removing the need for the user to control advanced configuration of their device. Both the users Operating System and the relevant application must support UPnP in addition to the router. UPnP: Select this checkbox to activate UPnP. Be aware that anyone could use an UPnP application to open the web configurations login screen without entering the BEC 4700A/AZ's IP address Auto-configured: Select this check box to allow UPnP-enabled applications to automatically configure the BEC 4700A/AZ so that they can communicate through the BEC 4700A/AZ, for example by using NAT traversal, UPnP applications automatically reserve a NAT forwarding port in order to communicate with another UPnP enabled device; this eliminates the need to manually configure port forwarding for the UPnP enabled application. Click Save to apply settings. BEC 4700A / 4700AZ User Manual Device Configuration Access Management DDNS 181 Dynamic DNS (DDNS) The Dynamic DNS function allows you to alias a dynamic IP address to a static hostname, allowing users whose ISP does not assign them a static IP address to use a domain name. This is especially useful for hosting servers via your internet connection, so that anyone wishing to connect to you may use your domain name, rather than having to use your dynamic IP address, which changes from time to time. This dynamic IP address is the WAN IP address of the router, which is assigned to you by your ISP. Here users can register different WAN interfaces with different DNS Providers. If you do not have a DDNS account, please choose a DDNS Service Provider from the list then go to their website to create an account first. Dynamic DNS: Select this check box to activate Dynamic DNS. Service Provider: Select from drop-down menu for the appropriate service provider, for example:

www.dyndns.org. My Host Name: Type the domain name assigned to your BEC 4700A/AZ by your Dynamic DNS provider. Username / Password: Enter the username and password of the account you created with this service provider. Wildcard support: Select this check box to enable DYNDNS Wildcard. Period: Set the time period on how often the BEC 4700A/AZ will update the DDNS server with your current external IP address. Click Save to apply settings. BEC 4700A / 4700AZ User Manual Device Configuration Access Management DDNS (Example) 182 Example: How to register a DDNS account If you do not have an account with Dynamic DNS, please go to www.dyndns.org to register an account first. User test1 register a Dynamic Domain Names in DDNS provider http://www.dyndns.org/ . DDNS: www.hometest.com using username/password test/test BEC 4700A / 4700AZ User Manual Device Configuration Access Management Access Control 183 Access Control Access Control Listing allows you to determine which services/protocols can access your BEC 4700A/AZ interface from which computers. It is a management tool aimed to allow IPs (set in secure IP address) to access specified embedded applications (Web, etc., user can set) through some specified interface (LAN, WAN or both). User can have an elaborate understanding in the examples below. The maximum number of entries is 16. Access Control: Click Activate to enable the Access Control function. Rule Index: The numeric rule indicator. Active: Yes to activate the rule. Secure IP Address: The default 0.0.0.0 allows any client to use this service to manage the 4700A/AZ. Type an IP address range to restrict access to the client(s) without a matching IP address. Application: Choose a service that you want to all access to all the secure IP clients. The drop-down menu lists all the commonly used applications or manually create an application. Interface: Select the access interface. Choices are LAN, WAN, GRE and ALL. Click Save to apply settings. User Defined Application BEC 4700A / 4700AZ User Manual Device Configuration Access Management Access Control 184 Rule Index: The numeric rule indicator. User Application Active: Yes to add a new rule. User Application Name: A self-define name to identify the application. User Application Protocol: Enter a protocol, TCP, UDP, UDP/TCP, to use for this application. User Application Port: Enter the port number which defines the application. Click Save to save the rule. By default, the Access Control has two default rules. Default Rule 1: (Index 1), a rule to allow only clients from LAN to have access to all embedded applications (Web, FTP, etc.). Under this situation, clients from WAN cannot access the router even from Ping. Default Rule 2: (Index 2), an ACL rule to open Ping to WAN side. BEC 4700A / 4700AZ User Manual Device Configuration Access Management Access Control 185 BEC 4700A / 4700AZ User Manual Device Configuration Access Management Packet Filter (IP & MAC Filter) 186 Packet Filter You can filter the packages by MAC address, IP address, Protocol, Port number and Application or URL. Packet Filter - IP & MAC Filter IP & MAC Filter Editing Rule Index: The indication of the rule number. Individual Active: Yes to enable the rule. Action: This is how to deal with the packets matching the rule. Allow please select White List or Black selecting Blacklist. Interface: Select to determine which interface the rule will be applied to. Direction: Select to determine whether the rule applies to outgoing packets, incoming packets or packets of both directions. Type: Choose type of field you want to specify to monitor. Select IPv4 for IPv4 address, port number and protocol. Select IPv6 for IPv6 address, port number and protocol. Select MAC to enter a source MAC address. BEC 4700A / 4700AZ User Manual Device Configuration Access Management Packet Filter (IP & MAC Filter) 187 IPv4 Source IP Address: The source IP address of packets to be monitored. 0.0.0.0 means Dont care. Source Subnet Mask: Enter the subnet mask of the source network. Source Port Number: The source port number of packets to be monitored. 0 means Dont care. Destination IP Address: The destination IP address of packets to be monitored. 0.0.0.0 means Dont care. Destination Subnet Mask: Enter the subnet mask of the destination network. Destination Port Number: This is the Port that defines the application. (E.g. HTTP is port 80.) DSCP: Differentiated Services Code Point, it is recommended that this option be configured by an advanced user or keep 0. (0 means Dont care.) Protocol: Specify the packet type (TCP, UDP, ICMP, and ICMPv6) that the rule applies to. IPv6 Source IP (IPv6) Address/ Prefix: The source IP address or range of packets to be monitored. Source Port Number: The source port number of packets to be monitored. Destination IP (IPv6) Address/ Prefix: The destination subnet IP address. Destination Port Number: This is the Port or Port Ranges that defines the application. Protocol: It is the packet protocol type used by the application. Select either TCP or UDP or ICMP or ICMPv6 . DSCP: show the set DSCP. BEC 4700A / 4700AZ User Manual Device Configuration Access Management Packet Filter (IP & MAC Filter) 188 MAC Click Save to apply settings. Source MAC Address: show the MAC address of the rule applied. Time Schedule: Select a TimeSlot to activate the rule. Go to Time Schedule to configure a time control first. BEC 4700A / 4700AZ User Manual Device Configuration Access Management Packet Filter (URL Filter) 189 Filter Type - URL Filter URL Filter Rule Index: The indication of the rule number. Individual Active: Click Yes to enable this rule/policy. Domain: Enter the domain name in the blank field to be allowed or prohibited. URL (Host): Enter the specific URL in the blank field to be blocked. Time Schedule: Select a TimeSlot to activate the rule. Go to Time Schedule to configure a time control first. Click Save to apply settings. BEC 4700A / 4700AZ User Manual Device Configuration Access Management Packet Filter (Domain Filter) 190 Filter Type - Domain Filter Action: This is how to deal with the packets matching the rule. Allow please select White List or Black selecting Blacklist. Domain Filter Rule Index: The indication of the rule number. Individual Active: Click Yes to enable this rule/policy. Domain: Enter the domain name in the blank field to be allowed or prohibited. Click Save to apply settings. BEC 4700A / 4700AZ User Manual Device Configuration Access Management CWMP (TR-069) 191 CWMP (TR-069) CWMP, short for CPE WAN Management Protocol, also called TR069 is a Broadband Forum technical specification entitled CPE WAN Management Protocol (CWMP). It defines an application layer protocol for remote management of end-user devices. It defines an application layer protocol for remote management of end-user devices. As a bidirectional SOAP/HTTP based protocol it can provides the communication between customer premises equipment (CPE) and Auto Configuration Server (ACS). It includes both a safe configuration and the control of other CPE management functions within an integrated framework. In the course of the booming broadband market, the number of different internet access possibilities grew as well (e.g. modems, routers, gateways, set-top box, VoIP-phones).At the same time the configuration of this equipment became more complicated too complicated for end-users. For this reason, TR-069 was developed. It provides the possibility of auto configuration of the access types. Using TR-069 the terminals can get in contact with the Auto Configuration Servers (ACS) and establish the configuration automatically and let ACS configure CPE automatically. Username: Specify the ACS Username for ACS authentication to the connection from CPE. Password: Enter the ACS server login password. CWMP: Select activated to enable CWMP. ACS Login Information URL: Enter the ACS server login URL. Connection Request Information BEC 4700A / 4700AZ User Manual Device Configuration Access Management CWMP (TR-069) 192 Path: Local path in HTTP URL for an ACS to make a Connection Request notification to the CPE. Username: Username used to authenticate an ACS making a Connection Request to the CPE. Password: Password used to authenticate an ACS making a Connection Request to the CPE. Periodic Inform Config Periodic Inform: Select Activated to authorize the router to send an Inform message to the ACS automatically. Interval(s): Specify the inform interval time (sec) which CPE used to periodically send inform message to automatically connect to ACS. When the inform interval time arrives, the CPE will send inform message to automatically connect to ACS. Bind WAN Interface Interface: Specify any available or a single WAN interface to handle TR-069 requests. NATT Config - This is a proprietary feature provided by BEC. May leave them in blank, no configuration is required. NATT Server: By BEC administrator only. NATT Period: By BEC administrator only. Click Save to apply settings BEC 4700A / 4700AZ User Manual Device Configuration Access Management Parental Control 193 Parental Control This feature provides Web content filtering offering safer and more reliable web surfing for users especially for parents to protect network security and control the contents for children at home. To activate this feature, please log on to www.opendns.com to get an OpenDNS account first. Parent Control Provider: Hosted by www.opendns.com Parent Control: Enable the feature by clicking the Activated Host Name: It is the domain name of your OpenDNS. If you dont have one, please leave it blink. Username / Password: Put down your OpenDNS account username and password Click Save to apply settings. BEC 4700A / 4700AZ User Manual Device Configuration Access Management BECentral Management 194 BECentral Management BECentral is a cloud-based device management platform that provides operators with a comprehensive suite of services to manage devices in real-time. BECentral Management: Activate to enable the feature. BECentral Management URL: Access path to the BECentral. BECentral Management Port: Port listened by the BECentral. Organization ID: Customer ID (By BE C administrator only) Tag ID: By BEC administrator only. Device Report Interval: Enter the interval time in seconds to send inform message periodically to the BECentral. Interface: Specify any available or a single WAN interface to handle BECentral requests. Click Save to apply settings. BEC 4700A / 4700AZ User Manual Maintenance User Management Device Configuration Maintenance User Management (Administrator Account) 195 Maintenance equipment the users with the ability of maintaining the device as well as examining the connectivity of the WAN connections, including User Management, Certificate Management, Time Zone, License, Firmware & Configuration, System Restart, Auto Reboot and Diagnostic Tool. User Management provides the Administrator with the ability to grant access control and manage GUI login credentials for each user. There are two access management levels, Administrator and User. The default root account, Administrator (admin), has full access to all the features listed and ability to create other accounts with features to allow other users to access to. The User account is with limited access (specified by advanced users with admin account) to the GUI. Total of 8 accounts can be created to grant access to manage the BEC 4700A/AZ via the web page. Administrator Account admin/admin is the root/default account username and password. NOTE: This username / password may vary by different Internet Service Providers. Login using the Administrator account, you will have the full accessibility to manage & control your gateway device and can also create user accounts for others to control some of the open configuration settings. The Administrator account cannot be deleted or removed. User Account Index: The indication of the rule number. The maximum entry is up to 8 accounts. Username: Create account(s) username for GUI management. New Password: Enter a new password for this user account. Confirmed Password: Re-enter the new password again; you must enter the password exactly the same as in the previous field. Click Save to apply settings. BEC 4700A / 4700AZ User Manual Device Configuration Maintenance User Management (Creating Other User Accounts) 196 Creating Other User Accounts User Account Setup Index #: The indication of the rule number. The maximum entry is up to 8. Username: Create account(s) username for GUI management. New Password: Password for the user account. Confirm Password: Re-enter the password. Web GUI Permission Guest Account: Enable to create this new guest account and select features to allow user account to access to. When someone accesses to your BEC 4700A/AZ using this user account, he/she can only manage and configure the features that is pre-selected in Web GUI Permission for this account. Click Save to apply settings. BEC 4700A / 4700AZ User Manual Device Configuration Maintenance Certificate Management 197 Certificate Management This feature is used for OpenVPN and HTTPS Server authentication of the device using certificate. If the imported certificate doesn't match the authorized certificate with the Server, then no access is allowed. Edit: Click

(Edit) to import a certificate. Delete: Click

(Delete) to remove the certificate from the list. Local Certificate Listing Index #: The indication of the rule number. The maximum entry is up to 2. Certificate Name: Description of the certificate. Archive File Format (PKCS12): Every certificate is accompanied by a private key. Upload both files if PKCS is disabled. Enable PKCS12 to put Certificate & Private Key in the same file, like *.p12, *.pfx. Certificate File: Browse to locate the target certificate file on PC before uploading it. BEC 4700A / 4700AZ User Manual Device Configuration Maintenance Certificate Management 198 Private Key File: Browse to locate the target file on PC before uploading it. If PKCS enabled, please ignore this setting. Password: Enter the password if any, which is used to protect the private key. Otherwise, leave it empty. Click Apply to save settings. Trusted CA Listing Index #: The indication of the rule number. The maximum entry is up to 2. CA Name: Description of the CA. CA Certificate File: Browse to locate the target certificate file on PC before uploading it. Click Save to save settings. BEC 4700A / 4700AZ User Manual Device Configuration Maintenance Time Zone 199 Time Zone With default, BEC 4700A/AZ does not contain the correct local time and date. There are several options to setup, maintain, and configure current local time/date on the BEC 4700A/AZ. If you plan to use Time Schedule feature, it is extremely important you set up the Time Zone correctly. Synchronize time with: Select the methods to synchronize the time. NTP Server automatically: To synchronize time with the NTP servers to get the current time from an NTP server outside your network then choose your local time zone. After a successful connection to the Internet, BEC 4700A/AZ will retrieve the correct local time from the NTP server this is specified. PCs Clock: To synchronize time with the PCs clock. Manually: Select this to enter the SNMP server IP address manually. Date: Month / Date / Year. Month 1 ~ 12 (January ~ December). Time: Hour: Minute: Second Time Zone: Choose the time zone of your location. This will set the time difference between your time zone and Greenwich Mean Time (GMT). Daylight Saving: Select this option if you use daylight savings time. NTP Server Address: Enter the IP address of your time server. Check with your ISP/network administrator if you are unsure of this information. Click Save to apply settings BEC 4700A / 4700AZ User Manual Device Configuration Maintenance License 200 License Some of the advanced features are required for a license. For more information, please contact with Billion/BEC for more information. Input your license key here and click Upgrade to enable the features. NOTE: Device will reboot after the upgrade. BEC 4700A / 4700AZ User Manual Device Configuration Maintenance Firmware & Configuration 201 Firmware & Configuration Firmware is the software that controls the hardware and provides all functionalities which are available in the GUI. This software may be improved and/or modified; your BEC 4700A/AZ provides an easy way to update the code to take advantage of the changes. To upgrade the firmware of BEC 4700A/AZ, you should download or copy the firmware to your local environment first. Press the Browse button to specify the path of the firmware file. Then, click Upgrade to start upgrading. When the procedure is completed, BEC 4700A/AZ will reset automatically to make the new firmware work. Upgrade: Choose Firmware or Configuration you want to update. System Restart with:

upgrading. finishing upgrading. Current Settings: Restart the device with the current settings automatically when finishing Factory Default Settings: Restart the device with factory default settings automatically when File: Type in the location of the file you want to upload in this field or click Browse to find it. Choose File: Click Choose File to find the configuration file or firmware file you want to upload. Remember that you must extract / decompress / unzip the .zip files before you can upload them. Backup Configuration: Click Backup button to back up the current running configuration file and save it to your computer in the event that you need this configuration file to be restored back to your BEC 4700A/AZ device when making false configurations and want to restore to the original settings. Upgrade: Click Upgrade to begin the upload process. This process may take up to two minutes. DO NOT turn off or power cycle the device while firmware upgrading is still in process. Improper operation could damage your BEC 4700A/AZ. BEC 4700A / 4700AZ User Manual Device Configuration Maintenance System Restart 202 System Restart Click System Restart with option Current Settings to reboot your router. If you wish to restart the router using the factory default settings (for example, after a firmware upgrade or if you have saved an incorrect configuration), select Factory Default Settings to restore to factory default settings. You may also restore your router to factory settings by holding the small Reset pinhole button on the back of your router in about more than 6s seconds whilst the router is turned on. BEC 4700A / 4700AZ User Manual Device Configuration Maintenance Auto Reboot 203 Auto Reboot Schedule an automatic reboot for your 4700A/AZ to ensure proper operation and best performance. This reboot will only reboot with current configuration settings and not overwrite any existing settings. Click Save to apply settings Example: Schedule your 4700A/AZ to reboot at 10:00pm (22:00) every weekday (Monday thru Friday) and reboot at 9:00am on Saturday and Sunday. BEC 4700A / 4700AZ User Manual Device Configuration Maintenance 204 Diagnostics Tool 4G/LTE or EWAN The Diagnostic Test page shows the test results for the connectivity of the physical layer and protocol layer for both LAN and WAN sides. Ping other IP Address: Click Yes if you wish to ping other IP address rather than google.com Click START to begin to diagnose the connection. Speed Time: Measure the current uplink and downlink speed rate. Take less than a minute to run the test. Result in Uplink / Downlink Click Back to go back to the Diagnostic Tool BEC 4700A / 4700AZ User Manual Device Configuration Maintenance 205 Trace Route is to display how many hops (also view the exact hops) required to get to the destination. Click Yes, enter the IP address or domain then Start Trace Route. IP Address or Domain: Set the destination host (IP, domain name) to be traced. Max TTL value: Set the max Time to live (TTL) value. Shown as we trace www.billion.com below. LAN Ping other IP Address: Click Yes to ping any desired IP address or a domain. Click START to begin to diagnose the connection. Speed Time: Measure the current uplink and downlink speed rate. Take less than a minute to run the test. Result in Uplink / Downlink Click Back to go back to the Diagnostic Tool. BEC 4700A / 4700AZ User Manual Troubleshooting 206 Chapter 5: Troubleshooting If your BEC 4700A/AZ is not functioning properly, you can refer to this chapter for simple troubleshooting before contacting your service provider support. This can save you time and effort but if symptoms persist, consult your service provider. Problems with the Router Problem Suggested Action None of the LEDs is on when you turn on the router You have forgotten your login username or password Check the connection between the router and the adapter. If the problem persists, most likely it is due to the malfunction of your hardware. Please contact your service provider or BEC for technical support. Try the default username "admin" and password

"admin". If this fails, you can restore your router to its factory settings by pressing the reset button on the device rear side. Problem with LAN Interface Problem Suggested Action Cannot PING any PC on LAN Check the Ethernet LEDs on the front panel. The LED should be on for the port that has a PC connected. If it does not light, check to see if the cable between your router and the PC is properly connected. Make sure you have first uninstalled your firewall program before troubleshooting. Verify that the IP address and the subnet mask are consistent for both the router and the workstations. BEC 4700A / 4700AZ User Manual Recovery Procedures Problem Suggested Action

- The front LEDs display incorrectly

- Still cannot access to the router management interface after pressing the RESET button.

- Software / Firmware upgrade failure Troubleshooting 207 Before starting recovery process, please configure the IP address of the PC as 192.168.1.100 and proceed with the following step-by-step guide. 1. Power the router off. 2. Press reset button and power on the router, once the Power lights Red, keeping press reset button over 6 seconds. 3. Internet LED flashes Green, router entering recovery procedure and router's IP will reset to Emergency IP address (Say 192.168.1.1). 4. Open browser and access http://192.168.1.1 to upload the firmware. 5. Internet LED lit Red, and router starts to write firmware into flash. Please DO NOT power off the router at this step. 6. Internet LED lit Green when successfully upgrade firmware. 7. Power cycle off/on the BEC 4700A/AZ BEC 4700A / 4700AZ User Manual APPENDIX: PRODUCT SUPPORT & CONTACT Appendix 208 If you come across any problems, please contact the dealer from where you have purchased the product. Contact BEC @ http://www.bectechnologies.net MAC OS is a registered Trademark of Apple Computer, Inc. Windows 10/8/7 and Windows Vista are registered Trademarks of Microsoft Corporation. BEC 4700A / 4700AZ User Manual Appendix 209 FCC Statement This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:

Connect the equipment into an outlet on a circuit different from that to which the receiver is Reorient or relocate the receiving antenna. Increase the separation between the equipment and receiver. connected. Consult the dealer or an experienced radio/TV technician for help. FCC Caution:

This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions:

(1) This device may not cause harmful interference

(2) This device must accept any interference received, including interference that may cause undesired operation. Any changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate this equipment. This device and its antenna(s) must not be co-

located or operating in conjunction with any other antenna or transmitter. Co-location statement This device and its antenna(s) must not be co-located or operating in conjunction with any other antenna or transmitter. FCC Radiation Exposure Statement This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment. This equipment should be installed and operated with minimum distance 20cm between the radiator

& your body. BEC 4700A / 4700AZ User Manual Appendix 210 Professional Installation Instruction 1.Installation personnel This product is designed for specific application and needs to be installed by qualified personnel who has RF and related rule knowledge. The general user shall not attempt to install or change the settings. 2.Installation location The product shall be installed at a location where the radiating antenna can be kept 20 cm from nearby person in normal operation condition to meet Regulatory RF exposure requirement. The installation applies to both indoor and outdoor location. 3.External antenna(s) Use only the antenna(s) that have been approved by the manufacturer. The non-approved antenna(s) may produce unwanted spurious or excessive RF transmitting power that may lead to the violation of FCC/ISED limit and is prohibited. 4.Warning Please carefully select the installation position and ensure that the final output power does not exceed the limit set forth in relevant rules. The violation of the rule could lead to serious federal penalty. BEC 4700A / 4700AZ User Manual V1 04 1 434

exhibit
download
text

1 2

4700A- Inpho

Internal Photos

pdf

1.70 MiB

November 19 2020 / November 20 2020

exhibit
download
text

1 2

4700A- Expho

External Photos

pdf

408.94 KiB

November 19 2020 / November 20 2020

exhibit
download
text

1 2

4700A- FCC- LabelLoc

ID Label/Location Info

pdf

140.46 KiB

November 19 2020 / November 20 2020

exhibit
download
text

1 2

4700A- FCC- Labelsmpl

ID Label/Location Info

pdf

110.01 KiB

November 19 2020 / November 20 2020

exhibit
download
text

1 2

4700A- ATTESTATION

Cover Letter(s)

pdf

108.00 KiB

November 19 2020 / November 20 2020

exhibit
download
text

1 2

4700A- Confidentiality Request

Cover Letter(s)

pdf

127.17 KiB

November 19 2020 / November 20 2020

exhibit
download
text

1 2

4700A- DTS-UNII Declaration letter

Cover Letter(s)

pdf

139.04 KiB

November 19 2020 / November 20 2020

exhibit
download
text

1 2

4700A- Declaration of authorization

Cover Letter(s)

pdf

291.16 KiB

November 19 2020 / November 20 2020

exhibit
download
text

1 2

4700A- Professional Installation Attestation-20201119

Cover Letter(s)

pdf

187.03 KiB

November 19 2020 / November 20 2020

PROFESSIONAL INSTALLATION ATTESTATION Date: 2020-11-18 FCC ID: QI3BEC-4700A Product: Wireless Outdoor Router Model: BEC 4700A, BiPAC 4700A We, hereby declare that requirements of KDB 353028 D01 Antennas Part 15 Transmitters v01 have been met and shown on the following questions. Further we declare that the info listed below are correct and represent the product in consideration under this filing. 1. Professional installation must be justified. Description: Device is Wireless Outdoor Router and must need special trained professional in configuring and installing the product, more details please refer to user manual exhibit. 2. Professional installation does not permit use of any antenna with the transmitter; the permitted types of antenna specified as below. Description: Below listed of Antennas has been compliance FCC Rule Part 15 requirement, more details please refer to test reports. No. Antenna Type Antenna Connector Peak Gain 1 2 Omni Antenna Omni Antenna N-Type N-Type 4.0dBi for 2.4 GHz 6.0dBi for 5.150-5.250 GHz 6.0dBi for 5.725-5.850 GHz 3. The applicant should address the following items when justifying professional installation.

(1) To qualify for professional installation, please explain why the hardware is not readily available to average consumer. Description: Due to this product and will not be sold directly to the general public through retail store, therefore the hardware is not readily available to average consumer.

(2) Marketing Applicant must ensure device cannot be sold via retail to the general public or by mail order. Description: This product and will not be sold directly to the general public through retail store. It will be sold to authorized dealers or installers only.

(3) Applicant must show that device intended use is not for consumers and general public. Description: Device is for industrial/commercial use.

(4) Explain what is unique, sophisticated, complex, or specialized about the equipment that REQUIRES it to be Description: The device supports wall mounting which requires to be installed by professional installer. installed by a professional installer?

4. Other professional installation requirements

(1) Installation must be controlled. Description: The product will be distributed through controlled distribution channel which has special trained professional to install this product.

(2) Installed by licensed professionals. Description: Device sold to dealer who hires installers and need special trained professional in configuring and installing the product.

(3) Installation requires special training. Description: The product need special programming, access to keypad, field strength measurements made, so must need special trained professional in configuring and installing the product. If you should have any question(s) regarding this declaration, please dont hesitate to contact us. Thank you!

__________________________ Vincent Lin /Director DEKRA Testing and Certification Co., Ltd. On behalf of Billion Electric Co., Ltd.

exhibit
download
text

1 2

4700A- RFExp

RF Exposure Info

pdf

197.00 KiB

November 19 2020 / November 20 2020

exhibit
download
text

1 2

4700A- TestRpt-15.247

Test Report

pdf

4.17 MiB

November 19 2020 / November 20 2020

exhibit
download
text

1 2

4700A- Tsup

Test Setup Photos

pdf

466.44 KiB

November 19 2020 / November 20 2020

exhibit
download
text

1 2

4700A- TestRpt-15.407-Part 1-20201118

Test Report

pdf

5.52 MiB

November 19 2020 / November 20 2020

exhibit
download
text

1 2

4700A- TestRpt-15.407-Part 2-20201118

Test Report

pdf

1.02 MiB

November 19 2020 / November 20 2020

		frequency	equipment class	purpose
1	2020-11-20	2422 ~ 2452	DTS - Digital Transmission System	Original Equipment
2		5755 ~ 5795	NII - Unlicensed National Information Infrastructure TX

Application Forms

app s	Applicant Information
1 2	Effective	2020-11-20
1 2	Applicant's complete, legal business name	Billion Electric Co., Ltd.
1 2	FCC Registration Number (FRN)	0007429582
1 2	Physical Address	8F, No. 192, Sec. 2, Zhongxing Road, Xindian Dist.
1 2		New Taipei City, N/A
1 2		Taiwan

app s	TCB Information
1 2	TCB Application Email Address	h******@acbcert.com
1 2	TCB Scope	A4: UNII devices & low power transmitters using spread spectrum techniques

app s	FCC ID
1 2	Grantee Code	QI3
1 2	Equipment Product Code	BEC-4700A

app s	Person at the applicant's address to receive grant or for contact
1 2	Name	T**** H**
1 2	Title	CTO
1 2	Telephone Number	886-2********
1 2	Fax Number	886-2********
1 2	E-mail	t******@billion.com.tw

app s	Technical Contact
1 2	Firm Name	DEKRA Testing and Certification Co., Ltd
1 2	Name	F**** Y**
1 2	Physical Address	No.5-22, Ruishukeng, Linkou Dist.
1 2		New Taipei City
1 2		Taiwan
1 2	Telephone Number	886-2********
1 2	Fax Number	886-2********
1 2	E-mail	f******@dekra.com

app s	Non Technical Contact
		n/a

app s	Confidentiality (long or short term)
1 2	Does this application include a request for confidentiality for any portion(s) of the data contained in this application pursuant to 47 CFR § 0.459 of the Commission Rules?:	Yes
1 2	Long-Term Confidentiality Does this application include a request for confidentiality for any portion(s) of the data contained in this application pursuant to 47 CFR § 0.459 of the Commission Rules?:	No
	if no date is supplied, the release date will be set to 45 calendar days past the date of grant.

app s	Cognitive Radio & Software Defined Radio, Class, etc
1 2	Is this application for software defined/cognitive radio authorization?	No
1 2	Equipment Class	DTS - Digital Transmission System
1 2	Equipment Class	NII - Unlicensed National Information Infrastructure TX
1 2	Description of product as it is marketed: (NOTE: This text will appear below the equipment class on the grant)	Wireless Outdoor Router
1 2	Related OET KnowledgeDataBase Inquiry: Is there a KDB inquiry associated with this application?	No
1 2	Modular Equipment Type	Does not apply
1 2	Purpose / Application is for	Original Equipment
1 2	Composite Equipment: Is the equipment in this application a composite device subject to an additional equipment authorization?	Yes
1 2	Related Equipment: Is the equipment in this application part of a system that operates with, or is marketed with, another device that requires an equipment authorization?	No
1 2	Grant Comments	Power output is conducted. The device is an 802.11b/g/n device in a 2x2 Spatial Multiplexing MIMO configuration as described in this filing. The device has been certified for mobile use and any co-location must be done through the use of FCC multi-transmitter product procedures. End-users and installers must be provided with antenna installation instructions and transmitter operating conditions for satisfying RF exposure compliance. This device has a 20 MHz and 40 MHz Bandwidth for WLAN function and it contains 5GHz WLAN transmitter. According to the requirement of KDB 353028 D01, the device is a professional installation and the detail information please refer to the filing.
1 2	Grant Comments	Power output is conducted. The device is an 802.11a/n/ac device in a 4x4 Spatial Multiplexing MIMO configuration as described in this filing. The device has been certified for mobile use and any co-location must be done through the use of FCC multi-transmitter product procedures. End-users and installers must be provided with antenna installation instructions and transmitter operating conditions for satisfying RF exposure compliance. This device has a 20 MHz, 40MHz and 80 MHz Bandwidth for WLAN function and it contains 2.4GHz WLAN transmitter. According to the requirement of KDB 353028 D01, the device is a professional installation and the detail information please refer to the filing.
1 2	Is there an equipment authorization waiver associated with this application?	No
1 2	If there is an equipment authorization waiver associated with this application, has the associated waiver been approved and all information uploaded?	No

app s	Test Firm Name and Contact Information
1 2	Firm Name	DEKRA TESTING AND CERTIFICATION Lin Kou Lab.
1 2	Name	V****** L****
1 2	Telephone Number	88628******** Extension:
1 2	Fax Number	88628********
1 2	E-mail	v******@dekra.com

Equipment Specifications
	Line	Rule Parts	Grant Notes	Lower Frequency	Upper Frequency	Power Output	Tolerance	Emission Designator	Microprocessor Number
1	1	15C	CC MO	2412	2462	0.968
1	2	15C	CC MO	2422	2452	0.347
	Line	Rule Parts	Grant Notes	Lower Frequency	Upper Frequency	Power Output	Tolerance	Emission Designator	Microprocessor Number
2	1	15E	CC MO	5180	5240	0.031
2	2	15E	CC MO	5190	5230	0.029
2	3	15E	CC MO	5210	5210	0.027
2	4	15E	CC MO	5745	5825	0.032
2	5	15E	CC MO	5755	5795	0.03

some individual PII (Personally Identifiable Information) available on the public forms may be redacted, original source may include additional details

recent releases: IHDT56AP9 Motorola Mobility LLC WOX-SM-M2AG Shenzhen SQT Electronics Co., Ltd. LDKESPRD2922 Cisco Systems Inc 2AK8Q-TKMS017 Shenzhen Unichain Technology Co., Ltd 2AUHG-FAN-ELR ARTIKA FOR LIVING INC