BiPAC 7402GL R4 Wireless ADSL Firewall Router User Manual Version release 5.53.s5.
Table of Contents Chapter 1: Introduction ..................................................................... 6 Introduction to your Router .................................................................. 6 Features ............................................................................................ 6 Chapter 2: Installing the Router ..................................................... 10 Important note for using this router ..................................................
IP Alias ........................................................................................... 39 Ethernet Client Filter .......................................................................... 40 Wireless .......................................................................................... 41 Wireless Security .............................................................................. 43 Wireless Client / MAC Address Filter .................................................... 45 WPS .......
Edit One-to-One NAT (Network Address Translation) ............................... 96 Wake on LAN .................................................................................... 99 Time Schedule ................................................................................ 100 Advanced ........................................................................................ 103 Static Route .................................................................................. 103 Static ARP ..............
Chapter 1: Introduction Introduction to your Router Welcome to the wireless ADSL Firewall Router. The router is an “all-in-one” ADSL router, combining an ADSL modem, ADSL router and Ethernet network switch functionalities, providing everything you need to get the machines on your network connected to the Internet over your ADSL broadband connection.
Quick Installation Wizard It supports a WEB GUI page to install this device quickly. With this wizard, end users can enter the information easily which they get from their ISP, then surf the Internet immediately. Universal Plug and Play (UPnP) and UPnP NAT Traversal This protocol is used to enable simple and robust connectivity among stand-alone devices and PCs from many different vendors. It makes network simple and affordable for users.
the speed at which different types of outgoing data pass through the router, to ensure P2P users don’t saturate upload bandwidth, or office browsing doesn’t bring client web serving to a halt. In addition, or alternatively, you can simply change the priority of different types of upload data and let the router sort out the actual speeds. Virtual Server (“port forwarding”) Users can specify some services to be visible from outside users.
Rich Management Interfaces It supports flexible management interfaces with LAN port, and WAN port. Users can use terminal applications through Telnet, WEB GUI, and SNMP through LAN or WAN ports to configure and manage the device.
Chapter 2: Installing the Router Important note for using this router Package Contents BiPAC 7402GL R4 Wireless ADSL Firewall Router CD-ROM containing the online manual RJ-11 ADSL/telephone Cable Ethernet (CAT-5) Cable Power adapter A detachable antenna Quick Start Guide 9
Device Description The Front LEDs. LED Meaning 1 Power Both red and green LEDs lit together when power is ON. Lit green when the device is ready. Lit red means system failure. Restart the device or contact Billion for support. 2 Ethernet Port Lit green when Ethernet connection established Blink when data is being Transmitted / Received. 3 Wireless Lit green when the wireless connection is established. Flashes when sending/receiving data.
The Rear Ports Port Meaning 1 Antenna Connect the detachable antenna to this port. 2 Power Connect it with the supplied power adapter. 3 Power Switch Power ON/OFF switch. Ethernet Connect a UTP Ethernet cable (Cat-5 or Cat-5e) to one of the LAN ports when connecting to a PC or an office/home network of 10Mbps or 100Mbps. 5 RESET To be sure the device is being turned on press RESET button for: 1-3 seconds: quick reset the device.
Cabling One of the most common causes of problems is the bad cabling or ADSL line(s). Make sure that all connected devices are turned on. On the front of the product is a bank of LEDs. Verify that the LAN Link and ADSL line LEDs are lit. If they are not, verify that you are using the proper cables. Ensure that all other devices connected to the same telephone line as your router (e.g.
Chapter 3: Basic Installation The router can be configured through your web browser. A web browser is included as a standard application in the following operating systems: Linux, Mac OS, Windows 98/NT/2000/XP/Me/Vista, etc. The product provides an easy and user-friendly interface for configuration. Please check your PC network components. The TCP/IP protocol stack and Ethernet network adapter must be installed. If not, please refer to your Windows-related or other operating system manuals.
Connecting Your Router 1. Connect this router to a LAN (Local Area Network) and the ADSL/telephone (ADSL) network. 2. Power on the device. 3. Make sure the Power LED lit steadily and that the LAN LED is lit. 4. Connect your router to the telephone jack on the wall with RJ-11 cable.
Network Configuration Configuring PC in Windows Vista 1. Go to Start. Click on Network. 2. Then click on Network and Sharing Center at the top bar. 3. When the Network and Sharing Center window pops up, select and click on Manage network connections on the left window column. 4. Select the Local Area Connection, and right click the icon to select Properties.
5. Select Internet Protocol Version 4 (TCP/IPv4) then click Properties. 6. In the TCP/IPv4 properties window, select the Obtain an IP address automatically and Obtain DNS Server address automatically radio buttons. Then click OK to exit the setting. 7. Click OK again in the Local Area Connection Properties window to apply the new configuration.
Configuring PC in Windows XP 1. Go to Start > Control Panel (in Classic View). In the Control Panel, double-click on Network Connections 2. Double-click Local Area Connection. 3. In the Local Area Connection Status window, click Properties. 4. Select Internet Protocol (TCP/IP) and click Properties. 5. Select the Obtain an IP address automatically and the Obtain DNS server address automatically radio buttons. 6. Click OK to finish the configuration.
Configuring PC in Windows 2000 1. Go to Start > Settings > Control Panel. In the Control Panel, double-click on Network and Dial-up Connections. 2. Double-click Local Area Connection. 3. In the Local Area Connection Status window click Properties. 4. Select Internet Protocol (TCP/IP) and click Properties. 5. Select the Obtain an IP address automatically and the Obtain DNS server address automatically radio buttons. 6. Click OK to finish the configuration.
Configuring PC in Windows 95/98/Me 1. Go to Start > Settings > Control Panel. In the Control Panel, double-click on Network and choose the Configuration tab. 2. Select TCP/IP > NE2000 Compatible, or the name of your Network Interface Card (NIC) in your PC. 3. Select the Obtain an IP address automatically radio button. 4. Then select the DNS Configurationtab. 5. Select the Disable DNS radio button and click OK to finish the configuration.
Configuring PC in Windows NT4.0 1. Go to Start > Settings > Control Panel. In the Control Panel, double-click on Network and choose the Protocols tab. 2. Select TCP/IP Protocol and click Properties. 3. Select the Obtain an IP address from a DHCP server radio button and click OK.
Factory Default Settings Before configuring your router, you need to know the following default settings. Web Interface (Username and Password) Username: admin Password: admin The default username and password are “admin” and “admin” respectively. Device LAN IP settings IP Address: 192.168.1.254 Subnet Mask: 255.255.255.0 ISP setting in WAN site PPPoE DHCP server DHCP server is enabled. Start IP Address: 192.168.1.
Information from your ISP Before configuring this device, you have to check with your ISP (Internet Service Provider) to find out what kind of service is provided such as DHCP (Obtain an IP Address Automatically, Static IP (Fixed IP Address) or PPPoE. Gather the information as illustrated in the following table and keep it for reference.
Configuring with your Web Browser Open your web browser, enter the IP address of your router, which by default is 192.168.1.254, and click “Go”, a user name and password window prompt will appear. The default username and password are “admin” and “admin” respectively. (See Figure 3.14) Figure 3.
Chapter 4: Configuration At the configuration homepage, the left navigation column provides you the link to each configuration page. The category of each configuration page is listed as below.
Status ADSL Status This section displays the overall status of ADSL, such as DSP firmware version, Operational mode, Upstream/downstream rate, SNR margin, Line Attenuation, CRC Errors and Latency rate.
ARP Table This section displays the router ARP (Address Resolution Protocol) Table which shows the mapping of Internet (IP) addresses to Ethernet (MAC) addresses. This is a quick way of determining the MAC address of the network interface of your PCs that use the Firewall – MAC Address Filter function. See the Firewall section of this manual for more information on this feature. IP Address: Shows a list of IP addresses of devices on your LAN (Local Area Network).
DHCP Table Leased: Shows the information of the DHCP assigned IP addresses. Expired: Shows the information of all expired IP addresses. Permanent: Shows the fixed host mapping information. Leased Table IP Address: Shows the IP address that is assigned to each client. MAC Address: Shows the MAC address of each client. Client Host Name: Shows the Host Name (Computer Name) of the client. Expiry: Shows the current lease time of each client.
Routing Table Routing Table Valid: A check mark indicates a successful routing status. Destination: Shows the IP address of the destination network. Netmask: Shows the destination Netmask address. Gateway/Interface: Shows the IP address of the gateway or the existing interface that this route will use. Cost: The number of hops counted as the cost of the route. RIP Routing Table Destination: Shows the IP address of the destination network. Netmask: Shows the destination Netmask address.
NAT Sessions This section lists all the current NAT sessions between external (WAN) and internal (LAN) interface. UPnP Portmap This section lists all the established port-mapping using UPnP (Universal Plug and Play). See the Advanced section of this manual for more details on UPnP and the router UPnP configuration options.
Email Status Details and status for the Email Account you have configured the router to check. Please see the Advanced section of this manual for details on this function. Event Log This page displays all the event Log entries of the router such as when gets disconnected and during Firewall triggered events like Intrusion or Blocking Logging. Please see the Firewall section of this manual for more details on how to enable Firewall logging.
Error Log Any errors encountered by the router (e.g. invalid names given to entries) are logged to this window. Diagnostic It tests the connection to computer(s) which is connected to the LAN ports and also the WAN Internet connection. If PING www.google.com is shown FAIL and the rest is PASS, you ought to check your PC’s DNS setting is correct.
Quick Start 1. Click Quick Start. 2. If your ADSL line is not ready, you need to check your ADSL line has been set or not. 3. If your ADSL line is ready, the screen appears ADSL Line is Ready. Choose Auto radio button and click Apply. It will automatically scan the recommended mode for you. Manually mode makes you to set the ADSL line by manual. 4. Please enter “Username” and “Password” as supplied by your ISP(Internet Service Provider) and click Apply to continue.
Profile Port: Select the connection mode. There is ADSL. Protocol: Select the protocol;. The default is PPPoE. VPI/VCI: Enter the VPI and VCI information provided by your ISP. Username: Enter the username provided by your ISP. Password: Enter the password provided by your ISP. Service Name: This item is for identification purposes. If it is required, your ISP provides you the information. Auth Protocol: Default is Auto. Your ISP advises on using Chap or Pap. MTU: Maximum Transmission Unit.
5. Configure the Wireless LAN setting WLAN Service: Default setting is set to Enable. If you want to use wireless, both 802.11g and 802.11b device in your network, you can select Enable. ESSID: The ESSID is the unique name of a wireless access point (AP) to be distinguished from another. For security propose, change to a unique ID name to the AP which is already built-in to the router’s wireless interface. It is case sensitive and must not excess 32 characters.
6. Wait for the configuration. 7. When ADSL is synchronic, it will appear “check”.
Configuration When you click this item, the column will expand to display the sub-items that will allow you to further configure your router. LAN, WAN, System, Firewall, QoS, Virtual Server, Wake on LAN, Time Schedule and Advanced The function of each configuration sub-item is described in the following sections.
LAN - Local Area Network Here are the items within the LAN section: Ethernet, IP Alias, Ethernet Client Filter, Wireless, Wireless Security, Wireless Client Filter, WPS, Port Setting and DHCP Server. Bridge Interface You can setup member ports for each VLAN group under Bridge Interface section. From the example, two VLAN groups need to be created. Ethernet: P1 (Port 1) Ethernet1: P2, P3 and P4 (Port 2, 3, 4). Uncheck P2, P3, P4 from Ethernet VLAN port first.
Ethernet The router supports more than one Ethernet IP addresses in the LAN that supports multiple internet access at the same time. Users usually only have one subnet in their LAN. The default IP address for the router is 192.168.1.254. Primary IP Address IP Address: The default IP on this router. Subnet Mask: The default subnet mask on this router. RIP: RIP v1, RIP v2, and RIP v2 Multicast. Check to enable RIP function.
Ethernet Client Filter The Ethernet Client Filter can support up to 16 Ethernet network computers. It enables you to accept traffic from specific authorized computers or can restrict unwanted computer(s) to access your LAN. There are no pre-defined Ethernet MAC address filter rules, you can add the filter rules to meet your requirements. Ethernet Client Filter: Default setting is set Disable.
Wireless Parameters WLAN Service: Default setting is set to Enable. If you do not have any wireless, select Disable. Mode: The default setting is 802.11b+g (Mixed mode). If you do not know or do not have both 11g and 11b devices on your network, then keep the setting in mixed mode. From the drop-down menu, you can select 802.11g if you have only 11g card. If you have only 11b card, then select 802.11b. ESSID: The ESSID is a unique name of a wireless access point (AP) used to distinguish one from another.
Regulation Domain: There are seven Regulation Domains for you to choose from, including North America (N.America), Europe, France, etc. The Channel ID will be different based on this setting. Channel ID: Select the wireless connection ID channel that you would like to use. Note: Wireless performance may degrade if the selected ID channel is already being occupied by other AP(s). TX PowerLevel: It is a function that enhances the wireless transmission signal strength.
Wireless Security You can disable or enable the wireless security function using WPA or WEP for wireless network protection. The default mode of wireless security is set to disabled. WPA-PSK / WPA2-PSK Security Mode: You can disable or enable with WPA or WEP for protecting wireless network. The default mode of wireless security is Disable. WPA Shared Key: The key for network authentication. The input format is in character style and key size should be in the range between 8 and 63 characters.
WEP WEP Authentication: To prevent unauthorized wireless stations from accessing data transmitted over the network, the router offers secure data encryption, known as WEP. If you require high security for transmissions, there are two options to select from: Open System, Share key. WEP Encryption: To prevent unauthorized wireless stations from accessing data transmitted over the network, the router offers highly secure data encryption, known as WEP.
Wireless Client / MAC Address Filter The MAC Address supports up to 16 wireless network PCs and helps you manage your network control to accept traffic from specific authorized PCs or to restrict unwanted PC(s) to access your LAN. There are no pre-defined MAC Address filter rules; you can add the filter rules to meet your requirements. Filter Action: Default setting is set to Disable.
WPS WPS (WiFi Protected Setup) feature is a standard protocol created by Wi-Fi Alliance. This protocol is used to build a Wi-Fi networks within a home / small office environment in an easy and secured manner. This feature thus provides a much simplified method to configure WiFi Protected Access to those who know very little about wireless security.
Port Setting This section allows you to configure the settings for the router’s Ethernet ports to solve some of the compatibility problems that may be encountered while connecting to the Internet, as well allowing users to tweak the performance of their network. Port # Connection Type: There are Six options to choose from: Auto, disable, 10M half-duplex, 10M full-duplex, 100M half-duplex, 100M full-duplex and Disable.
DHCP Server You can disable or enable the DHCP (Dynamic Host Configuration Protocol) server or enable the router’s DHCP relay functions. The DHCP protocol allows your router to dynamically assign IP addresses to the PCs on your network if they are configured to obtain IP addresses automatically. To disable the router DHCP Server, check Disabled and click Next, then click Apply.
WAN - Wide Area Network WAN refers to your Wide Area Network connection, i.e. your router’s connection to your ISP and the Internet. Here is the item within the WAN section: WAN Profile. WAN Profile PPPoE Connection PPPoE (PPP over Ethernet) provides access control in a manner which is similar to dial-up services using PPP. Profile Port: Select the profile port as ADSL. Protocol: The ATM protocol will be used in the device. Description: A given name for the connection.
through a single IP account, sharing the single IP address. If users on your LAN have public IP addresses and can access the Internet directly, the NAT function can be disabled. IP (0.0.0.0:Auto): Your WAN IP address. Leave this at 0.0.0.0 to obtain automatically an IP address from your ISP. Auth. Protocol: Default is Auto. Your ISP should advise you on whether to use Chap or Pap.
PPPoA Connection Profile Port: Select the profile port as ADSL. Protocol: The ATM protocol will be used in the device.. Description: A given name for the connection. VPI/VCI: Enter the information provided by your ISP. ATM Class: The Quality of Service for ATM layer. Username: Enter the username provided by your ISP. You can input up to 128 alpha-numeric characters (case sensitive). This is the format of username “username@ispname” instead of “username”. Password: Enter the password provided by your ISP.
requesting access to the Internet (i.e. when a program on your computer attempts to access the Internet). Idle Timeout: Auto-disconnect the broadband firewall gateway when there is no activity on the line for a predetermined period of time. Detail: You can define the destination port and packet type (TCP/UDP) without checking by timer. It allows you to set which outgoing traffic will not trigger and reset the idle timer. MTU: Maximum Transmission Unit.
MPoA Connection PPPoE (PPP over Ethernet) provides access control in a manner similar to dial-up services using PPP. Profile Port: Select the profile port as ADSL. Protocol: The ATM protocol will be used in the device. Description: A given name for the connection. VPI/VCI: Enter the information provided by your ISP. ATM Class: The Quality of Service for ATM layer.
RIP: RIP v1, RIP v2, and RIP v2 Multicast. Check to enable RIP function. TCP MSS Clamp: This option helps to discover the optimal MTU size automatically. Default is enabled. MAC Spoofing: Some service providers require the configuring of this option. You must fill in the MAC address that specify by service provider when it is required. Default is disabled. Obtain DNS: A Domain Name System (DNS) contains a mapping table for domain name and IP addresses.
IPoA Routed Connection Profile Port: Select the profile port as ADSL. Protocol: The ATM protocol will be used in the device. Description: A given name for the connection. VPI/VCI: Enter the information provided by your ISP. ATM Class: The Quality of Service for ATM layer. NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single IP account, sharing a single IP address.
Obtain DNS: A Domain Name System (DNS) contains a mapping table for domain name and IP addresses. DNS helps to find the IP address of a specific domain name. Check the checkbox to obtain DNS automatically. Primary DNS: Enter the primary DNS.
Pure Bridge Profile Port: Select the profile port as ADSL. Protocol: The ATM protocol will be used in the device. Description: A given name for this connection. VPI/VCI: Enter the information provided by your ISP. ATM Class: The Quality of Service for ATM layer. Encap. method: Choose whether you want the packets in WAN interface as bridged packet or routed packet. Acceptable Frame Type: Specify which kind of traffic goes through this connection, all traffic or only VLAN tagged.
Multiple Session It allows user to have multiple PPPoE sessions on the same PVC. The device supports up to 4 sessions created at the same time. Also the user can still dial the PPPoE from the PC at the LAN network and no limitation of sessions. Note: The maximum PPP session number is limited by ISP. And the device will use the first PPPoE sessions as default route, the user must create routing rules for other sessions manually. Profile Port: Select the profile port as ADSL.
IP (0.0.0.0:Auto): Your WAN IP address. Leave this at 0.0.0.0 to obtain automatically an IP address from your ISP. Auth. Protocol: Default is Auto. Your ISP should advise you on whether to use Chap or Pap. Connection: Always on: If you want the router to establish a multiple session when starting up and to automatically re-establish the multiple session when disconnected by the ISP.
ADSL Mode Connect Mode: This mode will automatically detect your ADSL line code, ADSL2+, ADSL2, AnnexM2 and AnnexM2+, ADSL, All. Please keep the factory setting unless ADSL is detected as the symptom of synchronization problem. Modulation: It will automatically detect capability of your ADSL line mode. Please keep the factory setting unless ADSL is detected as the symptom of synchronization problem.
System Here are the items within the System section: Time Zone, Remote Access, Firmware Upgrade, Backup/Restore, Restart and User Management. Time Zone The router does not have a real time clock on board; instead, it uses the Simple Network Time Protocol (SNTP) to get the current time from an SNTP server outside your network. Choose your local time zone, click Enable and click the Apply button.
Remote Access This feature enables system administrator to set the time interval where the router can be accessed for administration purpose from a remote site (i.e. from outside your LAN). If you wish to permanently enable remote access, set the time period to 0 minute. Firmware Upgrade Your router firmware is the software that enables it to operate and provides all its functionality. Think of your router as a dedicated computer, and the firmware as the software it runs.
Backup / Restore This function allows you to save a backup of the current configuration of your router to a file on your PC, or to restore a previously saved configuration. This is very useful if you wish to customize the setting of the router, knowing in advance that you can always restore the setting if any mistakes do occur. Therefore, It is advisable that you create a backup of the configuration of your router before customizing its configuration.
Restart Router Click Restart with option Current Settings to reboot your router (and restore your last saved configuration). If you wish to restart the router using the factory default settings (for example, after a firmware upgrade or if you have saved an incorrect configuration), select Factory Default Settings to reset to factory default settings. You may also reset your router to factory settings by holding the small Reset pinhole button more than 6 seconds on the back of your router.
User Management In order to prevent unauthorized access to your router’s configuration interface, it requires that all users are to login the GUI with a password. You can set up multiple user accounts, each with their own password. You can Edit any existing user accounts and Add new user account to grant access to the device configuration interface. Edit Account Information You can change the informations of any account whether the account is active or valid. 1.
To Add an Account 1. Check the Valid checkbox, fill in all the information: User name, Comment (optional), Password, Confirm Password. 2. When it is done, click the Add button. To delete a user account: 1. Click on the Delete radio button of the account you want to delete. 2. Then click the Edit/Delete to confirm the deletion. Note: You can delete any user account except for the default admin account. Thus there is no delete radio button available for this account.
Firewall and Access Control Your router includes a full SPI (Stateful Packet Inspection) firewall for Internet access controlling from your LAN. This feature also protects your system from being attacked by hackers. When using NAT, the router acts as a “natural” Internet firewall, as all PCs on your LAN will have their own private IP addresses which is not directly accessible from the Internet. The router provides three levels of security support.
General Settings You can choose to disable Firewall and still be able to access the URL Filter and IM/P2P Blocking or enable the Firewall using the preset filter rules and modify the port filter rules as required. The Packet Filter is used to filter packets based on Applications (Port) or IP addresses.
Packet Filter This function is only available when Firewall is enabled with one of the four security levels selected (All blocked, High, Medium and Low). The preset port filter rules in the Packet Filter must be modified accordingly to the level of security selected. See Table1: Predefined Port Filter for more detail information.
Example: Predefined Port Filters Rules The predefined port filter rules for High, Medium and Low security levels are listed. See Table 1. Note: Firewall – All Blocked/User-defined, you must define and create the port filter rules yourself. No predefined rule is being preconfigured.
Packet Filter – Add TCP/UDP Filter Rule Name Helper: User defined description for entry identification. You may also choose from the Select drop-down menu for an existing predefined rule. The maximum name length is 32 characters. Time Schedule: A self defined time period. You may specify a time schedule for your prioritization policy. For setup and detail, refer to Time Schedule section.
Packet Filter – Add Raw IP Filter Go to “Type” drop-down menu, select “Use Protocol Number”. Rule Name Helper: User defined description for entry identification. You may also choose from the Select drop-down menu for an existing predefined rule. Time Schedule: A self defined time period. You may specify a time schedule for your prioritization policy. For setup and detail, refer to Time Schedule section.
Example: Configuring your firewall to allow a publicly accessible web server on your LAN The predefined port filter rule for HTTP (TCP port 80) is the same whether the firewall is set to a high, medium or low security level. To setup a web server located on the local network when the firewall is enabled, you have to configure the Port Filters setting for HTTP.
Configuring Packet Filter: 1. Click Packet Filters. You will then be presented with the predefined port filter rules screen (in this case for the low security level), shown below: Note: You may click Edit the predefined rule instead of Delete it. This is an example to show to how you add a filter on your own. 2. If you want to delete a filter rule, select the delete radio button of the HTTP rule you want to delete. Then click the Edit/Delete button to delete the rule.
3. To add a new rule, Input the Rule Name, Time Schedule, Source/Destination IP, Type, Source/ Destination Port, Inbound and Outbound. Then click the Add button.
Intrusion Detection The router Intrusion Detection System (IDS) is used to detect hacker’s attack and intrusion attempts from the Internet. If the IDS function of the firewall is enabled, inbound packets are filtered and blocked depending on whether they are detected as possible hacker attacks, intrusion attempts or other connections that the router determines to be suspicious. Blacklist: If the router detects a possible attack, the source IP or destination IP address will be added to the Blacklist.
For SYN Flood, ICMP Echo Storm and ICMP flood, IDS will just warn the user in the Event Log. It cannot protect against such attacks.
URL Filter URL (Uniform Resource Locator) (e.g. an address in the form of http://www.abcde.com or http:// www.example.com) filter rule allows you to prevent users on your network from accessing specific websites defined by their URL. There are no predefined URL filter rules, therefore you can add filter rules to meet your requirements. Enable/Disable: Select to enable or disable URL Filter feature. Block Mode: A list of the modes that you can choose from to check the URL filter rules.
For example, if the URL is http://www.abc.com/abcde.html, the connection will be dropped if the keyword “abcde” occurs in the URL. Domains Filtering: This function checks the whole URL address but not the IP address against your list of domains to block or allow. If it is matched, the URL request will either be sent (Trusted) or dropped (Forbidden). For this function to be activated, both enable and disable checkboxes of Domain Filtering must be checked. Here is the checking procedure: 1.
Example: Andy wishes to disable all WEB traffic except for the ones listed in the trusted domain, which would prevent Bobby from accessing other websites. Andy selects both conditions in the Domain Filtering thinking that this will stop Bobby. But Bobby knows this function, Domain Filtering, ONLY disables all WEB traffic except for Trusted Domain, BUT not its IP address. If this is the situation, Block surfing by IP address function can become helpful.
IM / P2P Blocking IM, short for Instant Message, is a client software that allows users to communicate & exchange text messages with other IM users in real time over the Internet. A P2P application, known as Peerto-peer, is group of users who share their files with each other within the network over the Internet across the globe. Both Instant Message and Peer-to-peer applications make communication faster and easier but your network can become increasingly insecure at the same time.
Firewall Log Firewall Log displays a log that contains information of any unexpected actions that occur to your firewall settings. Check the Enable checkbox to activate event logging. Log information can be seen in the Status – Event Log after the feature is enabled.
QoS - Quality of Service QoS function helps you to control the network traffic of each application from LAN (Ethernet and/ or Wireless) to WAN (Internet). It facilitates you the features to control the quality and speed of throughput for each application when the system is running with full upstream load. These are the items within the QoS section: Prioritization, Outbound IP Throttling & Inbound IP Throttling (bandwidth management).
Destination IP address Range: The destination IP address or range of packets to be monitored. Destination Port: The destination port of the packets to be monitored. DSCP Marking: Differentiated Services Code Point (DSCP), it is the first 6 bits in the ToS byte. DSCP Marking allows users to classify the traffic of the application to be executed according to the DSCP value. See Table 4 for DSCP Mapping Table.
Outbound IP Throttling (LAN to WAN) IP Throttling allows you to limit the speed of the IP traffic. The value entered in the Rate Limit blank will set the speed limitation of the application. Name: User defined description to identify the new policy/name created. Time Schedule: Schedule your prioritization policy. Refer to Time Schedule for more information. Protocol: The name of the supported protocol. Rate Limit: To limit the speed of the outbound traffic.
Inbound IP Throttling (WAN to LAN) IP Throttling allows you to limit the speed of the IP traffic. The value entered in the Rate Limit blank will set the speed limitation of the application. Name: User defined description to identify the new policy/application created. Time Schedule: Schedule your prioritization policy. Refer to Time Schedule for more information. Protocol: The name of the supported protocol. Rate Limit: To limit the speed of the inbound traffic.
Example: QoS for your Network Connection Diagram VoIP Normal PCs Restricted PC 86
Information and Settings Upstream: 928 kbps Downstream: 8 Mbps VoIP User : 192.168.1.1 Normal Users : 192.168.1.2~192.168.1.5 Restricted User: 192.168.1.
Mission-critical application Mostly the VPN connection is mission-critical application for doing data exchange between head and branch office. The mission-critical application must be sent out smoothly without any drop out. Set the level of priority as high to prevent other applications from saturating the bandwidth. Voice application Voice is latency-sensitive application. Most VoIP devices are use SIP protocol and the port number will be assigned by SIP module automatically.
Restricted Application Some companies will setup their FTP servers for data download while others may use FTP for file sharing. The setting above helps to limit the utilization of the FTP upstream rate. Time schedule also helps to limit its utilization only during daytime. Advanced setting by using IP throttling IP throttling enables you to set parameters for bandwidth allocation, although the applications maybe located on the same level.
Sometime your customers or friends may upload their files to your FTP server and that will saturate your downstream bandwidth. The settings below help you to limit bandwidth for the restricted application.
Virtual Server (known as Port Forwarding) In TCP/IP and UDP networks, a port is a 16-bit number used to identify which application program (usually a server) incoming connections should be delivered to. Some ports have numbers that are pre-assigned to them by the IANA (the Internet Assigned Numbers Authority), and these are referred to as “well-known ports”. Servers follow the well-known port assignments so clients can locate them.
Add Virtual Server Because NAT can act as a “natural” Internet firewall, your router protects your network from being accessed by outside users when using NAT, as all incoming connection attempts will point to your router unless you specifically create Virtual Server entries to forward those ports to a PC on your network. When your router needs to allow an outside user to access the internal server, e.g. a web server, FTP server, Email server or game server, the router can act as a virtual server.
Example: If you like to remotely access your Router through the Web/HTTP all the time, you will need to enable port number 80 (Web/HTTP) and map to the Router’s IP Address. Then all incoming HTTP requests from you (Remote side) will be forwarded to the Router with an IP address of 192.168.1.254. Since port number 80 has already been predefined, next to the Application click Helper. A window with a list of predefined rules will pop, you can then select HTTP_Sever.
Edit DMZ Host DMZ Host is a local computer that is exposed to the Internet. When setting a particular internal IP address as the DMZ Host, all incoming packets especially those that do not use the port number that is being used by any other Virtual Server entries will be checked by the Firewall and NAT algorithms before being passed to the DMZ host. Cautious: The local computer that is exposed to the Internet may face various security risks.
Edit One-to-One NAT (Network Address Translation) One-to-One NAT maps a specific private / local IP address to a global / public IP address. If you have multiple public / WAN IP addresses from your ISP, you are eligible to use these IP addresses in One-to-One NAT . Go to Configuration > Virtual Server > Edit One-to-one NAT NAT Type: Select the desired NAT type. One-to-One NAT function is set to Disabled by default. Global IP Address: Subnet: The subnet of the public/WAN IP address given by your ISP.
Application: User defined description to identify this entry or click the to select an existing predefined rule. drop-down menu :20 predefined rules are available. Application, Protocol and External/Redirect Ports will be filled after the selection. Protocol: It is the supported protocol for the virtual server. In addition to specifying the port number to be used, you will also need to specify the protocol used. The protocol used is determined by the particular application.
Example: List of some well-known and registered port numbers. The Internet Assigned Numbers Authority (IANA) is the central coordinator for the assignment of unique parameter values for Internet protocols. Port numbers range from 0 to 65535, but only ports numbers 0 to 1023 are reserved for privileged services and are designated as “well-known ports” (Please refer to Table 5). The registered ports are numbered from 1024 through 49151.
Wake on LAN This feature provides greater flexibility for users to turn on / boot the computer of the network from a remotely site. MAC Address: Enter the MAC address of the target computer or you can select the MAC address directly from the Select drop down menu on the right. : You can select the MAC from this list.
Time Schedule The Time Schedule supports up to 16 time slots which helps you to manage your Internet connection. In each time profile, you may schedule specific day(s) i.e. Monday through Sunday to restrict or allow the use of the Internet by users or applications. Time Schedule correlates closely with router time. Since router does not have a real time clock on board, it uses the Simple Network Time Protocol (SNTP) to get the current time from an SNTP server. Refer to Time Zone for details.
Configuration of Time Schedule Edit a Time Slot 1. Choose any Time Slot (ID 1 to ID 16) to edit, click Edit radio button. Note: Watch it carefully, the days you have selected will present in capital letter. Lower case letter shows the day(s) is not selected, and no rule will apply on this day(s). 2. A detailed setting of this Time Slot will be shown. ID: This is the index of the time slot. Name: A user defined description to identify this time portfolio.
Delete a Time Slot Click on the Delete radio button of the Time Slot you wish to delete under the Time Slot section, and then click the Edit/Delete button to confirm the deletion of the selected Time profile, i.e. erase the Day and back to default setting of Start Time / End Time.
Advanced Configuration options within the Advanced section are for users who wish to take advantage of the more advanced features of the router. Users who do not understand the features should not attempt to reconfigure their router, unless advised to do so by support staff. These are the items within the Advanced section: Static Route, Static ARP, Dynamic DNS, Check Email, Device Management and IGMP. Static Route Go to Configuration > Advanced > Static Route.
Static ARP IP Address: Fill in the IP address of the host computer that is sending the data packet. MAC Address: Fill in the MAC address of the computer that the incoming data packets are to be forwarded.
Dynamic DNS The Dynamic DNS function allows you to alias a dynamic IP address to a static hostname, allowing users whose ISP does not assign them a static IP address to use a domain name. This is especially useful for hosting servers via your connection, so that anyone wishing to connect to you may use your domain name, rather than having to use your dynamic IP address, which changes from time to time. This dynamic IP address is the WAN IP address of the router, which is assigned to you by your ISP.
Check Email This function allows you to have the router check your POP3 mailbox for new Email messages. The Mail LED on your router will light when it detects new messages waiting for download. You may also view the status of this function using the Status – Email Checking section of the web interface, which also provides details on the number of new messages waiting. See the Status section of this manual for more information. Check Email: Disable: Check to disable the Email checking function.
Device Management The Device Management advanced configuration setting allows you to control your router security option and device monitoring features. Device Host Name Host Name: Assign it a name. Note: The Host Name must have more than a word. These two words should be connected with a ‘.’ period inbetween. Example: Host Name: homegateway ==> Incorrect Host Name: home.gateway or my.home.
Embedded Web Server ( 2 Management IP Accounts) HTTP Port: This is the port number that the router embedded web server (for web-based configuration) will use. The default value is the standard HTTP port 80. Users may specify an alternative if, for example, they are running a web server on a PC within their LAN. Management IP Address: You may specify an IP address for logon and access the router web server. Setting the IP address to 0.0.0.
SNMP Version: SNMPv2c and SNMPv3 SNMPv2c is the combination of the enhanced protocol features of SNMPv2 without the SNMPv2 security. The “c” comes from the fact that SNMPv2c uses the SNMPv1 community string paradigm for “security”, but is widely accepted as the SNMPv2 standard. SNMPv3 is a strong authentication mechanism, authorization with fine granularity for remote monitoring. Traps supported: Cold Start, Authentication Failure.
IGMP IGMP, known as Internet Group Management Protocol, is used to manage hosts from multicast group. IGMP Forwarding: Accepting multicast packet. Default is set to Enable. IGMP Snooping: Allowing switched Ethernet to check and make correct forwarding decisions. Default is set to Disable. VLAN Bridge This section allows you to create VLAN group and specify the members of each group. Edit: Edit your member ports in selected VLAN group. Create VLAN: To create another VLAN group.
Logout To exit the router web interface, choose Logout. Please save your configuration setting before logging out of the system. Be aware that the router configuration interface can only be accessed by one PC at a time. Therefore when a PC has logged into the system interface, the other users cannot access the system interface until the current user has logged out of the system.
Chapter 5: Troubleshooting If your router is not functioning properly, please refer to the suggested solutions provided in this chapter. If your problems persist or the suggested solutions do not meet your needs, please kindly contact your service provider or Billion for support. Problems with the router Problem Suggested Action Check the connection between the router and the adapter. If the problem persists, most likely it is due to the malfunction of your hardware.
Problem with LAN interface Problem Cannot PING any PC on LAN Suggested Action Check the Ethernet LEDs on the front panel. The LED should be on for the port that has a PC connected. If it does not lit, check to see if the cable between your router and the PC is properly connected. Make sure you have first uninstalled your firewall program before troubleshooting. Verify that the IP address and the subnet mask are consistent for both the router and the workstations.
Appendix: Product Support & Contact Following the suggestions listed in the Troubleshooting section of the user manual can help you solve most of your problems. However if your problems persist or you come across other technical issues that are not listed in the Troubleshooting section, please contact the dealer from where you purchased your product. Contact Billion Worldwide: http://www.billion.com MAC OS is a registered Trademark of Apple Computer, Inc.
