USB Storage here refers to network sharing in the network environment, USB devices act as the storage carrier for DLNA, NAS (Samba server, FTP server). Storage Device Info This part provides users direct access to the storage information like the total volume, the used and the remaining capacity of the device. Volume Name: Display the storage volume name FileSystem: Display the storage device’s file system format, well-known is FAT. Total Space: Display the total space of the storage, with unit MB.
User Account Users here can add user accounts for access to the storage, in this way users can access the network sharing storage with the specified account, and again protect their own data. Users added here are entitled to have access to both Samba server and FTP server. Default user admin. Click Add button, enter the user account-adding page: Username: user-defined name, but simpler and more convenient to remember would be favorable. Password: Set the password.
How to access Samba: In your computer, Click Start > Run, enter \\192.168.1.
When accessing the network storage, you can see a folder named “public”, users should have the account to enter, and the account can be set at the User Accounts section. When first logged on to the network folder, you will see the “public” folder. Public: The public sharing space for each user in the USB Storage. When user register a USB account and log successfully, a private folder (the same name as the user account registered) exclusive for each user is established. Go on to see the details.
Access the folder public.
When successfully accessed, the private folder of each user is established, and user can see from the following picture. The test fold in the picture is the private space for each user.
How to use FTP: Please note to enable remote FTP access in Remote Access. 1. Access via FTP tools Take popular FTP tool of FlashFXP for example: 1) Open FlashFXP 2) Create ftp sites (LAN IP / WAN IP, and set the account, port). 3) Connect to the ftp site.
2. Web FTP access 1) Enter ftp://admin@WAN-IP or ftp://admin@LAN-IP at the address bar of the IE. In terms of other browsers, type ftp://WAN-IP or ftp:// LAN-IP directly. 2) Enter the account's username and password.
Print Server The Print Server feature allows you to share a printer on your network by connecting a USB cable from your printer to the USB port on the 7820NZ. This allows you to print from any location on your network. Note: Only USB printers are supported Setup of the printer is a 3 step process (7820NZ for example) 1. Connect the printer to the 7820NZ’s USB port 2. Enable the print server on the 7820NZ 3.
Step 2: Click ‘’Add a Printer’’.
Step 4: Click “The printer that I want isn’t listed” Step 5: Select “Select a shared printer by name” Enter http://7820NZ- LAN-IP:631/printers/printer-name or. Make sure printer’s name is the same as what you set in the 7820NZ earlier For Example: http://192.168.1.
Step 6: Click “Next” to add the printer driver. If your printer is not listed and your printer came with an installation disk, click “Have Disk” find it and install the driver.
Step 8: Click “Next” and you are done You will now be able to see your printer on the Devices and Printers Page 150
DLNA The Digital Living Network Alliance (DLNA) is a non-profit collaborative trade organization established by Sony in June 2003, which is responsible for defining interoperability guidelines to enable sharing of digital media between consumer devices such as computers, printers, cameras, cell phones and other multiple devices. DLNA uses Universal Plug and Play (UPnP) for media management, discovery and control.
Take Windows media player in Windows 7 accessing the DLNA server for example for usage of DLNA .
IP Tunnel An IP Tunnel is an Internet Protocol (IP) network communication channels between two networks of different protocols. It is used to transport another network protocol by encapsulation of its packets. IP Tunnels are often used to connect two disjoint IP networks that do not have a native routing path to each other, via an underlying routable protocol across an intermediate transport network, like VPN.
Associated WAN Interface: The applied WAN interface with the set tunnel, thus when there are packets from/to the WAN interface, the tunnel would be used to transport the packets. Associated LAN Interface: Set the linked LAN interface with the tunnel. Method: 6rd operation mechanism: manually configured or automatically configured. If manually, please fill out the following 6rd parameters.
IPv4inIPv6 4in6 refers to tunneling of IPv4 in IPv6. It is an inherent internet interoperation mechanism allowing IPv4 to be used in an IPv6 only network. 4in6 uses tunneling to encapsulate IPv4 traffic over configured IPv6 tunnels. 4in6 tunnels are usually manually configured but they can be automated using protocols such as TSP to allow easy connection to a tunnel broker. DS – Lite DS –Lite, or Dual-Stack Lite, is designed to let an ISP omit the deployment of any IPv4 address to the customer’s CPE.
Security IP Filtering Outgoing IP filtering enables you to configure your router to block specified internal/external users (IP address) from Internet access, or you can disable specific service requests (Port number) to /from Internet. The relationship among all filters is “or” operation, which means that the router checks these different filter rules one by one, starting from the first rule. As long as one of the rules is satisfied, the specified action will be taken.
above. Destination Port [port or port: port]: Traffic with the particular set destination port or port in the set port range is to be blocked from going through the router. Default is set port from port range: 1 – 65535. Time Schedule: Select or set exactly when the rule works. When set to “Always On”, the rule will work all time; and also you can set the precise time when the rule works, like 01:00 - 19:00 from Monday to Friday.
(Rule inactive) 158
IP Filtering Incoming Incoming IP Filtering is set by default to block all incoming traffic, but user can set rules to forward the specific incoming traffic. Note: 1. The maximum number of entries: 32. 2. When LAN side firewall or firewall in WAN interface(s) is enabled, user can move here to add allowing rules to pass through the firewall. Click Add button to enter the exact rule setting page. Filter Name: A user-defined rule name.
Time Schedule: Select or set exactly when the rule works. When set to “Always On”, the rule will work all time; and also you can set the precise time when the rule works, like 01:00-19:00 from Monday to Friday. Or you can select the already set timeslot in “Time Schedule” during which the rule works. And when set to “Disable”, the rule is disabled or inactive and there will be an icon” ” in the list table indicating the rule is inactive. See Time Schedule.
MAC Filtering MAC Filtering is only effective on ATM PVCs configured in Bridged mode. FORWARDED means that all MAC layer frames will be forwarded except those matching with any of the specified rules in the following table. BLOCKED means that all MAC layer frames will be blocked except those matching with any of the specified rules in the following table.
Blocking WAN PING This feature is enabled to let your router not respond to any ping command when someone others “Ping” your WAN IP.
Time Restriction A MAC (Media Access Control) address is the unique network hardware identifier for each PC on your network’s interface (i.e. its Network Interface Card or Ethernet card). Using your router’s MAC Address Filter function, you can configure the network to block specific machines from accessing your LAN during the specified time. This page adds time of day restriction to a special LAN device connected to the router.
An example: Here you can see that the user “child-use” with a MAC of 18:a9:05:04:12:23 is blocked to access the router from 00:00 to 23:59 Monday through Friday. The “test” can access the internet always. If you needn’t this rule, you can check the box, press Remove, it will be OK. .
URL Filter URL (Uniform Resource Locator – e.g. an address in the form of http://www.abcde.com or http://www.example.com) filter rules allow you to prevent users on your network from accessing particular websites by their URL. There are no pre-defined URL filter rules; you can add filter rules to meet your requirements. Note: 1) URL Filter rules apply to both IPv4 and IPv6 sources. 2) But in Exception IP Address part, user can click IPv4 and IPv6 respectively.
Keywords Filtering Note: Maximum number of entries: 32. Click to add the keywords. Enter the Keyword, for example image, and then click Add. You can add other keywords like this. The keywords you add will be listed as above. If you want to reedit the keyword, press the Edit radio button left beside the item, and the word will listed in the Keyword field, edit, and then press Edit/Delete to confirm. If you want to delete certain keyword, check Delete checkbox right beside the item, and press Edit/Delete.
Filtering. Exception IP Address In the section, users can set the exception IP respectively for IPv4 and IPv6. Click to add the IP Addresses. Enter the except IP address. Click Add to save your changes. The IP address will be entered into the Exception List, and excluded from the URL filtering rules in effect. For specific process, please refer to Keywords Filtering. For example, users can set IPv4 client 192.168.1.
Parental Control Provider Parental Control Provider provides Web content filtering offering safer and more reliable web surfing for users. Please get an account and configure at the selected Provider “www.opendns.com” in advance. To use parental control (DNS), user needs to configure to use parental control (DNS provided by parental control provider) to access internet at WAN configuration or DNS page(See DNS).
QoS - Quality of Service QoS helps you to control the data upload traffic of each application from LAN (Ethernet) to WAN (Internet). This feature allows you to control the quality and speed of throughput for each application when the system is running with full upstream load. Note: ADSL line speed is based on the ADSL sync rate. But there is no QoS on 3G/LTE as the 3G/LTE line speed is various and can not be known exactly.
DSCP value.
External IP Address: The IP address on remote / WAN side. External Port: The Port number on the remote / WAN side. Time Schedule: Select or set exactly when the rule works. When set to “Always On”, the rule will work all time; and also you can set the precise time when the rule works, like 01:00-19:00 from Monday to Friday. Or you can select the already set timeslot in “Time Schedule” during which the rule works.
Examples: Common usage 1. Give outgoing VoIP traffic more priority. The default queue priority is normal, so if you have VoIP users in your local network, you can set a higher priority to the outgoing VoIP traffic. 2.
3. If you are actively engaged in P2P and are afraid of slowing down internet access for other users within your network, you can then use QoS to set a rule that has low priority. In this way, P2P application will not congest the data transmission with other applications. Other applications, like FTP, Mail access, users can use QoS to control based on need.
QoS Port Shaping QoS port shaping supports traffic shaping of Ethernet interfaces. It forcefully maximizes the throughput of the Ethernet interface. When “Shaping Rate” is set to “-1”, no shaping will be in place and the “Burst Size” is to be ignored. Interface: P1-P4. P4 used as EWAN also covered. Type: All LAN when P4 is LAN port; P4 used as EWAN, type WAN and all others LAN. QoS Shaping Rate (Kbps): Set the forcefully maximum rate. Burst Size(Bytes): Set the forcefully Burst Size.
NAT NAT (Network Address Translation) feature translates a private IP to a public IP, allowing multiple users to access the Internet through a single IP account, sharing the single IP address. It is a natural firewall for the private network. Exceptional Rule Group Exceptional Rule is dedicated to giving or blocking Virtual Server/ DMZ access to some specific IP or IPs(range). Users are allowed to set 8 different exceptional rule groups at most. In each group, user can add specific IP or IP range.
Exceptional Rule Range IP Address Range: Specify the IP address range; IPv4 address range can be supported. Click Add to add the IP Range. For instance, if user wants to block IP range of 172.16.1.102-172.16.1.106 from accessing your set virtual server and DMZ host, you can add this IP range and valid it.
Virtual Servers In TCP/IP and UDP networks a port is a 16-bit number used to identify which application program (usually a server) incoming connections should be delivered to. Some ports have numbers that are pre-assigned to them by the IANA (the Internet Assigned Numbers Authority), and these are referred to as “well-known ports”. Servers follow the well-known port assignments so clients can locate them. If you wish to run a server on your network that can be accessed from the WAN (i.e.
The following configuration page will appear to let you configure. Interface: select from the drop-down menu the interface you want the virtual server(s) to apply. Server Name: select the server name from the drop-down menu. Custom Service: It is a kind of service to let users customize the service they want. Enter the userdefined service name here. It is a parameter only available when users select Custom Service in the above parameter. Server IP Address: Enter your server IP Address here.
access to a group of IPs. For example, as we set previously group 1 blocking access to 172.16.1.102-172.16.1.106. If here you want to block Virtual Server access to this IP range, you can select Group1. Set up 1. Select a Server Name from the drop-down menu, then the port will automatically appear, modify some as you like, or you can just leave it as default. Remember to enter your server IP Address. 2. Press Apply to conform, and the items will be list in the Virtual Servers Setup table.
( Means the rule is inactive) Remove If you don’t need a specified Server, you can remove it. Check the check box beside the item you want to remove, then press Remove, it will be OK.
DMZ Host The DMZ Host is a local computer exposed to the Internet. When setting a particular internal IP address as the DMZ Host, all incoming packets will be checked by Firewall and NAT algorithms before being passed to the DMZ host, when a packet received does not use a port number used by any other Virtual Server entries. (Group Information) DMZ Host IP Address: Enter the IP Address of a host you want it to be a DMZ host. Select from the list box to quick set the DMZ.
One-to-One NAT One-to-One NAT maps a specific private/local address to a global/public IP address. If user has multiple global/public IP addresses from your ISP, you are free to use one-to-one NAT to assign some specific public IP for an internal IP like a public web server mapped with a global/public IP for outside access. Valid: Check whether to valid the one-to-one NAT mapping rule. WAN Interface: Select one based WAN interface to configure the one-to-one NAT.
Port Triggering Port triggering is a way to automate port forwarding with outbound traffic on predetermined ports (‘triggering ports’), incoming ports are dynamically forwarded to the initiating host, while the outbound ports are in use. Port triggering triggers can open an incoming port when a client on the local network makes an outgoing connection on a predetermined port or a range of ports. Click Add to add a port triggering rule.
Open port L Start: Enter a port number as the open port staring number. L End: Enter a port number as the open port ending number. Any port in the range delimited by the ‘Start’ and ‘End’ would be the preset forwarding port or open port. Protocol: select the protocol this service used: TCP/UDP, TCP, UDP. Set up An example of how port triggering works, when a client behind a NAT router connecting to Aim Talk, it is a TCP connection with the default port 4099.
Edit/Remove If you don’t need a specified Server, you can remove it. Check the check box beside the item you want to remove, and then press Remove. Click Edit to re-edit your port-triggering rule.
ALG The ALG Controls enable or disable protocols over application layer. SIP: Enable the SIP ALG when SIP phone needs ALG to pass through the NAT. Disable the SIP when SIP phone includes NAT-Traversal algorithm. H.323: Enable to secure the voice communication using H.323 protocol when one or both terminals are behind a NAT. IPSec: Enable IPSec ALG to allow one or both peers to reside behind a NAT gateway (i.e., doing address- or port-translation).
Wake On LAN Wake on LAN (WOL, sometimes WoL) is an Ethernet computer networking standard that allows a computer to be turned on or woken up remotely by a network message. Host Label: Enter identification for the host. Select: Select MAC address of the computer that you want to wake up or turn on remotely. Wake by Schedule: Enable to wake up your set device at some specific time. For instance, user can set to get some device woken up at 8:00 every weekday.
188
VPN A virtual private network (VPN) is a private network that interconnects remote (and often geographically separate) networks through primarily public communication infrastructures such as the Internet. VPNs provide security through tunneling protocols and security procedures such as encryption. For example, a VPN could be used to securely connect the branch offices of an organization to a head office network through the public Internet.
Click Add to create IPSec connections. IPSec Settings L2TP over IPSec: Select Enable if user wants to use L2TP over IPSec. See L2TPover IPSec Connection Name: A given name for the connection, but it should contain no spaces (e.g. “connection-to-office”). WAN Interface: Select the set used interface for the IPSec connection, when you select adsl pppoe_0_0_35/ppp0.1 interface, the IPSec tunnel would transmit data via this interface to connect to the remote peer.
Key Exchange Method: Displays key exchange method. Pre-Shared Key: This is for the Internet Key Exchange (IKE) protocol, a string from 1 to 32 characters. Both sides should use the same key. IKE is used to establish a shared security policy and authenticated keys for services (such as IPSec) that require a key. Before any IPSec traffic can be passed, each router must be able to verify the identity of its peer. This can be done by manually entering the pre-shared key into both sides (router or hosts).
IPSec Lifetime: Specify the number of minutes that IPSec will stay active before new encryption and authentication key will be exchanged. Enter a value to negotiate and establish secure authentication. Default is 60 minutes (3600 seconds). A short time increases security by forcing the two parties to update the keys. However, every time when the VPN tunnel re- negotiates, access through the tunnel will be temporarily disconnected.
IPSec for L2TP Connection Name: A given name for the connection, but it should contain no spaces (e.g. “connection-to-office”). WAN Interface: Select the set interface for the IPSec tunnel. Remote Security Gateway: Input the IP of remote security gateway. Key Exchange Method: Displays key exchange method. Pre-Shared Key: This is for the Internet Key Exchange (IKE) protocol, a string from 1 to 32 characters. Both sides should use the same key.
Examples: 1. LAN-to-LAN connection Two BiPAC 7820NZs want to setup a secure IPSec VPN tunnel Note: The IPSec Settings shall be consistent between the two routers. Head Office Side: Setup details: Item 1 Connection Name Function Description H-to-B Give a name for IPSec connection Local Network 2 3 Subnet Select Subnet IP Address 192.168.1.0 Netmask Secure Gateway Address(Hostanme) Remote Network 255.255.255.0 Head Office network IP address of the Branch office router (on WAN side) 69.121.1.
195
Branch Office Side: Setup details: the same operation as done in Head Office side Item 1 Function Connection Name Description B-to-H Give a name for IPSec connection Local Network 2 3 Subnet Select Subnet IP Address 192.168.0.0 Netmask Remote Secure Gateway Address(Hostanme) Remote Network 255.255.255.0 Branch Office network IP address of the Head office router (on WAN side) 69.121.1.3 Subnet Select Subnet 4 IP Address 192.168.1.0 Netmask 255.255.255.
3. Host to LAN Router servers as VPN server, and host should install the IPSec client to connect to head office through IPSec VPN. Item 1 Function Connection Name Description Headoffice-to-Host Give a name for IPSec connection Local Network 2 3 4 5 Subnet Select Subnet IP Address 192.168.1.0 Netmask Remote Secure Gateway (Hostanme) Remote Network Single Address Proposal 255.255.255.
198
VPN Account PPTP and L2TP server share the same account database set in VPN Account page. Name: A user-defined name for the connection. Tunnel: Select Enable to activate the account. PPTP(L2TP) server is waiting for the client to connect to this account. Username: Please input the username for this account. Password: Please input the password for this account. Connection Type: Select Remote Access for single user, Select LAN to LAN for remote gateway.
Exceptional Rule Group Exceptional Rule is dedicated to giving or blocking PPTP/L2TP server access to some specific IP or IPs(range). Users are allowed to set 8 different exceptional rule groups at most. In each group, user can add specific IP or IP range. Press Edit to set the exceptional IP (IP Range). Default Action: Please first set the range to make “Default Action” setting available. Set “Allow” to ban the listed IP or IPs to access the PPTP and L2TP server.
Exceptional Rule Range IP Address Range: Specify the IP address range; IPv4 address range can be supported. Click Add to add the IP Range. For instance, if user wants to block IP range of 172.16.1.102-172.16.1.106 from accessing your PPTP and L2TP server, you can add this IP range and valid it.
PPTP The Point-to-Point Tunneling Protocol (PPTP) is a Layer2 tunneling protocol for implementing virtual private networks through IP network. PPTP uses an enhanced GRE (Generic Routing Encapsulation) mechanism to provide a flow- and congestion-controlled encapsulated datagram service for carrying PPP packets. In the Microsoft implementation, the tunneled PPP traffic can be authenticated with PAP, CHAP, Microsoft CHAP V1/V2 or EAP-TLS.
minutes. Exceptional Rule Group: Select to grant or block access to a group of IPs to the PPTP server. See Exceptional Rule Group. If there is not any restriction, select none. Click Apply to submit your PPTP Server basic settings. PPTP Client PPTP client can help you dial-in the PPTP server to establish PPTP tunnel over Internet. Name: user-defined name for identification. WAN Interface: Select the exact WAN interface configured for the tunnel.
Example: PPTP Remote Access with Windows7 (Note: inside test with 172.16.1.208, just an example for illustration) Server Side: 1. Configuration > VPN > PPTP and Enable the PPTP function, Click Apply. 2. Create a PPTP Account “test”.
Client Side: 1. In Windows7 click Start > Control Panel> Network and Sharing Center, Click Set up a new connection network.
2. Click Connect to a workplace, and press Next. 3. Select Use my Internet connection (VPN) and press Next.
4. Input Internet address and Destination name for this connection and press Next.
5. Input the account (user name and password) and press Create.
6. Connect to the server.
7. Successfully connected. PS: You can also go to Network Connections shown below to check the detail of the connection.
211
Example: Configuring a LAN-to-LAN PPTP VPN Connection The branch office establishes a PPTP VPN tunnel with head office to connect two private networks over the Internet. The routers are installed in the head office and branch offices accordingly. Server side: Head Office The above is the common setting for PPTP Server, set as you like for authentication and encryption. The settings in Client side should be in accordance with settings in Server side.
Then the PPTP Account. Client Side: Branch Office The client user can set up a tunnel connecting to the PPTP server, and can also set the tunnel as the default route for all outgoing traffic. Note: users can see the “Default Gateway” item in the bar, and user can check to select the tunnel as the default gateway (default route) for traffic. If selected, all outgoing traffic will be forwarded to this tunnel and routed to the next hop.
L2TP The Layer 2 Tunneling Protocol (L2TP) is a Layer2 tunneling protocol for implementing virtual private networks. L2TP does not provide confidentiality or strong authentication by itself. IPsec is often used to secure L2TP packets by providing confidentiality, authentication and integrity. The combination of these two protocols is generally known as L2TP/IPsec. In L2TP section, both pure L2TP and L2TP/IPSec are supported. Users can choose your preferable option for your own needs.
and set the same in the client side. Secret: Enter the secretly pre-shared password for tunnel authentication. Remote Host Name: Enter the remote host name (of peer) featuring the destination of the L2TP tunnel. Local Host Name: Enter the local host name featuring the source of the L2TP tunnel. Exceptional Rule Group: Select to grant or block access to a group of IPs to the L2TP server. See Exceptional Rule Group. If there is not any restriction, select none.
L2TP Client L2TP client can help you dial-in the L2TP server to establish L2TP tunnel over Internet. Name: user-defined name for identification. L2TP over IPSec: If your L2TP server has used L2TP over IPSec feature, please enable this item. under this circumstance, client and server communicate using L2TP over IPSec. L Enable IPSec Tunnel: Select the appropriate IPSec for L2TP rule configured for the L2TP Client. Username: Enter the username provided by your L2TP Server.
Connection Type: Select Remote Access for single user, Select LAN to LAN for remote gateway. Peer Network IP: Please input the subnet IP for Server. Peer Netmask: Please input the Netmask for Server. Tunnel Authentication: Select whether to enable L2TP tunnel authentication, if the server side enables this feature, please follow. Secret: Enter the set secret password in the server side. Remote Host Name: Enter the remote host name featuring the destination of the L2TP tunnel.
Secret: Enter the set secret password in the server side. Remote Host Name: Enter the remote host name featuring the destination of the L2TP tunnel. Local Host Name: Enter the local host name featuring the source of the L2TP tunnel. Click Add button to save your changes.
Example: L2TP over IPSec Remote Access with Windows7 (Note: inside test with 172.16.1.185, just an example for illustration) Server Side: 1. Configuration > VPN > L2TP and Enable the L2TP function, Click Apply.
2. Create a L2TP Account “test1”. Client Side: 1. In Windows7 click Start > Control Panel> Network and Sharing Center, Click Set up a new connection network.
2. Click Connect to a workplace, and press Next. 3. Select Use my Internet connection (VPN) and press Next.
4. Input Internet address and Destination name for this connection and press Next.
5. Input the account (user name and password) and press Create.
6. Connection created. Press Close. 7. Go to Network Connections shown below to check the detail of the connection. Right click “L2TP_IPSec” icon, and select “Properties” to change the security parameters.
8. Chang the type of VPN to “Layer 2 Tunneling Protocol with IPSec (L2TP/IPSec)” and Click Advanced Settings to set the pre-shared (set in IPSec) key for authentication.
9. Go to Network connections, enter username and password to connect L2TP_IPSec and check the connection status.
Example: Configuring L2TP LAN-to-LAN VPN Connection The branch office establishes a L2TP VPN tunnel with head office to connect two private networks over the Internet. The routers are installed in the head office and branch office accordingly. Note: Both office LAN networks must be in different subnets with the LAN-LAN application.
The above is the common setting for L2TP Server, set as you like for authentication and encryption. The settings in Client side should be in accordance with settings in Server side. Then account the L2TP Account.
Client Side: Branch Office The client user can set up a tunnel connecting to the PPTP server, and can also set the tunnel as the default route for all outgoing traffic. Note: users can see the “Default Gateway” item in the bar, and user can check to select the tunnel as the default gateway (default route) for traffic. If selected, all outgoing traffic will be forwarded to this tunnel and routed to the next hop.
OpenVPN OpenVPN is an open source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange. It is capable of traversing network address translation (NAT) and firewalls. OpenVPN allows peers to authenticate each other using a pre-shared secret key, certificates, or username/password.
HMAC Authentication: OpenVPN support HMAC authentication, please select authentication item from the list. lzo Compression: Enable to use the LZO compression library to compress the data stream. Click Apply to submit your OpenVPN Server basic settings.
OpenVPN CA OpenVPN offers pre-shared keys, certificate-based, and username/password-based authentication, with certificate-based being the most robust. Generally, the part offers the billion factory-defined authentication certificate. Recipient’s Email: Set the recipient’s email address to send the trusted CA to the OpenVPN client. OpenVPN server and client need matched certificate to establish trusted VPN tunnel, on client side, please import this certificate in Trusted CA.
OpenVPN Client OpenVPN client can help you dial-in the OpenVPN server to establish a trusted OpenVPN tunnel over Internet. Name: user-defined name for identification. WAN Interface: Select the exact WAN interface configured as source for the tunnel. Select Default to use the now-working WAN interface for the tunnel. Username: Enter the username provided by your OpenVPN Server. Password: Enter the password provided by your OpenVPN Server.
How to establish OpenVPN tunnel 1. Remote Access OpenVPN (If the client wants to remotely access the OpenVPN Server, on client side, users had better install an OpenVPN client application/installer and connect to server accordingly. Here only give the configuration on server side.) Server side on router 1. Set up parameters (WAN interface, port, tunnel virtual subnet IP/mask, encryption, authentication, etc) on OpenVPN server side. 2. Create an account for the OpenVPN tunnel for client to connect in.
3. Set the OpenVPN client’s E-mail address to receive trusted CA from server to establish a trusted OpenVPN tunnel.
2. LAN-to-LAN OpenVPN The branch office establishes a OpenVPN tunnel with head office to connect two private networks over the Internet. The routers are installed in the head office and branch office accordingly. Configured in this way, head office and branch office can access each other. Note: Both office LAN networks must be in different subnets with the LAN-to-LAN application. Server side: Head Office 1.
2. Create an account for client to connect in 3. Set the OpenVPN client’s E-mail address to receive trusted CA from server to establish a trusted OpenVPN tunnel.
Client Side: Branch Office 1. Import your trusted certificate from server side, which is used to authenticate between client and server for establishing trusted OpenVPN tunnel. 2. On the OpenVPN client side, fill in the parameters the same as set for OpenVPN server.
Note: users can see the “Default Gateway” item in the bar, and user can check to select the tunnel as the default gateway (default route) for traffic. If selected, all outgoing traffic will be forwarded to this tunnel and routed to the next hop.
GRE Generic Routing Encapsulation (GRE) is a tunneling protocol that can encapsulate a wide variety of network layer protocol packets inside virtual point-to-point links over an Internet Protocol (IP) network. And the common use can be GRE over IPSec. Note: up to 8 tunnels can be added, but only 4 can be activated. Name: User-defined identification. WAN Interface: Select the exact WAN interface configured for the tunnel as the source tunnel IP.
Advanced Setup There are sub-items within the System section: Routing, DNS, Static ARP, UPnP, Certificate, Multicast, Management, and Diagnostics.
Routing Default Gateway WAN port: Select the port this gateway applies to. To set Default Gateway and Available Routed WAN Interface. This interfaces are the ones you have set in WAN section, here select the one you want to be the default gateway by moving the interface via or . And select a Default IPv6 Gateway from the drop-down menu.
Static Route With static route feature, you can control the routing of all the traffic across your network. With each routing rule created, you can specifically assign the destination where the traffic will be routed. Above is the static route listing table, click Add to create static routing. IP Version: Select the IP version, IPv4 or IPv6. Destination IP Address / Prefix Length: Enter the destination IP address and the prefix length.
In listing table you can remove the one you don’t want by checking the checking box and press Remove button.
Policy Routing Here users can set a route for the host (source IP) in a LAN interface to access outside through a specified Default Gateway or a WAN interface. The following is the policy Routing listing table. Click Add to create a policy route. Policy Name: User-defined name. Physical LAN Port: Select the LAN port. Source IP: Enter the Host Source IP. Interface: Select the WAN interface which you want the Source IP to access outside through.
RIP RIP, Router Information Protocol, is a simple Interior Gateway Protocol (IGP). RIP has two versions, RIP-1 and RIP-2. Interface: the interface the rule applies to. Version: select the RIP version, there are two versions, RIP-1 and RIP-2. Operation: RIP has two operation mode. L Passive: only receive the routing information broadcasted by other routers and modifies its routing table according to the received information.
DNS DNS, Domain Name System, is a distributed database of TCP/IP application. DNS provides translation of Domain name to IP. DNS ¾ IPv4 Three ways to set an IPv4 DNS server L Select DNS server from available WAN interfaces: Select a desirable WAN interface as the IPv4 DNS server. L User the following Static DNS IP address: To specify DNS server manually by entering your primary and secondary DNS server addresses.
Primary IPv6 DNS Server / Secondary IPv6 DNS Server: Type the specific primary and secondary IPv6 DNS Server address.
Dynamic DNS The Dynamic DNS function allows you to alias a dynamic IP address to a static hostname, allowing users whose ISP does not assign them a static IP address to use a domain name. This is especially useful for hosting servers via your ADSL connection, so that anyone wishing to connect to you may use your domain name, rather than having to use your dynamic IP address, which changes from time to time. This dynamic IP address is the WAN IP address of the router, which is assigned to you by your ISP.
User can register different DDNS to different interfaces. Examples: Note first users have to go to the Dynamic DNS registration service provider to register an account. User test register two Dynamic Domain Names in DDNS provider http://www.dyndns.org/ . 1. pppoe_0_8_35 with DDNS: www.hometest.
2. ipoe_eth0 with DDNS: www.hometest1.com using username/password test/test.
DNS Proxy DNS proxy is used to forward request and response message between DNS Client and DNS Server. Hosts in LAN can use router serving as a DNS proxy to connect to the DNS Server in public to correctly resolve Domain name to access the internet. DNS Proxy: Select whether to enable or disable DNS Proxy function, default is enabled. Host name of the Broadband Router: Enter the host name of the router. Default is home.gateway. Domain name of the LAN network: Enter the domain name of the LAN network. home.
Static DNS Static DNS is a concept relative to Dynamic DNS; in static DNS system, the IP mapped is static without change. You can map the specific IP to a user-friendly domain name. In LAN, you can map a PC to a domain name for convenient access. Or you can set some well-known Internet IP mapping item so your router will response quickly for your DNS query instead of querying from the ISP’s DNS server. Host Name: Type the domain name (host name) for the specific IP .
Static ARP ARP (Address Resolution Protocol) is a TCP/IP protocol that allows the resolution of network layer addresses into the link layer addresses. And “Static ARP” here allows user to map manually the layer-3 MAC (Media Access Control) address to the layer-2 IP address of the device. IP Address: Enter the IP of the device that the corresponding MAC address will be mapped to. MAC Address: Enter the MAC address that corresponds to the IP address of the device. Click Add to confirm the settings.
UPnP UPnP offers peer-to-peer network connectivity for PCs and other network devices, along with control and data transfer between devices. UPnP offers many advantages for users running NAT routers through UPnP NAT Traversal, and on supported systems makes tasks such as port forwarding much easier by letting the application control the required settings, removing the need for the user to control advanced configuration of their device.
Installing UPnP in Windows Example Follow the steps below to install the UPnP in Windows Me. Step 1: Click Start and Control Panel. Double-click Add/Remove Programs. Step 2: Click on the Windows Setup tab and select Communication in the Components selection box. Click Details. Step 3: In the Communications window, select the Universal Plug and Play check box in the Components selection box. Step 4: Click OK to go back to the Add/Remove Programs Properties window. Click Next.
Step 5: Restart the computer when prompted. Follow the steps below to install the UPnP in Windows XP. Step 1: Click Start and Control Panel. Step 2: Double-click Network Connections. Step 3: In the Network Connections window, click Advanced in the main menu and select Optional Networking Components …. The Windows Optional Networking Components Wizard window displays. Step 4: Select Networking Service in the Components selection box and click Details.
Step 5: In the Networking Services window, select the Universal Plug and Play check box. Step 6: Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. Auto-discover Your UPnP-enabled Network Device Step 1: Click start and Control Panel. Double-click Network Connections. An icon displays under Internet Gateway. Step 2: Right-click the icon and select Properties.
Step 3: In the Internet Connection Properties window, click Settings to see the port mappings that were automatically created. Step 4: You may edit or delete the port mappings or click Add to manually add port mappings. Step 5: Select Show icon in notification area when connected option and click OK.
in the system tray Step 6: Double-click on the icon to display your current Internet connection status.
Web Configurator Easy Access With UPnP, you can access web-based configuration for the BiPAC 7820NZ without first finding out the IP address of the router. This helps if you do not know the router’s IP address. Follow the steps below to access web configuration. Step 1: Click Start and then Control Panel. Step 2: Double-click Network Connections. Step 3: Select My Network Places under Other Places. Step 4: An icon describing each UPnP-enabled device shows under Local Network.
Certificate The feature is to facilitate users to import different certificates for server certificate authentication, like TR-069, OpenVPN etc. If the imported certificate doesn't match the authorized certificate of the ACS Server, OpenVPN Server, the device will have no access to the server. Trusted CA Certificate Name: The certificate identification name. Subject: The certificate subject. Type: The certificate type information. "ca", indicates that the certificate is a CA-signed certificate.
Click Import Certificate button to import your certificate. Enter the certificate name and insert the certificate.
Click Apply to confirm your settings.
Multicast Multicast is one of the three network transmission modes, Unicast, Multicast, Broadcast. It is a transmission mode that supports point-to-multipoint connections between the sender and the recipient. IGMP protocol is used to establish and maintain the relationship between IP host and the host directly connected multicast router. IGMP stands for Internet Group Management Protocol, it is a communications protocols used to manage the membership of Internet Protocol multicast groups.
Query Response Interval: Enter the response interval time (sec). Last Member Query Interval: Enter the interval time (sec) the multicast router query the specified group after it has received leave message. Robustness Value: Enter the router robustness parameter, 2-7, the greater the robustness value, the more robust the Querier is. Maximum Multicast Groups: Enter the Maximum Multicast Groups. Maximum Multicast Data Sources( for IGMP v3): Enter the Maximum Multicast Data Sources,124.
Management SNMP Agent SNMP, Simple Network Management Protocol, is the most popular one in network. It consists of SNMP Manager,SNMP Agent and MIB. Every network device supporting SNMP will have a SNMP Agent which is a management software running in the device. SNMP Manager, the management software running on the server, it uses SNMP protocol to send GetRequest、GetNextRequest, SetRequest message to Agent to view and change the information of the device.
TR- 069 Client TR-069 (short for Technical Report 069) is a DSL Forum (which was later renamed as Broadband Forum) technical specification entitled CPE WAN Management Protocol (CWMP). It defines an application layer protocol for remote management of end-user devices. As a bidirectional SOAP/HTTP based protocol it can provides the communication between customer premises equipment (CPE) and Auto Configuration Server (ACS).
GetRPCMethods:Supported by both CPE and ACS, display the supported RFC listing methods. Click Apply to apply your settings.
HTTP Port The device equips user to change the embedded web server accessing port. Default is 80.
Remote Access It is to allow remote access to the router to view or configure. Remote Access: Select “Enable” to allow management access from remote side (mostly from internet). If disabled, no remote access is allowed for any IPs even if you set allowed access IP address. So, please note that enabling remote access is an essential step before granting remote access to IPs. Enable Service: Select to determine which service(s) is (are) allowed for remote access when remote access is enabled.
Mobile Network User can press Scan to discover available 3G/LTE mobile network.
3G/LTE Usage Allowance 3G/LTE usage allowance is designated for users to monitor and control the 3G flow usage. 7820NZ’s 3G/LTE usage allowance offers exact control settings for each SIM card. 3G/LTE Usage Allowance: Enable to monitor 3G/LTE usage. SIM 1 & SIM 2 Mode: include Volume-based and Time-based control. L Volume-based include “only Download”, ”only Upload” and “Download and Upload” to limit the flow. L Time-based control the flow by providing specific hours per month.
Power Management Power management is a feature of some electrical appliances, especially computers that turn off the power or switch to a low-power state when inactive. Five main parameters are listed for users to check to manage the performance of the router.
Time Schedule The Time Schedule supports up to 32 timeslots which helps you to manage your Internet connection. In each time profile, you may schedule specific day(s) i.e. Monday through Sunday to restrict or allowing the usage of the Internet by users or applications. This Time Schedule correlates closely with router’s time, since router does not have a real time clock on board; it uses the Simple Network Time Protocol (SNTP) to get the current time from an SNTP server from the Internet.
Auto Reboot Auto reboot offers flexible rebooting service (reboot with the current configuration) of router for users in line with scheduled timetable settings. Enable to set the time schedule for rebooting. For example, the router is scheduled to reboot at 22:00 every single weekday, and to reboot at 9:00 on Saturday and Sunday.
Diagnostics Diagnostics Tools BiPAC 7820NZ offers diagnostics tools including “Ping” and “Trace route test” tools to check for problems associated with network connections. Ping Test: to verify the connectivity between source and destination. Destination Host: Enter the destination host (IP, domain name) to be checked for connectivity. Source Address: Select or set the source address to test the connectivity from the source to the destination. Ping Test: Press this button to proceed ping test.
Example: Ping www.google.
Example: “trace” www.google.
Push Service With push service, the system can send email messages with consumption data and system information. Recipient’s E-mail: Enter the destination mail address. The email is used to receive system log , system configuration,security log sent by the device when the Push Now button is pressed (information sent only when pressing the button ), but the mail address is not remembered. Note: Please first set correct the SMTP server parameters in Mail Alert.
Diagnostics Check the connections, including Ethernet connection, Internet Connection and wireless connection. Click Help link that can lead you to the interpretation of the results and the possible, simply troubleshooting.
Fault Management IEEE 802.1ag Connectivity Fault Management (CFM) is a standard defined by IEEE. It defines protocols and practices for OAM (Operations, Administration, and Maintenance) for paths through 802.1 bridges and local area networks (LANs). Fault Management is to uniquely test the VDSL PTM connection; Push service Maintenance Domain (MD) Level: Maintenance Domains (MDs) are management spaces on a network, typically owned and operated by a single entity.
Restart This section lets you restart your router if necessary. Click configuration page. in the low right corner of each If you wish to restart the router using the factory default settings (for example, after a firmware upgrade or if you have saved an incorrect configuration), select Factory Default Settings to reset to factory default settings. Or you just want to restart after the current setting, the select the Current Settings, and Click Restart.
Chapter 5: Troubleshooting If your router is not functioning properly, please refer to the suggested solutions provided in this chapter. If your problems persist or the suggested solutions do not meet your needs, please kindly contact your service provider or Billion for support. Problems with the router Problem Suggested Action Check the connection between the router and the adapter. If the problem persists, most likely it is due to the malfunction of your hardware.
Problem with LAN interface Problem Cannot PING any PC on LAN Suggested Action Check the Ethernet LEDs on the front panel. The LED should be on for the port that has a PC connected. If it does not lit, check to see if the cable between your router and the PC is properly connected. Make sure you have first uninstalled your firewall program before troubleshooting. Verify that the IP address and the subnet mask are consistent for both the router and the workstations.
Appendix: Product Support & Contact If you come across any problems please contact the dealer from where you purchased your product. Contact Billion Worldwide: http://www.billion.com MAC OS is a registered Trademark of Apple Computer, Inc. Windows 7/8, Windows XP and Windows Vista are registered Trademarks of Microsoft Corporation.
Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.
IC Warning: This device complies with Industry Canada licence-exempt RSS standard(s). Operation is subject to the following two conditions: (1) this device may not cause interference, and (2) this device must accept any interference, including interference that may cause undesired operation of the device. Le présent appareil est conforme aux CNR d'Industrie Canada applicables aux appareils radio exempts de licence.
