background image

VoIP/(802.11g) ADSL2+ (VPN) Firewall Router 

 

Chapter 4: Configuration 

 

 

Ring & Tone 

This section allows advanced user to change the existing or newly defined parameters for the various ring 
tones (dial tone, busy tone, answer tone and etc.)  

 

Country Specific Ring & Tone 

Region: 

Select a country ring-tone, from the drop-down list, where you are located. This VoIP 

router provides default parameter of ring tones according to different countries.  The ring-tone 
parameters are automatically displayed after entering a specific country.  If your country is not in the 
list, you may manually create ring-tone parameters. 

Ring Parameters 

Ring Cadence (in ms): 

Ring cadence is defined by three fields, Frequency: On Time1, Off Time1, 

On Time2, Off Time2 and On Time3, Off Time3. Frequency is specified in Hertz. Time is given in 
milliseconds. 

Tone Parameters 

You may need to check with your local telephone service provider for such information. Also, it is 
recommended that this option be configured by an advanced user, unless you are instructed to do 
so.   

 
Click 

Apply

 to apply the settings. 

131

Summary of Contents for BiPAC 7404V series

Page 1: ...BiPAC 7404V series VoIP 802 11g ADSL2 VPN Firewall Router User s Manual Version Release 2 06e ...

Page 2: ...WSER 18 CHAPTER 4 CONFIGURATION 19 STATUS 20 ARP Table 20 Wireless Association Table Wireless Router only 20 DHCP Table 22 PPTP Status Only the 7404VGO has VPN features 22 IPSec Status Only the 7404VGO has VPN features 23 L2TP Status Only the 7404VGO has VPN features 24 Email Status 24 VoIP Status 25 Event Log 25 Error Log 25 NAT Sessions 25 Diagnostic 26 UPnP Portmap 26 QUICK START 28 CONFIGURATI...

Page 3: ... VoIP Dial Plan 126 Ring Tone 131 Special dial codes 132 QoS Quality of Service 133 Prioritization 134 Outbound IP Throttling LAN to WAN 136 Inbound IP Throttling WAN to LAN 137 Virtual Server Port Forwarding 140 Add Virtual Server 141 Edit DMZ Host 143 Edit DMZ Host 144 Edit One to One NAT Network Address Translation 145 Time Schedule 148 Configuration of Time Schedule 149 Advanced 150 Static Rou...

Page 4: ...ss The router complies with ADSL worldwide standards It supports downstream rate up to 12 24 Mbps with ADSL2 2 8Mbps with ADSL Users enjoy not only high speed ADSL services but also broadband multimedia applications such as interactive gaming video streaming and real time audio much easier and faster than ever It is compliant with Multi Mode standard ANSI T1 413 Issue 2 G dmt ITU G 992 1 G lite IT...

Page 5: ...omain Name System DNS relay It provides an easy way to map the domain name a friendly name for users such as www yahoo com and IP address When a local machine sets its DNS server with this router s IP address every DNS conversion request packet from the PC to this router will be forwarded to the real DNS in the outside network Dynamic Domain Name System DDNS The Dynamic DNS service allows you to a...

Page 6: ...cal IP network It has routing capability and supports easy static routing table or RIP1 2 routing protocol Static and RIP1 2 Routing Simple Network Management Protocol SNMP It is an easy way to remotely manage the router via SNMP Web based GUI It supports web based GUI for configuration and management It is user friendly and comes with so supports remote management capability for remote users to c...

Page 7: ...uter in high humidity or high temperatures Do not use the same power source for this router as other equipment Do not open or repair the case yourself If this router is too hot turn off the power immediately and have it repaired at a qualified service center Avoid using this product and all accessories outdoors Package Contents VoIP 802 11g ADSL2 VPN Firewall Router CD ROM containing the online ma...

Page 8: ...LAN Wireless Router only Lit green when the wireless connection is established Flashes when sending receiving data 8 9 Phone 1X 2X RJ 11 connector Lit green when the phone is off hook 10 LINE Router with LINE port only Lit when the inbound and outbound calls transmitted through PSTN 12 VoIP Port 1X 2X RJ 11 connector Lit when the SIP Registration is OK Green for Phone 1 Orange for Phone 2 13 ADSL ...

Page 9: ...reset the device 6 seconds above and power off power on the device restore to factory default settings this is used when you can not login to the router e g forgot the password 4 LAN 1X 4X RJ 45 connector Connect a UTP Ethernet cable Cat 5 or Cat 5e to one of the four LAN ports when connecting to a PC or an office home network of 10Mbps or 100Mbps 5 Phone 1X 2X RJ 11 connector Connect RJ 11 cable ...

Page 10: ...proper cables Ensure that all other devices connected to the same telephone line as your router e g telephones fax machines analogue modems have a line filter connected between them and the wall socket unless you are using a Central Splitter or Central Filter installed by a qualified and licensed electrician and ensure that all line filters are correctly installed and the right way around Missing ...

Page 11: ... must be in the same subnet and have an IP address in the range of 192 168 1 1 to 192 168 1 253 The best and easiest way is to configure the PC to get an IP address automatically from the router using DHCP If you encounter any problems accessing the router s web interface it may also be advisable to uninstall any kind of software firewall on your PCs as they can cause problems accessing the 192 16...

Page 12: ... telephone ADSL network 2 Power on the device 3 Make sure the PWR and SYS LEDs are lit steadily and that the LAN LED is lit 4 Connect an RJ11 cable to VoIP port when connecting to an analog phone set 5 Connect RJ 11 cable to LINE Port when connecting to the telephone wall jack Connect more computers Analog Phone ADSL Splitter ADSL Phone Line Switching HUB ...

Page 13: ...on See Figure 3 1 3 In the LAN Area Connection Status window click Properties See Figure 3 2 4 Select Internet Protocol TCP IP and click Properties See Figure 3 3 5 Select the Obtain an IP address automatically and Obtain DNS server address automatically radio buttons See Figure 3 4 6 Click OK to finish the configuration Figure 3 1 LAN Area Connection Figure 3 2 LAN Connection Status Figure 3 3 TC...

Page 14: ...ion See Figure 3 5 3 In the LAN Area Connection Status window click Properties See Figure 3 6 4 Select Internet Protocol TCP IP and click Properties See Figure 3 7 5 Select the Obtain an IP address automatically and Obtain DNS server address automatically radio buttons See Figure 3 8 6 Click OK to finish the configuration Figure 3 5 LAN Area Connection Figure 3 6 LAN Connection Status Figure 3 7 T...

Page 15: ...IP NE2000 Compatible or the name of any Network Interface Card NIC in your PC See Figure 3 9 3 Click Properties 4 Select the IP Address tab In this page click the Obtain an IP address automatically radio button See Figure 3 10 5 Then select the DNS Configuration tab See Figure 3 11 6 Select the Disable DNS radio button and click OK to finish the configuration Figure 3 9 TCP IP Figure 3 10 IP Addre...

Page 16: ... Go to Start Settings Control Panel In the Control Panel double click Network and choose the Protocols tab 2 Select TCP IP Protocol and click Properties See Figure 3 12 3 Select the Obtain an IP address from a DHCP server radio button and click OK See Figure 3 13 Figure 3 12 TCP IP Figure 3 13 IP Address ...

Page 17: ...e PPPoE DHCP server DHCP server is enabled Start IP Address 192 168 1 100 IP pool counts 100 LAN and WAN Port Addresses The parameters of LAN and WAN ports are pre set in the factory The default values are shown below LAN Port WAN Port IP address 192 168 1 254 Subnet Mask 255 255 255 0 DHCP server function Enabled IP addresses for distribution to PCs 100 IP addresses continuing from 192 168 1 100 ...

Page 18: ...t manually PPPoA VPI VCI VC based LLC based multiplexing Username Password and Domain Name System DNS IP address it can be automatically assigned by your ISP when you connect or be set manually RFC1483 Bridged VPI VCI VC based LLC based multiplexing to use Bridged Mode RFC1483 Routed VPI VCI VC based LLC based multiplexing IP address Subnet mask Gateway address and Domain Name System DNS IP addres...

Page 19: ...wser enter the IP address of your router which by default is 192 168 1 254 and click Go a user name and password window prompt will appear The default username and password are admin and admin See Figure 3 14 Figure 3 14 User name Password Prompt Widonw Congratulation You are now successfully logon to the VoIP ADSL Router ...

Page 20: ...able PPTP Status IPSec Status L2TP Status Only the 7404VGO has VPN features Email Status VoIP Status Event Log Error Log NAT SessioTPns Diagnostic and UPnP Portmap Quick Start Configuration LAN WAN System Firewall VPN Only the 7404VGO has VPN features VoIP QoS Virtual Server Time Schedule and Advanced Save Config to FLASH Language provides user interface in English and French languages Please see ...

Page 21: ...rewall section of this manual for more information on this feature IP Address A list of IP addresses of devices on your LAN Local Area Network MAC Address The MAC Media Access Control addresses for each device on your LAN Interface The interface name on the router that this IP Address connects to Static Static status of the ARP table entry no for dynamically generated ARP table entries yes for sta...

Page 22: ...ination netmask address Gateway Interface The IP address of the gateway or existing interface that this route will use Cost The number of hops counted as the cost of the route RIP Routing Table Destination The IP address of the destination network Netmask The destination netmask address Gateway The IP address of the gateway that this route will use Cost The number of hops counted as the cost of th...

Page 23: ...ess that assigned to client MAC Address The MAC address of client Client Host Name The Host Name Computer Name of client Expiry The current lease time of client Expired Table Please refer the Leased Table Permanent Table Name The name you assigned to the Permanent configuration IP Address The fixed IP address for the specify client MAC Address The MAC Address that you want to assign the fixed IP a...

Page 24: ...cted If the Call for this VPN entry is currently connected Encryption The encryption type used for this VPN connection IPSec Status Only the 7404VGO has VPN features This shows details of your configured IPSec VPN Connections Name The name you assigned to the particular VPN entry Active Whether the VPN Connection is currently Active Connection State Whether the VPN is Connected or Disconnected Sta...

Page 25: ... dial in dial out Enable Whether the connection is currently enabled Active Whether the connection is currently active Tunnel Connected Whether the VPN Tunnel is currently connected Call Connected If the Call for this VPN entry is currently connected Encryption The encryption type used for this VPN connection Email Status Details and status for the Email Account you have configured the router to c...

Page 26: ...h as when the router s ADSL connection is disconnected as well as Firewall events when you have enabled Intrusion or Blocking Logging in the Configuration Firewall section of the interface Please see the Firewall section of this manual for more details on how to enable Firewall logging Error Log Any errors encountered by the router e g invalid names given to entries are logged to this window NAT S...

Page 27: ...e WAN Internet connection If PING www google com is shown FAIL and the rest is PASS you ought to check your PC s DNS settings is set correctly UPnP Portmap The section lists all port mapping established using UPnP Universal Plug and Play Please see the Advanced section of this manual for more details on UPnP and the router s UPnP configuration options 26 ...

Page 28: ...VoIP 802 11g ADSL2 VPN Firewall Router Chapter 4 Configuration 27 ...

Page 29: ...tional you have the option to provide specific DNS as your desire or check the Enable box to get the DNS automatically from your ISP Your ISP will be able to supply all the details you need alternatively if you have deleted the current WAN Connection in the WAN ISP section of the interface you can use the router s PVC Scan feature to attempt to determine the Encapsulation types offered by your ISP...

Page 30: ...Configuration Select the desired option from the list and click Apply to return to the Quick Start interface to continue configuring your ISP connection Please note that the contents of this list will vary depending on what is supported by your ISP 29 ...

Page 31: ...eless Client Filter Port Setting and DHCP Server Bridge Interface You can setup member ports for each VLAN group under Bridge Interface section From the example two VLAN groups need to be created Ethernet P1 Port 1 Ethernet1 P2 P3 and P4 Port 2 3 4 Please uncheck P2 P3 P4 from Ethernet VLAN port first Note You should setup each VLAN group with caution Each Bridge Interface is arranged in this orde...

Page 32: ... Specify an IP address on this virtual interface SubNetmask Specify a subnet mask on this virtual interface Security Interface Specify the firewall setting on this virtual interface Internal The network is behind NAT All traffic will do network address translation when sending out to Internet if NAT is enabled External There is no NAT on this IP interface and connected to the Internet directly Mos...

Page 33: ... set to Disable Allowed check to authorize specific device accessing your LAN by insert the MAC Address in the space provided or click Make sure your PC s MAC is listed Blocked check to prevent unwanted device accessing your LAN by insert the MAC Address in the space provided or click Make sure your PC s MAC is not listed The maximum client is 16 The MAC addresses are 6 bytes long they are present...

Page 34: ...AN displays a list of individual Ethernet device s IP Address MAC Address which connecting to the router You can easily by checking the box next to the IP address to be blocked or allowed Then Add to insert to the Ethernet Client Filter table The maximum Ethernet client is 16 33 ...

Page 35: ...ur wireless clients have exactly the ESSID as the device in order to get connected to your network Note It is case sensitive and must not excess 32 characters ESSID Broadcast It is function in which transmits its ESSID to the air so that when wireless client searches for a network router can then be discovered and recognized Default setting is Enable Disable If you do not want broadcast your ESSID...

Page 36: ...s client device is required to bridge between two access points and extending an existing wired or wireless infrastructure network to create a larger network In addition WDS enhances its link connection security in WEP mode WEP key encryption must be the same for both access points WDS Service The default setting is Disable Check Enable radio button to activate this function Peer WDS MAC Address I...

Page 37: ...ed Key The key for network authentication The input format is in character style and key size should be in the range between 8 and 63 characters Group Key Renewal The period of renewal time for changing the security key automatically between wireless client and Access Point AP Default value is 600 seconds Idle Timeout The default idle timeout is 3600 seconds A Timeout value base on the case of no ...

Page 38: ...ithm in WEP64 or WEP128 You can input the same string in both the AP and Client card settings to generate the same WEP keys Please note that you do not have to enter Key 0 3 as below when the Passphrase is enabled Default Used WEP Key Select the encryption key ID please refer to Key 0 3 below Key 0 3 Enter the key to encrypt wireless data To allow encrypted data transmission the WEP Encryption Key...

Page 39: ...y insert the MAC Address in the space provided or click Make sure your PC s MAC is listed Blocked check to prevent unwanted device accessing the LAN by insert the MAC Address in the space provided or click Make sure your PC s MAC is not listed The maximum client is 16 The MAC addresses are 6 bytes long they are presented only in hexadecimal characters The number 0 9 and letters a f are acceptable ...

Page 40: ...0M full duplex 100M half duplex or 100M full duplex Sometimes there are Ethernet compatibility problems with legacy Ethernet devices and you can configure different types to solve compatibility issues The default is Auto which users should keep unless there are specific problems with PCs not being able to access your LAN IPv4 TOS priority Control Advanced users TOS Type of Services is the 2nd octe...

Page 41: ...nfigure parameters of the DHCP Server including the IP pool starting IP address and ending IP address to be allocated to PCs on your network lease time for each assigned IP address the period of time the IP address assigned will be valid DNS IP address and the gateway IP address These details are sent to the DHCP client i e your PC when it requests an IP address from the DHCP server Click Apply to...

Page 42: ...ut other parameters as below If your ISP does not use PPPoE you can change the default WAN connection entry by clicking Change Some of ISP may provide more service via different WAN connection In case you can create more connections by clicking Create The device can support maximum up to 8 WAN connections Note The application of multiple WAN connections is depend on your Service Provider A simpler...

Page 43: ...get an IP address from the Internet Service Provider ISP automatically or not Please click Obtain an IP address automatically via DHCP client to enable the DHCP client function or click Specify an IP address to disable the DHCP client function and specify the IP address manually Your ISP specifies the setting of this item RIP RIP v1 RIP v2 and RIP v2 Multicast Check to enable RIP function MTU Maxi...

Page 44: ...gh this connection all traffic or only VLAN tagged Filter Type Specify the type of ethernet filtering performed by the named bridge interface All Allows all types of ethernet packets through the port Ip Allows only IP ARP types of ethernet packets through the port Pppoe Allows only PPPoE types of ethernet packets through the port PVID for Untagged Frames PVID is known as Port VLAN Identifier When ...

Page 45: ...net directly the NAT function can be disabled Username Enter the username provided by your ISP You can input up to 128 alphanumeric characters case sensitive This will usually be in the format of username ispname instead of simply username Password Enter the password provided by your ISP You can input up to 128 alphanumeric characters case sensitive IP Address Specify an IP address allowed to logo...

Page 46: ...ternet Protocol Control Protocol negotiation is completed If set to enabled a route will be created which directs packets to the remote end of the PPP link Specific Route Specifies whether the route created when a PPP link comes up is a specific or default route If set to enabled the route created will only apply to packets for the subnet at the remote end of the PPP link The address of this subne...

Page 47: ...HCP server Discover Primary NBNS Discover Secondary NBNS This setting enables disables whether the primary secondary NBNS server address is requested from a remote PPP peer using IPCP The default setting for this command is disabled Discover Subnet Mask Specifies if the subnet mask given by IPCP negotiation process is to be used Give Subnet Mask To DHCP Server Enable to change your DHCP Server set...

Page 48: ...tomatically or not Please click Obtain an IP address automatically via DHCP client to enable the DHCP client function or click Specify an IP address to disable the DHCP client function and specify the IP address manually Your ISP specifies the setting of this item RIP RIP v1 RIP v2 and RIP v2 Multicast Check to enable RIP function MTU Maximum Transmission Unit The size of the largest datagram excl...

Page 49: ...rovided by your ISP You can input up to 128 alphanumeric characters case sensitive This will usually be in the format of username ispname instead of simply username Password Enter the password provided by your ISP You can input up to 128 alphanumeric characters case sensitive Service Name This item is for identification purposes If it is required your ISP will provide you the information Maximum i...

Page 50: ...hrough the interface without requiring fragmentation MAC Address Spoofing Some ISP Internet Access Provider validates the ADSL connection by checking the MAC address of given router or your PC Ethernet adapter If you replace a new router or PC or PC Ethernet adapter your ISP may drop the ADSL connection because of false MAC address You can spoof the MAC address in order to get the ADSL connection ...

Page 51: ...P Internet Protocol Control Protocol IPCP can request a DNS server IP address for a remote PPP peer Once IPCP has discovered the DNS server IP address it automatically gives the address to the local DNS client so that a connection can be established Give DNS to DHCP Server Similar to the above but gives the DNS server address to the DHCP server Discover Primary NBNS Discover Secondary NBNS This se...

Page 52: ...P ATM Class The Quality of Service for ATM layer NAT The NAT Network Address Translation feature allows multiple users to access the Internet through a single ISP account sharing a single IP address If users on your LAN have public IP addresses and can access the Internet directly the NAT function can be disabled Username Enter the username provided by your ISP You can input up to 128 alphanumeric...

Page 53: ...l be examined If a TCP SYN synchronize start segment is sent with a maximum segment size larger than the interface MTU Maximum Transmission Unit the MSS option will be rewritten in order to allow TCP traffic to pass through the interface without requiring fragmentation Advanced Options PPPoE LLC Header Selects encapsulation mode true for using LLC or false for using VC Mux Create Route This settin...

Page 54: ...ce IPCP has discovered the DNS server IP address it automatically gives the address to the local DNS client so that a connection can be established Give DNS to DHCP Server Similar to the above but gives the DNS server address to the DHCP server Discover Primary NBNS Discover Secondary NBNS This setting enables disables whether the primary secondary NBNS server address is requested from a remote PP...

Page 55: ...member the DNS converts the friendly name into its equivalent IP Address You can obtain a Domain Name System DNS IP address automatically if your ISP has provided it when you logon check the Enable box Usually when you choose PPPoE or PPPoA as your WAN ISP protocol the ISP will provide the DNS IP address automatically You may leave the configuration field blank Alternatively your ISP may provide y...

Page 56: ...nations Activate Line Aborting false your ADSL line and making it active true again for taking effect with setting of Connect Mode Coding Gain Configure the ADSL coding gain from 0 dB to 7dB or automatic Tx Attenuation Setting ADSL transmission gain the value is between 0 12 DSP FirmwareVersion Current ADSL line code firmware version Connected Display current ADSL line sync status Operational Mode...

Page 57: ...ect the transmission error Latency It includes two channels Fast and Interleaved It displays the channel adapted by your ISP Capability There are more combinational ADSL modulation modes to be selected A ADSL connection will be limited to ADSL1 only BIS ADSL connection will be limited to ADSL2 only If you are ADSL1 subscriber DO NOT select this option BIS T1413 ADSL connection will be limited to A...

Page 58: ...er you have specified If you prefer to specify an SNTP server other than those in the list simply enter its IP address as shown above Your ISP may provide an SNTP server for you to use Daylight Saving is also known as Summer Time Period Many places in the world adapt it during summer time to move one hour of daylight from morning to the evening in local standard time Check Automatic box to auto se...

Page 59: ...t a time period the router will permit remote access for and click Enable You may change other configuration options for the web administration interface using Device Management options in the Advanced section of the GUI If you wish to permanently enable remote access choose a time period of 0 minutes This setting cannot be saved into flash when timer set to zero 58 ...

Page 60: ...software may be improved and modified and your router allows you to upgrade the software it runs to take advantage of these changes Clicking on Browse will allow you to select the new firmware image file you have downloaded to your PC Once the correct file is selected click Upgrade to update the firmware in your router 59 DO NOT power down the router or interrupt the firmware upgrading while it is...

Page 61: ...ant changes to your router s configuration Press Backup to select where on your local PC to save the settings file You may also change the name of the file when saving if you wish to keep multiple backups Press Browse to select a file from your PC to restore You should only restore settings files that have been generated by the Backup function and that were created when using the current version o...

Page 62: ...u wish to restart the router using the factory default settings for example after a firmware upgrade or if you have saved an incorrect configuration select Factory Default Settings to reset to factory default settings You may also reset your router to factory settings by holding the small Reset pinhole button on the back of your router in for 10 12 seconds whilst the router is turned on 61 ...

Page 63: ... clicked on Edit you are shown the following options You can change the user s password whether their account is active and Valid as well as add a comment to each user account These options are the same when creating a user account with the exception that once created you cannot change the username You cannot delete the default admin account however you can delete any other created accounts by cli...

Page 64: ...acker to target a machine on your network This natural firewall is on when NAT function is enabled 63 When using Virtual Servers your PCs will be exposed to the degree specified in your Virtual Server settings provided the ports specified are opened in your firewall packet filter settings Firewall Security and Policy General Settings Inbound direction of Packet Filter rules to prevent unauthorized...

Page 65: ... in Port Filters of Packet Filter Select either High Medium or Low security level to enable the Firewall The only difference between these three security levels is the preset port filter rules in the Packet Filter Firewall functionality is the same for all levels it is only the list of preset port filters that changes between each setting For more detailed on level of preset port filter informatio...

Page 66: ...ilable when the Firewall is enabled and one of these four security levels is chosen All blocked High Medium and Low The predefined port filter rules in the Packet Filter must modify accordingly to the level of Firewall which is selected See Table1 Predefined Port Filter for more detailed information 65 ...

Page 67: ...P 17 53 53 NO YES NO YES YES YES DNS 53 TCP 6 53 53 NO YES NO YES YES YES FTP 21 TCP 6 21 21 NO NO NO YES NO YES Telnet 23 TCP 6 23 23 NO NO NO YES NO YES SMTP 25 TCP 6 25 25 NO YES NO YES NO YES POP3 110 TCP 6 110 110 NO YES NO YES NO YES NEWS 119 Network News Transfer Protocol TCP 6 119 119 NO NO NO YES NO YES RealAudio RealVideo 7070 UDP 17 7070 7070 NO NO YES YES YES YES PING ICMP 1 N A N A NO...

Page 68: ...he traffic to or form set IP address and Subnet Mask to 0 0 0 0 to inactive the Address Filter rule Tip To block access to from a single IP address enter that IP address as the Host IP Address and use a Host Subnet Mask of 255 255 255 255 Type It is the packet protocol type used by the application select either TCP or UDP Source Port This Port or Port Ranges defines the port allowed to be used by ...

Page 69: ...ing predefined rules Time Schedule It is self defined time period You may specify a time schedule for your prioritization policy For setup and detail refer to Time Schedule section Protocol Number Insert the port number i e GRE 47 Inbound Outbound Select Allow or Block the access to the Internet Outbound or from the Internet Inbound Click Apply button to apply your changes 68 ...

Page 70: ...m or low security level To setup a web server located on the local network when the firewall is enabled you have to configure the Port Filters setting for HTTP As you can see from the diagram below when the firewall is enabled with one of the three presets Low Medium High inbound HTTP access is not allowed which means remote access through HTTP to your router is not allowed Note Inbound indicates ...

Page 71: ...2 Click Delete to delete the existing HTTP rule 3 Click Add TCP UDP Filter Click Add TCP UDP Filter 4 Input the Rule Name Time Schedule Source Destination IP Type Source Destination Port Inbound and Outbound Example Application Cindy_HTTP Time Schedule Always On Source Destination IP Address es 0 0 0 0 I do not wish to active the address filter instead I use the port filter Type TCP Please refer t...

Page 72: ...hown below 7 Configure your Virtual Server port forwarding settings so that incoming HTTP requests on port 80 will be forwarded to the PC running your web server Note For how to configure the HTTP in Virtual Server go to Add Virtual Server in Virtual Server section for more details Intrusion Detection 71 ...

Page 73: ...Smurf attack attempts Default is false Block Duration Victim Protection Block Duration This is the duration for blocking Smurf attacks Default value is 600 seconds Scan Attack Block Duration This is the duration for blocking hosts that attempt a possible Scan attack Scan attack types include X mas scan IMAP SYN FIN scan and similar attempts Default value is 86400 seconds DoS Attack Block Duration ...

Page 74: ...nd CharGen Port Yes Yes Echo Scan UDP Dst Port Echo 7 Src IP Scan Yes Yes CharGen Scan UDP Dst Port CharGen 19 Src IP Scan Yes Yes X mas Tree Scan TCP Flag X mas Src IP Scan Yes Yes IMAP SYN FIN Scan TCP Flag SYN FIN DstPort IMAP 143 SrcPort 0 or 65535 Src IP Scan Yes Yes SYN FIN RST ACK Scan TCP No Existing session And Scan Hosts more than five Src IP Scan Yes Yes Net Bus Scan TCP No Existing ses...

Page 75: ...Action is enabled URL filter rules will be monitoring and checking at all hours of the day TimeSlot1 TimeSlot16 It is self defined time period You may specify the time period to check the URL filter rules i e during working hours For setup and detail refer to Time Schedule section Keywords Filtering Allows blocking by specific keywords within a particular URL rather than having to specify a comple...

Page 76: ...o the remote web server 2 If not check if it is listed in the forbidden list and if present then the connection attempt is dropped 3 If the packet does not match either of the above two items it is sent to the remote web server 4 Please be note that the domain only should be specified not the full URL For example to block traffic to www sex com enter sex or sex com instead of www sex com In the ex...

Page 77: ...ables all WEB traffic except for Trusted Domain BUT not its IP address If this is the situation Block surfing by IP address function can be handy and helpful to Andy Now Andy can prevent Bobby from accessing other sites Block Java Applet This function can block Web content that includes the Java Applet It is to prevent someone who wants to damage your system via standard HTTP protocol Block surfin...

Page 78: ... Chapter 4 Configuration Firewall Log Firewall Log display log information of any unexpected action with your firewall settings Check the Enable box to activate the logs Log information can be seen in the Status Event Log after enabling 77 ...

Page 79: ...upported Remote Access and LAN to LAN please refer below for more information Click Create to configure a new VPN connection After you have created PPTP connection account status will be displayed See example above Enable Disable This function activates or deactivates the PPTP connection To wish interrupting the tunnel check Disable radio button and click Apply button to deactivate the connection ...

Page 80: ...hentication type to use or else manually specify CHAP Challenge Handshake Authentication Protocol or PAP Password Authentication Protocol if you know which type the server is using when acting as a client or else the authentication type you want clients connecting to you to use when acting as a server When using PAP the password is sent unencrypted whilst CHAP encrypts the password before sending ...

Page 81: ...tion Idle Time Auto disconnect the VPN connection when there is no activity on the connection for a predetermined period of time 0 means this connection is always on Active as default route Enables the default route Click Apply button to apply your changes 80 ...

Page 82: ...ur own password PPP Authentication Type Default is Auto if you want the router to determine the authentication type to use or else manually specify CHAP Challenge Handshake Authentication Protocol or PAP Password Authentication Protocol if you know which type the server is using when acting as a client or else the authentication type you want clients connecting to you to use when acting as a serve...

Page 83: ...teful mode If you select Stateless mode the key will be changed in each packet Idle Time Auto disconnect the VPN connection when there is no activity on the connection for a predetermined period of time 0 means this connection is always on Click Apply button to apply your changes 82 ...

Page 84: ...es the IPSec connection To wish interrupting the tunnel check Disable radio button and click Apply button to deactivate the connection Name This is the user defined name of the connection Local Subnet Displays IP address and subnet of the local network Remote Subnet Displays IP address and subnet of the remote network Remote Gateway This is the IP address or Domain Name of the remote VPN device th...

Page 85: ...e Secure Gateway Address or Domain Name The IP address or hostname of the remote VPN device that is connected and establishes a VPN tunnel Network Set the IP address subnet or address range of the remote network Proposal Select the IPSec security method There are two methods of checking the authentication information AH authentication header and ESP Encapsulating Security Payload Use ESP for great...

Page 86: ...e Hellman public key cryptography to change encryption keys during the second phase of VPN negotiation This function will provide better security but extends the VPN negotiation time Diffie Hellman is a public key cryptography protocol that allows two parties to establish a shared secret over an unsecured communication channel i e over the Internet There are three modes MODP 768 bit MODP 1024 bit ...

Page 87: ...thm which coverts any length of a message into a unique set of bits It is widely used MD5 Message Digest and SHA 1 Secure Hash Algorithm algorithms SHA1 is more resistant to brute force attacks than MD5 however it is slower MD5 A one way hashing algorithm that produces a 128 bit hash SHA1 A one way hashing algorithm that produces a 160 bit hash Encryption Select the encryption method from the pull...

Page 88: ...s used by IKE Phase 1 IKE To issue an initial connection request for a new VPN tunnel The range can be from 5 to 15 000 minutes and the default is 240 minutes Phase 2 IPSec To negotiate and establish secure authentication The range can be from 5 to 15 000 minutes and the default is 60 minutes A short SA time increases security by forcing the two parties to update the keys However every time the VP...

Page 89: ...is the NO Response time clock When no traffic stage time is beyond the Disconnection time set Router will automatically halt the tunnel connection and re establish it base on the Reconnection Time set Default setting is 1200 seconds 180 seconds is minimum time interval for this function Reconnection Time It is the reconnecting time interval after NO TRAFFIC is initiated Default setting is 15 minut...

Page 90: ...created L2TP connection account status will be displayed See example above Enable Disable This function activates or deactivates the L2TP connection To wish interrupting the tunnel check Disable radio button and click Apply button to deactivate the connection Name This is the user defined name of the connection Type This refers to your router operates as a client or a server Dialout or Dialin in r...

Page 91: ...ient enter the password provided by your Host If you are a Dial In user server enter your own password PPP Authentication Type Default is Auto if you want the router to determine the authentication type to use or else manually specify CHAP Challenge Handshake Authentication Protocol or PAP Password Authentication Protocol if you know which type the server is using when acting as a client or else t...

Page 92: ...ol that allows two parties to establish a shared secret over an unsecured communication channel i e over the Internet There are three modes MODP 768 bit MODP 1024 bit and MODP 1536 bit MODP stands for Modular Exponentiation Groups Pre shared Key This is for the Internet Key Exchange IKE protocol a string from 4 to 128 characters Both sides should use the same key IKE is used to establish a shared ...

Page 93: ... user client enter the username provided by your Host If you are a Dial In user server enter your own username Password If you are a Dial Out user client enter the password provided by the your Host If you are a Dial In user server enter your own password PPP Authentication Type Default is Auto if you want the router to determine the authentication type to use or else manually specify CHAP Challen...

Page 94: ... the VPN negotiation time Diffie Hellman is a public key cryptography protocol that allows two parties to establish a shared secret over an unsecured communication channel i e over the Internet There are three modes MODP 768 bit MODP 1024 bit and MODP 1536 bit MODP stands for Modular Exponentiation Groups Pre shared Key This is for the Internet Key Exchange IKE protocol a string from 4 to 128 char...

Page 95: ...uring a Remote Access PPTP VPN Dial in Connection A remote worker establishes a PPTP VPN connection with the head office using Microsoft s VPN Adapter included with Windows 2000 ME etc The router is installed in the head office connected to a couple of PCs and Servers Dial in 94 ...

Page 96: ... Assigned to Dialing User 192 168 1 200 An assigned IP address for the remote worker Username username 3 Password 123456 Input username password to authenticate remote worker Auth Type Chap Auto Data Encryption Auto Key Length Auto 4 Mode stateful Keep as default value in most of the cases PPTP server client will determine the value automatically Refer to manual for details if you want to change t...

Page 97: ...on Example Configuring a Remote Access PPTP VPN Dial out Connection A company s office establishes a PPTP VPN connection with a file server located at a separate location The router is installed in the office connected to a couple of PCs and Servers Dial out 96 ...

Page 98: ... Server IP Address or Hostname 69 121 1 33 An Dialed server IP Username username 3 Password 123456 A given username password Auth Type Chap Auto Data Encryption Auto Key Length Auto 4 Mode stateful Keep as default value in most of the cases PPTP server client will determine the value automatically Refer to manual for details if you want to change the setting 5 Idle Time 0 The connection will be di...

Page 99: ...PTP VPN Connection The branch office establishes a PPTP VPN tunnel with head office to connect two private networks over the Internet The routers are installed in the head office and branch office accordingly Both office LAN networks MUST in different subnet with LAN to LAN application Attention 98 ...

Page 100: ...192 168 1 200 IP address assigned to branch office network Peer Network IP 192 168 0 0 Branch office network 3 Netmask 255 255 255 0 Username username 4 Password 123456 Input username password to authenticate branch office network Auth Type Chap Auto Data Encryption Auto Key Length Auto 5 Mode stateful Keep as default value in most of the cases PPTP server client will determine the value automatic...

Page 101: ... Dial out 2 Server IP Address or Hostname 69 121 1 33 IP address of the head office router in WAN side Peer Network IP 192 168 1 0 3 Netmask 255 255 255 0 Head office network Username username 4 Password 123456 Input username password to authenticate branch office network Auth Type Chap Auto Data Encryption Auto Key Length Auto 5 Mode stateful Keep as default value in most of the cases PPTP server...

Page 102: ... IP 69 1 121 30 69 1 121 3 Remote Network ID 192 168 1 0 24 192 168 0 0 24 Remote Router IP 69 1 121 3 69 1 121 30 IKE Pre shared Key 12345678 12345678 VPN Connection Type Tunnel mode Tunnel mode Security Algorithm ESP MD5 with AES ESP MD5 with AES Both office LAN networks MUST in different subnet with LAN to LAN application Functions of Pre shared Key VPN Connection Type and Security Algorithm MU...

Page 103: ... Subnet radio button IP Address 192 168 1 0 2 Netmask 255 255 255 0 Head office network 3 Secure Gateway Address or Hostname 69 121 1 30 IP address of the head office router in WAN side Subnet Check Subnet radio button IP Address 192 168 0 0 4 Netmask 255 255 255 0 Branch office network ESP Check ESP radio button Authentication MD5 Encryption 3DES Prefer Forward Security None 5 Pre shared Key 1234...

Page 104: ...eck Subnet radio button IP Address 192 168 0 0 2 Netmask 255 255 255 0 Branch office network 3 Secure Gateway Address or Hostname 69 121 1 3 IP address of the head office router in WAN side Subnet Check Subnet radio button IP Address 192 168 1 0 4 Netmask 255 255 255 0 Head office network ESP Check ESP radio button Authentication MD5 Encryption 3DES Prefer Forward Security None 5 Pre shared Key 12...

Page 105: ...VoIP 802 11g ADSL2 VPN Firewall Router Chapter 4 Configuration Example Configuring a IPSec Host to LAN VPN Connection 104 ...

Page 106: ... Check Subnet radio button IP Address 192 168 1 0 2 Netmask 255 255 255 0 Head office network 3 Secure Gateway Address or Hostname 69 121 1 30 IP address of the head office router in WAN side Single Address Check Single Address radio button 4 IP Address 69 121 1 30 Remote worker s IP address ESP Check ESP radio button Authentication MD5 Encryption 3DES Prefer Forward Security None 5 Pre shared Key...

Page 107: ...mple Configuring a L2TP VPN Remote Access Dial in Connection A remote worker establishes a L2TP VPN connection with the head office using Microsoft s VPN Adapter included with Windows XP 2000 ME etc The router is installed in the head office connected to a couple of PCs and Servers Dial in 106 ...

Page 108: ...P Address Assigned to Dialing User 192 168 1 200 An assigned IP address for the remote worker Username username 3 Password 123456 Input username password to authenticate remote worker 4 Auth Type Chap Auto Keep as default value in most of the cases 5 Idle Timeout 0 The connection will be disconnected when there Is no traffic in a predefined period of time Idle time 0 means the connection is always...

Page 109: ...act Information Example Configuring a Remote Access L2TP VPN Dial out Connection A company s office establishes a L2TP VPN connection with a file server located at a separate location The router is installed in the office connected to a couple of PCs and Servers Dial out 108 ...

Page 110: ... 1 33 An Dialed server IP Username username 3 Password 123456 A given username password 4 Auth Type Chap Auto Keep as default value in most of the cases 5 Idle Timeout 0 The connection will be disconnected when there Is no traffic in a predefined period of time Idle time 0 means the connection is always on IPSec Enable for enhancing your L2TP VPN security Authentication MD5 Encryption 3DES Perfect...

Page 111: ...duct Support and Contact Information Example Configuring your Router to Dial in to the Server Currently Microsoft Windows operation system does not support L2TP incoming service Additional software may be required to set up your L2TP incoming service 110 ...

Page 112: ...shes a L2TP VPN tunnel with head office to connect two private networks over the Internet The routers are installed in the head office and branch office accordingly Both office LAN networks MUST in different subnet with LAN to LAN application Functions of Pre shared Key VPN Connection Type and Security Algorithm MUST BE identically set up on both sides Attention 111 ...

Page 113: ...ing User 192 168 1 200 IP address assigned to branch office network Peer Network IP 192 168 0 0 Branch office network 3 Netmask 255 255 255 0 Username username 4 Password 123456 Input username password to authenticate branch office network 5 Auth Type Chap Auto Keep as default value in most of the cases 6 Idle Timeout 0 The connection will be disconnected when there Is no traffic in a predefined p...

Page 114: ...heck Dial out 2 Server IP Address or Hostname 69 121 1 33 IP address of the head office router in WAN side Peer Network IP 192 168 1 0 3 Netmask 255 255 255 0 Head office network Username username 4 Password 123456 Input username password to authenticate branch office network 5 Auth Type Chap Auto Keep as default value in most of the cases 6 Idle Timeout 0 The connection will be disconnected when ...

Page 115: ... PSTN Public Switched Telephone Network It is not only cost effective especially for a long distance telephone charges but also toll quality voice calls over the Internet After completing VoIP configuration remember to apply the changes SAVE CONFIG and restart to activate your VoIP Attention There are six items within the VoIP section Wizard General Settings Phone Port PSTN Dial Plan VoIP Dial Pla...

Page 116: ...ally displayed Select Profile It allows you to select a desired SIP provider whom is not defined already in the SIP Service Provider You may manually setup the SIP accounts by entering SIP information to User defined Profile See below for details Phone Number This parameter holds the registration ID of the user within the SIP registrar Authentication Username If the username is same as the Phone N...

Page 117: ...n Realm Set different domain name for the SIP proxy server Outbound Proxy Address Indicate the SIP outbound proxy server IP address This parameter is very useful when VoIP device is behind a NAT Outbound Proxy Port Specify the port of the SIP outbound proxy on which it will listen for messages Phone Number This parameter holds the registration ID of the user within the SIP registrar Authentication...

Page 118: ...fault is set to Enable Echo Cancellation G 168 echo canceller is an ITU T standard It is used for isolating the echo while you are on the phone This helps you not to hear much of your own voice reflecting on the phone while you talk Default is set to Enable RTP Port Provide the based value from the media RTP ports that are assigned for various endpoints and the different call sessions that may exi...

Page 119: ...filed of Phone Number Authentication Username and Authentication Password 2 In Wizard Section click Apply button to apply the settings 3 In General Settings make sure general SIP information are correctly inserted 4 In General Settings click Apply button to apply the settings 5 In General Settings click Synch Now button to register the account s with your SIP server Advanced Parameters VoIP throug...

Page 120: ...ung up To take your phone OFFHOOK lift the receiver then press Hook Flash until you hear your normal PSTN dialtone not your VoIP dialtone Wait several seconds and then press Check Level You should check the OFFHOOK value for each telephone you have connected to this device Set the OFFHOOK voltage to the lowest setting registered for all your telephones e g if your telephones return values of 4 5 a...

Page 121: ...your Phones Click Edit to update your phone information Login Account Configuration Phone Number This parameter holds the registration ID of the user within the SIP registrar Authentication Username Same as Phone Number Authentication Password This parameter holds the password used for authentication within SIP registrar Confirm Password Re enter the password for confirmation 120 ...

Page 122: ... is for you to store frequently used telephone numbers which you can press number from 0 to 9 and the pound sign to activate this function For example speed dial to phone number lists on 9 just press 9 then Your router will automatically call out to number listed on entry 9 Indicate remote user s IP address or domain name if this remote user does not register in the SIP server If remote user is re...

Page 123: ...it number is 15 Action Specify a dialing method you wish to make PSTN call s Dial with Prefix The dialed number with prefix will be sent call through the PSTN NOTE The actual dialed number of valid digits length requires matching in the Number of Digits filed Dial without Prefix The dialed number will be sent call through the PSTN without prefix NOTE The actual dialed number of valid digits length...

Page 124: ...VoIP 802 11g ADSL2 VPN Firewall Router Appendix A Product Support and Contact Information Digits filed 123 ...

Page 125: ...Prefix If you dial 9102 the number 102 will only be dialed out via FXO port to make a regular phone call 3 Dial at Timeout If you only dial 01223 7070 and no more numbers after the timeout activates 012237070 will be dialed to make a regular call via FXO port Even though 0707 only 4 digits does not match with number of digits 6 defined in the filed 7070 is still a valid phone number since it has n...

Page 126: ... Prefix If you only dial 7070 and no more numbers after the timeout activates 7070 will be dialed without prefix to make a regular call via FXO port Even though 0707 only 4 digits does not match with number of digits 6 defined in the filed 7070 is still a valid phone number since it has not exceed 6 digits 125 ...

Page 127: ...No Disturb on Your phone will not ring if someone calls 80 Do not Disturb OFF Dial 80 to set the No Disturb off Your will be able to hear ring tone when someone calls 90x Blind Call Transfer Dial 90 phone number to translate a call to a third party This feature is enabled by default x Speed Dial x 2 9 Refer to Phone Port section in the Web GUI Set up your Speed Dial phone book first before accessi...

Page 128: ...ng a call If Prefix is xxx delete it Prefix xxx is removed from the dialing numbers before making a call If Prefix is xxx replace with Prefix xxx is appended to the front of the dialing numbers when making a call No prefix No prefix is appended to the front of the dialing numbers It is set as in default settings Main Digit Sequence x Any numeric number between 0 and 9 period Repeat numeric number ...

Page 129: ...th is 3 Note No period is needed xxx Any number between 0 and 9 with variable length but no shorter than 3 digits Maximum length is 16 123x Any number 0 9 starting with 123 Maximum length is 16 x x x For example 124 x Any number 0 9 starting with 1 or 2 or 4 Maximum length is 16 x x x For example 1 3 x Any number 0 9 starting with number 1 to 3 Maximum length is 16 x x x x For example 9 4 6 8x Any...

Page 130: ...for local call 03 is always prepended in front of these number If 23295 are dialed 03 2 32935 is the actual phone number called out via localcheap com provider 2 Phone 1 For International calls I use longdischeap com that charges 0 05 per minute to all International long distance calls I set a dial rule 0 2456 x T LongdisCheap on my phone port 1 Longislcheap com is one of the VoIP providers I set ...

Page 131: ...call out 123 39 45678 for an mobile call 123 is replaced with 09 Therefore 09 39 45678 is the actual phone number called out via Mobilecheap com provider The Intelligent Call Gateway not only saves time from changing VoIP settings to different provider to make call get routed to specific gateway s automatically but also taking advantage of different call rate 130 ...

Page 132: ... The ring tone parameters are automatically displayed after entering a specific country If your country is not in the list you may manually create ring tone parameters Ring Parameters Ring Cadence in ms Ring cadence is defined by three fields Frequency On Time1 Off Time1 On Time2 Off Time2 and On Time3 Off Time3 Frequency is specified in Hertz Time is given in milliseconds Tone Parameters You may ...

Page 133: ...e and phone B does not ring 80 Set do not disturb off 74 x number Set the number for Speed dial code x where x is a number between 2 and 9 Note Where x is a number between 2 and 9 and number is the number to dial The code needed to dial a speeddial from a phone connected to a VoIP Router is x where x is a number between 2 and 9 The settings will infect to your setting in Speed Dial on WEB GUI 90 p...

Page 134: ...r each application from LAN Ethernet and or Wireless to WAN Internet It facilitates you to control the different quality and speed of through put for each application when the system is running with full loading of upstream You can find three items under the QoS section Prioritization and Outbound Inbound IP Throttling bandwidth management 133 ...

Page 135: ...y The priority given to each policy application Its default setting is set to High you may adjust this setting to fit your policy application Protocol The name of supported protocol Source Port The source port of packets to be monitored Destination Port The destination port of packets to be monitored Source IP Address Range The source IP address or range of packets to be monitored Destination IP a...

Page 136: ...000000 Premium Express Forwarding 101110 Gold service L Class 1 Gold 001010 Gold service M Class 1 Silver 001100 Gold service H Class 1 Bronze 001110 Silver service L Class 2 Gold 010010 Silver service M Class 2 Silver 010100 Silver service H Class 2 Bronze 010110 Bronze service L Class 3 Gold 011010 Bronze service M Class 3 Silver 011100 Bronze service H Class 3 Bronze 011110 135 ...

Page 137: ...er define description to identify this new policy application Time Schedule Scheduling your prioritization policy Refer to Time Schedule for more information Protocol The name of supported protocol Source Port The source port of packets to be monitored Destination Port The destination port of packets to be monitored Source IP Address Range The source IP address or range of packets to be monitored ...

Page 138: ...r define description to identify this new policy application Time Schedule Scheduling your prioritization policy Refer to Time Schedule for more information Protocol The name of supported protocol Source Port The source port of packets to be monitored Destination Port The destination port of packets to be monitored Source IP Address Range The source IP address or range of packets to be monitored D...

Page 139: ...am Normal PCs VoIP Restricted PC Information and Settings Upstream 928 kbps Downstream 8 Mbps VoIP User 192 168 1 1 Normal Users 192 168 1 2 192 168 1 5 Restricted User 192 168 1 100 0 100 200 300 400 500 kbps VoIP VPN HIGH Others NORMAL Restricted LOW Throughput VoIP VPN HIGH Others NORMAL Restricted LOW 138 ...

Page 140: ...l and the port number will be assigned by SIP module automatically Better to use fixed IP address for catching VoIP packets as high priority Above settings will help to improve quality of your VoIP service when traffic is full loading Restricted Application Some of companies will setup FTP server for customer downloading or home user sharing their files by using FTP With above settings that help t...

Page 141: ...andwidth The settings below help you to limit bandwidth for the restricted application Virtual Server Port Forwarding In TCP IP and UDP networks a port is a 16 bit number used to identify which application program usually a server incoming connections should be delivered to Some ports have numbers that are pre assigned to them by the IANA the Internet Assigned Numbers Authority and these are refer...

Page 142: ...er all traffic to the private IP addresses used by your PCs Please see the WAN configuration section of this manual for more information on NAT The device can be configured as a virtual server so that remote users accessing services such as Web or FTP services via the public WAN IP address can be automatically redirected to local servers in the LAN network Depending on the requested service TCP UD...

Page 143: ...ng predefined rules 20 predefined rules are available Click the Radio button to select the rule Application Protocol and External Redirect Ports will be filled after the selection Protocol It is the supported protocol for the virtual server In addition to specifying the port number to be used you will also need to specify the protocol used The protocol used is determined by the particular applicat...

Page 144: ...l Server function will hence be invalid If the DHCP server option is enabled you have to be very careful in assigning the IP addresses of the virtual servers in order to avoid conflicts The easiest way of configuring Virtual Servers is to manually assign static IP address to each virtual server PC with an address that does not fall into the range of IP addresses that are to be issued by the DHCP s...

Page 145: ... used by any other Virtual Server entries Cautious This Local computer exposing to the Internet may face varies of security risks Disabled As set in default setting it disables the DMZ function Enabled It activates your DMZ function Internal IP Address Give a static IP address to the DMZ Host when Enabled radio button is checked Be aware that this IP will be exposed to the WAN Internet Listed all ...

Page 146: ...ize these IP addresses NAT Type Select desired NAT type As set in default setting it disables the One to One NAT function Global IP Address Subnet The subnet of the public WAN IP address given by your ISP If your ISP has provided this information you may insert it here Otherwise use IP Range method IP Range The IP address range of your public WAN IP addresses For example IP 192 168 1 1 end IP 192 ...

Page 147: ...the virtual server In addition to specifying the port number to be used you will also need to specify the protocol used The protocol used is determined by the particular application Most applications will use TCP or UDP Global IP Define a public WAN IP address for this Application to use This Global IP address must be defined in the Global IP Address External Port The Port number on the Remote WAN...

Page 148: ...5 For further information please see IANA s website at http www iana org assignments port numbers For help on determining which private port numbers are used by common applications on this list please see the FAQs Frequently Asked Questions at http www billion com Table 5 Well known and registered Ports Port Number Protocol Description 20 TCP FTP Data 21 TCP FTP Control 22 TCP UDP SSH Remote Login...

Page 149: ...restrict or allowing the usage of the Internet by users or applications This Time Schedule correlates closely with router s time since router does not have a real time clock on board it uses the Simple Network Time Protocol SNTP to get the current time from an SNTP server from the Internet Refer to Time Zone for details You router time should correspond with your local time If the time is not set ...

Page 150: ...t will be shown ID This is the index of the time slot Name A user define description to identify this time portfolio Day The default is set from Monday through Friday You may specify the days for the schedule to be applied Start Time The default is set at 8 00 AM You may specify the start time of the schedule End Time The default is set at 18 00 6 00PM You may specify the end time of the schedule ...

Page 151: ...s within the Advanced section Static Route Dynamic DNS Check Email Device Management IGMP and VLAN Bridge Static Route Click on Routing Table and then choose Create Route add a routing table Destination This is the destination subnet IP address Netmask Subnet mask of the destination IP addresses based on above destination subnet IP Gateway This is the gateway IP address to which packets are to be ...

Page 152: ...sh an account with the Dynamic DNS provider using their website for example http www dyndns org There are more than 5 DDNS services supported Disable Check to disable the Dynamic DNS function Enable Check to enable the Dynamic DNS function The following fields will be activated and required Dynamic DNS Server Select the DDNS service you have established an account with Domain Name Username and Pas...

Page 153: ...mailing checking function The following fields will be activated and required Account Name Enter the name login of the POP3 account you wish to check Normally it is the text in your email address before the symbol If you have trouble with it please contact your ISP Password Enter the account s password POP3 Mail Server Enter your POP mail server name You Internet Service Provider ISP or network ad...

Page 154: ...le they are running a web server on a PC within their LAN Management IP Address You may specify an IP address allowed to logon and access the router s web server Setting the IP address to 0 0 0 0 will disable IP address restrictions allowing users to login from any IP address Expire to auto logout Specify a time frame for the system to auto logout the user s configuration session For Example User ...

Page 155: ...quired in order to utilize this function Simple Network Management Protocol SNMP V1 and V2 Read Community Specify a name to be identified as the Read Community and an IP address This community string will be checked against the string entered in the configuration file Once the string name is matched user obtains this IP address will be able to view the data Write Community Specify a name to be ide...

Page 156: ...group Interfaces group Address Translation group IP group ICMP group TCP group UDP group EGP not applicable Transmission SNMP group From RFC1650 EtherLike MIB dot3Stats From RFC 1493 Bridge MIB dot1dBase group dot1dTp group dot1dStp group if configured as spanning tree From RFC 1471 PPP LCP MIB pppLink group pppLqr group From RFC 1472 PPP Security MIB PPP Security Group 155 ...

Page 157: ...outer Chapter 4 Configuration From RFC 1473 PPP IP MIB PPP IP Group From RFC 1474 PPP Bridge MIB PPP Bridge Group From RFC1573 IfMIB ifMIBObjects Group From RFC1695 atmMIB atmMIBObjects From RFC 1907 SNMPv2 only snmpSetSerialNo OID 156 ...

Page 158: ...nced VLAN Setup Example Triply Play VLAN_data Ethernet Port 1 Wireless and Wireless WDS are reserving for Internet On Ethernet port 1 I also need VC 0 40 bridged VLAN_Vedio Ethernet ports 2 3 and 4 0 33 Bi directional IP 0 34 Video 0 35 Video 0 36 Video Subscriber Services EPG EAS etc 0 37 Video 0 38 Video 0 39 Spare Step 1 Setup Member Ports Go to Configuration LAN Bridge Interface You can setup ...

Page 159: ...n change the default WAN connection entry by clicking Change From the example 0 40 is used for data internet and assumes PPPoE is used click the Edit to change the VPI VCI to 0 40 Click Create to setup up additional WAN interface for video applications Total of 8 VLAN is support therefore only 8 WAN interfaces can be created in the table From the example PVC 0 33 to 0 39 is assigned for video usin...

Page 160: ...packets through the port Ip Allows only IP ARP types of ethernet packets through the port Pppoe Allows only PPPoE types of ethernet packets through the port PVID for Untagged Frames PVID is known as Port VLAN Identifier When an untagged packet is received by input port s this packet will be tagged with specified PVID From the example VPI and VCI only section need to be filled in and just leave the...

Page 161: ...094 From the example VLAN untagged ports for Data Internet ethernet wireless and wireless_wds VLAN untagged ports for Video ethernet1 rfc 1483 0 rfc 1483 6 Click Apply to made change effective immediately Mapping the VLAN Bridge with Bridge Interface created in Step1 you will see the conformable relationship in these two screenshots Step 4 IGMP Snooping Enable Go Configuration Advanced IGMP IGMP S...

Page 162: ...ensure that you have saved the configuration settings before you logout Be aware that the router is restricted to only one PC accessing the configuration web pages at a time Once a PC has logged into the web interface other PCs cannot get access until the current PC has logged out of the web interface If the previous PC forgets to logout the second PC can access the page after a user defined perio...

Page 163: ...e Action Initialization of the PVC connection linesync failed Ensure that the telephone cable is connected properly from the ADSL port to the wall jack The ADSL LED on the front panel of the router should be on Check that your VPI VCI encapsulation type and type of multiplexing settings are the same as those provided by your ISP Reboot the router GE If you still have problems you may need to verif...

Page 164: ...the LAN Check the Ethernet LEDs on the front panel The LED should be on for a port that has a PC connected If it is off check the cables between your router and the PC Make sure you have uninstalled any software firewall for troubleshooting Verify that the IP address and the subnet mask are consistent between the router and the workstations 163 ...

Page 165: ...oting chapter please contact the dealer where you purchased this product Contact Billion AUSTRALIA http www billion com au 2006 Billion Electric Co Ltd PC Range P L All Rights Reserved WORLDWIDE http www billion com Mac OS is a registered Trademark of Apple Computer Inc Windows 98 Windows NT Windows 2000 Windows Me and Windows XP are registered Trademarks of Microsoft Corporation Appendix A Produc...

Reviews: