Advance Multimedia Internet Technology BDE761AM001 WiFi Broadband BG User Manual
Advance Multimedia Internet Technology Inc. WiFi Broadband BG Users Manual
Users Manual
| Download: |  |
| Mirror Download [FCC.gov] | |
| Document ID | 2081303 |
| Application ID | 0wo9SBHdEobixvvDMJKIUQ== |
| Document Description | Users Manual |
| Short Term Confidential | No |
| Permanent Confidential | No |
| Supercede | No |
| Document Type | User Manual |
| Display Format | Adobe Acrobat PDF - pdf |
| Filesize | 327.17kB (4089629 bits) |
| Date Submitted | 2013-09-25 00:00:00 |
| Date Available | 2013-09-25 00:00:00 |
| Creation Date | 2013-09-17 14:08:02 |
| Producing Software | Acrobat Distiller 7.0 (Windows) |
| Document Lastmod | 2013-09-25 09:39:35 |
| Document Title | Microsoft Word - 6_BDE761AM-001_Manual 檔大.doc |
| Document Creator | PScript5.dll Version 5.2 |
| Document Author: | Leah |
User Manual
BDE761AM-001
WiFi Broadband BG
V0.9_20130731
WiFi Broadband BG
TABLE OF CONTENTS
CHAPTER 1 INTRODUCTION ............................................................................................................................... 6
1.1
CONTENTS LIST ............................................................................................................................................. 6
1.2
HARDWARE INSTALLATION ............................................................................................................................ 7
1.2.1
WARNING ................................................................................................................................. 7
1.2.2
SYSTEM REQUIREMENTS...................................................................................................... 7
1.2.3
Hardware Configuration ............................................................................................................ 9
1.2.4
LED Indicators ......................................................................................................................... 10
CHAPTER 2 GETTING STARTED .......................................................................................................................... 11
2.1
EASY SETUP BY WINDOWS UTILITY ............................................................................................................ 11
2.2
EASY SETUP BY CONFIGURING WEB UI ...................................................................................................... 14
CHAPTER 3
3.1
MAKING CONFIGURATIONS .................................................................................................... 19
BASIC NETWORK ......................................................................................................................................... 22
3.1.1
WAN Setup.............................................................................................................................. 22
3.1.1.1
Physical Interface.......................................................................................................................... 23
3.1.1.2
Network Setup .............................................................................................................................. 24
3.1.2
3.1.1.2.1
Wireless WAN – 3G/4G ...........................................................................................................................24
3.1.1.2.2
Ethernet WAN ..........................................................................................................................................27
LAN & VLAN Setup ................................................................................................................. 36
3.1.2.1
Network Setting............................................................................................................................. 36
3.1.2.2
LAN & VLAN ................................................................................................................................. 37
3.1.2.2.1
Port-Based VLAN ....................................................................................................................................37
3.1.2.2.2
Tag-Based VLAN.....................................................................................................................................38
3.1.2.3
3.1.3
Wireless Setup ........................................................................................................................ 42
3.1.3.1
Wireless Setup.............................................................................................................................. 42
3.1.3.1.1
AP Router Mode.......................................................................................................................................42
3.1.3.1.2
WDS Hybrid Mode ..................................................................................................................................46
3.1.3.1.3
WDS Only Mode......................................................................................................................................48
3.1.3.2
3.1.4
DHCP Server ................................................................................................................................ 39
Advanced Wireless Setup ............................................................................................................. 49
IPv6 Setup ............................................................................................................................... 51
3.1.4.1
Static IPv6..................................................................................................................................... 51
3.1.4.2
DHCP v6 ....................................................................................................................................... 53
3.1.4.3
PPPoE .......................................................................................................................................... 54
3.1.4.4
6 to 4 ............................................................................................................................................. 55
3.1.4.5
IPv6 in IPv4 Tunnel ....................................................................................................................... 56
BDE761AM-001 User Manual
WiFi Broadband BG
3.1.5
NAT Setup ............................................................................................................................... 57
3.1.5.1
Virtual Server ................................................................................................................................ 57
3.1.5.2
Virtual Computers ......................................................................................................................... 58
3.1.5.3
Special AP .................................................................................................................................... 58
3.1.5.4
NAT Loopback .............................................................................................................................. 59
3.1.5.5
DMZ .............................................................................................................................................. 60
3.1.6
Routing Setup.......................................................................................................................... 61
3.1.6.1
Static Routing................................................................................................................................ 61
3.1.6.2
Dynamic Routing........................................................................................................................... 61
3.1.6.3
Routing Information....................................................................................................................... 63
3.1.7
Client/Server/Proxy ................................................................................................................. 64
3.1.7.1
3.2
Dynamic DNS ............................................................................................................................... 64
ADVANCED NETWORK................................................................................................................................. 65
3.2.1
Firewall .................................................................................................................................... 65
3.2.1.1
Packet Filters ................................................................................................................................ 65
3.2.1.2
URL Blocking ................................................................................................................................ 67
3.2.1.3
Web Content Filter ........................................................................................................................ 67
3.2.1.4
L7 Application Filter....................................................................................................................... 68
3.2.1.5
IPS ................................................................................................................................................ 69
3.2.1.6
MAC Address Control ................................................................................................................... 70
3.2.1.7
Others ........................................................................................................................................... 72
3.2.2
QoS (Quality of Service).......................................................................................................... 72
3.2.2.1
3.2.3
Rule-based QoS ........................................................................................................................... 73
VPN Setup............................................................................................................................... 77
3.2.3.1
VPN-IPSec.................................................................................................................................... 77
3.2.3.1.1
Dynamic IP VPN ...................................................................................................................................78
3.2.3.1.2
IPSec-IKE Setting ................................................................................................................................81
3.2.3.1.3
IPSec-Manual Setting .........................................................................................................................84
3.2.3.1.4
XAUTH Account ...................................................................................................................................85
3.2.3.2
VPN-PPTP Server......................................................................................................................... 86
3.2.3.3
VPN-PPTP Client .......................................................................................................................... 87
3.2.3.4
VPN-L2TP Server ......................................................................................................................... 89
3.2.3.5
VPN-L2TP Client........................................................................................................................... 90
3.2.3.6
GRE Tunnel .................................................................................................................................. 92
3.2.4
Redundancy ............................................................................................................................ 93
3.2.4.1
3.2.5
VRRP ............................................................................................................................................ 93
Management............................................................................................................................ 94
3.2.5.1
UPnP............................................................................................................................................. 94
3.2.5.2
SNMP............................................................................................................................................ 95
BDE761AM-001 User Manual
WiFi Broadband BG
3.3
SYSTEM ....................................................................................................................................................... 97
3.3.1
System Information ................................................................................................................. 97
3.3.2
System Status ......................................................................................................................... 98
3.3.2.1
Web Log........................................................................................................................................ 98
3.3.2.2
Syslog ........................................................................................................................................... 98
3.3.2.3
Email Alert..................................................................................................................................... 98
3.3.3
System Tools........................................................................................................................... 99
3.3.3.1
Change Password......................................................................................................................... 99
3.3.3.2
FW Upgrade................................................................................................................................ 100
3.3.3.3
System Time ............................................................................................................................... 101
3.3.3.4
Others ......................................................................................................................................... 102
3.3.4
Scheduling............................................................................................................................. 103
3.3.5
MMI........................................................................................................................................ 104
3.3.5.1
Web UI ........................................................................................................................................ 104
CHAPTOR 4
TROUBLESHOOTING ................................................................................................................. 105
CHAPTOR 5
APPLICATION DESCRIPTION .................................................................................................. 109
5.1 VLAN APPLICATION .......................................................................................................................................... 109
5.2 VPN SETUP ........................................................................................................................................................ 112
5.3 REDUNDANCY .................................................................................................................................................... 116
APPENDIX A. LICENSING INFORMATION....................................................................................................... 117
BDE761AM-001 User Manual
WiFi Broadband BG
Copyright
The contents of this publication may not be reproduced in any part or as a whole, stored,
transcribed in an information retrieval system, translated into any language, or transmitted
in any form or by any means, mechanical, magnetic, electronic, optical, photocopying,
manual, or otherwise, without the prior written permission.
Trademarks
All products, company, brand names are trademarks or registered trademarks of their
respective companies. They are used for identification purpose only. Specifications are
subject to be changed without prior notice.
FCC Interference Statement
This equipment has been tested and found to comply with the limits for a Class B digital
device pursuant to Part 15 of the FCC Rules. These limits are designed to provide
reasonable protection against radio interference in a commercial environment. This
equipment can generate, use and radiate radio frequency energy and, if not installed and
used in accordance with the instructions in this manual, may cause harmful interference to
radio communications. Operation of this equipment in a residential area is likely to cause
interference, in which case the user, at his own expense, will be required to take whatever
measures are necessary to correct the interference.
CE Declaration of Conformity
This equipment complies with the requirements relating to electromagnetic compatibility,
EN 55022/A1 Class B.
BDE761AM-001 User Manual
WiFi Broadband BG
Chapter 1
Introduction
Congratulations on your purchase of this outstanding product: BDE761-001 WiFi 2.4G
Business Gateway. This device is specifically designed for those who need to have the
data, voice, video and file sharing services beyond his home and office. It provides a
complete solution for Internet surfing and broadband sharing. Instructions for installing
and configuring this product can be found in this manual. Before you install and use this
product, please read this manual carefully for fully exploiting the functions of this product.
1.1 Contents List
Items
Description
WiFi 2.4G Business
Contents
Quantity
1pce
Gateway
WiFi Antenna
Power Adapter
2pce
1pce
RJ45 Cable
1pce
CD
1pce
BDE761AM-001 User Manual
WiFi Broadband BG
1.2 Hardware Installation
1.2.1
WARNING
Attention
1.2.2
Do not use the product in high humidity or high
temperatures.
Do not use the same power source for the Product
as other equipment. Only use the power adapter that
comes with the package. Using a different voltage
rating power adaptor may damage the router.
Do not open or repair the case yourself. If the
Product is too hot, turn off the power immediately
and have it repaired at a qualified service center.
Place the Product on a stable surface and avoid
using this product and all accessories outdoors.
SYSTEM REQUIREMENTS
Network Requirements
•
An Ethernet-based Cable or DSL modem
•
3G/4G cellular service subscription
•
IEEE 802.11n or 802.11b, g wireless clients
•
10/100 Ethernet
Computer with the following:
•
Windows®, Macintosh, or Linux-based
operating system
•
An installed Ethernet adapter
Browser Requirements:
Web‐based Configuration Utility
Requirements
•
Internet Explorer 6.0 or higher
•
Chrome 2.0 or higher
•
Firefox 3.0 or higher
•
Safari 3.0 or higher (with Java 1.3.1 or
higher)
BDE761AM-001 User Manual
WiFi Broadband BG
Windows® Users: Make sure you have the latest
version of Java installed. Visit www.java.com to
download the latest version.
Computer with the following:
•
Pack 2
CD Installation Wizard Requirements
BDE761AM-001 User Manual
Windows® 7, Vista®, or XP with Service
•
An installed Ethernet adapter
•
CD-ROM drive
WiFi Broadband BG
1.2.3
Hardware Configuration
Rear View:
WiFi
Antenna
Auto MDI/MDIX RJ‐45 Ports
Automatically sense the
types of LAN and WAN
when connecting to
Ethernet
Reset
Button
Power
ON/OFF
Switch
Receptor
for Power
Adapter
Front View:
USB Port
BDE761AM-001 User Manual
WiFi Broadband BG
1.2.4
LED Indicators
LED
Description
Power/Status
Orange: ON during power on (@bootloader)
Green: Normal flash per second
Orange in flash: The device is in recovery mode or
abnormal.
WAN
Green: Ethernet connection is established
Green in flash: data packet transferred via Ethernet
Wi-Fi
Green in flash: data packet transferred.
Green in flash per second during 2min:WPS PBC status
Dark: Wireless Radio is disable
LAN1 ~ LAN4
Green: Ethernet connection is established
Green in flash: data packet transferred via Ethernet
USB
Green: USB connection is established
Green in flash: data packet transferred through USB
BDE761AM-001 User Manual
10
WiFi Broadband BG
Chapter 2 Getting Started
Please use windows EZ setup utility or Web UI wizard to enter the setup process.
2.1 Easy Setup by Windows Utility
Step 1.
Install the Easy Setup Utility from the
provided CD then follow the steps to
configure the device.
Step 2.
Select Language then click “Next” to
continue.
BDE761AM-001 User Manual
11
WiFi Broadband BG
Step 3.
Then click the “Wizard” to continue.
Step 4.
Click “Next” to continue.
Step 5.
Select Wireless Enable, and then click
“Next” to continue.
BDE761AM-001 User Manual
12
WiFi Broadband BG
Step 6.
Enter SSID, Channel and Security
options, and then click “Next” to
continue.
Step 7.
Select Auto Detect WAN service.
Step 8.
Save the setting.
BDE761AM-001 User Manual
13
WiFi Broadband BG
Step 9.
Congratulations! Setup is completed.
Now you have already connected to
Internet successfully.
2.2 Easy Setup by Configuring Web UI
You can also browse web UI to configure the device. Firstly you need to launch the Setup
Wizard browser first and then the Setup Wizard will guide you step-by-step to finish the
basic setup process.
Browse to Activate the Setup Wizard
Type in the IP Address (http://192.168.123.254)
Type the default Username and password
‘admin’ in the System Password and then
click ‘login’ button.
Select your language.
BDE761AM-001 User Manual
14
WiFi Broadband BG
Select “Wizard” for basic settings in a simple way.
Or, you can go to Basic Network / Advanced Network / Applications / System to setup
the configuration by your own selection.
Press “Next” to start the Setup Wizard.
Configure with the Setup Wizard
Step 1
You can change the password of
administrator here.
BDE761AM-001 User Manual
15
WiFi Broadband BG
Step 2
Select Time Zone.
Step 3
You can select Auto detecting WAN
type or setup WAN type manually.
Step 4
The system will detect the WAN type if
you choose to let the system detect
automatically.
Step 5
Type in Host name and ISP registered
MAC address. (if no such information,
you can go next)
BDE761AM-001 User Manual
16
WiFi Broadband BG
Step 5-1
Wireless setting.
Step 5-2
Wireless authentication and
encryption.
Step 6
Check the information again.
Step 7
System is applying the setting.
BDE761AM-001 User Manual
17
WiFi Broadband BG
Step 8
Click finish to complete it.
BDE761AM-001 User Manual
18
WiFi Broadband BG
Chapter 3 Making Configurations
Whenever you want to configure your network or this device, you can access the
Configuration Menu by opening the web-browser and typing in the IP Address of the
device. The default IP Address is: 192.168.123.254. In the configuration section you may
want to check the connection status of the router, to do Basic or Advanced Network setup
or to check the system status. These task buttons can be easily found in the cover page of
the UI (User Interface).
Enter the default username and password “admin” in the System Password and then
click ‘login’ button.
BDE761AM-001 User Manual
19
WiFi Broadband BG
Afterwards, you can go Wizard, Basic Network, Advanced Network, Application or
System respectively on left hand side of web page.
Note: You can see the Connection Status screen below after you logged in.
BDE761AM-001 User Manual
20
WiFi Broadband BG
Note : You can see all the status of this device in the ‘Status’ main menu section.
BDE761AM-001 User Manual
21
WiFi Broadband BG
3.1 Basic Network
You can enter Basic Network for WAN, LAN&VLAN, Wireless, IPv6, NAT, Routing, and
Client/Server/Proxy settings as the icon here shown
3.1.1
WAN Setup
This device is equipped with two WAN Interfaces to support different WAN types of
connection. You can configure one by one to get proper internet connection setup.
3G/4G WAN: The router has one USB Port and support 3G/4G USB Dongle follow UI
setting to setup.
Ethernet WAN: The router has one RJ45 WAN port can be configured to WAN
connection. Please plug in RJ45 cable from your external DSL modem and follow UI
setting to setup.
BDE761AM-001 User Manual
22
WiFi Broadband BG
3.1.1.1
Physical Interface
Click on the “Edit” button for each WAN interface and you can get the detail physical
interface settings and then configure the settings as well.
1.
WAN-1: The operation mode of this interface is forced to “Always-on” mode,
and operates as the primary internet connection. You can click on the respective
“Edit” button and configure the rest items for this interface.
2.
WAN-2: The operation mode of this interface is disabled by default, you can click
on the respective “Edit” button and configure the second WAN interface to
operate as “fail over” mode, so that when the WAN-1 connection broken, the
device will try to failover the internet connection to WAN-2.
3.
Physical Interface: Select the WAN interface from the available list. For this
BDE761AM-001 User Manual
23
WiFi Broadband BG
device, there are “Ethernet” and “3G/4G” items. If you would like the RJ45 WAN
port to operate as the primary internet connection, Please choose “Ethernet”;
Otherwise, choose “3G/4G” for configuring the embedded 3G/4G modem as
primary WAN connection.
4.
Line Speed (Kbps): You can specify the downstream / upstream speed for the
corresponding WAN connection. Such information will be referred in QoS and
load balance function to manage the traffic load for each WAN connection.
5.
VLAN Tag Insertion, Tag Value: If your ISP required a VLAN tag been inserted
into the WAN packets, you can enable this setting, and enter the specified tag
value.
Afterwards, click on “Save” to store your settings or click “Undo” to give up the
changes.
3.1.1.2
Network Setup
There are two physical WAN interfaces that you can configure one by one to get
proper internet connection setup. They include the Wireless WAN - the remote
wireless ISP such as 3G (WCDMA, HSxPA, HSPA+, CDMA2000, EV-DO,
TD-SCDMA), and the Ethernet WAN - the DSL ISP such as Dynamic IP, Static IP,
PPPoE, PPTP and L2TP
3.1.1.2.1
Wireless WAN – 3G/4G
Click on the “Edit” button for the 3G/4G WAN interface and you can get the detail
WAN settings and then configure the settings as well.
BDE761AM-001 User Manual
24
WiFi Broadband BG
1.
WAN Type: Choose “3G” from the drop list
2.
Dial-up Profile: Choose “Auto-Detection” or “Manual”. If you select
“Auto-Detection”, then system will check the information automatically. If you
select “Manual”, then you have to specify more ISP-related settings, such as
Country, Service Provider, and APN, to get the 3G/4G service. The
“Auto-Detection” option is suggested.
BDE761AM-001 User Manual
25
WiFi Broadband BG
3.
PIN Code: Enter the PIN Code for your SIM card(Optional)
4.
Dialed Number: Enter the dialed number that is provided by your ISP.
5.
Account, Password: Enter the account / Password that is provided by your
ISP(Optional).
6.
Authentication: Choose “auto”, “PAP”, or “CHAP” according your ISP’s
authentication approach.
7.
Primary / Secondary DNS: Enter the Domain Name Server settings
(Optional)
8.
Connection Control: Select your connection control scheme from the drop
list; “auto-reconnect (always-on)” option is recommended.
9.
Allowed Connection Time: You can select “Always” or “By Schedule”
for connection method. If you choose “By Schedule” rule, you have to add a
new schedule for this connection.
10. MTU: Most ISP offers MTU value to users. The default value is o (auto).
11. Keep Alive: You can do preferred settings by using this feature to prevent
the built-in 3G modem from some sort of auto-timeout and disconnects from
BDE761AM-001 User Manual
26
WiFi Broadband BG
the internet after a period of inactivity.
12. Multicast: Enable or disable multicast traffics from the internet. You may
enable as auto mode or select by IGMP v1, IGMP v2, IGMP v3.
13. IGMP Snooping: Enable or disable IGMP snooping function. If you enable
the IGMP snooping function, this device will detect all IGMP messages
exchanged on the link and will maintain a table indicating for each of the
interfaces, what multicast groups should be forwarded. This simple solution
easily prevents multicast flooding on an Ethernet link.
14. Disable PPTP / L2TP / IPSec Passthrough: By default, the device allows
the PPTP / L2TP / IPSec VPN traffic that initiated from local VPN client to
pass through to Internet. If you want to disable such function, just change
the setting to disable it.
Afterwards, click on “Save” to store your settings or click “Undo” to give up the
changes.
3.1.1.2.2
Ethernet WAN
Click on the “Edit” button for the Ethernet WAN interface and you can get the
detail WAN settings and then configure the settings as well.
3.1.1.2.2.1
Dynamic IP Address
BDE761AM-001 User Manual
27
WiFi Broadband BG
1.
2.
3.
WAN Type: choose “Dynamic IP Address” from the drop list
Host Name: Optional, required by some ISPs, for example, @Home.
ISP registered MAC Address: Enter the WAN MAC address of this device.
(Optional)
4.
MTU: Most ISP offers MTU value to users. The default value is o (auto)
5.
NAT disable: If you enable this option, it will act with a non-NAT function.
6.
Multicast: Enable or disable multicast traffics from the internet. You may
enable as auto mode or select by IGMP v1, IGMP v2, IGMP v3.
7.
IGMP Snooping: Enable or disable IGMP snooping function. If you enable
the IGMP snooping function, this device will detect all IGMP messages
exchanged on the link and will maintain a table indicating for each of the
interfaces, what multicast groups should be forwarded. This simple solution
easily prevents multicast flooding on an Ethernet link.
8.
Disable PPTP / L2TP / IPSec Passthrough: By default, the device allows
the PPTP / L2TP / IPSec VPN traffic that initiated from local VPN client to
pass through to Internet. If you want to disable such function, just change
the setting to disable it.
Afterwards, click on “Save” to store your settings or click “Undo” to give up the
changes.
BDE761AM-001 User Manual
28
WiFi Broadband BG
3.1.1.2.2.2
Static IP Address
Select this option to give your static IP information. You will need to enter in the
IP address, subnet mask, and gateway address, provided to you by your ISP.
Each IP address entered in the fields must be in the appropriate IP form, which is
four IP octets separated by a dot (x.x.x.x). The Router will not accept the IP
address if it is not in this format.
1.
2.
WAN Type: Choose “Static IP Address” from the drop list
WAN IP address/ Subnet Mask/ Gateway: Enter the IP address, subnet
mask, and gateway address, provided to you by your ISP.
3.
Primary DNS/ Secondary DNS: input the Primary/Secondary DNS if
necessary.
4.
5.
6.
MTU: Most ISP offers MTU value to users. The default value is o (auto)
NAT disable: If you enable this option, it will act with a non-NAT function.
Multicast: Enable or disable multicast traffics from the internet. You may
enable as auto mode or select by IGMP v1, IGMP v2, IGMP v3.
7.
IGMP Snooping: Enable or disable IGMP snooping function. If you enable
BDE761AM-001 User Manual
29
WiFi Broadband BG
the IGMP snooping function, this device will detect all IGMP messages
exchanged on the link and will maintain a table indicating for each of the
interfaces, what multicast groups should be forwarded. This simple solution
easily prevents multicast flooding on an Ethernet link.
8.
Disable PPTP / L2TP / IPSec Passthrough: By default, the device allows
the PPTP / L2TP / IPSec VPN traffic that initiated from local VPN client to
pass through to Internet. If you want to disable such function, just change
the setting to disable it.
9.
WAN IP alias: The device supports 2 WAN IP address, one is for primary
connection that provides users/devices in the LAN to access Internet; the
other is a virtual connection that let remote user to manage this device.
Afterwards, click on “Save” to store your settings or click “Undo” to give up the
changes.
3.1.1.2.2.3
PPP over Ethernet
Select this option if your ISP requires you to use a PPPoE connection. This
option is typically used for DSL services.
BDE761AM-001 User Manual
30
WiFi Broadband BG
1.
WAN Type: Choose “PPP Over Ethernet” from the drop list
2.
IPv6 Dualstack: You can enable / disable the function of IPv4/IPv6 dual
stack.
3.
PPPoE Account and Password: The account and password your ISP
assigned to you. For security, this field appears blank. If you don't want to
change the password, leave it blank.
4.
Primary DNS / Secondary DNS: Input the Primary/Secondary DNS if
necessary.
5.
Service Name / Assigned IP Address: Input the Service Name and
Assigned IP address if necessary.
6.
MTU: Most ISP offers MTU value to users. The default MTU value is 0 (auto)
7.
8.
NAT disable : If you enable this option, it will act with a non-NAT function.
Multicast: Enable or disable multicast traffics from the internet. You may
enable as auto mode or select by IGMP v1, IGMP v2, IGMP v3.
9.
IGMP Snooping: Enable or disable IGMP snooping function. If you enable
the IGMP snooping function, this device will detect all IGMP messages
exchanged on the link and will maintain a table indicating for each of the
interfaces, what multicast groups should be forwarded. This simple solution
easily prevents multicast flooding on an Ethernet link.
10. Disable PPTP / L2TP / IPSec Passthrough: By default, the device allows
the PPTP / L2TP / IPSec VPN traffic that initiated from local VPN client to
pass through to Internet. If you want to disable such function, just change
the setting to disable it.
11. WAN IP alias: The device supports 2 WAN IP address, one is for primary
connection that provides users/devices in the LAN to access Internet; the
other is a virtual connection that let remote user to manage this device.
Afterwards, click on “Save” to store your settings or click “Undo” to give up the
changes.
BDE761AM-001 User Manual
31
WiFi Broadband BG
3.1.1.2.2.4
PPTP
Choose PPTP (Point-to-Point Tunneling Protocol) if your ISP used a PPTP
connection. Your ISP will provide you with a username and password. This
option is typically used for DSL services.
1.
2.
WAN Type: Choose “PPTP” from the drop list
IP Mode: Please check the IP mode your ISP assigned, and select “Static IP
Address” or “Dynamic IP Address” accordingly. If you select “Static IP
Address” option, you have to specify additional “My IP Address”, “My Subnet
Mask”, and “Gateway IP” settings provided by your ISP.
BDE761AM-001 User Manual
32
WiFi Broadband BG
3.
Server IP Address / Name: The IP address of the PPTP server and
designated Gateway provided by your ISP.
4.
PPTP Account and Password: The account and password your ISP
assigned to you. For security, this field appears blank. If you don't want to
change the password, leave it blank.
5.
Connection ID: Optional, input the connection ID if your ISP requires it.
6.
MTU : Most ISP offers MTU value to users. The default MTU value is 0
(auto)
7.
MPPE (Microsoft Point-to-Point Encryption): Enable or disable this
function.
8.
Multicast: Enable or disable multicast traffics from the internet. You may
enable as auto mode or select by IGMP v1, IGMP v2, IGMP v3.
9.
IGMP Snooping: Enable or disable IGMP snooping function. If you enable
the IGMP snooping function, this device will detect all IGMP messages
exchanged on the link and will maintain a table indicating for each of the
interfaces, what multicast groups should be forwarded. This simple solution
easily prevents multicast flooding on an Ethernet link.
10. Disable PPTP / L2TP / IPSec Passthrough: By default, the device allows
the PPTP / L2TP / IPSec VPN traffic that initiated from local VPN client to
pass through to Internet. If you want to disable such function, just change
the setting to disable it.
11. WAN IP alias: The device supports 2 WAN IP address, one is for primary
connection that provides users/devices in the LAN to access Internet; the
other is a virtual connection that let remote user to manage this device.
Afterwards, click on “Save” to store your settings or click “Undo” to give up the
BDE761AM-001 User Manual
33
WiFi Broadband BG
changes.
3.1.1.2.2.5
L2TP
Choose L2TP (Layer 2 Tunneling Protocol) if your ISP used a L2TP connection.
Your ISP will provide you with a username and password. This option is typically
used for DSL services.
1.
WAN Type: Choose “L2TP” from the drop list
2.
IP Mode: Please check the IP mode your ISP assigned, and select “Static IP
Address” or “Dynamic IP Address” accordingly. If you select “Static IP
Address” option, you have to specify additional “IP Address”, “Subnet Mask”,
and “WAN Gateway IP” settings provided by your ISP.
BDE761AM-001 User Manual
34
WiFi Broadband BG
3.
Server IP Address / Name: The IP address of the PPTP server and
designated Gateway provided by your ISP.
4.
L2TP Account and Password: The account and password your ISP
assigned to you. For security, this field appears blank. If you don't want to
change the password, leave it blank.
5.
MTU : Most ISP offers MTU value to users. The default MTU value is 0
(auto)
6.
MPPE (Microsoft Point-to-Point Encryption): Enable or disable this
function.
7.
Multicast: Enable or disable multicast traffics from the internet. You may
enable as auto mode or select by IGMP v1, IGMP v2, IGMP v3.
8.
IGMP Snooping: Enable or disable IGMP snooping function. If you enable
the IGMP snooping function, this device will detect all IGMP messages
exchanged on the link and will maintain a table indicating for each of the
interfaces, what multicast groups should be forwarded. This simple solution
easily prevents multicast flooding on an Ethernet link.
9.
Disable PPTP / L2TP / IPSec Passthrough: By default, the device allows
the PPTP / L2TP / IPSec VPN traffic that initiated from local VPN client to
pass through to Internet. If you want to disable such function, just change
the setting to disable it.
10. WAN IP alias: The device supports 2 WAN IP address, one is for primary
connection that provides users/devices in the LAN to access Internet; the
other is a virtual connection that let remote user to manage this device.
Afterwards, click on “Save” to store your settings or click “Undo” to give up the
changes.
BDE761AM-001 User Manual
35
WiFi Broadband BG
3.1.2
LAN & VLAN Setup
This device is equipped with four fast Ethernet LAN ports as to connect your local
devices via Ethernet cables. Besides, VLAN function is provided to organize your
local networks.
3.1.2.1 Network Setting
Please follow the following instructions to do IPv4 Network Setup.
1.
LAN IP Address: The local IP address of this device. The computer on your
network must use the LAN IP address of this device as their Default Gateway.
You can change it if necessary.
2.
Subnet Mask: Input your Subnet mask. (All devices in the network must have
the same subnet mask.) The default subnet mask is 255.255.255.0
Afterwards, click on “Save” to store your settings or click “Undo” to give up the
changes.
BDE761AM-001 User Manual
36
WiFi Broadband BG
3.1.2.2 LAN & VLAN
This section provides a brief description of VLANs and explains how to create, and
modify virtual LANs which are more commonly known as VLANs. A VLAN is a group
of ports that form a logical network under a certain switch or router device. The ports
of a VLAN form an independent traffic domain in which the traffic generated by the
nodes remains within the VLAN.
The VLAN function allows you to divide local network into different “virtual LANs”. In
some cases, ISP may need router to support “VLAN tag” for certain kinds of services
(e.g. IPTV) to work properly.
This Device supports port-based VLAN and tag-based VLAN. You can select either
one operation mode and then configure according to your network configuration.
3.1.2.2.1
Port-Based VLAN
A port-based VLAN is a group of ports on a Ethernet switch or router that form a
logical Ethernet segment. There are four LAN ports and up to eight virtual APs in this
device, so you can have various VLAN configurations to organization the available
LAN ports and virtual APs if required.
By default, all the 4 LAN ports and 8 virtual APs belong to one VLAN, and this VLAN
is a NAT type network, all the local device IP addresses are allocated by DHCP
BDE761AM-001 User Manual
37
WiFi Broadband BG
server 1. If you want to divide them into different VLANs, click on the “Edit” button
related to each port.
1.
Type: Select “NAT” or “Bridge” to identify if the packets are directly bridged to the
WAN port or processed by NAT mechanism.
2.
LAN VID: Specify a VLAN identifier for this port. The ports with the same VID are
in the same VLAN.
3.
Tx TAG: If ISP requests a “VLAN Tag” with your outgoing data, please check
the checkbox of “Tx TAG”.
4.
DHCP Server: Specify a DHCP server for the configuring VLAN. This device
provides up to 4 DHCP servers to serve the DHCP requests from different
VLANs.
5.
WAN Maps VID: The VLAN Tag ID that come from the ISP service. For NAT type
VLAN, no WAN VLAN tag is allowed, and the value is forced to “0”; For Bridge
type VLAN, You have to specify the VLAN Tag value that is provided by your ISP.
Afterwards, click on “Save” to store your settings or click “Undo” to give up the
changes.
3.1.2.2.2
Tag-Based VLAN
The second type of VLAN is the tag-based VLAN. VLAN membership in a tagged
VLAN is determined by information within the frames that are received on a port. This
differs from a port-based VLAN, where the port VIDs assigned to the ports determine
VLAN membership
When the device receives a frame with a VLAN tag, referred to as a tagged frame, the
device forwards the frame only to those ports that share the same VID.
BDE761AM-001 User Manual
38
WiFi Broadband BG
By default, all the 4 LAN ports and 8 virtual APs belong to one VLAN, and this VLAN
ID is forced to “1”. It is a special tag based VLAN for device to operated, there is no
tag required for this default VLAN ID.
If you want to configure your own tag-based VLANs, click on the “Edit” checkbox on a
new VLAN ID row.
1. VLAN ID: Specify a VLAN tag for this VLAN group. The ports with the same VID
are in the same VLAN.
2. Internet: Specify whether this VLAN can access Internet or not. If it is checked, all
the packet will be un-tagged before it is forward to Internet, and all the packets
from Internet will be tagged with the VLAN ID before it is forward to the destination
belongs to this configuring VLAN group.
3. Port 1 ~ Port 4, VAP1 ~ VAP8: Specify whether it is belong to the VLAN group or
not. You just have to check the checkbox of the selected ports.
4. DHCP Server: Specify a DHCP server for the configuring VLAN. This device
provides up to 4 DHCP servers to serve the DHCP requests from different VLANs.
Afterwards, click on “Save” to store your settings or click “Undo” to give up the
changes.
3.1.2.3 DHCP Server
BDE761AM-001 User Manual
39
WiFi Broadband BG
1. DHCP Server: Choose DHCP Server to Enable. If you enable the DHCP Server
function, the following settings will be effective. This device provides up to 4
DHCP servers to serve the DHCP requests from different VLANs.
2. IP Pool Starting/Ending Address: Whenever there is a request, the DHCP
server will automatically allocate an unused IP address from the IP address pool
to the requesting computer. You must specify the starting / ending address of the
IP address pool.
3. Lease Time: DHCP lease time to the DHCP client.
4. Domain Name: Optional, this information will be passed to the clients.
Press “More>>” and you can find more settings.
5. Primary DNS/Secondary DNS: Optional. This feature allows you to assign a
DNS Servers
6. Primary WINS/Secondary WINS: Optional. This feature allows you to assign a
WINS Servers
7. Gateway: Optional. Gateway Address would be the IP address of an alternate
Gateway. This function enables you to assign another gateway to your PC, when
DHCP server offers an IP to your PC.
Press “Clients List” and the list of DHCP clients will be shown consequently.
BDE761AM-001 User Manual
40
WiFi Broadband BG
Press “Fixed Mapping” and you can specify a certain IP address for designated
local device (MAC address), so that the DHCP Server will reserve the special IP for
designated devices.
BDE761AM-001 User Manual
41
WiFi Broadband BG
3.1.3
Wireless Setup
Wireless settings allow you to set the WLAN (WiFi) configuration items. When the
wireless configuration is done your WiFi LAN is ready to support your local WiFi
devices such as your laptop PC, wireless printer and some portable wireless
devices.
3.1.3.1
Wireless Setup
There are several wireless operation modes provided by this device. They are: “AP
Router Mode”, “WDS Hybrid Mode” and “WDS Only Mode”. You can choose the
expected mode from the list.
3.1.3.1.1
AP Router Mode
This mode allows you to get your wired and wireless devices connected with NAT.
BDE761AM-001 User Manual
42
WiFi Broadband BG
1.
Wireless Module: Enable the wireless function.
2.
Wireless Operation Mode: Choose “AP Router Mode” from the list.
3.
Green AP: Enable the Green AP function to reduce the power consumption
when there is no wireless traffics.
4.
AP Number: This device supports up to 8 SSIDs for you to manage your
wireless network. You can select AP1 ~ AP8 and configure each wireless
network if it is required.
5.
Wireless Schedule: The wireless radio can be turn off according to the schedule
rule you specified. By default, the wireless radio is always turned on when the
wireless module is enabled.
6.
Network ID (SSID): Network ID is used for identifying the Wireless LAN (WLAN).
Client stations can roam freely over this device and other Access Points that
have the same Network ID. (The factory default setting is “default”)
7.
SSID Broadcast: The router will broadcast beacons that have some information,
including SSID so that wireless clients can know how many AP devices by
scanning the network. Therefore, if this setting is configured as “Disable”, the
wireless clients can not find the device from beacons.
8.
WLAN Partition: You can check the WLAN Partition function to separate the
wireless clients. The wireless clients can’t communicate each other, but they can
access the internet and other Ethernet LAN devices.
9.
Channel: The radio channel number. The permissible channels depend on the
BDE761AM-001 User Manual
43
WiFi Broadband BG
Regulatory Domain. The factory default setting is auto channel selection.
10. Wireless Mode: Choose “N only”, “G/N mixed” or “B/G/N mixed”. The factory
default setting is “B/G/N mixed”.
11. Authentication & Encryption: You may select one of the following
authentications to secure your wireless network: Open (include 802.1x), Shared,
Auto, WPA-PSK, WPA, WPA2-PSK, WPA2, WPA-PSK/WPA2-PSK, or WPA
/WPA2.
z Open
Open system authentication simply consists of two communications. The first
is an authentication request by the client that contains the station ID (typically
the MAC address). This is followed by an authentication response from the
AP/router containing a success or failure message. An example of when a
failure may occur is if the client's MAC address is explicitly excluded in the
AP/router configuration.
z Shared
Shared key authentication relies on the fact that both stations taking part in the
authentication process have the same "shared" key or passphrase. The
shared key is manually set on both the client station and the AP/router. Three
types of shared key authentication are available today for home or small office
WLAN environments.
z Auto
The AP will Select the Open or Shared by the client’s request automatically.
z WPA-PSK
Select Encryption mode and enter the Pre-share Key. You can fill in 64
hexadecimal (0, 1, 2…8, 9, A, B…F) digits, or 8 to 63 ASCII characters as the
pre-share key.
z WPA
Select Encryption mode and enter RADIUS Server related information. You
have to specify the IP address, and port number for the RADIUS Server, and
then fill in 64 hexadecimal (0, 1, 2…8, 9, A, B…F) digits, or 8 to 63 ASCII
characters as the shared key. The key value is shared by the RADIUS server
and this router. This key value must be consistent with the key value in the
RADIUS server.
z WPA2-PSK
Select Encryption mode and enter the Pre-share Key. You can fill in 64
hexadecimal (0, 1, 2…8, 9, A, B…F) digits, or 8 to 63 ASCII characters as the
pre-share key.
z WPA2
Select Encryption mode and enter RADIUS Server related information. You
BDE761AM-001 User Manual
44
WiFi Broadband BG
have to specify the IP address, and port number for the RADIUS Server, and
then fill in 64 hexadecimal (0, 1, 2…8, 9, A, B…F) digits, or 8 to 63 ASCII
characters as the shared key. The key value is shared by the RADIUS server
and this router. This key value must be consistent with the key value in the
RADIUS server.
z WPA-PSK/WPA2-PSK
Select Encryption mode and enter the Pre-share Key. You can fill in 64
hexadecimal (0, 1, 2…8, 9, A, B…F) digits, or 8 to 63 ASCII characters as the
pre-share key.
z WPA/WPA2
Select Encryption mode and enter RADIUS Server related information. You
have to specify the IP address, and port number for the RADIUS Server, and
then fill in 64 hexadecimal (0, 1, 2…8, 9, A, B…F) digits, or 8 to 63 ASCII
characters as the shared key. The key value is shared by the RADIUS server
and this router. This key value must be consistent with the key value in the
RADIUS server.
z 820.1x
When you select “Open” Authentication, GUI will display 802.1x.Please
RADIUS Server related information. You have to specify the IP address, and
port number for the RADIUS Server, and then select wep64 or wep128.
Afterwards, click on “Save” to store your settings or click “Undo” to give up the
changes.
Press “WPS Setup”, you can configure and enable the easy setup feature WPS
(Wi-Fi Protection Setup) for your wireless network.
1.
WPS: You can enable this function by selecting “Enable”. WPS offers a safe and
easy way to allow the wireless clients connected to your wireless network.
BDE761AM-001 User Manual
45
WiFi Broadband BG
2.
AP PIN: You can press Generate New Pin to get an AP PIN.
3.
Config Mode: Select your configuration Mode from “Registrar” or “Enrollee”. For
a AP router or AP, it should be in “Registrar” mode, so that other wireless clients
in “Enrollee” mode can connect to the discovered “Registrar”.
4.
Config Status: It shows the status of your configuration.
5.
Config Method: You can select the Configuration Method here from “Pin Code”
or “Push Button”.
6.
WPS status: According to your setting, the status will show “Start Process” or
“No used”.
Press “Wireless Clients List”, and the list of connected wireless clients will be
shown consequently.
3.1.3.1.2
WDS Hybrid Mode
While acting as a wireless Bridge, Wireless Router 1 and Wireless Router 2 can
communicate with each other through wireless interface (with WDS). Thus All
Stations can communicate each other and are able to access Internet if Wireless
Router 1 has the Internet connection
BDE761AM-001 User Manual
46
WiFi Broadband BG
1.
Lazy Mode: This device support the Lazy Mode to automatically learn the MAC
address of WDS peers, you don’t have to input other peer AP's MAC address.
However, not all the APs can be set to enable the Lazy mode simultaneously; at
least there must be one AP with all the WDS peers’ MAC address filled.
2.
Green AP: Enable the Green AP function to reduce the power consumption
when there is no wireless traffics.
3.
Wireless Schedule: The wireless radio can be turn off according to the schedule
rule you specified. By default, the wireless radio is always turned on when the
wireless module is enabled.
4.
Network ID (SSID): Network ID is used for identifying the Wireless LAN (WLAN).
Client stations can roam freely over this device and other Access Points that
have the same Network ID. (The factory default setting is “default”)
5.
SSID Broadcast: The device will broadcast beacons that have some information,
including SSID so that wireless clients can know how many AP devices by
scanning the network. Therefore, if this setting is configured as “Disable”, the
wireless clients can not find the device from beacons.
6.
WLAN Partition: You can check the WLAN Partition function to separate the
wireless clients. The wireless clients can’t communicate each other, but they can
access the internet and other Ethernet LAN devices.
7.
Channel: The radio channel number. The permissible channels depend on the
Regulatory Domain. The factory default setting is auto channel selection.
8.
Authentication & Encryption: You may select one of the following
authentications to secure your wireless network: Open, Shared, Auto, WPA-PSK,
WPA, WPA2-PSK, WPA2, WPA-PSK/WPA2-PSK, or WPA /WPA2.
BDE761AM-001 User Manual
47
WiFi Broadband BG
9.
Remote AP MAC 1 ~ Remote AP MAC 4: If you do not enable the Lazy mode,
you have to enter the wireless MAC address for each WDS peer one by one.
Afterwards, click on “Save” to store your settings or click “Undo” to give up the
changes.
3.1.3.1.3
WDS Only Mode
WDS (Wireless Distributed System) function let this access point acts as a wireless
LAN access point and repeater at the same time. Users can use this feature to build
up a large wireless network in a large space like airports, hotels and schools …etc.
1.
Lazy Mode: This device support the Lazy Mode to automatically learn the MAC
address of WDS peers, you don’t have to input other peer AP's MAC address.
However, not all the APs can be set to enable the Lazy mode simultaneously; at
least there must be one AP with all the WDS peers’ MAC address filled.
BDE761AM-001 User Manual
48
WiFi Broadband BG
2.
Green AP: Enable the Green AP function to reduce the power consumption
when there is no wireless traffics.
3.
Channel: The radio channel number. The permissible channels depend on the
Regulatory Domain. The factory default setting is auto channel selection.
4.
Authentication & Encryption: You may select one of the following
authentications to secure your wireless network: Open, Shared, Auto, WPA-PSK,
WPA, WPA2-PSK, WPA2, WPA-PSK/WPA2-PSK, or WPA /WPA2.
5.
Remote AP MAC 1 ~ Remote AP MAC 4: If you do not enable the Lazy mode,
you have to enter the wireless MAC address for each WDS peer one by one.
Afterwards, click on “Save” to store your settings or click “Undo” to give up the
changes.
3.1.3.2
Advanced Wireless Setup
This device provides advanced wireless setup for professional user to optimize the
wireless performance under the specific installation environment.
1.
Beacon interval: Beacons are packets sent by a wireless router to synchronize
wireless devices.
2.
Transmit Power: Normally the wireless transmission power operates at 100%
out power specification of this device. You can lower down the power ratio to
prevent transmissions from reaching beyond your corporate/home office or
designated wireless area.
3.
RTS Threshold: If an excessive number of wireless packet collision occurred,
the wireless performance will be affected. It can be improved by adjusting the
BDE761AM-001 User Manual
49
WiFi Broadband BG
RTS/CTS (Request to Send/Clear to Send) threshold value.
4.
Fragmentation: Wireless frames can be divided into smaller units (fragments) to
improve performance in the presence of RF interference and at the limits of RF
coverage.
5.
DTIM interval: A DTIM is a countdown informing clients of the next window for
listening to broadcast and multicast messages. When the wireless router has
buffered broadcast or multicast messages for associated clients, it sends the
next DTIM with a DTIM Interval value.
6.
WMM Capable: WMM can help control latency and jitter when transmitting
multimedia content over a wireless connection.
7.
TX Rate: Can Fix TX Rate to transmit date.
BDE761AM-001 User Manual
50
WiFi Broadband BG
3.1.4
IPv6 Setup
The growth of the Internet has created a need for more addresses than are possible
with IPv4. IPv6 (Internet Protocol version 6) is a version of the Internet Protocol (IP)
intended to succeed IPv4, which is the protocol currently used to direct almost all
Internet traffic. IPv6 also implements additional features not present in IPv4. It
simplifies aspects of address assignment (stateless address auto-configuration),
network renumbering and router announcements when changing Internet connectivity
providers. This router supports various types of IPv6 connection (Static IPv6 /
DHCPv6 / PPPoE / 6 to 4 / IPv6 in IPv4 tunnel). Please ask your ISP of what type of
IPv6 is supported before you proceed with IPv6 setup.
3.1.4.1
Static IPv6
When “Static IPv6” is selected you need to do the following settings:
1. WAN IPv6 address settings:
A.
IPv6 address: Enter the IPv6 address here; IPv6 addresses have a size of
128 bits. Therefore, IPv6 has a vastly enlarged address space compared to
IPv4. An example of an IPv6 address is
“2001:0db8:85a3:0000:0000:8a2e:0370:7334”
BDE761AM-001 User Manual
51
WiFi Broadband BG
B.
Subnet Prefix Length: Enter the Prefix length of the Subnet Mask here;
The subnet mask was the forerunner of the modern IP address prefix length.
For example a subnet mask of 255.255.255.0 conveys exactly the same
information as a prefix length of /24, a subnet mask of 255.255.255.240 is
equivalent to a prefix length of /28.
C.
Default Gateway: Enter the Default Gateway address here; A default
gateway is the node on the computer network that the network software
uses when an IP address does not match any other routes in the routing
table.
D.
Primary / Secondary DNS: You may select to obtain DNS server address
automatically or use following DNS address. You may add IPv6 address
Primary DNS address and secondary DNS address.
2. LAN IPv6 address settings: Please enter “LAN IPv6 address” and ignore the
“LAN IPv6 Link-Local address”.
3. Address auto configuration settings:
A.
Auto-configuration: Disable or enable this auto configuration setting.
B.
Auto-configuration type: You may set stateless or stateful (Dynamic IPv6).
C.
Router advertisement Lifetime: You can set the time for the period that the
router send (broadcast) its router advertisement. Each router periodically
multicasts a Router Advertisement from each of its multicast interfaces,
announcing the IP address(es) of that interface. Hosts discover the
addresses of their neighboring routers simply by listening for advertisements.
When a host attached to a multicast link starts up, it may multicast a Router
Solicitation to ask for immediate advertisements, rather than waiting for the
next periodic ones to arrive; if and only if no advertisements are forthcoming,
the host may retransmit the solicitation a small number of times, but then
must desist from sending any more solicitations. Any routers that
subsequently start up, or that were not discovered because of packet loss or
temporary link partitioning, are eventually discovered by reception of their
periodic (unsolicited) advertisements.
BDE761AM-001 User Manual
52
WiFi Broadband BG
3.1.4.2
DHCP v6
When “DHCP v6” is selected you need to do the following settings:
1.
IPv6 DNS (WAN IPv6 address) settings: You may select to obtain DNS server
address automatically or use following DNS address. You may add IPv6 address
Primary DNS address and secondary DNS address.
2.
LAN IPv6 address settings: Please enter “LAN IPv6 address” and ignore the
“LAN IPv6 Link-Local address”.
3.
Address auto configuration settings:
A.
Auto-configuration: Disable or enable this auto configuration setting.
B.
Auto-configuration type: You may set stateless or stateful (Dynamic IPv6).
C.
Router advertisement Lifetime: You can set the time for the period that the
router send (broadcast) its router advertisement. Each router periodically
multicasts a Router Advertisement from each of its multicast interfaces,
announcing the IP address(es) of that interface. Hosts discover the
addresses of their neighboring routers simply by listening for advertisements.
When a host attached to a multicast link starts up, it may multicast a Router
Solicitation to ask for immediate advertisements, rather than waiting for the
next periodic ones to arrive; if and only if no advertisements are forthcoming,
the host may retransmit the solicitation a small number of times, but then
BDE761AM-001 User Manual
53
WiFi Broadband BG
must desist from sending any more solicitations. Any routers that
subsequently start up, or that were not discovered because of packet loss or
temporary link partitioning, are eventually discovered by reception of their
periodic (unsolicited) advertisements.
3.1.4.3
PPPoE
When “PPPoE” is selected you need to do the following settings:
1.
WAN IPv6 address settings:
A.
Username: enter the Username that you got from your ISP
B.
Password: enter the Password that you got from your ISP
C.
Service Name: enter the Service Name that you got from your ISP
D.
Reconnection Mode: leave the setting as “AutoReconnect (always-on)”
E.
Max. Idle Time: give max. idle time that you want here
F.
MTU (Maximum Transmission Unit): Most ISP offers MTU value to users.
The default MTU value is 0 (auto).
2.
LAN IPv6 address settings: Please enter “LAN IPv6 address” and ignore the
“LAN IPv6 Link-Local address”.
3.
Address auto configuration settings:
BDE761AM-001 User Manual
54
WiFi Broadband BG
A. Auto-configuration: Disable or enable this auto configuration setting.
B. Auto-configuration type: You may set stateless or stateful (Dynamic IPv6).
C. Router advertisement Lifetime: You can set the time for the period that the
router send (broadcast) its router advertisement. Each router periodically
multicasts a Router Advertisement from each of its multicast interfaces,
announcing the IP address(es) of that interface. Hosts discover the
addresses of their neighboring routers simply by listening for advertisements.
When a host attached to a multicast link starts up, it may multicast a Router
Solicitation to ask for immediate advertisements, rather than waiting for the
next periodic ones to arrive; if and only if no advertisements are forthcoming,
the host may retransmit the solicitation a small number of times, but then
must desist from sending any more solicitations. Any routers that
subsequently start up, or that were not discovered because of packet loss or
temporary link partitioning, are eventually discovered by reception of their
periodic (unsolicited) advertisements.
3.1.4.4
6 to 4
When “6 to 4 IPv6” is selected you need to do the following settings:
1.
6 to 4 Settings: You may obtain IPv6 DNS automatically or set DNS address
manually for Primary DNS address and secondary DNS address.
2.
LAN IPv6 address settings: Enter “LAN IPv6 address” and “LAN IPv6
BDE761AM-001 User Manual
55
WiFi Broadband BG
Link-Local address”.
3.
3.1.4.5
Address auto configuration settings: Disable or enable this auto configuration
setting. You may set stateless or stateful (Dynamic IPv6), and also check if need
to send Router advertisement messages periodically.
IPv6 in IPv4 Tunnel
When “IPv6 in IPv4 Tunnel” is selected you need to do the following settings:
1.
IPv6 in IPv4 Tunnel Settings: you may add remote / local IPv4 address and
local IPv6 address, then set DNS address manually for Primary DNS address
and secondary DNS address.
2.
LAN IPv6 address setting: LAN IPv6 address and LAN IPv6 Link-Local
address.
3.
Address auto configuration setting: Disable or enable this auto configuration
setting. You may set stateless or stateful (Dynamic IPv6), and also check if need
to send Router advertisement messages periodically.
BDE761AM-001 User Manual
56
WiFi Broadband BG
3.1.5
NAT Setup
3.1.5.1
Virtual Server
This device’s NAT firewall filters out unrecognized packets to protect your Intranet, so
all hosts behind this device are invisible to the outside world. If you wish, you can
make some of them accessible by enabling the Virtual Server Mapping.
A virtual server is defined as a Service Port, and all requests to this port will be
redirected to the computer specified by the Server IP. Virtual Server can work with
Scheduling Rules, and give user more flexibility on Access control. For the details,
please refer to Scheduling Rule.
For example, if you have an FTP server (Service port 21) at 192.168.123.1, a Web
server1 (Service port 80) at 192.168.123.2, a Web server2 (Service Port 8080 and
Private port 80) at 192.168.123.3, and a VPN server at 192.168.123.6, then you
need to specify the following virtual server mapping table
Service Port
Private Port
Server IP
Enable
21
192.168.123.1
80
192.168.123.2
192.168.123.3
192.168.123.6
8080
80
1723
Afterwards, click on “Save” to store your settings or click “Undo” to give up the
changes.
BDE761AM-001 User Manual
57
WiFi Broadband BG
3.1.5.2
Virtual Computers
Virtual Computer enables you to use the original NAT feature, and allows you to setup
the one-to-one mapping of multiple global IP address and local IP address.
1.
Global IP: Enter the global IP address assigned by your ISP.
2.
Local IP: Enter the local IP address of your LAN PC corresponding to the global
IP address.
3.
Enable: Check this item to enable the Virtual Computer feature.
3.1.5.3
Special AP
Some applications require multiple connections, like Internet games, Video
conferencing, Internet telephony, etc. Because of the firewall function, these
applications cannot work with a pure NAT router. The Special Applications feature
allows some of these applications to work with this product. If the mechanism of
Special Applications fails to make an application work, try setting your computer as
the DMZ host instead.
BDE761AM-001 User Manual
58
WiFi Broadband BG
This device provides some predefined settings. Select your application and click
“Copy to” to add the predefined setting to your list.
1.
Trigger: The outbound port number issued by the application.
2.
Incoming Ports: When the trigger packet is detected, the inbound packets sent
to the specified port numbers are allowed to pass through the firewall.
3.
Enable: Check this item to enable the Special AP feature.
Afterwards, Click on “Save” to store your settings or click “Undo” to give up the
changes.
3.1.5.4
NAT Loopback
Allow you to access the external IP address from inside your home or office network.
This is useful when you run a server inside your network.
BDE761AM-001 User Manual
59
WiFi Broadband BG
3.1.5.5
DMZ
DMZ (DeMilitarized Zone) Host is a host without the protection of firewall. It allows a
computer to be exposed to unrestricted 2-way communication for Internet games,
Video conferencing, Internet telephony and other special applications.
NOTE: This feature should be used only when needed.
BDE761AM-001 User Manual
60
WiFi Broadband BG
3.1.6
Routing Setup
If you have more than one routers and subnets, you will need to enable routing function to
allow packets to find proper routing path and allow different subnets to communicate with
each other.
3.1.6.1
Static Routing
For static routing, you can specify up to 32 routing rules. The routing rules allow you
to determine which physical interface addresses are utilized for outgoing IP data
grams. You can enter the destination IP address, subnet mask, gateway, and hop
for each routing rule, and then enable or disable the rule by checking or un-checking
the Enable checkbox.
3.1.6.2
Dynamic Routing
BDE761AM-001 User Manual
61
WiFi Broadband BG
1.
Dynamic Routing: Routing Information Protocol (RIP) will exchange information
about destinations for computing routes throughout the network. Please select
RIPv2 only if you have different subnets in your network. Otherwise, please
select RIPv1 if you need this protocol.
When you finished setting, click on “Save” to store your settings or click “Undo”
to give up the changes.
2.
OSPF: OSPF is an interior gateway protocol that routes Internet Protocol (IP)
packets solely within a single routing domain (autonomous system). It gathers
link state information from available routers and constructs a topology map of the
network. The topology determines the routing table presented to the Internet
Layer which makes routing decisions based solely on the destination IP address
found in IP packets.
You can enable the OSPF routing function by click on the “Setting” button and fill
in the corresponding setting for your OSPF routing configuration. When you
finished setting, click on “Save” to store your settings or click “Undo” to give up
BDE761AM-001 User Manual
62
WiFi Broadband BG
the changes.
3.
BGP: Border Gateway Protocol (BGP) is the protocol backing the core routing
decisions on the Internet. It maintains a table of IP networks or 'prefixes' which
designate network reach-ability among autonomous systems (AS). It is
described as a path vector protocol. BGP does not use traditional Interior
Gateway Protocol (IGP) metrics, but makes routing decisions based on path,
network policies and/or rule-sets. For this reason, it is more appropriately termed
a reach-ability protocol rather than routing protocol.
You can enable the BGP routing function by click on the “Setting” button and fill in
the corresponding setting for your BGP routing configuration. When you finished
setting, click on “Save” to store your settings or click “Undo” to give up the
changes.
3.1.6.3
Routing Information
A routing table, or routing information base (RIB), is a data table stored in a router or a
networked computer that lists the routes to particular network destinations, and in
some cases, metrics (distances) associated with those routes. The routing table
BDE761AM-001 User Manual
63
WiFi Broadband BG
contains information about the topology of the network immediately around it.
This page displays the routing table maintained by this device. It is generated
according to your network configuration.
3.1.7
3.1.7.1
Client/Server/Proxy
Dynamic DNS
To host your server on a changing IP address, you have to use dynamic domain
name service (DDNS). Therefore, anyone wishing to reach your host only needs to
know the name of it. Dynamic DNS will map the name of your host to your current IP
address, which changes each time you connect your Internet service provider.
Before you enable Dynamic DNS, you need to register an account on one of these
Dynamic DNS servers that we list in Provider field.
1.
2.
DDNS: Select enable if you would like to trigger this function.
Provider: The DDNS provider supports service for you to bind your IP(even
private IP) with a certain Domain name. You could choose your favorite provider.
3.
Host Name: Register a domain name to the DDNS provider. The fully domain
name is concatenated with hostname(you specify) and a suffix(DDNS provider
specifies).
4.
Username/E-mail: Input username or E-mail based on the DDNS provider you
select.
5. Password/Key: Input password or key based on the DDNS provider you select.
Afterwards, click on “Save” to store your settings or click “Undo” to give up the
changes.
BDE761AM-001 User Manual
64
WiFi Broadband BG
3.2 Advanced Network
This router also supports many advanced network features, such as Firewall, QoS,
Security, Redundancy, and Management. You can finish those configurations in this
section.
3.2.1
Firewall
The firewall functions include Packet Filters, URL Blocking, Web Content Filter, L7
Application Filter, IPS, MAC Address Control and Others.
3.2.1.1 Packet Filters
Packet Filters include both outbound filter and inbound filter. And they have the same
way to setting. It enables you to control what packets are allowed to pass the router.
Outbound filter applies on all outbound packets. However, inbound filter applies on
packets that destined to virtual servers or DMZ host only. You can select one of the
two filtering policies:
1.
Allow all to pass except those match the specified rules.
2.
Deny all to pass except those match the specified rules.
BDE761AM-001 User Manual
65
WiFi Broadband BG
You can specify rules for each direction: inbound or outbound. For each rule, you can
define the following:
• Source IP address or range
• Destination IP address or range
• Destination port
• Protocol: TCP or UDP or both.
• Use Rule Schedule#
For source or destination IP address, you can define a single IP address (4.3.2.1) or a
range of IP addresses (4.3.2.20~30). An empty implies all IP addresses.
For destination port, you can define a single port (80) or a range of ports (1000-1999).
Add prefix "T" or "U" to specify TCP or UDP protocol. For example, T80, U53,
U2000-2999, No prefix indicates both TCP and UDP are defined. An empty implies all
port addresses. Packet Filter can work with Scheduling Rules, and give user more
flexibility on Access control. For more details, please refer to the Scheduling Rule
section.
Each rule can be enabled or disabled individually.
Afterwards, click on “Save” to store your settings or click “Undo” to give up the
changes.
BDE761AM-001 User Manual
66
WiFi Broadband BG
3.2.1.2 URL Blocking
URL Blocking will block the webs containing pre-defined key words. This feature can
both filter domain input suffix (like .com or .org, etc) and a keyword “bct” or “mpe”.
1.
URL Blocking: Check if you want to enable URL Blocking.
2.
URL: If any part of the Website's URL matches the pre-defined word, the
connection will be blocked. You can enter up to 10 pre-defined words in a rule
and each URL keyword is separated by ",", e.g., “abc, bt, org”; In addition to URL
keywords, it can also block the designated domain name, like “www.xxx.com“,
“www.123aaa.org, mma.com”.
3.
Enable: Check to enable each rule.
4.
Schedule: The rule can be turn off according to the schedule rule you specified.
By default, it is always turned on when the rule is enabled.
Afterwards, click on “Save” to store your settings or click “Undo” to give up the
changes.
3.2.1.3 Web Content Filter
Web Content filter can block files with the specific extension, like ".exe", ".bat"
(applications), "mpeg” (video), and Scripts Type, like Java Applet, Java Scripts,
cookies, Active X.
BDE761AM-001 User Manual
67
WiFi Broadband BG
1.
File Extension List: You can enter up to 10 file extensions in a rule to be
blocked.
2.
Enable: Check to enable each rule.
3.
Schedule: The rule can be turn off according to the schedule rule you specified.
By default, it is always turned on when the rule is enabled.
Afterwards, click on “Save” to store your settings or click “Undo” to give up the
changes.
3.2.1.4 L7 Application Filter
L7 Application Filter can categorize Internet Protocol packets based on their
application layer data.
BDE761AM-001 User Manual
68
WiFi Broadband BG
This device supports the L7 application filter for various Internet Chat, P2P download,
Proxy, and streaming Video. You can select the applications to be blocked after the
function is enabled, and specify the schedule rule for such application filter.
3.2.1.5 IPS
IPS (Intrusion Prevention Systems) are network security appliances that monitor
network and/or system activities for malicious activity. The main functions of IPS are
to identify malicious activity, log information about this activity, attempt to block/stop it,
and report it.
BDE761AM-001 User Manual
69
WiFi Broadband BG
You can enable the DoS Defense function and check the listed intrusion activities if
necessary.
3.2.1.6 MAC Address Control
MAC Address Control allows you to assign different access right for different users
and to assign a specific IP address to a certain MAC address.
BDE761AM-001 User Manual
70
WiFi Broadband BG
1.
MAC Address Control: Check “Enable” to enable the “MAC Address Control”.
All of the settings in this page will take effect only when “Enable” is checked.
2.
Connection control: Check "Connection control" to enable the control of which
wired and wireless clients can connect to this device. If a client is denied to
connect to this device, it means the client can't access to the Internet
consequently. Choose "allow" or "deny" to allow or deny the clients, whose MAC
addresses are not in the "Control table", to connect to this device.
Afterwards, click on “Save” to store your settings or click “Undo” to give up the
changes.
BDE761AM-001 User Manual
71
WiFi Broadband BG
3.2.1.7 Others
1.
Remote Administrator Host/Port: In general, only local clients (LAN users) can
browse the device’s built-in web pages for device administration setting. This
feature enables you to perform administration task from a certain remote host. If
this feature is enabled, only the specified IP address can perform remote
administration. If the specified IP address is 0.0.0.0, any host can connect with
this product to perform administration task. You can use subnet mask bits "/nn"
notation to specified a group of trusted IP addresses for example, "10.1.2.0/24".
NOTE: When Remote Administration is enabled, the web server port will be shifted to
80. You can change web server port to other port, too.
2.
Discard PING from WAN side: When this feature is enabled, any host on the
WAN side cannot ping this product.
3.
SPI Mode: SPI ("stateful packet inspection" also known as "dynamic packet
filtering") helps to prevent cyber attacks by tracking more state per session. It
validates that the traffic passing through that session conforms to the protocol
4.
Keep WAN in stealth mode: If enabled, the router will not respond to port scans
from the WAN, thus making it less susceptible to discovery and attacks.
Afterwards, click on “Save” to store your settings or click “Undo” to give up the
changes.
3.2.2
QoS (Quality of Service)
The main goal of QoS (Quality of Service) is prioritizing incoming data, and preventing
data loss due to factors such as jitter, delay and dropping. Another important aspect of
QoS is ensuring that prioritizing one data flow doesn’t interfere with other data flows.
BDE761AM-001 User Manual
72
WiFi Broadband BG
QoS helps to prioritize data as it enters your router. By attaching special identification
marks or headers to incoming packets, QoS determines which queue the packets enter,
based on priority. This is useful when there are certain types of data you want to give
higher priority to, such as voice packets given higher priority than Web data packets.
3.2.2.1 Rule-based QoS
1.
2.
QoS: You can enable/disable this QoS function.
Bandwidth of Upstream / Bandwidth of Downstream: You can input the value
of maximum upstream and downstream bandwidth from your ISP
3.
Flexible Bandwidth Management (FBM): When this management is enabled,
system will share the bandwidth to normal applications
4.
Guest Setting / Bandwidth Policy: This device can allocate a designated
BDE761AM-001 User Manual
73
WiFi Broadband BG
internet bandwidth for the forth LAN port (Port4). If you want to enable this
function, check the “Enable” checkbox and enter the allowed bandwidth.
Afterwards, click on “Save” to store your settings or click “Undo” to give up the
changes.
Create a QoS Rule:
You can click on the button “Add New Rule” shown in the icon above to create a new
QoS rule.
1.
2.
3.
4.
Rule: Enable the rule setting first.
Grouping: Select the QoS grouping class from the drop list, and specify the
grouping information accordingly.
Grouping
Description
IP
IP address based
MAC
MAC based
Service: Set your own “Service” type to enable the QoS rule as below.
Service
Description
DSCP
DiffServ Code Point
Service Port
Mean TCP or UDP Port
Pre-defined Application
profiles
Normal service Application
Connection Sessions
NAT Session
Control: Set the corresponding control type for the selected service type.
Control
Description
Data
DSCP
Marking
Priority as you select
DiffServ CodePoint
CS1 ~ AF
PRI
Priority
1~6(1 is highest Priority)
BDE761AM-001 User Manual
74
WiFi Broadband BG
MAXR
Maximum bandwidth Rate KBps/MBps
MINR
Minimum bandwidth Rate
KBps/MBps
SESSION
Connection session
Number (1~20000)
5.
Direction: Select the traffic direction to be applied for this QoS rule.
Direction
6.
IN
In-bond
OUT
Out-bond
BOTH
In-bond & Out-bond
Schedule: The QoS rule can be turn off according to the schedule you
specified. By default, it is always turned on when the rule is enabled.
Afterwards, click on “Save” to store your settings or click “Undo” to give up the
changes.
Example for adding a “DSCP” type QoS rule:
Grouping: Select “IP” and entry IP Range.
Service: Select “DSCP” and “Source Network Packets” which DiffServ are set as
CS4.
Control: Select “DSCP Marking” and mark these Packets as “AF Class 2”.
Direction: Select “IN” for In-bound traffic only.
Schedule: Leave the default value of “(0)Always” as it is.
This Rule means IP Packets from WAN or other interfaces with DiffServ value of CS4
will be modified with DSCP Marking of “AF Class 2”, then forward corresponding
packets to the Clients whose IP address is in the range of 192.168.12.10~40.
BDE761AM-001 User Manual
75
WiFi Broadband BG
Example for adding a “Connection Sessions” type QoS rule:
Control: Set NAT session number as 200.
Direction: Select “Out” for Out-bound traffic only. It is for the client devices under
the Gateway to establish session with servers on the Internet.
Sharing Method: Select “Single” or “Grouping” from the drop list. In this case,
“Single” is selected.
Schedule: leave the default value of “(0)Always” as it is.
This Rule defines that each single user, whose IP address is in the range of
192.168.123.100~120, can access to a remote server on the Internet, and keep a
maximum 200 sessions at the same time.
Finishing QoS settings:
Once you saved the QoS rule, it will be displayed in the Rule List area as below.
Besides, you can move up or down the priority of all rules by clicking on the ‘↑’or ’↓’
icon if you want to change the priority of rules. You can also unmark any rule in the list
if you don’t want to enable it.
BDE761AM-001 User Manual
76
WiFi Broadband BG
3.2.3
VPN Setup
A virtual private network (VPN) extends a private network across a public network, such
as the Internet. It enables a computer to send and receive data across shared or public
networks as if it were directly connected to the private network, while benefitting from the
functionality, security and management policies of the private network. This is done by
establishing a virtual point-to-point connection through the use of dedicated connections,
encryption, or a combination of the two. The tunnel technology supports data
confidentiality, data origin authentication and data integrity of network information by
utilizing encapsulation protocols, encryption algorithms, and hashing algorithms.
3.2.3.1 VPN-IPSec
1.
2.
3.
4.
VPN-IPSEC: You could trigger the function of VPN-IPSEC if you click “enable”.
Netbios over IPSEC: If you would like two LAN to receive the Netbios from
Network Neighborhood, you have to click “enable”.
NAT Traversal: Some NAT router will block IPSec packets if it doesn’t support
IPSec pass-through. If you connect to another NAT router which doesn’t support
IPSec pass-through at WAN side, you need to activate this option.
Max. number of tunnels: The device supports up to 32 IPSec tunnels. You can
BDE761AM-001 User Manual
77
WiFi Broadband BG
define the required IPSec tunnel settings by clicking on the corresponding “Edit”
button and then check the “Enable” checkbox to enable it.
5.
Dynamic IP VPN: Enable it when you need remote mobile hosts build security
tunnel with the Gateway. It is disabled by default. Click “Edit” button to finish
configuration.
3.2.3.1.1
Dynamic IP VPN
VPN gateway can ignore IP information of client when using Dynamic VPN, so it is
suitable for users to build VPN tunnel with VPN gateway from a remote mobile host.
1.
2.
Tunnel name: Assign a name of this tunnel.
Local subnet: The subnet of LAN site of local VPN gateway. It can be a host, a
partial subnet, or the whole subnet of LAN site of local gateway.
3.
Local Netmask: The local netmask and associated local subnet can define a
BDE761AM-001 User Manual
78
WiFi Broadband BG
subnet domain for the devices connected via the VPN tunnel.
4.
Phase 1 Key Life Time: The value of life time represents the life time of the key
which is dedicated at Phase 1 between both end gateways.
5.
Phase 2 Key Life Time: The value of life time represents the life time of the key
which is dedicated at Phase 2 between both end gateways.
6.
Encapsulation Protocol: There are three protocols can be selected: ESP, AH,
or ESP+AH.
7.
PFS Group: Configures Perfect Forward Secrecy for connections created with
this IPSec transport profile by assigning a Diffie-Hellman prime modulus group.
There are three groups can be selected: Group 1, Group 2, Group 5.
Disable: No PFS group
Group 1: 768-bit Diffie-Hellman prime modulus group
Group 2: 1024-bit Diffie-Hellman prime modulus group
Group 5: 1536-bit Diffie-Hellman prime modulus group
8.
Preshare key: The first key that supports IKE mechanism of both VPN gateway
and VPN client host for negotiating further security keys. The pre-shared key
must be the same one for both VPN gateways and clients.
9.
Remote ID: The Type and the Value of the local VPN gateway must be the same
as that of the local ID of the remote VPN gateway.
10. Local ID: The Type and the Value of the local VPN gateway must be the same
as that of the Remote ID of the remote VPN gateway.
11. Dead Peer Detection: This feature will detect if remote VPN gateway still exists.
Indicate time of interval between every detection, and assigns value of timeout.
12. XAUTH: For the extended authentication function (XAUTH), the VPN client (or
initiator) needs to provide additional user information to the remote VPN server
(or VPN gateway). The VPN server would reject the connect request from VPN
clients because of invalid user information, even though the pre-shared key is
correct. This function is suitable for remote mobile VPN clients. You can not only
configure a VPN rule with a pre-shared key for all remote users, but you can also
designate account / password for specific users that are permitted to establish
VPN connection with VPN server.
XAUTH - None: Without Extended Authentication (xAuth).
XAUTH - Server: Check this checkbox if the device behaves as a VPN
server, and will validate the user information of VPN clients. You can click on
"XAUTH Account" button at IPSec Setting main page to edit the permitted
user account / password.
13. Set IKE Proposal: Check this checkbox to enable IKE proposals.
BDE761AM-001 User Manual
79
WiFi Broadband BG
Encryption: There are five algorithms can be selected: DES, 3DES, AES-128,
AES-192, and AES-256.
Authentication: There are two algorithms can be selected: SHA1 and MD5.
DH Group: There are three groups can be selected: Group 1 (MODP768),
Group 2 (MODP1024), and Group 5 (MODP1536).
Enable: Check this checkbox to enable the IKE Proposal with this rule.
14. Set IPSec Proposal: Check this checkbox to enable IPSec proposals.
Encryption: There are five algorithms can be selected: DES, 3DES, AES-128,
AES-192, and AES-256. But when the encapsulation protocol is set to AH, you
can choose Null without encryption.
Authentication: There are two algorithms can be selected: SHA1 and MD5. But
none also can be selected here for IPSec proposal.
Enable: Check this checkbox to enable IPSec Proposal with this rule.
Click on “Save” to store what you just select or” Undo” to give up
BDE761AM-001 User Manual
80
WiFi Broadband BG
3.2.3.1.2
IPSec-IKE Setting
1.
2.
3.
Tunnel name: Assign a name of this tunnel.
Method: There are IKE and Manual options. Please choose IKE here.
Local subnet: The subnet of LAN site of local VPN gateway. It can be a host, a
partial subnet, or the whole subnet of LAN site of local gateway.
4.
Local Netmask: The local netmask and associated local subnet can define a
BDE761AM-001 User Manual
81
WiFi Broadband BG
subnet domain for the devices connected via the VPN tunnel.
5.
Remote subnet: The subnet of LAN site of remote VPN gateway. It can be a
host, a partial subnet, or the whole subnet of LAN site of remote gateway.
6.
Remote Netmask: The remote netmask and associated remote subnet can
define a subnet domain for the devices connected via the VPN tunnel.
7.
Remote Gateway: Enter the IP address of remote VPN gateway.
8.
Phase 1 Key Life Time: The value of life time represents the life time of the key
which is dedicated at Phase 1 between both end gateways.
9.
Phase 2 Key Life Time: The value of life time represents the life time of the key
which is dedicated at Phase 2 between both end gateways.
10. Encapsulation Protocol: There are three protocols can be selected: ESP, AH,
or ESP+AH.
11. PFS Group: Configures Perfect Forward Secrecy for connections created with
this IPSec transport profile by assigning a Diffie-Hellman prime modulus group.
There are three groups can be selected: Group 1, Group 2, Group 5.
Disable: No PFS group
Group 1: 768-bit Diffie-Hellman prime modulus group
Group 2: 1024-bit Diffie-Hellman prime modulus group
Group 5: 1536-bit Diffie-Hellman prime modulus group
12. Aggressive Mode: Enabling this mode will accelerate the establishing speed of
VPN tunnel, but the device will suffer from less security in the meanwhile. Hosts
in both ends of the tunnel must support this mode so as to establish the tunnel
properly.
13. Preshare key: The first key that supports IKE mechanism of both VPN gateway
and VPN client host for negotiating further security keys. The pre-shared key
must be the same one for both VPN gateways and clients.
14. Connection Type: There are three options for you to choose when the VPN
tunnel will be established. You can choose “Connect-on-Demand”, “Auto
Reconnect (always-on)”, or “Manually”.
15. Remote ID: The Type and the Value of the local VPN gateway must be the same
as that of the local ID of the remote VPN gateway.
16. Local ID: The Type and the Value of the local VPN gateway must be the same
as that of the Remote ID of the remote VPN gateway.
17. Dead Peer Detection: This feature will detect if remote VPN gateway still exists.
Indicate time of interval between every detection, and assigns value of timeout.
18. XAUTH: For the extended authentication function (XAUTH), the VPN client (or
initiator) needs to provide additional user information to the remote VPN server
(or VPN gateway). The VPN server would reject the connect request from VPN
BDE761AM-001 User Manual
82
WiFi Broadband BG
clients because of invalid user information, even though the pre-shared key is
correct. This function is suitable for remote mobile VPN clients. You can not only
configure a VPN rule with a pre-shared key for all remote users, but you can also
designate account / password for specific users that are permitted to establish
VPN connection with VPN server.
XAUTH - None: Without Extended Authentication (xAuth).
XAUTH - Server: Check this checkbox if the device behaves as a VPN
server, and will validate the user information of VPN clients. You can click on
"XAUTH Account" button at IPSec Setting main page to edit the permitted
user account / password.
XAUTH - Client: Check this checkbox if the device behaves as a VPN client,
and will send user information to remote VPN server for extended
authentication. You need to fill in correct user name and password to pass
the extended authentication.
19. Set IKE Proposal: Check this checkbox to enable IKE proposals.
Encryption: There are five algorithms can be selected: DES, 3DES, AES-128,
AES-192, and AES-256.
Authentication: There are two algorithms can be selected: SHA1 and MD5.
DH Group: There are three groups can be selected: Group 1 (MODP768),
Group 2 (MODP1024), and Group 5 (MODP1536).
Enable: Check this checkbox to enable the IKE Proposal with this rule.
20. Set IPSec Proposal: Check this checkbox to enable IPSec proposals.
Encryption: There are five algorithms can be selected: DES, 3DES, AES-128,
AES-192, and AES-256. But when the encapsulation protocol is set to AH, you
can choose Null without encryption.
Authentication: There are two algorithms can be selected: SHA1 and MD5. But
none also can be selected here for IPSec proposal.
Enable: Check this checkbox to enable IPSec Proposal with this rule.
Click on “Save” to store what you just select or” Undo” to give up
BDE761AM-001 User Manual
83
WiFi Broadband BG
3.2.3.1.3
IPSec-Manual Setting
1.
2.
3.
Tunnel name: Assign a name of this tunnel.
Method: There are IKE and Manual options. Please choose “Manual” here.
Local subnet: The subnet of LAN site of local VPN gateway. It can be a host, a
partial subnet, or the whole subnet of LAN site of local gateway.
4.
Local Netmask: The local netmask and associated local subnet can define a
subnet domain for the devices connected via the VPN tunnel.
5.
Remote subnet: The subnet of LAN site of remote VPN gateway. It can be a
host, a partial subnet, or the whole subnet of LAN site of remote gateway.
6.
Remote Netmask: The remote netmask and associated remote subnet can
define a subnet domain for the devices connected via the VPN tunnel.
7.
8.
9.
Remote Gateway: Enter the IP address of remote VPN gateway.
Encapsulation Protocol: There are two protocols can be selected: ESP or AH.
Outbound SPI: SPI is an important parameter during hashing. Outbound SPI
will be included in the outbound packet transmitted from local gateway. The
value of outbound SPI should be set in hex formatted.
10. Inbound SPI: Inbound SPI will be included in the inbound packet transmitted
from WAN site of remote gateway. It will be used to de-hash the coming packet
and check its integrity. The value of outbound SPI should be set in hex
formatted.
BDE761AM-001 User Manual
84
WiFi Broadband BG
11. Encryption Algorithm: There are two algorithms can be selected: DES, or
3DES.
12. Encryption Key: Encryption key is used by the encryption algorithm. Its length is
8 bytes if encryption algorithm is DES or 24 bytes if 3DES. The key value should
be set in hex formatted.
13. Authentication Algorithm: There are two algorithms can be selected: SHA1 or
MD5.
14. Authentication Key: Authentication key is used by the authentication algorithm.
Its length is 16 bytes if authentication algorithm is MD5 or 20 bytes if SHA1.
Certainly, its length will be 0 if no authentication algorithm is chosen. The key
value should be set in hex formatted.
Click on “Save” to store what you just select or” Undo” to give up
3.2.3.1.4
XAUTH Account
You can edit user information with this configuration page. This user information is
only valid for VPN Server with XAuth Server mode selected.
BDE761AM-001 User Manual
85
WiFi Broadband BG
3.2.3.2 VPN-PPTP Server
The VPN gateway can behave as a PPTP server, and allows remote hosts to access
LAN servers behind the PPTP server. The device can support three authentication
methods: PAP, CHAP, MSCHAP(v1) and MSCHAP(v2). Users can also enable MPPE
encryption when using MSCHAP.
1.
2.
VPN-PPTP Server: Enable or Disable PPTP server function.
Server Virtual IP: The IP address of PPTP server. This IP address should be
different from IP address of L2TP server and LAN subnet of VPN gateway.
3.
IP Pool Start Address: This device will assign an IP address to remote PPTP
client. This value indicates the beginning of IP pool.
4.
IP Pool End Address: This device will assign an IP address to remote PPTP
client. This value indicates the end of IP pool.
5.
Authentication Protocol: You can choose authentication protocol as PAP,
CHAP, MSCHAP(v1), or MSCHAP(v2).
6.
MPPE Encryption Mode: Check this checkbox to enable MPPE encryption.
BDE761AM-001 User Manual
86
WiFi Broadband BG
Please note that MPPE needs to work with MSCHAP-v1 or MSCHAP-v2
authentication method.
7.
8.
9.
Encryption Length: You can choose encryption length of MPPE encryption.
User Account: You can input up to 10 different user accounts for PPTP server.
Connection Status: The connected PPTP user & connection information will be
shown in this table.
Click on “Save” to store what you just select or” Undo” to give up
3.2.3.3 VPN-PPTP Client
1.
2.
VPN-PPTP Client: Enable or Disable PPTP client function.
User Account: You can input up to 10 different user accounts for PPTP client,
define each user account settings by clicking on the corresponding “Edit” button
and then check the “Enable” checkbox to enable it.
BDE761AM-001 User Manual
87
WiFi Broadband BG
3.
4.
5.
6.
7.
Name: The name of this rule.
Peer IP/Domain: The IP address or Domain name of remote PPTP server.
User Name: The user name which is provided by remote PPTP server.
Password: The password which is provided by remote PPTP server.
Default Gateway: You can check the “Enable” checkbox to set this tunnel as the
default gateway for WAN connection.
8.
9.
Peer Subnet: The LAN subnet of remote PPTP server.
Connection Control: There are three options for users to choose when the
PPTP tunnel is established. You can choose “Connect-on-Demand”, “Auto
Reconnect (always-on)”, or “Manually”.
10. Option: Enable or disable the MPPE and NAT function. If you enable MPPE,
then this PPTP tunnel will be encrypted.
11. Authentication: You need to enable this option if remote PPTP server requests
it.
12. Authentication Protocol: You can choose authentication protocol as PAP,
CHAP, MSCHAP(v1), or MSCHAP(v2). The protocol you choose must be
supported by remote PPTP server.
13. LCP Echo Type: Choose the way to do connection keep alive.
BDE761AM-001 User Manual
88
WiFi Broadband BG
3.2.3.4 VPN-L2TP Server
The VPN gateway can behave as a L2TP server, and allows remote hosts to access
LAN servers behind the L2TP server. The device can support three authentication
methods: PAP, CHAP, MSCHAP(v1) and MSCHAP(v2). Users can also enable MPPE
encryption when using MSCHAP.
1.
VPN-L2TP Server: Enable or Disable L2TP server function.
2.
L2TP Over IPsec: L2TP over IPSec VPNs allow you to transport data over the
Internet, while still maintaining a high level of security to protect data. Enter a
Pre-sharekey when you use some devices, like Apple related mobile devices to
establish L2TP tunnels
3.
Server Virtual IP: The IP address of L2TP server. This IP address should be
BDE761AM-001 User Manual
89
WiFi Broadband BG
different from IP address of PPTP server and LAN subnet of VPN gateway.
4.
IP Pool Starting Address: This device will assign an IP address to remote L2TP
client. This value indicates the beginning of IP pool.
5.
IP Pool Ending Address: This device will assign an IP address to remote L2TP
client. This value indicates the end of IP pool.
6.
Authentication Protocol: You can choose authentication protocol as PAP,
CHAP, MSCHAP(v1), or MSCHAP(v2).
7.
MPPE Encryption Mode: Check this checkbox to enable MPPE encryption.
Please note that MPPE needs to work with MSCHAP-v1 or MSCHAP-v2
authentication method.
8.
Encryption Length: You can choose encryption length of MPPE encryption.
9.
User Account: You can input up to 10 different user accounts for L2TP server.
10. Connection Status: The connected L2TP user & connection information will be
shown in this table.
Click on “Save” to store what you just select or” Undo” to give up
3.2.3.5 VPN-L2TP Client
1.
2.
VPN-L2TP Client: Enable or Disable L2TP client function.
User Account: You can input up to 10 different user accounts for L2TP client,
define each user account settings by clicking on the corresponding “Edit” button
and then check the “Enable” checkbox to enable it.
BDE761AM-001 User Manual
90
WiFi Broadband BG
3.
4.
5.
6.
7.
Name: The name of this rule.
Peer IP/Domain: The IP address or Domain name of remote L2TP server.
User Name: The user name which is provided by remote L2TP server.
Password: The password which is provided by remote L2TP server.
Default Gateway: You can check the “Enable” checkbox to set this tunnel as the
default gateway for WAN connection.
8.
9.
Peer Subnet: The LAN subnet of remote L2TP server.
Connect: There are three options for users to choose when the L2TP tunnel will
be established. You can choose “Connect-on-Demand”, “Auto Reconnect
(always-on)”, or “Manually”.
10. Option: Enable or disable MPPE, NAT, and CCP function. If you enable MPPE,
then this L2TP tunnel will be encrypted.
11. Authentication: You need to enable this option if remote PPTP server requests
it.
12. Authentication Protocol: You can choose authentication protocol as PAP,
CHAP, MSCHAP(v1), or MSCHAP(v2). The protocol you choose must be
supported by remote L2TP server.
13. LCP Echo Type: Choose the way to do connection keep alive.
Click on “Save” to store what you just select or” Undo” to give up
BDE761AM-001 User Manual
91
WiFi Broadband BG
3.2.3.6 GRE Tunnel
1.
Default Gateway: You can choose a tunnel as the default gateway for WAN
connection.
2.
3.
4.
5.
6.
Names: The name of this GRE tunnel.
Tunnel IP: Assign a virtual IP address of this tunnel.
Peer IP: Enter the IP address of remote host that you want to connect.
Key: Enter the password to establish GRE tunnel with remote host.
TTL: Time-To-Live for packets. The value is within 1 to 255. If a packet passes
number of TTL routers and still can't reach the destination, then this packet will
be dropped.
7.
Subnet: Enter the local subnet of remote host. If a packet wants to go to this
subnet, the GRE tunnel will be established automatically
8.
Enable: Enable or Disable this GRE tunnel.
Click on “Save” to store what you just select or” Undo” to give up
BDE761AM-001 User Manual
92
WiFi Broadband BG
3.2.4
Redundancy
3.2.4.1 VRRP
The Virtual Router Redundancy Protocol (VRRP) is a computer networking protocol
providing device redundancy. It allows a backup router or switch to automatically take
over if the primary (master) router or switch fails. This increases the availability and
reliability of routing paths via automatic default gateway selections on an IP network.
The protocol achieves this by creation of virtual routers, which are an abstract
representation of multiple routers, i.e. master and backup routers, acting as a group.
The default gateway of a participating host is assigned to the virtual router instead of
a physical router. If the physical router that is routing packets on behalf of the virtual
router fails, another physical router is selected to automatically replace it. The
physical router that is forwarding packets at any given time is called the master router.
BDE761AM-001 User Manual
93
WiFi Broadband BG
1.
Enable: Enable or Disable the VRRP function.
2.
Virtual Server ID: Means Group ID. Specify the ID number of the virtual server.
3.
Priority of Virtual Server: Specify the priority to use in VRRP negotiations. Valid
values are 1-254, and a larger value has higher priority.
4.
Virtual Server IP Address: Specify the IP address of the virtual server.
Click on “Save” to store what you just select or” Undo” to give up
3.2.5
3.2.5.1
Management
UPnP
UPnP Internet Gateway Device (IGD) Standardized Device Control Protocol is a NAT
port mapping protocol and is supported by some NAT routers. It is a common
communication protocol of automatically configuring port forwarding. Applications
using peer-to-peer networks, multiplayer gaming, and remote assistance programs
need a way to communicate through home and business gateways. Without IGD one
has to manually configure the gateway to allow traffic through, a process which is
error prone and time consuming
This device supports the UPnP Internet Gateway Device (IGD) feature. By default, it
is enabled.
BDE761AM-001 User Manual
94
WiFi Broadband BG
3.2.5.2
SNMP
In brief, SNMP, the Simple Network Management Protocol, is a protocol designed to
give a user the capability to remotely manage a computer network by polling and
setting terminal values and monitoring network events.
1.
Enable SNMP: You can check “Local”, “Remote” or both to enable SNMP
function. If “Local” is checked, this device will respond to the request from LAN. If
“Remote” is checked, this device will respond to be request from WAN.
2.
WAN Access IP Address: If you want to limit the remote SNMP access to
specific computer, please enter the PC`s IP address. The default value is 0.0.0.0,
and it means that any internet connected computer can get some information of
the device with SNMP protocol.
3.
SNMP Version: Supports SNMP V1, V2c, and V3.
4.
Get Community: The community of GetRequest that this device will respond.
This is a text password mechanism that is used to weakly authenticate queries to
BDE761AM-001 User Manual
95
WiFi Broadband BG
agents of managed network devices.
5.
Set Community: The community of SetRequest that this device will accept.
6.
SNMPv3 Settings: User 1/2: This device supports up to two SNMP
management accounts. You can specify the account permission as “Read” or
“Read/Write” respectively.
7.
User 1/2 AUTH Mode: Select MD5 or SHA as the method of password
encryption for the specified level of access, or to disable authentication.
8.
User 1/2 Privacy Mode: You can configure the SNMP privacy mode. There are
three modes for you to choose: “noAuthNoPriv” for both authentication and
private key are not required, “authNoPriv” for no private key required, and
“authPriv” for both authentication and private key required.
9.
Username 1/2: Use this field to identify the user name for the specified level of
access.
10. Password 1/2: Use this field to set the password for the specified level of
access.
11. User 1/2 Priv Key: Use this field to define the encryption key for the specified
level of access.
12. Trap Event Receiver 1 ~ 4: Enter the IP addresses or Domain Name of your
SNMP Management PCs. You have to specify the IP address, so that the device
can send SNMP Trap message to the management PCs consequently.
Afterwards, click on “Save” to store your settings or click “Undo” to give up the
changes.
BDE761AM-001 User Manual
96
WiFi Broadband BG
3.3 System
In this section you can see system information, system logs, use system tools for system
update and do service scheduling and system administration setting.
3.3.1 System Information
You can view the System Information in this page.
BDE761AM-001 User Manual
97
WiFi Broadband BG
3.3.2 System Status
3.3.2.1 Web Log
1.
Log Types: You can select the log types to be collected in the web log area.
There are “System”, “Attacks”, “Drop”, and “Debug” types for you to select.
2.
Web Log: You can browse, refresh, download, and clear the log messages.
3.3.2.2 Syslog
This device can also export system logs to specific destination by means of syslog
(UDP) and SMTP(TCP). With enabled Syslog function, this device will send log to a
certain host periodically. You need to install a syslog utility on a host to receive
syslogs
The items you have to setup include:
1.
IP Address for syslogd: Host IP of destination where syslog will be sent to.
Check Enable to enable this function.
3.3.2.3 Email Alert
BDE761AM-001 User Manual
98
WiFi Broadband BG
This device can also export system logs via sending emails to specific recipients. The
items you have to setup include:
1.
Setting of Email alert: Check if you want to enable Email alert (send syslog via
email).
2.
SMTP Server: Port: Input the SMTP server IP and port, which are connected
with ':'. If you do not specify port number, the default value is 25.
For example, "mail.your_url.com" or "192.168.1.100:26".
3.
SMTP Username: Enter the Username offered by your ISP.
4.
SMTP Password: Enter the password offered by your ISP.
5.
E-mail Addresses: The recipients are the ones who will receive these logs. You
can assign more than 1 recipient, using ';' or ',' to separate these email
addresses.
6.
E-mail Subject: The subject of email alert is optional.
Afterwards, click on “Save” to store your settings or click “Undo” to give up the
changes.
3.3.3 System Tools
3.3.3.1 Change Password
You can change the System Password here. We strongly recommend you to change
the system password for security reason. Click on “Save” to store your settings or
click “Undo” to give up the changes.
BDE761AM-001 User Manual
99
WiFi Broadband BG
3.3.3.2 FW Upgrade
If new firmware is available, you can upgrade router firmware through the WEB GUI
here.
Press “browse” button to indicate the file name of new firmware, and then press
Upgrade button to start to upgrade new firmware on this device. If you want to
upgrade a firmware which is from GPL policy, please check “Accept unofficial
firmware”.
NOTE.
PLEASE DO NOT TURN THE DEVICE OFF WHEN UPGRADE IS
PROCEEDING.
BDE761AM-001 User Manual
100
WiFi Broadband BG
3.3.3.3 System Time
If new firmware is available, you can upgrade router firmware through the WEB GUI
here.
1.
Time Zone: Select a time zone where this device locates.
2.
Auto-Synchronization: Check the “Enable” checkbox to enable this function.
Besides, you can select a NTP time server to consult UTC time.
3.
Sync with Time Server: Click on the button if you want to set Date and Time by
NTP Protocol.
4.
Sync with my PC: Click on the button if you want to set Date and Time using the
PC’s Date and Time.
Afterwards, click on “Save” to store your settings or click “Undo” to give up the
changes.
BDE761AM-001 User Manual
101
WiFi Broadband BG
3.3.3.4 Others
In this section you can do system backup, reset to default, system reboot settings and
ping test.
1.
Backup Setting: You can backup your settings by clicking the “Backup” button
and save it as a bin file. Once you want to restore these settings, please click
Firmware Upgrade button and use the bin file you saved.
2.
Reset to Default: You can also reset this device to factory default settings by
clicking the “Reset“ button.
3.
Reboot: You can also reboot this device by clicking the “Reboot“ button.
4.
MAC Address for Wake-on-LAN: Wake-on-LAN (WOL) is an Ethernet
networking standard that allows a computer to be turned on or awakened by a
network message. You can enter the MAC address of the computer, in your LAN
network, to be remotely turned on.
5.
Domain Name or IP address for Ping Test: This allows you to configure an IP,
and ping the device. You can ping a specific IP to test whether it is alive.
6.
Domain Name or IP address for Traceroute: Traceroute is a network
diagnostic tool for displaying the route (path) and measuring transit delays of
packets across an IP network. Traceroute proceeds unless all (three) sent
packets are lost more than twice, then the connection is lost and the route cannot
be evaluated. Ping, on the other hand, only computes the final round-trip times
from the destination point
BDE761AM-001 User Manual
102
WiFi Broadband BG
3.3.4 Scheduling
You can set the schedule time to decide which service will be turned on or off. The added
rules will be listed.
Add New Rule: To create a schedule rule, click the “Add New” button or the “Add
New Rule…” button at the bottom. When the next dialog popped out you can edit the
Name of Rule, Policy, and set the schedule time (Week day, Start Time, and End
Time).
Afterwards, click “save” to store your settings or click “Undo” to give up the
changes.
BDE761AM-001 User Manual
103
WiFi Broadband BG
3.3.5 MMI
3.3.5.1 Web UI
You can set UI administration time-out duration give remote administration host port
in this page. When the host port is given please remember to check the enable box
and save your settings.
BDE761AM-001 User Manual
104
WiFi Broadband BG
CHAPTOR 4
Troubleshooting
This Chapter provides solutions to problems for the installation and operation of the WiFi
Broadband Router. You can refer to the following if you are having problems.
1 Why can’t I configure the router even the cable is plugged
and the LED is lit?
Do a Ping test to make sure that the WiFi
Broadband Router is responding.
Note: It is recommended that you
Go to Start > Run.
1.
Type cmd.
2.
Press OK.
3.
Type ipconfig to get the IP of default gateway.
4.
Type “ping 192.168.123.254”. Assure that you ping the correct IP Address
assigned to the WiFi Broadband Router. It will show four replies if you ping
correctly.
Ensure that your Ethernet Adapter is working, and that all network drivers are installed
BDE761AM-001 User Manual
105
WiFi Broadband BG
properly. Network adapter names will vary depending on your specific adapter. The
installation steps listed below are applicable for all network adapters.
1.
Go to Start > Right click on “My Computer” > Properties.
2.
Select the Hardware Tab.
3.
Click Device Manager.
4.
Double-click on “Network Adapters”.
5.
Right-click on Wireless Card bus Adapter or your specific network adapter.
6.
Select Properties to ensure that all drivers are installed properly.
7.
Look under Device Status to see if the device is working properly.
8.
Click “OK”.
2 What can I do if my Ethernet connection does not work
properly?
A.
Make sure the RJ45 cable connects with the router.
B.
Ensure that the setting on your Network Interface Card adapter is “Enabled”.
C.
If settings are correct, ensure that you are not using a crossover Ethernet cable,
not all Network Interface Cards are MDI/MDIX compatible, and use a patch cable
is recommended.
D.
If the connection still doesn’t work properly, then you can reset it to default.
3 Something wrong with the wireless connection?
A. Can’t setup a wireless connection?
I.
Ensure that the SSID and the encryption settings are exactly the same to the
Clients.
II.
Move the WiFi Broadband Router and the wireless client into the same room,
BDE761AM-001 User Manual
106
WiFi Broadband BG
and then test the wireless connection.
III. Disable all security settings such as WEP, and MAC Address Control.
IV. Turn off the WiFi Broadband Router and the client, then restart it and then
turn on the client again.
V.
Ensure that the LEDs are indicating normally. If not, make sure that the
power and Ethernet cables are firmly connected.
VI. Ensure that the IP Address, subnet mask, gateway and DNS settings are
correctly entered for the network.
VII. If you are using other wireless device, home security systems or ceiling fans,
lights in your home, your wireless connection may degrade dramatically.
Keep your product away from electrical devices that generate RF noise such
as microwaves, monitors, electric motors…
B.
What can I do if my wireless client can not access the Internet?
I.
Out of range: Put the router closer to your client.
II.
Wrong SSID or Encryption Key: Check the SSID or Encryption setting.
III. Connect with wrong AP: Ensure that the client is connected with the correct
Access Point.
i. Right-click on the Local Area Connection icon in the taskbar.
ii. Select View Available Wireless Networks in Wireless Configure.
Ensure you have selected the correct available network.
iii. Reset the WiFi Broadband Router to default setting
C. Why does my wireless connection keep dropping?
I.
Antenna Orientation.
i. Try different antenna orientations for the WiFi Broadband Router.
ii. Try to keep the antenna at least 6 inches away from the wall or other
objects.
BDE761AM-001 User Manual
107
WiFi Broadband BG
II.
Try changing the channel on the WiFi Broadband Router, and your Access
Point and Wireless adapter to a different channel to avoid interference.
III. Keep your product away from electrical devices that generate RF noise, like
microwaves, monitors, electric motors, etc.
4 What to do if I forgot my encryption key?
1. Go back to advanced setting to set up your Encryption key again.
2. Reset the WiFi Broadband Router to default setting
5 How to reset to default?
1. Ensure the WiFi Broadband Router is powered on
2. Find the Reset button on the right side
3. Press the Reset button for 8 seconds and then release.
4. After the WiFi Broadband Router reboots, it has back to the factory default
settings.
BDE761AM-001 User Manual
108
WiFi Broadband BG
CHAPTOR 5
Application Description
5.1 VLAN Application
Application 1: Bundled ISP Service by Port-based VLAN Feature.
If you want to map WAN ID, you can setup WAN VLAN setting, and change router type to Bridge
and add WAN Map VLAN ID to your value.
For example: The Setting as follows:
BDE761AM-001 User Manual
109
WiFi Broadband BG
Application 2: Port‐Based VLAN Feature for User Group and Guest Group
Description: User VLAN to segment 2 Groups. One is User Group, the other is Guest Group
Step1:Setup Port1~Port3 is User Group which DHCP1 and Port4 is Guest Group which DHCP2
Step2: Configure and Enable DHCP2 Server
DHCP1 assigns IP Address to User Group Clients IP (192.168.12.x) and DHCP2 assigns IP
Address to Guest Group Clients(192.168.2.x)
Step3: Administrator can bases on different IP subnet to setup different Access Policies with
Rule‐based QoS.
For example, Admin can limit the Bandwidth of guest group to 500kbps.
BDE761AM-001 User Manual
110
WiFi Broadband BG
Application 3: Based on different VLAN ID to define different Access Policy.
Description: There are 3 Groups. First group is Guest and only can access Internet and can not
access intranet. Second group is Market Group and can access Internet and Intranet. Third group
is Server and only for Intranet.
Step1: Port‐based VLAN Feature : Market is Prot1 and Port2.
Server is Port3.Guest is Port4
BDE761AM-001 User Manual
111
WiFi Broadband BG
Step2: VLAN Routing Group : VLAN ID1(Port1 and Port2) and VLAN ID3(Port4) can access
Internet.
VLAN ID1(Port1 and Port2) and VLAN ID3 (Port3) can access each other.
5.2 VPN Setup
Application 1: Tablet PC or Smart Phone (Android or IOS System)
establishes PPTP tunnel with Embedded PPTP Server
For example:
BDE761AM-001 User Manual
112
WiFi Broadband BG
Select PPTP for VPN connection
Description: Give VPN a name for this connection
Server: Need the actual address or domain name. Here, please
entry “118.171.154.174”(refer to the status page) or domain name.
Account and Password: Entry the specified account and password.
RSA SecureID: Skip the item for PPTP Connection.
Connect to your VPN
BDE761AM-001 User Manual
113
WiFi Broadband BG
Application 2: Tablet PC or Smart Phone (Android System) establishesL2TP tunnel with
Embedded L2TP Server
To configure L2TP on the Android device:
Go to device's 'Settings > Wireless & Networks > VPN Settings > Add VPN'
and select "Add L2TP". The following window will appear:
In the opened window:
Give a VPN Name to your connection (i.e. MyVpn).
In "Set VPN server", provide your VPN‐1 server FQDN (DNS name) or IP address.
Here, please entry “118.171.154.174” (refer to the status page) or domain name
You will have to define a new password for it.
BDE761AM-001 User Manual
114
WiFi Broadband BG
Tap on menu to save changes.
The VPN Connection will be added to your VPN Settings configuration.
Connecting to the VPN Security Gateway: Go to device's 'Settings > Wireless & Networks > VPN
Settings' and select your VPN connection. The user name and Password screen appears. Enter
your credentials for authentication.
Important: We don't recommend using the L2TP option in Android due to security vulnerability
issues.
Application 3 : Tablet PC or Smart Phone (Android or IOS System)
Establishes L2TP tunnel with Embedded L2TP/ IPsec PSK VPN Server
To configure L2TP/IPsec PSK on the Gateway:
Go to Gateway's 'Settings >Advanced Network > Security > L2TP Sever
Enable L2TP over IPsec and enter Preshare Key”1234567890”
To configure L2TP/IPsec PSK on the Android device:
Select Wireless and Network or Wireless Controls, depending on your version of your device
Select VPN Settings
Select Add VPN
Select Add L2TP/IPsec PSK VPN
Select VPN Name and enter a descriptive name
Select Set VPN Server and enter a server hostname:
Here, please entry “118.171.154.174” (refer to the status
page)
Select Set IPSec pre‐shared key and enter "123456789"
Select Username and Password.
BDE761AM-001 User Manual
115
WiFi Broadband BG
5.3 Redundancy
VRRP Setup
The Configuration of Master:
The Configuration of Slave:
※ 254 is the highest Priority
The clients under Gateway Master or Salve will get IP information form Gateway.
BDE761AM-001 User Manual
116
WiFi Broadband BG
Appendix A. Licensing information
This product includes copyrighted third-party software licensed under the terms of the GNU General Public
License. Please refer to the GNU General Public License below to check the detailed terms of this license.
The following parts of this product are subject to the GNU GPL, and those software packages are copyright
by their respective authors.
Linux Kernel
GPLv2
Linux-2.6.21
busybox
GPLv2
busybox_1.3.2
bridge-utils
GPLv2
bridge-utils 1.1
udhcp server
GPLv2
udhcp-0.9.9
fdisk
GPLv2
util-linux 2.12q
mke2fs, e2fsck
GPLv2
e2fsprogs v1.40.2
samba
GNUv2
samba 3.0.20
wireless tools
GPLv2
wireless tools
vsfptd
GPLv2
vsftpd-2.0.3
Transmission
MIT Transmission-1.74
mt-daapd
GNUv2
mt-daapd-0.2.4
dnrd
GNUv2
DNRD-2.17
libcurl
cURL-7.19.6
OpenSSL
BSD openssl-1.00b3
ntfs-3g
GNUv2
ntfs-3g-2009.4.4
Zebra
GNUv2
zebra-0.95a
snmpd
CMU snmp-4.1.2
pptp
GNUv2
pptp-1.7.1
pppoe
GPLv2
pppoe-3.8
pppd
BSD ppp-2.4
l2tpd
GPLv2
l2tp-0.4
iptables
GNUv2
iptables-1.4.2
tc
GNUv2
iproute2-2.6.11
wget
GNU wget-1.7.1
udhcp client
Availability of source code
Please visit our web site or contact us to obtain more information.
BDE761AM-001 User Manual
117
WiFi Broadband BG
BDE761AM-001 User Manual
118
WiFi Broadband BG
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your freedom to share and change it. By contrast,
the GNU General Public License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This General Public License applies to most of
the Free Software Foundation's software and to any other program whose authors commit to using it. (Some
other Free Software Foundation software is covered by the GNU Library General Public License instead.)
You can apply it to your programs, too.
When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are
designed to make sure that you have the freedom to distribute copies of free software (and charge for this
service if you wish), that you receive source code or can get it if you want it, that you can change the
software or use pieces of it in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you
to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies
of the software, or if you modify it.
For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the
recipients all the rights that you have. You must make sure that they, too, receive or can get the source
code. And you must show them these terms so they know their rights.
We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives
you legal permission to copy, distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain that everyone understands that there is
no warranty for this free software. If the software is modified by someone else and passed on, we want its
recipients to know that what they have is not the original, so that any problems introduced by others will not
reflect on the original authors' reputations.
Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that
redistributors of a free program will individually obtain patent licenses, in effect making the program
proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use
or not licensed at all.
The precise terms and conditions for copying, distribution and modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains a notice placed by the copyright holder
saying it may be distributed under the terms of this General Public License. The "Program", below, refers to
any such program or work, and a "work based on the Program" means either the Program or any derivative
work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or
with modifications and/or translated into another language. (Hereinafter, translation is included without
limitation in the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not covered by this License; they are outside
its scope. The act of running the Program is not restricted, and the output from the Program is covered
only if its contents constitute a work based on the Program (independent of having been made by running
BDE761AM-001 User Manual
119
WiFi Broadband BG
the Program). Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any
medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright
notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of
any warranty; and give any other recipients of the Program a copy of this License along with the Program.
You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty
protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the
Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided
that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices stating that you changed the files and the
date of any change.
b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived
from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the
terms of this License.
c) If the modified program normally reads commands interactively when run, you must cause it, when
started running for such interactive use in the most ordinary way, to print or display an announcement
including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you
provide a warranty) and that users may redistribute the program under these conditions, and telling the
user how to view a copy of this License. (Exception: if the Program itself is interactive but does not
normally print such an announcement, your work based on the Program is not required to print an
announcement.)
These requirements apply to the modified work as a whole. If identifiable sections of that work are not
derived from the Program, and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those sections when you distribute them as
separate works. But when you distribute the same sections as part of a whole which is a work based on
the Program, the distribution of the whole must be on the terms of this License, whose permissions for other
licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you;
rather, the intent is to exercise the right to control the distribution of derivative or collective works based on
the Program.
In addition, mere aggregation of another work not based on the Program with the Program (or with a work
based on the Program) on a volume of a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or
executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be
distributed under the terms of Sections 1 and 2 above on a medium customarily used for software
interchange; or,
b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no
more than your cost of physically performing source distribution, a complete machine-readable copy of
the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a
medium customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer to distribute corresponding source code.
(This alternative is allowed only for noncommercial distribution and only if you received the program in
object code or executable form with such an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for making modifications to it. For an
executable work, complete source code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to control compilation and installation of the
executable. However, as a special exception, the source code distributed need not include anything that is
normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on)
of the operating system on which the executable runs, unless that component itself accompanies the
executable.
BDE761AM-001 User Manual
120
WiFi Broadband BG
If distribution of executable or object code is made by offering access to copy from a designated place, then
offering equivalent access to copy the source code from the same place counts as distribution of the source
code, even though third parties are not compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this
License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will
automatically terminate your rights under this License. However, parties who have received copies, or rights,
from you under this License will not have their licenses terminated so long as such parties remain in full
compliance.
5. You are not required to accept this License, since you have not signed it. However, nothing else grants
you permission to modify or distribute the Program or its derivative works. These actions are prohibited by
law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work
based on the Program), you indicate your acceptance of this License to do so, and all its terms and
conditions for copying, distributing or modifying the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically
receives a license from the original licensor to copy, distribute or modify the Program subject to these terms
and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted
herein. You are not responsible for enforcing compliance by third parties to this License.
7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not
limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise)
that contradict the conditions of this License, they do not excuse you from the conditions of this License. If
you cannot distribute so as to satisfy simultaneously your obligations under this License and any other
pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a
patent license would not permit royalty-free redistribution of the Program by all those who receive copies
directly or indirectly through you, then the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance
of the section is intended to apply and the section as a whole is intended to apply in other circumstances.
It is not the purpose of this section to induce you to infringe any patents or other property right claims or to
contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free
software distribution system, which is implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed through that system in reliance on
consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute
software through any other system and a licensee cannot impose that choice.
This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this
License.
8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by
copyrighted interfaces, the original copyright holder who places the Program under this License may add an
explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in
or among countries not thus excluded. In such case, this License incorporates the limitation as if written in
the body of this License.
9. The Free Software Foundation may publish revised and/or new versions of the General Public License
from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program specifies a version number of this
License which applies to it and "any later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free Software Foundation. If the Program
does not specify a version number of this License, you may choose any version ever published by the Free
Software Foundation.
10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are
different, write to the author to ask for permission. For software which is copyrighted by the Free Software
BDE761AM-001 User Manual
121
WiFi Broadband BG
Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision
will be guided by the two goals of preserving the free status of all derivatives of our free software and of
promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE
PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE
STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE
PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE.
THE ENTIRE RISK AS TO THE QUALITY AND
PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE,
YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY
COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE
PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT
OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF
SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
BDE761AM-001 User Manual
122
WiFi Broadband BG
This equipment has been tested and found to comply with the limits for a Class B digital
device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable
protection against harmful interference in a residential installation. This equipment generates,
uses and can radiate radio frequency energy and, if not installed and used in accordance with
the Instructions , may cause harmful interference to radio communications. However, there is
no guarantee that interference will not occur in a particular installation. If this equipment
does cause harmful interference to radio or television reception, which can be determined by
turning the equipment off and on, the user is encouraged to try to correct the interference by
one or more of the following measures:
‐Reorient or relocate the receiving antenna.
‐Increase the separation between the equipment and receiver.
‐Connect the equipment into an outlet on a circuit different from that to which the receiver is
connected.
‐Consult the dealer or an experienced radio/TV technician for help.
FCC Caution:
1. This device complies with Part 15 of the FCC rules/Industry Canada RSS 210 standard .
Operation is subject to the following two conditions:
(1) This device may not cause harmful interference, and
(2) This device must accept any interference received, including interference that may cause
undesired operation.
2. This device and its antenna(s) must not be co‐located or operating in conjunction with any
other antenna or transmitter.
3. Changes or modifications to this unit not expressly approved by the party responsible for
compliance could void the user authority to operate the equipment.
IMPORTANT NOTE : (For Mobile Device Configuration)
FCC Radiation Exposure Statement:
This equipment complies with FCC radiation exposure limits set forth for an uncontrolled
environment. This equipment should be installed and operated with minimum distance 20cm
between the radiator & your body.
END OF TERMS AND CONDITIONS
BDE761AM-001 User Manual
123
Source Exif Data:
File Type : PDF File Type Extension : pdf MIME Type : application/pdf PDF Version : 1.4 Linearized : No XMP Toolkit : 3.1-701 Producer : Acrobat Distiller 7.0 (Windows) Creator Tool : PScript5.dll Version 5.2 Modify Date : 2013:09:25 09:39:35+08:00 Create Date : 2013:09:17 14:08:02+08:00 Metadata Date : 2013:09:25 09:39:35+08:00 Format : application/pdf Title : Microsoft Word - 6_BDE761AM-001_Manual 檔大.doc Creator : Leah Document ID : uuid:7a83bc3e-4e4e-46f9-9f0e-4a36bd57c3e6 Instance ID : uuid:57265b3f-d03b-48ac-9d15-9f35fcdc469c Page Count : 123 Author : LeahEXIF Metadata provided by EXIF.tools