Billion Electric BIL-8700AXL Triple-WAN Wireless 1600 Mbps VPN VDSL2/ADSL2+ Firewall Router User Manual Part 1
Billion Electric Co., Ltd. Triple-WAN Wireless 1600 Mbps VPN VDSL2/ADSL2+ Firewall Router Part 1
Contents
- 1. User Manual Part 1
- 2. User Manual Part 2
User Manual Part 1
BiPAC 8700AX-1600 Triple-WAN Wireless 1600Mbps VPN VDSL2/ADSL2+ Firewall Router User Manual Version Released: 2.52.d1 Last revised date: March 20ˈ 2018 Table of Contents Chapter1:Introduction .................................................................................................................................. 1 IntroductiontoyourRouter..................................................................................................................... 1 Features ................................................................................................................................................... 3 VDSL2/ADSL2+Compliance....................................................................................................................................................................................3 NetworkProtocolsandFeatures...........................................................................................................................................................................4 Firewall............................................................................................................................................................................................................................ 4 QualityofServiceControl.........................................................................................................................................................................................5 ATMandPPPProtocols............................................................................................................................................................................................ 5 IPTVApplications.........................................................................................................................................................................................................5 WirelessLAN................................................................................................................................................................................................................. 5 VirtualPrivateNetwork(VPN)................................................................................................................................................................................5 USBApplicationServer..............................................................................................................................................................................................6 Management...............................................................................................................................................................................................................6 HardwareSpecifications .......................................................................................................................... 7 PhysicalInterface.........................................................................................................................................................................................................7 Chapter2:InstallingtheRouter...................................................................................................................... 8 PackageContents..................................................................................................................................... 8 Importantnoteforusingthisrouter ....................................................................................................... 9 DeviceDescription ................................................................................................................................. 10 TheFrontLEDs...........................................................................................................................................................................................................10 TheRearPorts............................................................................................................................................................................................................11 Cabling.................................................................................................................................................... 13 Chapter3:BasicInstallation ......................................................................................................................... 14 ConnectingYourRouter......................................................................................................................... 15 NetworkConfiguration .......................................................................................................................... 16 ConfiguringaPCinWindows7/8/10...............................................................................................................................................................16 ConfiguringaPCinWindowsVista......................................................................................................................................................................19 ConfiguringaPCinWindowsXP..........................................................................................................................................................................22 FactoryDefaultSettings......................................................................................................................... 24 InformationfromyourISP ..................................................................................................................... 26 EasySignOn(EZSO) ...................................................................................................................................... 27 Chapter4:Configuration .............................................................................................................................. 32 ConfigurationviaWebInterface............................................................................................................ 32 Status ..................................................................................................................................................... 34 Summary.....................................................................................................................................................................................................................35 WAN..............................................................................................................................................................................................................................36 Statistics........................................................................................................................................................................................................................37 LAN........................................................................................................................................... 37 WANService............................................................................................................................. 38 xTM .......................................................................................................................................... 38 xDSL.......................................................................................................................................... 39 BandwidthUsage......................................................................................................................................................................................................42 LAN........................................................................................................................................... 42 WANService............................................................................................................................. 44 Route.............................................................................................................................................................................................................................46 ARP.................................................................................................................................................................................................................................47 DHCP.............................................................................................................................................................................................................................48 VPN................................................................................................................................................................................................................................49 IPSec ......................................................................................................................................... 49 PPTP ......................................................................................................................................... 50 L2TP.......................................................................................................................................... 51 OpenVPN.................................................................................................................................. 52 GRE........................................................................................................................................... 53 Log..................................................................................................................................................................................................................................54 SystemLog ............................................................................................................................... 54 SecurityLog.............................................................................................................................. 55 QuickStart.............................................................................................................................................. 56 QuickStart....................................................................................................................................................................................................................56 Configuration ......................................................................................................................................... 61 LANͲLocalAreaNetwork......................................................................................................................................................................................62 Ethernet ................................................................................................................................... 62 IPv6Autoconfig ........................................................................................................................ 65 InterfaceGrouping ................................................................................................................... 69 LANVLANSetting..................................................................................................................... 72 EthPortControl........................................................................................................................ 73 Wireless5G(wl0)&2.4G(Wl1)..............................................................................................................................................................................74 Basic ......................................................................................................................................... 75 Security .................................................................................................................................... 77 MACFilter ................................................................................................................................ 88 WirelessBridge ........................................................................................................................ 89 Advanced................................................................................................................................ 106 StationInfo............................................................................................................................. 111 ScheduleControl .................................................................................................................... 112 WANͲWideAreaNetwork.................................................................................................................................................................................113 WANService........................................................................................................................... 113 DSL................................................................................................................................... 113 Ethernet .......................................................................................................................... 125 Failover................................................................................................................................... 132 DSL.......................................................................................................................................... 133 SNR ......................................................................................................................................... 134 System.......................................................................................................................................................................................................................135 InternetTime ......................................................................................................................... 135 FirmwareUpgrade ................................................................................................................. 136 Backup/Update .................................................................................................................... 137 AccessControl........................................................................................................................ 138 MailAlert ............................................................................................................................... 139 SMSAlert................................................................................................................................ 140 ConfigureLog ......................................................................................................................... 141 USB..............................................................................................................................................................................................................................142 StorageDeviceInfo ................................................................................................................ 142 UserAccount.......................................................................................................................... 143 PrintServer ............................................................................................................................ 148 DLNA ...................................................................................................................................... 153 IPTunnel....................................................................................................................................................................................................................155 IPv6inIPv4............................................................................................................................... 155 IPv4inIPv6............................................................................................................................... 157 Security......................................................................................................................................................................................................................158 IPFilteringOutgoing .............................................................................................................. 158 IPFilteringIncoming .............................................................................................................. 161 MACFiltering ......................................................................................................................... 163 BlockingWANPING ............................................................................................................... 164 TimeRestriction ..................................................................................................................... 165 URLFilter................................................................................................................................ 167 ParentalControlProvider....................................................................................................... 170 QoSͲQualityofService........................................................................................................................................................................................171 QualityofService ................................................................................................................... 171 QoSPortShaping ................................................................................................................... 176 NAT.............................................................................................................................................................................................................................177 ExceptionalRuleGroup.......................................................................................................... 177 VirtualServers........................................................................................................................ 178 DMZHost ............................................................................................................................... 182 OneͲtoͲOneNAT..................................................................................................................... 183 PortTriggering........................................................................................................................ 184 ALG ......................................................................................................................................... 187 WakeOnLAN..........................................................................................................................................................................................................188 VPN....................................................................................................................................................... 189 IPSec............................................................................................................................................................................................................................189 VPNAccount............................................................................................................................................................................................................199 ExceptionalRuleGroup........................................................................................................................................................................................200 PPTP............................................................................................................................................................................................................................202 PPTPServer ............................................................................................................................ 202 PPTPClient ............................................................................................................................. 203 L2TP............................................................................................................................................................................................................................215 L2TPServer ............................................................................................................................ 215 L2TPClient ............................................................................................................................. 217 OpenVPN..................................................................................................................................................................................................................232 OpenVPNServer .................................................................................................................... 232 OpenVPNCA .......................................................................................................................... 234 OpenVPNClient ..................................................................................................................... 235 GRE..............................................................................................................................................................................................................................242 AdvancedSetup ................................................................................................................................... 243 Routing.......................................................................................................................................................................................................................244 DefaultGateway..................................................................................................................... 244 StaticRoute ............................................................................................................................ 245 PolicyRouting......................................................................................................................... 247 RIP .......................................................................................................................................... 248 DNS.............................................................................................................................................................................................................................249 DNS......................................................................................................................................... 249 DynamicDNS.......................................................................................................................... 251 DNSProxy............................................................................................................................... 254 StaticDNS............................................................................................................................... 255 StaticARP..................................................................................................................................................................................................................256 UPnP...........................................................................................................................................................................................................................257 Certificate..................................................................................................................................................................................................................263 TrustedCA .............................................................................................................................. 263 Multicast....................................................................................................................................................................................................................266 Management..........................................................................................................................................................................................................269 SNMPAgent ........................................................................................................................... 269 TRͲ069Client......................................................................................................................... 270 HTTPPort ............................................................................................................................... 272 RemoteAccess ....................................................................................................................... 273 PowerManagement............................................................................................................... 274 TimeSchedule........................................................................................................................ 275 AutoReboot ........................................................................................................................... 276 Diagnostics................................................................................................................................................................................................................277 DiagnosticsTools.................................................................................................................... 277 PushService ........................................................................................................................... 280 Diagnostics ............................................................................................................................. 281 EthernetOAM ........................................................................................................................ 282 Restart.................................................................................................................................................. 283 Chapter5:Troubleshooting ........................................................................................................................ 284 Appendix:ProductSupport&Contact ....................................................................................................... 286 Chapter 1: Introduction Introduction to your Router The Billion BiPAC 8700AX-1600 is a multi-service VDSL2 router featuring fiber-ready triple-WAN VDSL2 supports backward compatibility to ADSL2+for a longer reach distance, an all-in-one advanced device including concurrent dual-band 802.11ac (5GHz) 1300Mbps and 802.11n (2.4GHz) 300Mbps, Gigabit Ethernet, and NAS (Network Attached Storage) in one unit. As well as being IPv6-capable, the BiPAC 8700AX-1600 VDSL2 router supports super-ast fiber connections via a Gigabit Ethernet WAN port. It also has one USB port, allowing the device to act as a NAS (Network Attached Storage) device with DLNA (Digital Living Network Alliance) and FTP (File Transfer Protocol) access. With an array of advanced features, the Billion BiPAC 8700AX-1600 delivers a future-proof solution for VDSL2 connections, super-fast FTTC and ultra-speed FTTH (Fiber-To-The-Home) network deployment and services. Flexible Deployment Options The BiPAC 8700AX-1600 provides users with flexible, scalable deployment options optimized to both reduce costs and provide the longest possible lifespan for the investment. The BiPAC 8700AX-1600 integrates triple WAN options; a VDSL2/ADSL2+ interface, a 10/100/1000 Ethernet WAN interface which can be used for broadband connectivity to any other Ethernet broadband device. Operators can now deploy one device to support current and future network migration. Maximum wireless performance Featured with simultaneous dual-band technology, the BiPAC 8700AX-1600 can run both 2.4GHz and 5GHz frequency bands at the same time, offering ultra-fast wireless speeds of up to 1600Mbps (1300+300 )and multiple SSIDs on both bands. The BiPAC 8700AX-1600, by adopting this state-of-the-art technology, allows for multiple-demand applications, such as streaming HD videos and multiplayer gaming simultaneously. The Wireless Protected Access (WPA-PSK/WPA2-PSK) and Wireless Encryption Protocol (WEP) features enhance the level of transmission security and access control over wireless LAN. The router also supports the Wi-Fi Protected Setup (WPS) standard, allowing users to establish a secure wireless network by simply pushing a button. If your network requires wider coverage, the built-in Wireless Distribution System (WDS) repeater function allows you to expand your wireless network without the need for any external wires or cables. Experience Gigabit WAN The BiPAC 8700AX-1600 has one Gigabit WAN port. This WAN offers broadband connectivity option for connecting to a cable, DSL, fibre modem. The BiPAC 8700AX-1600 again offers users convenience and optimal network performance with data rates reaching up to 1Gbps. Pathway to the Future IPv6 (Internet Protocol Version 6), launched as the current IPv4 is getting filled up, gradually becomes the indispensible addressing system for the savvy cloud computing users. Equipped with IPv6, the BiPAC 8700AX-1600 eagerly provides users a better working environment to work with, a shortcut to upgrade and a more efficient solution to save budget. For the customers during this transition period, dual stack (IPv4 and IPv6) feature enables the hosts a convenient way to reserve both address to smooth over this coexistent period. Web Based GUI It supports web based GUI for configuration and management. It is user-friendly and comes with online help. It also supports remote management capability for remote users to configure and manage this product. Firmware Upgradeable Device can be upgraded to the latest firmware through the WEB based GUI. Features • Compliant with all ADSL2+/VDSL2 standards • IPv6 ready (IPv4/IPv6 dual stack) • WAN approach – VDSL2/ADSL2+, and Ethernet WAN for Broadband Connectivity • Ethernet: 5-port 10/100/1000M auto-crossover (MDI/MDI-X) switch • 1-port Gigabit WAN (EWAN) port for broadband connectivity, also servers as a LAN port • USB port for NAS, DLNA media server • Compliant with IEEE 802.11a/b/g/n/ac standards • Simultaneous dual-band Wireless 1300Mbps (5GHz) and 300Mbps (2.4GHz) • WPS (Wi-Fi Protected Setup) for easy setup • Wireless security with WPA-PSK/WPA2-PSK • Supports WDS repeater function • Multiple wireless SSIDs with wireless guest access and client isolation • Secured IPSec VPN with powerful DES/ 3DES/ AES • PPTP VPN with Pap/ Chap/ MS-CHAPv2 authentication • Pure L2TP and L2TP over IPSec OpenVPN with CA authentication and extensive OpenSSL encryption • GRE tunnel • SNR adjustments to achieve highest sync speeds • Universal Plug and Play (UPnP) Compliance • QoS for traffic prioritization and bandwidth management • SOHO firewall security • Auto failover and failback • Supports IPTV application*2 • Ease of use with quick installation wizard (EZSO) • Ideal for Home and SOHO users VDSL2/ADSL2+ Compliance • Compliant with xDSL Standard - ITU-T G.993.2 (VDSL2) - ITU-T G.998.4 (G.inp) - ITU-T G.993.5 (G.vector) - ITU-T G.992.5 (G.dmt.bis plus, Annex M ) (ADSL2+ Annex M, available for BiPAC 8700AX-1600 A model only) ITU-T G.992.3 (G.dmt.bis, Annex M, ADSL2 Annex M, available for BiPAC 8700AX-1600 A model only) - Full-rate ANSI T1.413 Issue 2 - ITU-T G.992.1 (G.dmt) - ITU-T G.992.2 (G.lite) - ITU-T G.994.1 (G.hs) • Supports VDSL2 band plan: 997 and 998 • ADSL/2/2+ fallback modes • Supports VDSL2 profiles: 8a, 8b, 8c, 8d, 12a, 12b, 17a • Supports ATM and PTM modes Network Protocols and Features • IPv4 or IPv4 / IPv6 Dual Stack • NAT, static (v4/v6) routing and RIP-1 / 2 • IPv6 Stateless / Stateful Address Auto-configuration • IPv6 Router Advertisement • IPv6 over PPP • DHCPv6 • IP Tunnel IPv6 in IPv4(6RD) • IP Tunnel IPv4 in IPv6(DS-Lite) • Universal Plug and Play (UPnP) Compliant • Dynamic Domain Name System (DDNS) • Virtual Server, DMZ • SNTP, DNS relay, IGMP snooping and IGMP proxy for video service • MLD snooping and MLD proxy for video service • Management based-on IP protocol, port number and address • Support port-based Interface Grouping (VLAN) Firewall • Built-in NAT Firewall • Stateful Packet Inspection (SPI) • DoS attack prevention • MAC Filter • URL Content Filtering (v4/v6) – string or domain name detection in URL string • Remote access control for web base access • Packet filtering (v4/v6) - port, source IP address, destination IP address, MAC address • URL content filtering (v4/v6) - string or domain name detection in URL string • MAC filtering • Password protection for system management Quality of Service Control • Supports the DiffServ approach • Traffic prioritization and bandwidth management based-on IPv4/IPv6 protocol, port number and address ATM and PPP Protocols • ATM Adaptation Layer Type 5 (AAL5) • Multiple Protocol over ALL5 (RFC 268, formerly RFC 1483) • Bridged or routed Ethernet encapsulation • VC and LLC based multiplexing • PPP over Ethernet (PPPoE) • PPP over ATM (RFC 2364) • Classical IP over ATM (RFC 1577) • MAC Encapsulated Routing (RFC 1483 MER) • OAM F4 / F5 IPTV Applications*2 • IGMP Snooping and IGMP Proxy • MLD Snooping and MLD Proxy • Interface Grouping (VLAN) • Quality of Service (QoS) Wireless LAN • Compliant with IEEE 802.11 a/ b/ g/ n/ac standards • 2.4 GHz and 5GHz frequency range • Up to 300+1300 Mbps wireless operation rate • 64 / 128 bits WEP supported for encryption • WPS (Wi-Fi Protected Setup) for easy setup • Supports WPS v2 • Wireless Security with WPA-PSK / WPA2-PSK support • Multiple wireless SSIDs with wireless guest access and client isolation • WDS repeater function support Virtual Private Network (VPN) • IKE key management • DES, 3DES and AES encryption for IPSec • L2TP over IPSec • Pap/ Chap/ MS-CHAPv2 authentication for PPTP • IPSec pass-through • OpenVPN with CA authentication and extensive OpenSSL encryption • GRE tunnel USB Application Server • Storage/NAS: FTP server, samba server, DLNA media server • Printer Server Management • Easy Sign-on (EZSO) • Web-based GUI for remote and local management (IPv4/IPv6) • Firmware upgrades and configuration data upload and download via web-based GUI • Embedded Telnet server for remote and local management • Supports DHCP server / client / relay • Supports SNMP v1,v2, MIB-I and MIB-II • TR-069*1 supports remote management • Available Syslog • Mail alert for WAN IP changed • Auto failover and fallback • Push Service for diagnostics and debug usage 1. On request for Telco / ISP projects 2. IPTV application may require subscription to IPTV services from a Telco / ISP. 3. Specifications on this datasheet are subject to change without prior notice. Hardware Specifications Physical Interface • WLAN antennas: 3 external antennas for 5G and 2 internal antennas for 2.4G • DSL: VDSL/ADSL port • Ethernet: 5-port 10/100/1000Mbps auto-crossover (MDI / MDI-X) Switch • EWAN: 1 Gigabit Ethernet port (port#5) for connecting directly to Fiber/ xDSL/ Cable modem, also serving as a Ethernet port#5 when not in EWAN use. It is a LAN/WAN configurable port. • USB 2.0 supports storage service • Wireless on/off and WPS push button • Power jack • Power switch • Factory default reset button Chapter 2: Installing the Router Package Contents • BiPAC 8700AX-1600 Triple-WAN Wireless 1600Mbps (VPN) VDSL2/ADSL2+ Firewall Router • Vertical Stand • Quick Start Guide • CD containing the on-line manual • Three detachable external Wi-Fi Antennas for 5G • RJ-45 Cat. 5e STP Ethernet cable • RJ-11 telephone cable • Power adapter • Splitter / Micro-filter (Optional) Important note for using this router 1. Do not use the router in high humidity or high temperatures. 2. Do not use the same power source for the router as other equipment. 3. Do not open or repair the case yourself. If the router is too hot, turn off the power immediately and have it repaired at a qualified service center. 4. Avoid using this product and all accessories outdoors. Warning 1. Place the router on a stable surface. 2. Only use the power adapter that comes with the package. Using a different voltage rating power adapter may damage the router. Attention Device Description The Front LEDs LED Status Meaning Red Boot failure or in emergency mode Green System ready Green Successfully connected to a LAN device Off Data being transmitted / received Green Wireless enabled (either 2.4G or 5G wireless). Blinking Data being transmitted / received. Green Blinking WPS is enabled and trying to establish a WPS connection. Off WPS process completed or WPS is off. Green Successfully connected to a USB device (Printer, USB 2.0 storage,) Green Successfully connected to an Ethernet device or to a broadband device. Blinking Data being transmitted / received Green Successfully connected to an xDSL DSLAM (Line Synced) Green Blinking xDSL synchronizing or waiting for DSL synchronizing Off xDSL cable unplugged Green IP connected and traffic is passing through the device Blinking Data being transmitted / received Red The router fails to obtain and IP. Off The router is either in bridged mode or WAN/DSL connection is not ready POWER LAN1~4 WLAN(2.4G / 5G) WPS USB WAN DSL Internet 10 The Rear Ports 11 Port Meaning POWER Connect the supplied Power Adapter to this port. ON/OFF Power ON/OFF switch Gigabit WAN Connect to Fibre/ Cable/ xDSL Modem with a RJ-45 cable, for broadband connectivity * Note: this port is a LAN/WAN configurable port. LAN1~4 Connect a STP Ethernet cable to one of the four LAN ports when connecting to a PC or an office/home network of 10Mbps /100Mbps /1000Mbps USB Connect the USB device (Printer, USB 2.0 storage) to this port. DSL Connect to the xDSL/ telephone network with RJ-11 cable(telephone) WPS Press & hold the button for 2 seconds to trigger WPS function * For WPS configuration, please refer to the WPS section in the User Manual. WLAN Press & hold the button for more than 6 seconds to enable/disable wireless Reset Push and hold the reset button for 5 seconds to restore to its factory default settings (this is used when you cannot login to the router, e.g. forgot your password). WiFi Antennas 3 Fixed antennas for 5G. 12 Cabling One of the most common causes of problems is bad cabling or ADSL line(s). Make sure that all connected devices are turned on. On the front panel of your router is a bank of LEDs. Verify that the LAN Link and ADSL line LEDs are all lit. If they are not, verify if you are using the proper cables. If the error persists, you may have a hardware problem. In this case, you should contact technical support. Make sure you have a line filter with all devices (e.g. telephones, fax machines, analogue modems) connected to the same telephone line and the wall socket (unless you are using a Central Splitter or Central Filter installed by a qualified and licensed electrician), and ensure that all line filters are correctly installed and the right way around. Missing line filters or line filters installed the wrong way around can cause problems with your ADSL connection, including causing frequent disconnections. If you have a back-to-base alarm system you should contact your security provider for a technician to make any necessary changes. 13 Chapter 3: Basic Installation The router can be configured through your web browser. A web browser is included as a standard application in the following operating systems: Linux, Mac OS / Windows 10/ Windows 8, Windows 7 / XP / Vista, etc. The product provides an easy and user-friendly interface for configuration. Please check your PC network components. The TCP/IP protocol stack and Ethernet network adapter must be installed. If not, please refer to your Windows-related or other operating system manuals. There are ways to connect the router, either through an external repeater hub or connect directly to your PCs. However, make sure that your PCs have an Ethernet interface installed properly prior to connecting the router device. You ought to configure your PCs to obtain an IP address through a DHCP server or a fixed IP address that must be in the same subnet as the router. The default IP address of the router is 192.168.1.254 and the subnet mask is 255.255.255.0 (i.e. any attached PC must be in the same subnet, and have an IP address in the range of 192.168.1.1 to 192.168.1.253). The best and easiest way is to configure the PC to get an IP address automatically from the router using DHCP. If you encounter any problem accessing the router web interface it is advisable to uninstall your firewall program on your PCs, as they can cause problems accessing the IP address of the router. Users should make their own decisions on what is best to protect their network. Please follow the following steps to configure your PC network environment. Any TCP/IP capable workstation can be used to communicate with or through this router. To configure other types of workstations, please consult your manufacturer documentation. 14 Connecting Your Router Users can connect the VDSL2/ADSL2+ router as the following. DSL mode Broadband mode 15 Network Configuration Configuring a PC in Windows 7/ 8/ 10 1. For Windows 7/8, go to Start. Click on Control Panel. 2. For Windows 10, Users can click Start then click on Settings; or right click the mouse when it points at Windows ICON (Start), then click Control Panel. Settings of Windows 10 3. Click on Network and Internet. Control Panel 4. When the Network and Sharing Center window pops up, select and click on Change adapter settings on the left window panel. 5. Select the Local Area Connection, and right click the icon to select Properties. 16 IPv4: 6. Select Internet Protocol Version 4 (TCP/IPv4) then click Properties 7. In the TCP/IPv4 properties window, select the Obtain an IP address automatically and Obtain DNS Server address automatically radio buttons. Then click OK to exit the setting. 8. Click OK again in the Local Area Connection Properties window to apply the new configuration. 17 IPv6: 6. Select Internet Protocol Version 6 (TCP/IPv6) then click Properties 7. In the TCP/IPv6 properties window, select the Obtain an IPv6 address automatically and Obtain DNS Server address automatically radio buttons. Then click OK to exit the setting. 8. Click OK again in the Local Area Connection Properties window to apply the new configuration. 18 Configuring a PC in Windows Vista 1. Go to Start. Click on Network. 2. Then click on Network and Sharing Center at the top bar. 3. When the Network and Sharing Center window pops up, select and click on Manage network connections on the left window pane. 4. Select the Local Area Connection, and right click the icon to select Properties. 19 IPv4: 5. Select Internet Protocol Version 4 (TCP/IPv4) then click Properties. 6. In the TCP/IPv4 properties window, select the Obtain an IP address automatically and Obtain DNS Server address automatically radio buttons. Then click OK to exit the setting. 7. Click OK again in the Local Area Connection Properties window to apply the new configuration. 20 IPv6: 5. Select Internet Protocol Version 6 (TCP/IPv6) then click Properties. 6. In the TCP/IPv6 properties window, select the Obtain an IPv6 address automatically and Obtain DNS Server address automatically radio buttons. Then click OK to exit the setting. 7. Click OK again in the Local Area Connection Properties window to apply the new configuration. 21 Configuring a PC in Windows XP IPv4: 1. Go to Start / Control Panel (in Classic View). In the Control Panel, double-click on Network Connections 2. Double-click Local Area Connection. 3. In the Local Area Connection Status window, click Properties. 4. Select Internet Protocol (TCP/IP) and click Properties. 5. Select the Obtain an IP address automatically and the Obtain DNS server address automatically radio buttons. 6. Click OK to finish the configuration. 22 IPv6: IPv6 is supported by Windows XP, but you should install it first. Act as shown below: 1. On the desktop, Click Start > Run, type cmd, then press Enter key in the keyboard, the following screen appears. 2. Key in command ipv6 install Configuration is OK now, you can test whether it works ok. 23 Factory Default Settings Before configuring your router, you need to know the following default settings. Web Interface (Username and Password) Three user levels are provided by this router, namely Administrator, Remote and Local respectively. See Access Control . Administrator Username: admin Password: admin Local Username: user Password: user Remote Username: support Password: support If you have forgotten the username and/or password of the router, you can restore the device to its default setting by pressing the Reset Button more than 5 seconds. Attention Device LAN IPv4 settings IPv4 Address: 192.168.1.254 Subnet Mask: 255.255.255.0 Device LAN IPv6 settings IPv6 Address / prefix: Default is a link-local address and is different from each other as MAC address is different from one to one. For example: fe80:0000:0000:0000:0204:edff:fe01:0001 / 64, the prefix initiates by fe80:: DHCP server for IPv4 DHCP server is enabled. Start IP Address: 192.168.1.254 IP pool counts: 100 24 LAN and WAN Port Addresses The parameters of LAN and WAN ports are pre-set in the factory. The default values are shown in the table. IPv4 LAN Port IPv4 address Subnet Mask DHCP server function IP addresses for distribution to PCs WAN Port 192.168.1.254 255.255.255.0 Enabled 100 IP addresses continuing from 192.168.1.100 through 192.168.1.199 The PPPoE function is enabled to automatically get the WAN port configuration from the ISP. IPv6 LAN Port IPv6 address/prefix WAN Port Default is a link-local address and is different from each other as MAC The PPPoE function is address is different from one to one. enabled to automatically get For example : the WAN port configuration from the ISP. fe80::204:edff:fe01:1/64, the prefix initiates by fe80:: DHCP server function Enabled 25 Information from your ISP Before configuring this device, you have to check with your ISP (Internet Service Provider) to find out what kind of service is provided. Gather the information as illustrated in the following table and keep it for reference. PPPoE(RFC2516) VPI/VCI, VC / LLC-based multiplexing, Username, Password, Service Name, and Domain Name System (DNS) IP address (it can be automatically assigned by your ISP when you connect or be set manually). PPPoA(RFC2364) VPI/VCI, VC / LLC-based multiplexing, Username, Password and Domain Name System (DNS) IP address (it can be automatically assigned by your ISP when you connect or be set manually). DHCP Client VPI/VCI, VC / LLC-based multiplexing, Domain Name System (DNS) IP address (it can be automatically assigned by your ISP when you connect or be set manually). IPoA(RFC1577) VPI/VCI, VC / LLC-based multiplexing, IP address, Subnet mask, Gateway address, and Domain Name System (DNS) IP address (it is a fixed IP address). Pure Bridge VPI/VCI, VC / LLC-based multiplexing to use Bridged Mode. 26 Easy Sign On (EZSO) This special feature makes it easier for you to configure your router so that you can connect to the internet in a matter of seconds without having to logon to the router GUI for any detail configuration. This configuration method is usually auto initiated if user is to connect to the internet via Billion's router for the first time. After setting up the router with all the appropriate cables plugged-in, open up your IE browser, the EZSO WEB GUI will automatically pop up and request that you enter some basic information that you have obtained from your ISP. By following the instructions given carefully and through the information you provide, the router will be configured in no time and you will find yourself surfing the internet sooner than you realize. EZSO window pops up: Step1: Set the administration password. Step 2: Set the Time Zone. Step 3: Configure the WAN interface. DSL mode (ADSL mode, please choose ATM; VDSL, please choose PTM) Here take ADSL for example. Before configuring with DSL mode, please confirm you have correctly connected the DSL line, and it is now synchronized. Select DSL, press Continue to go on to next step, press “Done” to quit the setting. 1. Enter the username, password from your ISP, for IP and DNS settings; also refer to your ISP. Here IPv6 service is enabled by default. 27 If the DSL line doesn’t synchronize, the page will pop up warning of the DSL connection failure. 3. Wait while the device is configured (DSL synchronized). 4. WAN port configuration is success and next to wireless, if you want skip wireless setting, click Done. Click Done, web configuration will be loaded, you will enter the web configuration page. 28 5. After the configuration is successful, click Next to Wireless button and you may proceed to configure the Wireless setting. The 8700AX-1600 supports dual-band wireless, here you can set to activate wireless on which band or both and set the SSID and encryption Key. (1. Leave it empty to disable the wireless security; 2. Fill in the Key, and the encryption mode will be WPA2-PSK/AES). 6. Continue to set 2.4GHz wireless. 7. Success in configuring the EZSO. 29 Ethernet mode 1. Select Ethernet, press Continue to go on to next step. 2. Enter the username, password from your ISP, for IP and DNS settings, also refer to your ISP. Here IPv6 service is enabled by default. 3. Wait while the device is configured. 4. WAN port configuration is success. Click Done, web configuration will be loaded, you will enter the web configuration page. 30 5. After the configuration is successful, click Next to Wireless button and you may proceed to configure the Wireless setting. The 8700AX-1600 supports dual-band wireless, here you can set to activate wireless on which band or both and set the SSID and encryption Key (1. Leave it empty to disable the wireless security; 2. Fill in the Key, and the encryption mode will be WPA2-PSK/AES). 6. Continue to set 2.4GHz wireless. 7. Success in configuring the EZSO. 31 Chapter 4: Configuration Configuration via Web Interface Open your web browser; enter the IP address of your router, which by default is 192.168.1.254, and click or press ‘Enter’ key on the keyboard, a login prompt window will appear. The default root username and password are “admin” and “admin” respectively. Congratulations! You are now successfully logged in to the VDSL2/ADSL2+ Router! 32 Once you have logged on to your BiPAC 8700AX-1600 Router via your web browser, you can begin to set it up according to your requirements. On the configuration homepage, the left navigation pane links you directly to the setup pages, which include: Status (Summary, WAN, Statistics, Bandwidth Usage, Route, ARP, DHCP, VPN, Log) Quick Start (Quick Start) Configuration (LAN, Wireless 5G(wl0), Wireless 2.4G(wl1), WAN, System, USB, IP Tunnel, Security, Quality of Service, NAT, Wake On LAN) VPN (IPSec, VPN Account, Exceptional Rule Group, PPTP, L2TP, OpenVPN, GRE) Advanced Setup (Routing, DNS, Static ARP, UPnP, Certificate, Multicast, Management, Diagnostics) 33 Status This Section gives users an easy access to the information about the working router and access to view the current status of the router. Here Summary, WAN, Statistics, Bandwidth Usage, Route, ARP, DHCP, VPN and Log subsections are included. 34 Summary The basic information about the device is provided here (the following is a configured screenshots to let users understand clearly). Device Information Model Name: Displays the model name. Host Name: Displays the name of the router. System Up-Time: Displays the elapsed time since the device is on. Date/Time: Displays the current exact date and time. Sync button is to synchronize the Date/Time with your PC time without regard to connecting to internet or not. Software Version: Firmware version. LAN IPv4 Address: Displays the LAN IPv4 address. LAN IPv6 Address: Displays the LAN IPv6 address. Default is a Link-Local address, but when connects to ISP, it will display the Global Address, like above figure. MAC Address: Displays the MAC address. DSL PHY and Driver Version: Display DSL PHY and Driver version. Wireless Driver Version: Displays wireless driver version. WAN Line Rate – Upstream (Kbps): Displays Upstream line Rate in Kbps. Line Rate – Downstream (Kbps): Displays Downstream line Rate in Kbps. Default Gateway/IPv4 Address: Display Default Gateway and the IPv4 address. Connection Time: Displays the elapsed time since ADSL connection is up. Primary DNS Server: Displays IPV4 address of Primary DNS Server. Secondary DNS Server: Displays IPV4 address of Secondary DNS Server. Default IPv6 Gateway/IPv6 Address: Display the IPv6 Gateway and the obtained IPv6 address. 35 WAN This table displays the information of the WAN connections, users can turn here for WAN connection information. Interface: The WAN connection interface. Description: The description of this connection. Type: The protocol used by this connection. Status: To disconnect or connect the link. Connection Time: The WAN connection time since WAN is up. IPv4 Address: The WAN IPv4 Address the device obtained. IPv6 Address: The WAN IPv6 Address the device obtained. DNS: The DNS address the device obtained. 36 Statistics LAN The table shows the statistics of LAN. Note: P5 is a configurable WAN/LAN port. Interface: List each LAN interface. P1-P4 indicates the LAN interfaces (P5/WAN can work as a LAN port). Bytes: Display the total Received and Transmitted traffic statistics in Bytes for each interface. Packets: Display the total Received and Transmitted traffic statistics in Packets for each interface. Errors: Display the total statistics of errors arising in Receiving or Transmitting data for each interface. Drops: Display the total statistics of drops arising in Receiving or Transmitting data for each interface. Multicast (packets): Display the Received and Transmitted multicast Packets for each interface. Unicast (packets): Display the Received and Transmitted unicast Packets for each interface. Broadcast (packets): Display the Received and Transmitted broadcast Packets for each interface. Reset: Press this button to refresh the statistics. 37 WAN Service The table shows the statistics of WAN. Interface: Display the connection interface. Description: The description for the connection. Bytes: Display the Received and Transmitted traffic statistics in Bytes for every WAN interface. Packets: Display the Received and Transmitted traffic statistics in Packests for every WAN interface. Errors: Display the statistics of errors arising in Receiving or Transmitting data for every WAN interface. Drops: Display the statistics of drops arising in Receiving or Transmitting data for every WAN interface. Multicast (packets): Display the Received and Transmitted multicast Packets for every WAN interface. Unicast (packets): Display the Received and Transmitted unicast Packets for every WAN interface. Broadcast (packets): Display the Received and Transmitted broadcast Packets for every WAN interface. Reset: Press this button to refresh the statistics. xTM The Statistics-xTM screen displays all the xTM statistics Port Number: Shows number of the port for xTM. In Octets: Number of received octets over the interface. Out Octets: Number of transmitted octets over the interface. In Packets: Number of received packets over the interface. Out Packets: Number of transmitted packets over the interface. In OAM Cells: Number of OAM cells received. Out OAM Cells: Number of OAM cells transmitted. 38 In ASM Cells: Number of ASM cells received. Out ASM Cells: Number of ASM cells transmitted. In Packet Errors: Number of received packets with errors. In Cell Errors: Number of received cells with errors. Reset: Click to reset the statistics. xDSL Mode: Modulation protocol, including G.dmt, G.lite, T1.413, ADSL2, AnnexL, ADSL2+ and AnnexM. Traffic Type: Transfer mode, here supports ATM and PTM. Status: Show the status of DSL link. Link Power State: Show link output power state. 39 Line Coding (Trellis): Trellis on/off. SNR Margin (dB): Show the Signal to Noise Ratio(SNR) margin. Attenuation (dB): This is estimate of average loop attenuation of signal. Output Power (dBm): Show the output power. Attainable Rate (Kbps): The sync rate you would obtain. Rate (Kbps): Show the downstream and upstream rate in Kbps. MSGc (#of bytes in overhead channel message): The number of bytes in overhead channel message. B (# of bytes in Mux Data Frame): The number of bytes in Mux Data frame. M (# of Mux Data Frames in FEC Data Frame): The number of Mux Data frames in FEC frame. T (Mux Data Frames over sync bytes): The number of Mux Data frames over all the sync bytes. R (# of check bytes in FEC Data Frame): The number of check bytes in FEC frame. S (ratio of FEC over PMD Data Frame length): The ratio of FEC over PMD Data frame length L (# of bits in PMD Data Frame): The number of bit in PMD Data frame D (interleaver depth): Show the interleaver depth. Delay (msec): Show the delay time in msec. INP (DMT symbol): Show the DMT symbol. Super Frames: The total number of super frames. Super Frame Errors: the total number of super frame errors. RS Words: Total number of Reed-Solomon code errors. RS Correctable Errors: Total number of RS with correctable errors. RS Uncorrectable Errors: Total number of RS words with uncorrectable errors. HEC Errors: Total number of Header Error Checksum errors. OCD Errors: Total number of out-of-cell Delineation errors. LCD Errors: Total number of Loss of Cell Delineation. Total Cells: Total number of cells. Data Cells: Total number of data cells. Bit Errors: Total number of bit errors. Total ES: Total Number of Errored Seconds. Total SES: Total Number of Severely Errored Seconds. Total UAS: Total Number of Unavailable Seconds. xDSL BER Test: Click this button to start a bit Error Rate Test. The ADSL Bit Error Rate (BER) test determines the quality of the ADSL connection. The test is done by transferring idle cells containing a known pattern and comparing the received data with this known pattern to check for any errors. 40 Select the Tested Time(sec), press Start to start test. When it is OK, the following test result window will appear. You can view the quality of ADSL connection. Here the connection is OK. Reset: Click this button to reset the statistics. 41 Bandwidth Usage Bandwidth Usage provides users direct view of bandwidth usage with simple diagram. Bandwidth usage shows the use of the bandwidth from two angles: Transmitted and Received, giving users a clear idea of the usage. LAN Note: P5 is a configurable WAN/LAN port (here the example is in broadband WAN mode, p5 working as a WAN port). Press View LAN Transmitted button to change the diagram to the statistics of the LAN Transmitted means Ethernet port #2, and the traffic information of the port #2 is identified with Bytes. (Note: blue, the same color with port#2 in the diagram; other ports all take the same mechanism.) 42 When you press View WAN Traffic concurrently button, the WAN Bandwidth Usage pops up so that users can view the WAN traffic concurrently. 43 WAN Service Press View WAN Transmitted button to change the diagram to the statistics of the WAN Transmitted Bytes. 44 Press View LAN Traffic concurrently button to directly switch to the LAN Bandwidth Usage page to view the LAN traffic concurrently. 45 Route Destination: The IP address of destination network. Gateway: The IP address of the gateway this route uses. Subnet Mask: The destination subnet mask. Flag: Show the status of the route. L U: Show the route is activated or enabled. L H (host): destination is host not the subnet. L G: Show that the outside gateway is needed to forward packets in this route. L R: Show that the route is reinstated from dynamic routing. L D: Show that the route is dynamically installed by daemon or redirecting. L M: Show the route is modified from routing daemon or redirect. Metric: Display the number of hops counted as the Metric of the route. Service: Display the service that this route uses. Interface: Display the existing interface this route uses. 46 ARP This section displays the router’s ARP (Address Resolution Protocol) Table, which shows the mapping of Internet (IP) addresses to Ethernet (MAC) addresses. This is useful as a quick way of determining the MAC address of the network interface of your PCs to use with the router’s Security – MAC Filtering function. Here IPv6 Neighbor Table, listed with IPv6 address-MAC mapping, is supported. ARP table IP Address: Shows the IP Address of the device that the MAC address maps to. Flag: Shows the current status of the ARP entries. Complete: the route resolving is processing well. M(Marked as permanent entry): the route is permanent. P (publish entry): publish this route item. MAC Address: Shows the MAC address that is corresponded to the IP address of the device it is mapped to. Device: here refers to the physical interface, it is a concept to identify Clients from LAN or WAN. For example, the Clients in LAN, here displays “br0”. Mark: Show clearly the SSID (WLAN) the device is in. Neighbor Cache Table IPv6 address: Shows the IPv6 Address of the device that the MAC address maps to. MAC Address: Shows the MAC address that is corresponded to the IPv6 address of the device it is mapped to. Device: here refers to the physical interface, it is a concept to identify Clients from LAN or WAN. For example, the Clients in LAN, here displays “br0”. Mark: Show clearly the SSID (WLAN) the device is in. 47 DHCP The DHCP Table lists the DHCP lease information for all IP addresses assigned by the DHCP server in the device. Host Name: The Host Name of DHCP client. MAC Address: The MAC Address of internal DHCP client host. IP Address: The IP address which is assigned to the host with this MAC address. Expires in: Show the remaining time after registration. Mark: Show clearly the SSID (WLAN) the device is in. 48 VPN VPN status viewing section provides users IPSec, PPTP, L2TP and GRE VPN status. IPSec Name: The IPSec connection name. Active: Display the connection status. Local Subnet: Display the local network. Remote Subnet: Display the remote network. Remote Gateway: The remote gateway address. SA: The Security Association for this IPSec entry. Refresh: Click this button to refresh the tunnel status. 49 PPTP PPTP Server Name: The PPTP connection name. Enable: Display the connection status with icon. Status: The connection status. Connection Type: Remote Access or LAN to LAN. Peer Network IP: Display the remote (client side) network and subnet mask in LAN to LAN PPTP connection. Connected By: Display the IP of remotely connected client. Action: Act to the connection. Click Drop button to disconnect the tunnel connection. PPTP Client Name: The PPTP connection name. Enable: Display the connection status with icon. Status: The connection status. Connection Type: Remote Access or LAN to LAN. Peer Network IP: Display the remote (server side) network and subnet mask. Client: Assigned IP by PPTP server. Action: Act to the connection. Click Disconnect button to disconnect the tunnel connection. Refresh: Click this button to refresh the connection status. 50 L2TP L2TP Server Name: The L2TP connection name. Enable: Display the connection status with icon. Status: The connection status. Connection Type: Remote Access or LAN to LAN. Peer Network IP: Display the remote (client side) network and subnet mask in LAN to LAN L2TP connection. Connected By: Display the IP of remotely connected client. Action: Act to the connection. Click Drop button to disconnect the tunnel connection. L2TP Client Name: The L2TP connection name. Enable: Display the connection status with icon. Status: The connection status. Connection Type: Remote Access or LAN to LAN. Peer Network IP: Display the network and subnet mask of server side. Client: Assigned IP by L2TP server. Action: Act to the connection. Click Disconnect button to disconnect the tunnel connection. Refresh: Click this button to refresh the connection status. 51 OpenVPN OpenVPN Server Name: The OpenVPN connection name. Enable: Display the connection status with icon. Status: The connection status. Connection Type: Remote Access or LAN to LAN. Peer Network IP: Display the subnet address of client side in LAN to LAN mode. Server IP: The tunnel virtual IP of server side assigned by server itself. Connected By: The assigned tunnel virtual IP to remotely connected OpenVPN client. Action: Act to the connection. Click Drop button to disconnect the tunnel connection. OpenVPN Client Name: The OpenVPN connection name. Enable: Display the connection status with icon. Status: The connection status. Connection Type: Remote Access or LAN to LAN. Peer Network IP: Display the tunnel virtual address (WAN address) of server side. Client: Assigned tunnel virtual IP by OpenVPN server. Action: Act to the connection. Click Disconnect button to disconnect the tunnel connection. Refresh: Click this button to refresh the connection status. 52 GRE Name: The GRE connection name. Enable: Display the connection status with icons. Status: The connection status, connected or disable. Remote Gateway: The IP of remote gateway. Refresh: Click this button to refresh the connection status. 53 Log System Log Display system logs accumulated up to the present time. You can trace historical information with this function. And the log policy can be configured in Configure Log section. Refresh: Click to update the system log. Clear: Click to clear the current log from the screen. 54 Security Log Security log displays the message logged about security, like filter messages and some firewall message. You can turn to IP Filtering Outgoing, IP Filtering Incoming, URL Filter to determine if you want to log this information. Also you can turn to Configure Log section below to determine the level to log the message. You can use this to track potential threats to your system and network. Refresh: Click to update the security log. Clear: Click to clear the current log from the screen. 55 Quick Start Quick Start This part allows you to quickly configure and connect your router to internet. DSL mode (ADSL mode, please choose ATM; VDSL, please choose PTM) Here take ADSL for example. Select DSL, press Continue to go on to next step. Enter the username, password from your ISP, for IP and DNS settings; also refer to your ISP. Here IPv6 service is enabled by default. If the DSL line is not synchronized, the page will pop up warning of the DSL connection failure. 56 3. Wait while the device is configured. 4. WAN port configuration is successful. 5. After the configuration is successful, click Next to Wireless button and you may proceed to configure the Wireless setting. The 8700AX-1600 supports dual-band wireless, here you can set to activate wireless on which band or both and set the SSID and encryption Key (1. Leave it empty to disable the wireless security; 2. Fill in the Key, and the encryption mode will be WPA2-PSK/AES). 6. Continue to set 2.4GHz wireless. 57 7. Success. Go back to Status > Summary for more information. 58 Ethernet mode 1. Select Ethernet, press Continue to go on to next step. 2. Enter the username, password from your ISP, for IP and DNS settings; also refer to your ISP. Here IPv6 service is enabled by default. 3. Wait while the device is configured. 4. WAN port configuration is successful. 59 5. After the configuration is successful, click Next to Wireless button and you may proceed to configure the Wireless setting. The device supports dual-band wireless connections, in Quick Start part, users can only enable or disable the wireless on the band and the exact SSID and encryption Key (1. Leave it empty to disable the wireless security; 2. Fill in the Key, and the encryption mode will be WPA2-PSK/AES). For detail setting, please go to the Wireless part in this Manual. 6. Continue to set 2.4GHz wireless. 7. Success. Go back to Status > Summary for more information 60 Configuration When you click this item, the column will expand to display the sub-items that will allow you to further configure your router. LAN, Wireless 5G (wl0), Wireless 2.4G (wl1), WAN, System, USB, IP Tunnel, Security, Quality of Service, NAT and Wake On LAN. The function of each configuration sub-item is described in the following sections. 61 LAN - Local Area Network A Local Area Network (LAN) is a shared communication system network where many computers are connected. This type of network is area defined and is usually limited to a confined region within a building. Ethernet Parameters Group Name: This refers to the group you set in Interface Grouping section; you can set the parameters for the specific group. Select the group via the drop-down box. For more information please refer to Interface Grouping of this manual. IP address: the IP address of the router. Default is 192.168.1.254. Subnet Mask: the default Subnet mask on the router. IGMP Snooping: Enable or disable the IGMP Snooping function. Without IGMP snooping, multicast traffic is treated in the same manner as broadcast traffic - that is, it is forwarded to all ports. With IGMP snooping, multicast traffic of a group is only forwarded to ports that have members of that group.” When enabled, you will see two modes: Standard Mode: In standard mode, multicast traffic will flood to all bridge ports when no client subscribes to a multicast group. Blocking Mode: In blocking mode, the multicast data will be blocked when there are no client subscribes to a multicast group, it won’t flood to the bridge ports. 62 IGMP LAN to LAN Multicast: Check to determine whether to support LAN to LAN (Intra LAN) Multicast. If user want to have a multicast data source on LAN side and he wants to get IGMP snooping enabled, then this LAN-to-LAN multicast feature should be enabled. LAN side firewall: Enable to drop all traffic from the specified LAN group interface. After activating it, all incoming packets by default will be dropped, and the user on the specified LAN group interface can't access CPE anymore. But, you can still access the internet service. If user wants to manage the CPE, please turn to IP Filtering Incoming to add the allowing rules. Note that all incoming packets by default will be dropped if the LAN side firewall is enabled and user cannot manage this CPE from the specified LAN group. DHCP Server You can disable or enable the DHCP (Dynamic Host Configuration Protocol) server or enable the router’s DHCP relay functions. The DHCP protocol allows your router to dynamically assign IP addresses to PCs on your network if they are configured to obtain IP addresses automatically. L Disable Disable the DHCP Server function. L Enable Enable the DHCP function, enter the information wanted. Here as default. Start IP Address: The start IP address of the range the DHCP Server used to assign to the Clients. End IP Address: The end IP address f the range the DHCP Server used to assign to the Clients. Leased Time (hour): The leased time for each DHCP Client. Option 66: Click Enable to activate DHCP option 66 for some special devices, like IPTV Set Box. The devices can get firmware or some special service from the TFTP server. User needs to set the IP or hostname of the TFTP server. User Router’s setting as DNS server: Select whether to enable use router’s setting as DNS server, if enabled, the PCs on the LAN side obtain the router’s setting as DNS server. If disabled, please specify exactly the primary/secondary DNS server. Primary/Secondary DNS server: Specify your primary/secondary DNS server for your LAN devices. L DHCP Server Relay 63 DHCP Server IP Address: Please enter the DHCP Server IP address. Static IP List The specified IP will be assigned to the corresponding MAC Address listed in the following table when DHCP Server assigns IP Addresses to Clients. Press Add to the Static IP List. Enter the MAC Address, IP Address, and then click Apply to confirm your settings. But the IP assigned should be outside the range of 192.168.1.100-192.168.1.199. IP Alias This function allows the creation of multiple virtual IP interfaces on this router. It helps to connect two or more local networks to the ISP or remote node. IP Alias: Check whether to enable this function. IP Address: Specify an IP address on this virtual interface. Subnet Mask: Specify a subnet mask on this virtual interface. Click Apply to apply your settings. 64 IPv6 Autoconfig The IPv6 address composes of two parts, the prefix and the interface ID. There are two ways to dynamically configure IPv6 address on hosts. One is “stateful” configuration, for example using DHCPv6 (which resembles its counterpart DHCP in IPv4.) In the stateful autoconfiguration model, hosts obtain interface addresses and/or configuration information and parameters from a DHCPv6 server. The Server maintains a database that keeps track of which addresses have been assigned to which hosts. The second way is “stateless” configuration. Stateless auto-configuration requires no manual configuration of hosts, minimal (if any) configuration of routers, and no additional servers. The stateless mechanism allows a host to generate its own addresses using a combination of locally available information (MAC address) and information (prefix) advertised by routers. Routers advertise prefixes that identify the subnet(s) associated with a link, while hosts generate an "interface identifier" that uniquely identifies an interface on a subnet. An address is formed by combining the two. When using stateless configuration, you needn’t configure anything on the client. Group Name: Here group refers to the group you set in Interface Grouping section, you can set the parameters for the specific group. Select the group by the drop-down box. For more information please refer to Interface Grouping of this manual. Static LAN IPv6 Address Configuration Interface Address / Prefix Length: Enter the static LAN IPv6 address. IPv6 LAN application DHCPv6 Server: Check whether to enable DHCPv6 server. 65 DHCPv6 Server Type: Select Stateless or Stateful. When DHCPv6 is enabled, this parameter is available. Stateless: If selected, the PCs in LAN are configured through RA mode, thus, the PCs in LAN are configured through RA mode, to obtain the prefix message and generate an address using a combination of locally available information (MAC address) and information (prefix) advertised by routers, but they can obtain such information like DNS from DHCPv6 Server. Stateful: if selected, the PCs in LAN will be configured like in IPv4 mode, thus obtain addresses and DNS information from DHCPv6 server. Start interface ID: Enter the start interface ID. The IPv6 address composed of two parts, thus, the prefix and the interface ID. Interface is like the Host ID compared to IPv4. End interface ID: Enter the end interface ID. Note: Interface ID does NOT support ZERO COMPRESSION "::". Please enter the complete information. For example: Please enter "0:0:0:2" instead of "::2". Leased Time (hour): The leased time, similar to leased time in DHCPv4, is a time limit assigned to clients, when expires, the assigned ID will be recycled and reassigned. Issue Router Advertisement: Check whether to enable issue Router Advertisement feature. It is to send Router Advertisement messages periodically. ULA Prefix Advertisement: Enable this parameter to include the ipv6 ULA address in the RA messages. ULA, unique local address, is an IPv6 address in the block fc00::/7. It is approximately the IPv6 counterpart of the IPv4 private address. They are not routable in the global IPv6 Internet. RADVD Type: The way that ULA prefix is generated. Randomly Generated Statically Configured: select to set manually in the following parameters. Prefix: Set the prefix manually. Preferred Life Time: The ULA prefix life time. When the time is over, the ULA prefix is invalid any more, -1 means no limit. Valid Life Time: It is a time threshold, when the time is over, clients should obtain new IPv6 address from the router through RA; -1 means to be limitless. MLD snooping: Similar to IGMP snooping, listens in on the MLD conversation between hosts and routers by processing MLD packets sent in a multicast network, and it analyzes all MLD packets between hosts and the connected multicast routers in the network. Without MLD snooping, multicast traffic is treated in the same manner as broadcast traffic - that is, it is forwarded to all ports. With MLD snooping, multicast traffic of a group is only forwarded to ports that have members of that group. Standard Mode: In standard mode, multicast traffic will flood to all bridge ports when no client subscribes to a multicast group. Blocking Mode: In blocking mode, the multicast data will be blocked when there is no client subscribes to a multicast group, it won’t flood to the bridge ports. MLD LAN to LAN Multicast: Check to determine whether to support LAN to LAN (Intra LAN) Multicast. If user want to have a multicast data source on LAN side and he want to get MLD snooping enabled, then this LAN-to-LAN multicast feature should be enabled 66 Stateless and Stateful IPv6 address Configuration Stateless: Two methods can be carried. L With DHCPv6 disabled, but Issue Router Advertisement Enabled With this method, the PCs in LAN are configured through RA mode, thus, the PCs in LAN are configured through RA mode, to obtain the prefix message and generate an address using a combination of locally available information (MAC address) and information (prefix) advertised by routers. L With both DHCPv6 and Issue Router Advertisement Enabled With this method, the PCs’ addresses in LAN are configured like above method, but they can obtain such information like DNS from DHCPv6 Server. 67 Stateful: two methods can be adopted. With only DHCPv6 enabled With this method, the PCs’ addresses are configured the same as in IPv4, that is addresses are assigned by DHCPv6 server. L With both DHCPv6 and Issue Router Advertisement Enabled With this method, the PCs’ addresses are configured the same like above, and the address information in RA packets will be neglected. 68 Interface Grouping Interface grouping is a function to group interfaces, known as VLAN. A Virtual LAN, commonly known as a VLAN, is a group of hosts with the common set of requirements that communicate as if they were attached to the same broadcast domain, regardless of the physical location. A VLAN has the same attributes as a physical LAN, but it allows for end stations to be grouped together even if they are not located on the same network switch. Each group will perform as an independent network. To support this feature, you must create mapping groups with appropriate LAN and WAN interfaces using the Add button. (Please Note: P5 can be configured as EWAN, and when the device is in EWAN profile, there is no P5/EWAN interface as P5 is working as a WAN port.) Groups Isolation: If enabled, devices in one group are not able to access those in the other group. 69 Click Add to add groups. Group Name: Type a group name. Grouped WAN Interfaces: Select from the box the WAN interface you want to applied in the group. Grouped LAN Interfaces: Select the LAN interfaces you want to group as a single group from Available LAN Interfaces. Automatically Add Clients with following DHCP Vendor IDs: Enter the DHCP Vendor IDs for which you want the Clients automatically added into the group. DHCP vendor ID (DHCP 60) is an Authentication for DHCP Messages. Click Apply to confirm your settings and your added group will be listed in the Interface Grouping table below. 70 In group "test", P2 and PPP0.1 are grouped in one group, they have their only network , see LAN. If you want to remove the group, check the box as the following and press Remove. Note: If you like to automatically add LAN clients to a WAN Interface in the new group add the DHCP vendor ID string. By configuring a DHCP vendor ID string any DHCP client request with the specified vendor ID (DHCP option 60) will be denied an IP address from the local DHCP server. If a vendor ID is configured for a specific client device, please REBOOT the client device attached to the modem to allow it to obtain an appropriate IP address. Each LAN interface can only be added into one group and one WAN interface can only be used in one group. 71 LAN VLAN Setting When LAN VLAN is opened on a LAN port, outgoing packets from the port will be tagged with the specific VLAN ID user set. LAN Port: Select the LAN port users want to set LAN VLAN. VLAN Mode: Check if to enable LAN VLAN for the selected port. Click Add to set the VLAN ID, Pbits for the port. VLAN ID: a parameter to specify the VLAN which the frame belongs. Enter the VLAN ID identification, tagged: 1-4094 Pbits: The parameter indicates the frame priority level from 0 (lowest) to 7 (highest), which can be used to prioritize different classes of traffic (voice, video, data, etc). 72 Eth Port Control Eth port control features the control of Ethernet port working patterns like Max Bit Rate and Duplex Mode. Select to change the port working patterns in the Edit vertical column. Eth Port: Select the port, P1-P5/EWAN (P5 can server as a EWAN port.) Max Bit Rate: Manually specify the max bit rate for the Ethernet port, 10 or 100Mbps. Duplex Mode: Manually specify the duplex mode for the Ethernet port, half or full duplex. Press Apply to save the changes to the port. 73 Wireless 5G(wl0) & 2.4G(Wl1) BiPAC 8700AX-1600 is a simultaneous dual-band (2.4G and 5G) wireless router supporting 11b/g/n/a/ac wireless standards. It allows multiple wireless users on 2.4G and 5G radio bands to surf the Internet, checking e-mail, watching video, listening to music over the Internet concurrently. You can choose the optimum radio band wireless connection base on your environment. 74 Basic It let you determine whether to enable Wireless function and set the basic parameters of an AP and the Virtual APs. Wireless: Default setting is set to Enable. If you do not have any wireless devices, check the checkbox again to unselect. Hide SSID: It is function in which transmits its SSID to the air so that when wireless client searches for a network, router can then be discovered and recognized. Check the checkbox to determine whether you want to hide SSID. Clients Isolation: if you enabled this function, then each of your wireless clients will not be able to communicate with each other. Disable WMM Advertise: Stop the router from ‘advertising’ its Wireless Multimedia (WMM) functionality, which provides basic quality of service for time-sensitive applications (e.g. VoIP, Video). Check to disable or enable this function. Wireless multicast Forwarding (WMF): check to enable or disable wireless multicast forwarding. SSID: The SSID is the unique name of a wireless access point (AP) to be distinguished from another. For security purpose, change the default wlan-ap-2.4g to a unique ID name to the AP already builtin to the router’s wireless interface. It is case sensitive and must not excess 32 characters. Make sure your wireless clients have exactly the SSID as the device, in order to get connected to your network. Note: SSID is case sensitive and must not exceed 32 characters. BSSID: Basic Set Service Identifier, it is a local managed IEEE MAC address, and is 48 bits value. Country: Different countries have different wireless band resources, so you can select the appropriate Country according to your location. Max Clients: enter the number of max clients the wireless network can supports,1-16. Guest/virtual Access Points: A “Virtual Access Point” is a logical entity that exists within a physical Access Point (AP). When a single physical AP supports multiple “Virtual APs”, each Virtual AP appears to stations (STAs) to be an independent physical AP, even though only a single physical AP is present. For example, multiple Virtual APs might exist within a single physical AP, each advertising 75 a distinct SSID and capability set. Alternatively, multiple Virtual APs might advertise the same SSID but a different capability set – allowing access to be provided via Web Portal, WEP, and WPA simultaneously. Where APs are shared by multiple providers, Virtual APs provide each provider with separate authentication and accounting data for their users, as well as diagnostic information, without sharing sensitive management traffic or data between providers. You can enable the virtual AP. Here you can enable some Virtual APs according to the request. And the other parameters of virtual APs are the same to the above. Click Apply to apply your settings. 76 Security Wireless security prevents unauthorized access or damage to computers using wireless network. Note˖ The WPS feature will also be unavailable when the security setting is not WPA2 PSK or OPEN. So, if you manually set the wireless security setting, you should give notice to it, but you can find prompt indicating configuration. Manual Setup AP Select SSID: select the SSID you want these settings apply to. Network Authentication Open WEP Encryption: Select to enable or disable WEP Encryption. Here select Enable. Encryption Strength: Select the strength, 128-bit or 64-bit. Current Network Key: Select the one to be the current network key. Please refer to key 1- 4 below. Network Key (1- 4): Enter 13 ASCII characters or 26 hexadecimal digits for 128-bit encryption keys. Enter 5 ASCII characters or 10 hexadecimal digits for 64-bit encryption keys. 77 L Shared This is similar to network authentication ‘Open’. But here the WEP Encryption must be enabled. 802.1x RADIUS Server IP Address: RADIUS( Remote Authentication Dial In User Service), Enter the IP address of RADIUS authentication server. RADIUS Server Port: Enter the port number of RADIUS authentication server here. RADIUS Key: Enter the password of RADIUS authentication server. WEP Encryption: Select to enable or disable WEP Encryption. Here select Enable. Current Network Key: Select the one to be the current network key. Please refer to key 2- 3 below. Network Key (1- 4): Enter 13 ASCII characters or 26 hexadecimal digits for 128-bit encryption keys. Enter 5 ASCII characters or 10 hexadecimal digits for 64-bit encryption keys. 78 L WPA2 Protected Management Frame: Select whether to enable protected management frame mechanism. By default, it is disabled. If enabled, the network adapter of the attempting wireless client should also support this feature. WPA2 Preauthentication: When a wireless client wants to handoff to another AP, with preauthentication, it can perform 802.1X authentication to the new AP, and when handoff happens, this mode will help reduce the association time. Network Re-auth Interval: the interval for network Re-authentication. This is in seconds. WPA Group ReKey Internal: The period of renewal time for changing the security key automatically between wireless client and Access Point (AP). This is in seconds. RADIUS Server IP Address: RADIUS( Remote Authentication Dial In User Service), Enter the IP address of RADIUS authentication server. This is in seconds. RADIUS Server Port: Enter the port number of RADIUS authentication server here. RADIUS Key: Enter the password of RADIUS authentication server. WPA/WAPI Encryption: There are two Algorithms, AES (Advanced Encryption Standard) and TKIP(Temporal Key Integrity Protocol) which help to protect the wireless communication. WPA2-PSK Protected Management Frame: Select whether to enable protected management frame mechanism. By default, it is disabled. If enabled, the network adapter of the attempting wireless client should also support this feature. WPA/WAPI passphrase: Enter the WPA.WAPI passphrase; you can click here to display to view it. WPA Group ReKey Internal: The period of renewal time for changing the security key automatically between wireless client and Access Point (AP). This is in seconds. WPA/WAPI Encryption: There are two Algorithms, AES (Advanced Encryption Standard) and TKIP(Temporal Key Integrity Protocol) which help to protect the wireless communication. 79 L Mixed WPA2/WPA Protected Management Frame: Select whether to enable protected management frame mechanism. By default, it is disabled. If enabled, the network adapter of the attempting wireless client should also support this feature. WPA2 Preauthentication: When a wireless client wants to handoff to another AP, with preauthentication, it can perform 802.1X authentications to the new AP, and when handoff happens, this mode will help reduce the association time used. Network Re-auth Interval: the interval for network Re-authentication. The unit is second. WPA Group ReKey Internal: The period of renewal time for changing the security key automatically between wireless client and Access Point (AP). This is in seconds. RADIUS Server IP Address: RADIUS( Remote Authentication Dial In User Service), Enter the IP address of RADIUS authentication server. RADIUS Server Port: Enter the port number of RADIUS authentication server here. RADIUS Key: Enter the password of RADIUS authentication server. WPA/WAPI Encryption: There are two Algorithms, AES (Advanced Encryption Standard) and TKIP(Temporal Key Integrity Protocol) which help to protect the wireless communication. Mixed WPA2/WPA-PSk Protected Management Frame: Select whether to enable protected management frame mechanism. By default, it is disabled. If enabled, the network adapter of the attempting wireless client should also support this feature. WPA/WAPI passphrase: enter the WPA.WAPI passphrase, you can click here to display to view it. WPA Group ReKey Internal: The period of renewal time for changing the security key automatically between wireless client and Access Point (AP). The unit is second. WPA/WAPI Encryption: There are two Algorithms, AES (Advanced Encryption Standard) and TKIP(Temporal Key Integrity Protocol) which help to protect the wireless communication. 80 WPS Setup WPS (Wi-Fi Protected Setup) feature is a standard protocol created by Wi-Fi Alliance. WPS is used to exchange the AP setting with Station and configure Ap settings. This feature greatly simplifies the steps needed to create a Wi-Fi network for a residential or an office setting. The commonly known PIN method is supported to configure WPS. WPS: Select enable to enable WPS function. Please note that WPS can only be available when WPA2-PSK or OPEN mode is configured. Note: 1) WPS feature is only available when in WPA2 PSK or OPEN mode in security settings. 2) Here wireless can be configured as Registrar and Enrollee mode respectively. When AP is configured as Registrar, you should select “Configured” in the WPS AP Mode below, and default WPS AP Mode is “Configured”. When AP is configured as Enrollee, the WPS AP Mode below should be changed to “Unconfigured”. Follow the following steps. 81 Configure AP as Registrar Add Enrollee with PIN method 1. Select radio button “Enter STA PIN”. 2. Input PIN from Enrollee Station (16837546 in this example), Or else users can alternatively enter the authorized station MAC Help: it is to help users to understand the concept and correct operation. 3. Click (Station PIN) (Station MAC) Note: Users can alternatively input PIN from Enrollee Station or enter the authorized station MAC. 82 4. Operate Station to start WPS Adding Enrollee. Launch the wireless client’s WPS utility (eg.Ralink Utility). Set the Config Mode as Enrollee, press the WPS button on the top bar, select the AP (eg. Wlan-ap-2.4g) from the WPS AP List column. Then press the PIN button located on the middle left of the page to run the scan. 83 4. The client’s SSID and security settings will now be configured to match the SSID and security settings of the registrar. You can check the message in the red ellipse with the security parameters you set, here we all use the default. 84 Configure AP as Enrollee Add Registrar with PIN Method 1. Set AP to “Unconfigured Mode”. 85 2. Launch the wireless client’s WPS utility (eg. Ralink Utility). Set the Config Mode as Registrar. Enter the PIN number (10864111 (device) for example) in the PIN Code column then choose the correct AP (eg. wlan-ap-2.4g) from the WPS AP List section before pressing the PIN button to run the scan. 86 3. The router’s (AP’s) SSID and security setting will now be configured to match the SSID and security setting of the registrar. 4. Do Web Page refresh after ER complete AP Configuration to check the new parameters setting. 87 MAC Filter Select SSID: select the SSID you want this filter applies to. MAC Restrict Mode: L Disable: disable the MAC Filter function. L Allow: allow the hosts with the following listed MACs to access the wireless network. L Deny: deny the hosts with the following listed MACs to access the wireless network. Click Add to add the MACs. MAC Address: enter the MAC address(es). The format of MAC address could be: xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx. Click Apply to apply your settings and the item will be listed below. To delete entries , check the remove checkbox and press Remove to delete it. To make changes, click Edit of a MAC address to reconfigure the MAC as needed. 88 Wireless Bridge WDS (wireless distributed system) is a system enabling the wireless interconnection of access points. It’s easy to install, simply define the peer’s MAC address of the connected AP. WDS takes advantage of cost saving and flexibility with no extra wireless client device required to bridge between two access points and extending an existing wired or wireless infrastructure network to create a larger network. Bridge Restrict: It determines whether the gateway will communicate with all other bridges or only specific ones: Enable: to enable wireless bridge restriction. Only those specified in the Remote MAC Address the gateway can communicate with. Remote Bridge MAC Address: enter the remote bridge MAC addresses. Here up to 4 bridge MAC addresses are supported. Enabled (Scan): to enable wireless bridge restriction. Only those scanned by the gateway can communicate. Remote Bridge MAC Address: select the remote bridge MAC addresses. Disable: Does not restrict the gateway communicating with bridges that have their MAC address listed, but it is still open to communicate with all bridges that are in the same network. Click Apply to apply your settings. 89 Example: How to set up WDS/Wireless Bridge Before setting up WDS: 1). The router involved should all support WDS/Wireless Bridge feature. 2). To ensure better compatibility, please use the router of the same brand, or better the same model. Point to Point wireless bridge Router B needs to bridge to Router A using wireless bridge for internet access and wireless coverage extension. Router B shares the same Wireless SSID, Country, Security, Channel setting with Router A. Router A setup 1). Login to Router A (LAN IP Address: 192.168.1.254), enable DHCP server. 90 2). Configure WAN Interface for Router A (ADSL PPPoE). See WAN Service. 3). Configure wireless for Router A (SSID, Country, Security, Channel.) I. Basic configuration (SSID, Country, etc) II. Wireless security configuration for Router A. Configure Network Authentication as WPA2-PSK and WPA/WAPI passphrase as 1234567890. (Users configure wireless security parameters according to their own needs. ) 91 III. Advanced wireless configuration for Router A (Channel 1, Bandwidth 20MHz/40MHz , OBSS Coexistence Disable ). Note: Select your own bandwidth, but both sides need to be same. 92 4). Configure Wireless Bridge for Router A, by scanning or inputting Router B’s wireless MAC address. Make sure you know Router B’s wireless MAC. If not, go to Wireless > Basic. Check BSSID which is Router B’s wireless MAC. (Router B’s wireless basic configuration) WDS Configuration finished for Router A. 93 Router B setup 1). Login to Router B (LAN IP Address: 192.168.1.1. Here if the LAN is same with router A, please change it to 192.168.1.X which needs to be on the same subnet with router A), disable DHCP server. 2). Configure wireless for Router B (SSID, Country, Security, Channel which need to be same as set in Router A.) I. Basic configuration (SSID, Country, etc) 94 II. Wireless security configuration for Router B. Configure Network Authentication the same as Router A. III. Advanced wireless configuration for Router B, the same as set in Router A (Channel 1, Bandwidth 20MHz/40MHz , OBSS Coexistence Disable ). 95 3). Configure Wireless Bridge for Router B, by scanning or inputting Router A’s wireless MAC address. Make sure you know Router A’s wireless MAC. If not, go to Wireless > Basic. Check BSSID which is A’s wireless MAC. (Router A’s wireless basic configuration) WDS Configuration finished for Router B. As for now, the WDS connection between Router A and B is established. Connect a wireless client to Router B with the SSID “test-ap-2.4g” to test the connectivity. 96 One-to-Multiple wireless bridge Router B and C need to bridge to Router A using wireless bridge for internet access and wireless coverage extension. Router B and C share the same Wireless SSID, Country, Security, Channel setting with Router A. 97 Router A setup 1). Login to Router A (LAN IP Address: 192.168.1.254), enable DHCP server. 2). Configure WAN Interface for Router A (ADSL PPPoE). See WAN Service. 98 3). Configure wireless for Router A (SSID, Country, Security, Channel.) I. Basic configuration (SSID, Country, etc) II. Wireless security configuration for Router A. Configure Network Authentication as WPA2-PSK and WPA/WAPI passphrase as 1234567890. (Users configure wireless security parameters according to their own needs. ) 99 III. Advanced wireless configuration for Router A (Channel 1, Bandwidth 20MHz/40MHz , OBSS Coexistence Disable ) Note: Select your own bandwidth, but all sides need to be same. 100 4). Configure Wireless Bridge for Router A, by scanning or inputting Router B and C’s wireless MAC addresses. Make sure you know Router B and C’s wireless MACs. If not, go to Wireless > Basic. Check BSSID which is Router B’s wireless MAC. Router B for example (Router B’s wireless basic configuration) WDS Configuration finished for Router A. 101 Router B setup 1). Login to Router B (LAN IP Address: 192.168.1.1. Here if the LAN is same with router A, please change it to 192.168.1.X which needs to be on the same subnet with router A), disable DHCP server. 2). Configure wireless for Router B (SSID, Country, Security, Channel which need to be same as set in Router A.) I. Basic configuration (SSID, Country, etc) 102 II. Wireless security configuration for Router B. Configure Network Authentication the same as Router A. III. Advanced wireless configuration for Router B, the same as set in Router A (Channel 1, Bandwidth 20MHz/40MHz , OBSS Coexistence Disable ). 103 3). Configure Wireless Bridge for Router B, by scanning or inputting Router A’s wireless MAC address. Make sure you know Router A’s wireless MAC. If not, go to Wireless > Basic. Check BSSID which is A’s wireless MAC. (Router A’s wireless basic configuration) WDS Configuration finished for Router B. As for now, the WDS connection between Router A and B is established. Connect a wireless client to Router B with the SSID “test-ap-2.4g” to test the connectivity. 104 Router C setup Refer to Router B setup 105 Advanced – 2.4GHz Wireless Band: In the 2.4 GHz radio frequency. Channel: Choose a channel to use. Here is a list of available channels or select Auto mode instead. Scan Used Channel: Press the button to scan and list all channels being used. Auto Channel Timer (min): Available when Auto Channel is selected. The auto channel times length it takes to scan in minutes. 802.11n/EWC: select to auto enable or disable 802.11n. Bandwidth: The higher the bandwidth the better the performance will be but greater interference with other wireless devices. Control Sideband: only available for 40MHz. It allows you to select upper sideband or lower sideband. Sideband refers to the frequency band either above (upper sideband) or below (lower sideband) the carrier frequency, within which fall the spectral components produced by modulation of a carrier wave. 802.11n Rate: This allows you to select the fixed transmission rate or auto. 802.11n Protection: turn off for maximize throughput. Support 802.11n Client Only: turn on the option to only provide wireless access to the clients 106 operating at 802.11n speeds. RIFS Advertisement: Reduced Inter-frame Spacing (RIFS) is an 802.11n feature that also improves performance by reducing the amount of dead time required between OFDM transmissions. Select Off to disable this function or auto to enable this function. OBSS Co-Existence: coexistence (or not) between 20 MHZ and 40 MHZ overlapping basic service sets (OBSS) in wireless local area networks. RX Chain Power Save: Enabling this feature turns off one of the Receive chains, going from 2x2 to 2x1 to save power. RX Chain Power Save Quiet Time: The number of seconds the traffic must be below the PPS value before the Rx Chain Power Save feature activates itself. RX Chain Power Save PPS: The maximum number of packets per seconds that can be processed by the WLAN interface for duration of Quiet Time, described above, before the Rx Chain Power Save feature activates itself. 54g™ Rate: Available after changing 802.11n Rate to “Use 54g Rate” in 802.11n Rate. It is used to limit 11n speed to a specific rate, e.g. 1M, 6M, 12M, 24M, 48M, etc. Multicast Rate: Setting for multicast packets transmission rate. Basic Rate: Setting for basic transmission rate. It is not a specific kind of rate, it is a series of rates supported. When set to Default, the router can transmit with all kinds of standardized rates. Fragmentation Threshold: A threshold (in bytes) whether the packets will be fragmented and at what size. Packets succeeding the fragmentation threshold of 802.11n WLAN will be split into smaller units suitable for circuit size. While the packets smaller than fragmentation threshold will not be fragmented. Default is 2346, setting the fragmentation too low may result in poor performance. RTS Threshold: Request to Send (RTS) threshold specifies the packet size, when exceeds the size, the RTS/CTS will be triggered. The default setting of 2347(max length) will disable the RTS. DTIM Interval: Delivery Traffic Indication Message (DTIM). The entry range is a value between 1 and 255. A DTIM is countdown variable that informs clients of the next window for listening to broadcast and multicast messages. When the AP has buffered broadcast or multicast messages for associated clients, it sends the next DTIM with a DTIM interval value. AP clients hear the beacons and awaken to receive the broadcast and multicast messages. The default is 1. Beacon Interval: The amount of time between beacon transmissions in is milliseconds. The default is 100ms and the acceptable is 1- 65535. The beacon transmissions identify the presence of an access point. Global Max Clients: Here you have the option of setting the limit of the number of clients who can connect to your wireless network. XPress™ Technology: It has been designed to improve the wireless network efficiency. Default is disabled. Transmit Power: select the transmitting power of your wireless signal. WMM (Wi-Fi Multimedia): you can choose to enable or disable this function which allows for priority of certain data over wireless network. WMM No Acknowledgement: Refers to the acknowledge policy at the MAC level. Enabling WMM No Acknowledgement can result in more efficient throughput but higher error rates in noisy Radio Frequency (RF) environment. WMM APSD: Automatic Power Save Delivery. Enable this to save power. 107 – 5GHz Wireless Band: In the 5GHz radio frequency. Channel: Choose a channel to use. Here is a list of available channels or select Auto mode instead. ǂ Scan Used Channel: Press the button to scan and list all channels being used. Auto Channel Timer (min): Available when Auto Channel is selected. The auto channel times length it takes to scan in minutes. 802.11n/EWC: select to auto enable or disable 802.11n. Bandwidth: The higher the bandwidth the better the performance will be but greater interference with other wireless devices. Select 20MHz for lessen radio interference. Control Sideband: only available for 40MHz. It allows you to select upper sideband or lower sideband. Sideband refers to the frequency band either above (upper sideband) or below (lower sideband) the carrier frequency, within which fall the spectral components produced by modulation of a carrier wave. 108 802.11n Rate: This allows you to select the fixed transmission rate or auto. 802.11n Protection: turn off for maximize throughput. Support 802.11n Client Only: turn on the option to only provide wireless access to the clients operating at 802.11n speeds. RIFS Advertisement: Reduced Inter-frame Spacing (RIFS) is an 802.11n feature that also improves performance by reducing the amount of dead time required between OFDM transmissions. Select Off to disable this function or auto to enable this function. OBSS Co-Existence: coexistence (or not) between 20 MHZ and 40 MHZ overlapping basic service sets (OBSS) in wireless local area networks. RX Chain Power Save: Enabling this feature turns off one of the Receive chains, going from 2x2 to 2x1 to save power. RX Chain Power Save Quiet Time: The number of seconds the traffic must be below the PPS value before the Rx Chain Power Save feature activates itself. RX Chain Power Save PPS: The maximum number of packets per seconds that can be processed by the WLAN interface for duration of Quiet Time, described above, before the Rx Chain Power Save feature activates itself. 54g™ Rate: Available after changing 802.11n Rate to “Use 54g Rate” in 802.11n Rate. It is used to limit 11n speed to a specific rate, e.g. 6M, 12M, 24M, 48, etc. Multicast Rate: Setting for multicast packets transmission rate. Basic Rate: Setting for basic transmission rate. It is not a specific kind of rate but a series of rates supported. When set to Default, the router can transmit with all kinds of standardized rates. Fragmentation Threshold: A threshold (in bytes) whether the packets will be fragmented and at what size. Packets succeeding the fragmentation threshold of 802.11n WLAN will be split into smaller units suitable for circuit size. While the packets smaller than fragmentation threshold will not be fragmented. Default is 2346, setting the fragmentation too low may result in poor performance. RTS Threshold: Request to Send (RTS) threshold specifies the packet size, when exceeds the size, the RTS/CTS will be triggered. The default setting of 2347(max length) will disable the RTS. DTIM Interval: Delivery Traffic Indication Message (DTIM). The entry range is a value between 1 and 255. A DTIM is countdown variable that informs clients of the next window for listening to broadcast and multicast messages. When the AP has buffered broadcast or multicast messages for associated clients, it sends the next DTIM with a DTIM interval value. AP clients hear the beacons and awaken to receive the broadcast and multicast messages. The default is 1. Beacon Interval: The amount of time between beacon transmissions in is milliseconds. The default is 100ms and the acceptable is 1- 65535. The beacon transmissions identify the presence of an access point. Global Max Clients: Here you have the option of setting the limit of the number of clients who can connect to your wireless network. XPress™ Technology: It has been designed to improve the wireless network efficiency. Default is disabled. Regulatory Mode: Select to deny any regulatory mode, which is only for 5GHz band wireless. There are two regulatory modes: Configuring Your Router Wireless 5G(wl0) & 2.4G(wl1) – Advanced for 5G Wireless ǂ 802.11h: The standard solves interference problems with e.g. satellites and radar using the same 5 GHz band as 802.11a or 802.11n dual-band access points. ǂ 802.11d: This standard automatically adjusts its allowed frequencies, power levels and bandwidth accordingly to the country it's located in. Pre-Network Radar Check (Used for 802.11h only): Specifies a period of time in seconds [0-99] to 109 check for radar on a channel before the Access Point establishes a wireless network with the channel. In-Network Radar Check (Used for 802.11h only): After the wireless network got established, specifies a period of time in seconds [10-99] to check for radar when switching to another non-radar channel. TPC Mitigation (db): Known as Transmitter Power Control mitigation to reduce unnecessary transmitting power radio and possible radio interference to other users. Transmit Power: select the transmitting power of your wireless signal. WMM (Wi-Fi Multimedia): you can choose to enable or disable this function which allows for priority of certain data over wireless network. WMM No Acknowledgement: Refers to the acknowledge policy at the MAC level. Enabling WMM No Acknowledgement can result in more efficient throughput but higher error rates in noisy Radio Frequency (RF) environment. WMM APSD: Automatic Power Save Delivery. Enable this to save power. 110 Station Info Here you can view information about the wireless clients. MAC Address: The MAC address of the wireless clients. Associated: List all the stations that are associated with the Access Point. If a station is idle for too long, it is removed from this list Authorized: List those devices with authorized access. SSID: Show the current SSID of the client. Interface: To show which interface the wireless client is connected to. Refresh: To get the latest information. 111 Schedule Control Schedule control is aimed to offer methods to flexibly control when the wireless network (SSID) is allowed for access. The Wireless schedule only functions whilst Wireless is enabled. The Guest/Virtual AP schedule control only operates whilst the associated AP is enabled. For detail setting the timeslot, user can turn to Time Schedule . Time Schedule: Set when the SSID works. If user wants the SSID works all the time, please select “Always On”; if not, please set or select the exact time your want the SSID works. Here user can set two separate intervals. For example: user wants the SSID “wlan-ap-5g” to work on weekdays except for Wednesday, under this circumstance, user can set as shown below. (8700AX-1600 offers a optimal way to set two separate timeslots when user needs to activate the SSID during separate intervals. ) 112 WAN-Wide Area Network A WAN (Wide Area Network) is a computer network that covers a broad geographical area (eg. Internet) that is used to connect LAN and other types of network systems. WAN Service Three WAN interfaces are provided for WAN connection: DSL (VDSL/ADSL), Ethernet. Click Add to add new WAN connections. DSL In DSL mode, there are two transfer modes for you to configure for WAN connection, namely ATM (ADSL) and PTM (VDSL) configuration of PTM mode is similar as ATM mode, here take ATM mode WAN configuration for example. 113 Layer2 Interface: 2 transfer mode, ATM (ADSL) or PTM (VDSL). PPPoE PPPoE (PPP over Ethernet) provides access control in a manner which is similar to dial-up services using PPP. VPI/VCI: Enter the VPI/VCI combination from you ISP. Encapsulation Mode: Select the encapsulation mode, LLC/SNAP-BRIDGING, or VC/MUX. Description: User-defined description for the connection, commonly for friendly use. 802.1P Priority: The parameter indicates the frame priority level from 0 (lowest) to 7 (highest), which can be used to prioritize different classes of traffic (voice, video, data, etc). Enter the priority identification, tagged: 0-1, untagged: -1. 802.1Q VLAN ID: It is a parameter to specify the VLAN which the frame belongs. Enter the VLAN ID identification, tagged: 0-4094, untagged : -1. Username: Enter the account obtained from the ISP. Password: Enter the password obtained from the ISP. Service Name: The item is for identification purposes, user can define this. Authentication Method: Default is Auto. Or else your ISP will advise you the appropriate mode. Firewall: Enable to drop all traffic from WAN side. If enabled, all incoming packets by default would be dropped, and please turn to IP Filtering Incoming to add allowing rules. NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single IP account by sharing the single IP address. If users on your LAN have their own public IP addresses to access the Internet, NAT function can be disabled. When enabled, a Fullcone NAT parameter will appear, you can determine whether to enable Fullcone NAT. While only NAT enabled, the default NAT type Port-Restricted cone NAT will be used. Fullcone NAT: Enable or disable fullcone NAT. Fullcone is a kind of NAT, in this mode, all requests 114 from the same internal IP address and port are mapped to the same external IP address and port. Furthermore, any external host can send a packet to the internal host, by sending a packet to the mapped external address. Note: In PPPoE connection, NAT is enabled by default, you can determine whether to enable Fullcone NAT or disable Fullcone NAT and only use NAT, the default NAT type is Port Restricted cone NAT. Of Port-Restricted cone NAT, the restriction includes port numbers. Specifically, an external host can send a packet, with source IP address X and source port P, to the internal host only if the internal host had previously sent a packet to IP address X and port P IPv4 Address: Select whether to set static IPv4 address or obtain automatically. IP Address: If Static is enabled in the above field, enter the static IPv4 address get from the ISP. Dial on demand: It is a parameter to let users to dial for connection to internet themselves. It is useful when saving internet fees. Inactivity Timeout: The set Inactivity timeout period, unit: minutes. It is combined use with Dial on Demand, users should specify the concrete time interval for dial on demand. IPv6 for this service: Enable to use IPv6 service. IPv6 Address: Select whether to set static IPv6 address or obtain automatically. IP Address: If Static is enabled in the above field, enter the static IPv4 address. MTU: Maximum Transmission Unit, the size of the largest datagram (excluding media-specific headers) that IP will attempt to send through the interface. PPPoE with Pass-through: Enable or disable PPPoE pass-through. If it is enabled, PCs behind the router can dial itself. IGMP Multicast Proxy: Check whether to enable this feature. IGMP (Internet Group Management Protocol) Proxy intercepts the IGMP request from Clients and set up the multicast-forwarding table, it takes over some of the router’s job, simplifying the router’s job and multicast communication. IGMP Multicast Source: Enable to support the “source filtering” which is the ability for a system to report interest in receiving packets “only ” from specific source address(es), or “all but” specific source address(es), sent to a particular multicast address. Note: It works only on IGMP version 3. MLD Multicast Proxy: check whether to enable this function. MLD (Multicast Listener Discovery Protocol) Proxy intercepts the MLD request from Clients a set up the multicast-forwarding table. it takes over some of the router’s job, simplifying the router’s job and multicast communication. Support MLDv1 and MLDv2. MLD Multicast Source: Used in a similar way by IPv6 system as IGMP Multicast source in IPv4 system. Enable it to support the source filtering functionality for IPv6 system. Note: It works only on MLD version 2. 115 Click Next to continue to set the default gateway and DNS for IPv4 and IPv6. Default Gateway Select default gateway for you connection (IPv4 and IPv6). DNS ¾ IPv4 Three ways to set an IPv4 DNS server L Available WAN interfaces: Select a desirable WAN interface as the IPv4 DNS server. L Static DNS Address: To specify DNS server manually by entering your primary and secondary DNS server addresses. L Parental Controls: If user registers and gets a DNS account in the parental control provider website, expecting to enjoy a more reliable and safer internet surfing environment, please select this option (need to configure at Parental Control Provider). ¾ IPv6 Obtain IPv6 DNS info from a WAN interface WAN Interface selected: Select one configured IPv6 WAN connection from the menu to be as an IPv6 DNS. Static DNS IPv6 Address Primary IPv6 DNS Server / Secondary IPv6 DNS Server: Type the specific primary and secondary IPv6 DNS Server address. 116 If you don’t need a service, select the item you want to remove, check the checkbox, then press Remove. Press Edit button to re-edit this service settings. Here you can configure WAN Service, if it is OK, you can access the internet. You can go to Status >WAN or Summary to view the WAN connection information (if your ISP provides IPv6 service, then you will obtain an IPv6 address). (IPv4 or IPv6) 117 PPPoA VPI/VCI: Enter the VPI/VCI combination from you ISP. Encapsulation Mode: Select the encapsulation mode, LLC/SNAP-BRIDGING, or VC/MUX. Description: User-defined description for the connection. Username: Enter the account obtained from the ISP. Password: Enter the password obtained from the ISP. Authentication Method: Default is Auto. Or else your ISP will advise you the appropriate mode. Firewall: Enable to drop all traffic from WAN side. If enabled, all incoming packets by default would be dropped, and please turn to IP Filtering Incoming to add allowing rules. NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single IP account by sharing the single IP address. If users on your LAN have their own public IP addresses to access the Internet, NAT function can be disabled. When enabled, a Fullcone NAT parameter will appear, you can determine whether to enable Fullcone NAT. While only NAT enabled, the default NAT type Port-Restricted cone NAT will be used. Fullcone NAT: Enable or disable fullcone NAT. Fullcone is a kind of NAT, in this mode, all requests from the same internal IP address and port are mapped to the same external IP address and port. Furthermore, any external host can send a packet to the internal host, by sending a packet to the mapped external address. Note: In this connection, NAT is enabled by default, you can determine whether to enable Fullcone NAT or disable Fullcone NAT and only use NAT, the default NAT type is Port Restricted cone NAT. With Port-Restricted cone NAT, the restriction includes port numbers. Specifically, an external host can send a packet, with source IP address X and source port P, to the internal host only if the internal host had previously sent a packet to IP address X and port P IPv4 Address: Select whether to set static IPv4 address or obtain automatically. IP Address: If Static is enabled in the above field, enter the static IPv4 address get from the ISP. Dial on demand: It is a parameter to let users to dial for connection to internet themselves. It is 118 useful when saving internet fees. Inactivity Timeout: The set Inactivity timeout period, unit: minutes. It is combined use with Dial on Demand, users should specify the concrete time interval for dial on demand. IPv6 for this service: Enable to use IPv6 service. IPv6 Address: Select whether to set static IPv6 address or obtain automatically. IP Address: If Static is enabled in the above field, enter the static IPv4 address. MTU: Maximum Transmission Unit, the size of the largest datagram (excluding media-specific headers) that IP will attempt to send through the interface. IGMP Multicast Proxy: Check whether to enable this feature. IGMP (Internet Group Management Protocol) Proxy intercepts the IGMP request from Clients and set up the multicast-forwarding table, it takes over some of the router’s job, simplifying the router’s job and multicast communication. IGMP Multicast Source: Enable to support the “source filtering” which is the ability for a system to report interest in receiving packets “only ” from specific source address(es), or “all but” specific source address(es), sent to a particular multicast address. Note: It works only on IGMP version 3. MLD Multicast Proxy: check whether to enable this function. MLD (Multicast Listener Discovery Protocol) Proxy intercepts the MLD request from Clients a set up the multicast-forwarding table. it takes over some of the router’s job, simplifying the router’s job and multicast communication. Support MLDv1 and MLDv2. MLD Multicast Source: Used in a similar way by IPv6 system as IGMP Multicast source in IPv4 system. Enable it to support the source filtering functionality for IPv6 system. Note: It works only on MLD version 2. Click Next to continue to set the default gateway and DNS for IPv4 and IPv6. 119 IP over Ethernet VPI/VCI: Enter the VPI/VCI combination from you ISP. Encapsulation Mode: Select the encapsulation mode, LLC/SNAP-BRIDGING, or VC/MUX. Description: User-defined description for the connection, commonly for friendly use. Authentication Method: Default is Auto. Or else your ISP will advise you the appropriate mode. 802.1P Priority: The parameter indicates the frame priority level from 0 (lowest) to 7 (highest), which can be used to prioritize different classes of traffic (voice, video, data, etc). Enter the priority identification, tagged: 0-1, untagged: -1. 802.1Q VLAN ID: It is a parameter to specify the VLAN which the frame belongs. Enter the VLAN ID identification, tagged: 0-4094, untagged : -1. Here two modes are supported for users to deal with the IP and DNS. You can select obtain automatically or manually input the information according to your ISP. Obtain an IP address automatically: Check whether to enable this function. Option 60 Vendor ID: Enter the associated information by your ISP. This option is used by DHCP clients to optionally identify the vendor type and configuration of a DHCP client. The information is a 120 string of n octets, interpreted by servers. Vendors may choose to define specific vendor class identifiers to convey particular configuration or other identification information about a client. Option 77 User ID: Set the User ID, which identifies the request DHCP user. Option 61 Client ID: Set the client ID., which identifies the request DHCP client. Option 125: Option 125 is a complementary standard of DHCP protocol, it is used to encapsulate option 125 message into DHCP offer packet before forward it to clients. After the clients receive the packet, it check the option 125 field in the packet with the prestored message, if it is matched, then the client accepts this offer, otherwise it will be abandoned. Check Enable or Disable this function. Default setting is Disable. Option 50 Request IP Address: Set the particular request IP address to be assigned from the DHCP. Option 51 Request Leased Time: Set the request lease time for the requested IP address. Option 54 Request Server Address: Set request Server Address. WAN IP Address: Enter your IPv4 address to the device provided by your ISP. WAN Subnet Mask: Enter your submask to the device provided by your ISP. WAN gateway IP Address: Enter your gateway IP address to the device provided by your ISP. IPv6 for this service: Enable to use IPv6 service. Obtain an IPv6 address automatically: check whether to enable or disable this feature. WAN IPv6 Address/Prefix Length: Enter the WAN IPv6 Address/Prefix Length from your ISP. WAN Next-Hop IPv6 Address: Enter the WAN Next-Hop IPv6 Address from your ISP. Note: If you don’t know well about the DHCP Option, you can leave it empty or leave it as default. NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single IP account by sharing the single IP address. If users on your LAN have their own public IP addresses to access the Internet, NAT function can be disabled. When enabled, a Fullcone NAT parameter will appear, you can determine whether to enable Fullcone NAT. While only NAT enabled, the default NAT type Port-Restricted cone NAT will be used. Fullcone NAT: Enable or disable fullcone NAT. Fullcone is a kind of NAT, in this mode, all requests from the same internal IP address and port are mapped to the same external IP address and port. Furthermore, any external host can send a packet to the internal host, by sending a packet to the mapped external address. Firewall: Enable to drop all traffic from WAN side. If enabled, all incoming packets by default would be dropped, and please turn to IP Filtering Incoming to add allowing rules. IGMP Multicast Proxy: Check whether to enable this feature. IGMP (Internet Group Management Protocol) Proxy intercepts the IGMP request from Clients and set up the multicast-forwarding table, it takes over some of the router’s job, simplifying the router’s job and multicast communication. IGMP Multicast Source: Enable to support the “source filtering” which is the ability for a system to report interest in receiving packets “only ” from specific source address(es), or “all but” specific source address(es), sent to a particular multicast address. Note: It works only on IGMP version 3. No Multicast VLAN Filter: Enable to deactivate the multicast VLAN filter which allows users to filter on all multicast packets or on specific multicast groups. MLD Multicast Proxy: check whether to enable this function. MLD (Multicast Listener Discovery Protocol) Proxy intercepts the MLD request from Clients a set up the multicast-forwarding table. it takes over some of the router’s job, simplifying the router’s job and multicast communication. Support MLDv1 and MLDv2. Note: It works only on MLD version 2. MLD Multicast Source: Used in a similar way by IPv6 system as IGMP Multicast source in IPv4 system. Enable it to support the source filtering functionality for IPv6 system. 121 MTU: Maximum Transmission Unit, the size of the largest datagram (excluding media-specific headers) that IP will attempt to send through the interface. MAC Spoofing: This option is required by some service providers specifying some specific MAC allowed for joining network. You must fill in the MAC address specified by your service provider when this information is required. Click Next to continue to set the default gateway and DNS for IPv4 and IPv6. 122 IPoA VPI/VCI: Enter the VPI/VCI combination from you ISP. Encapsulation Mode: Select the encapsulation mode, LLC/SNAP-BRIDGING, or VC/MUX. Description: User-defined description for the connection, commonly for friendly use. WAN gateway IP Address: Enter your gateway IP address to the device provided by your ISP. NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single IP account by sharing the single IP address. If users on your LAN have their own public IP addresses to access the Internet, NAT function can be disabled. When enabled, a Fullcone NAT parameter will appear, you can determine whether to enable Fullcone NAT. While only NAT enabled, the default NAT type Port-Restricted cone NAT will be used. Fullcone NAT: Enable or disable fullcone NAT. Fullcone is a kind of NAT, in this mode, all requests from the same internal IP address and port are mapped to the same external IP address and port. Furthermore, any external host can send a packet to the internal host, by sending a packet to the mapped external address. IGMP Multicast Proxy: Check whether to enable this feature. IGMP (Internet Group Management Protocol) Proxy intercepts the IGMP request from Clients and set up the multicast-forwarding table, it takes over some of the router’s job, simplifying the router’s job and multicast communication. IGMP Multicast Source: Enable to support the “source filtering” which is the ability for a system to report interest in receiving packets “only ” from specific source address(es), or “all but” specific source address(es), sent to a particular multicast address. Note: It works only on IGMP version 3. No Multicast VLAN Filter: Enable to deactivate the multicast VLAN filter which allows users to filter on all multicast packets or on specific multicast groups. 123 Bridging VPI/VCI: Enter the VPI/VCI combination from you ISP. Encapsulation Mode: Select the encapsulation mode, LLC/SNAP-BRIDGING, or VC/MUX. Description: User-defined description for the connection, commonly for friendly use. 802.1P Priority: The parameter indicates the frame priority level from 0 (lowest) to 7 (highest), which can be used to prioritize different classes of traffic (voice, video, data, etc). Enter the priority identification, tagged: 0-1, untagged: -1. 802.1Q VLAN ID: It is a parameter to specify the VLAN which the frame belongs. Enter the VLAN ID identification, tagged: 0-4094, untagged : -1. Allow as IGMP Multicast Source: Enable to support the “source filtering” which is the ability for a system to report interest in receiving packets “only ” from specific source address(es), or “all but” specific source address(es), sent to a particular multicast address. Note: It works only on IGMP version 3. Allow as MLD Multicast Source: Used in a similar way by IPv6 system as IGMP Multicast source in IPv4 system. Enable it to support the source filtering functionality for IPv6 system. Note: It works only on MLD version 2. 124 L Ethernet Ethernet WAN connection is well known as directly broadband WAN connection. PPPoE Description: User-defined description for the connection, commonly for friendly use. 802.1P Priority: The parameter indicates the frame priority level from 0 (lowest) to 7 (highest), which can be used to prioritize different classes of traffic (voice, video, data, etc). Enter the priority identification, tagged: 0-1, untagged: -1. 802.1Q VLAN ID: It is a parameter to specify the VLAN which the frame belongs. Enter the VLAN ID 125 identification, tagged: 0-4094, untagged : -1. Username: Enter the account obtained from the ISP. Password: Enter the password obtained from the ISP. Service Name: The item is for identification purpose, user can define it yourselfe. Authentication Method: Default is Auto. Or else your ISP will advise you the appropriate mode. Firewall: Enable to drop all traffic from WAN side. If enabled, all incoming packets by default would be dropped, and please turn to IP Filtering Incoming to add allowing rules. NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single IP account by sharing the single IP address. If users on your LAN have their own public IP addresses to access the Internet, NAT function can be disabled. When enabled, a Fullcone NAT parameter will appear, you can determine whether to enable Fullcone NAT. While only NAT enabled, the default NAT type Port-Restricted cone NAT will be used. Fullcone NAT: Enable or disable fullcone NAT. Fullcone is a kind of NAT, in this mode, all requests from the same internal IP address and port are mapped to the same external IP address and port. Furthermore, any external host can send a packet to the internal host, by sending a packet to the mapped external address. Note: In PPPoE connection, NAT is enabled by default, you can determine whether to enable Fullcone NAT. and while you disable Fullcone NAT and only use NAT, the default NAT type is Port Restricted or Port-Restricted cone NAT, the restriction includes port numbers. Specifically, an external host can send a packet, with source IP address X and source port P, to the internal host only if the internal host had previously sent a packet to IP address X and port P. IPv4 Address: Select whether to set static IPv4 address or obtain automatically. IP Address: If Static is enabled in the above field, enter the static IPv4 address get from the ISP. Dial on demand: It is a parameter to let users to dial for connection to internet themselves. It is useful when saving internet fees. Inactivity Timeout: The set Inactivity timeout period, unit: minutes. It is combined use with Dial on Demand, users should specify the concrete time interval for dial on demand. IPv6 for this service: Enable to use IPv6 service. IPv6 Address: Select whether to set static IPv6 address or obtain automatically. IP Address: If Static is enabled in the above field, enter the static IPv4 address. MTU: Maximum Transmission Unit, the size of the largest datagram (excluding media-specific headers) that IP will attempt to send through the interface. PPPoE with Pass-through: Enable or disable PPPoE pass-through. If it is enabled, PCs behind the router can dial itself. IGMP Multicast Proxy: Check whether to enable this feature. IGMP (Internet Group Management Protocol) Proxy intercepts the IGMP request from Clients and set up the multicast-forwarding table, it takes over some of the router’s job, simplifying the router’s job and multicast communication. IGMP Multicast Source: Enable to support the “source filtering” which is the ability for a system to report interest in receiving packets “only ” from specific source address(es), or “all but” specific source address(es), sent to a particular multicast address. Note: It works only on IGMP version 3. MLD Multicast Proxy: check whether to enable this function. MLD (Multicast Listener Discovery Protocol) Proxy intercepts the MLD request from Clients a set up the multicast-forwarding table. it takes over some of the router’s job, simplifying the router’s job and multicast communication. Support MLDv1 and MLDv2. MLD Multicast Source: Used in a similar way by IPv6 system as IGMP Multicast source in IPv4 system. Enable it to support the source filtering functionality for IPv6 system. Note: It works only on MLD version 2. 126 Click Next to continue to set the default gateway and DNS for IPv4 and IPv6. Default Gateway Select default gateway for you connection (IPv4 and IPv6). DNS ¾ IPv4 Three ways to set an IPv4 DNS server L Available WAN interfaces: Select a desirable WAN interface as the IPv4 DNS server. L Static DNS Address: To specify DNS server manually by entering your primary and secondary DNS server addresses. L Parental Controls: If user registers and gets a DNS account in the parental control provider website, expecting to enjoy a more reliable and safer internet surfing environment, please select this option (need to configure at Parental Control Provider). ¾ IPv6 Obtain IPv6 DNS info from a WAN interface WAN Interface selected: Select one configured IPv6 WAN connection from the menu to be as an IPv6 DNS. Static DNS IPv6 Address Primary IPv6 DNS Server / Secondary IPv6 DNS Server: Type the specific primary and secondary IPv6 DNS Server address. 127 If you don’t need the service, select the item you want to remove, check the checkbox, then press Remove, it will be OK. Press Edit button to re-edit this service settings. Here the corresponding WAN Service have been configured, if it is OK, you can access the internet. You can go to Status>WAN or Summary to view the WAN connection information (if your ISP provides IPv6 service, then you will obtain an IPv6 address). (IPv4 or IPv6) 128 IP over Ethernet Description: User-defined description for the connection, commonly for friendly use. 802.1P Priority: The parameter indicates the frame priority level from 0 (lowest) to 7 (highest), which can be used to prioritize different classes of traffic (voice, video, data, etc). Enter the priority identification, tagged: 0-1, untagged: -1. 802.1Q VLAN ID: It is a parameter to specify the VLAN which the frame belongs. Enter the VLAN ID identification, tagged: 0-4094, untagged : -1. Here two modes are supported for users to deal with the IP and DNS. You can select obtain automatically or manually input the information according to your ISP. Obtain an IP address automatically: Check whether to enable this function. Option 60 Vendor ID: Enter the associated information by your ISP. This option is used by DHCP clients to optionally identify the vendor type and configuration of a DHCP client. The information is a string of n octets, interpreted by servers. Vendors may choose to define specific vendor class identifiers to convey particular configuration or other identification information about a client. Option 77 User ID: Set the User ID, which identifies the request DHCP user. Option 61 Client ID: Set the client ID., which identifies the request DHCP client. Option 125: Option 125 is a complementary standard of DHCP protocol, it is used to encapsulate option 125 message into DHCP offer packet before forward it to clients. After the clients receive the packet, it check the option 125 field in the packet with the prestored message, if it is matched, then the client accepts this offer, otherwise it will be abandoned. Check Enable or Disable this function. 129 Default setting is Disable. Option 50 Request IP Address: Set the particular request IP address to be assigned from the DHCP. Option 51 Request Leased Time: Set the request lease time for the requested IP address. Option 54 Request Server Address: Set request Server Address. WAN IP Address: Enter your IPv4 address to the device provided by your ISP. WAN Subnet Mask: Enter your submask to the device provided by your ISP. WAN gateway IP Address: Enter your gateway IP address to the device provided by your ISP. IPv6 for this service: Enable to use IPv6 service. Obtain an IPv6 address automatically: check whether to enable or disable this feature. WAN IPv6 Address/Prefix Length: Enter the WAN IPv6 Address/Prefix Length from your ISP. WAN Next-Hop IPv6 Address: Enter the WAN Next-Hop IPv6 Address from your ISP. Note: If you don’t know well about the DHCP Option, you can leave it empty or leave it as default. NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single IP account by sharing the single IP address. If users on your LAN have their own public IP addresses to access the Internet, NAT function can be disabled. When enabled, a Fullcone NAT parameter will appear, you can determine whether to enable Fullcone NAT. While only NAT enabled, the default NAT type Port-Restricted cone NAT will be used. Fullcone NAT: Enable or disable fullcone NAT. Fullcone is a kind of NAT, in this mode, all requests from the same internal IP address and port are mapped to the same external IP address and port. Furthermore, any external host can send a packet to the internal host, by sending a packet to the mapped external address. Firewall: Enable to drop all traffic from WAN side. If enabled, all incoming packets by default would be dropped, and please turn to IP Filtering Incoming to add allowing rules. IGMP Multicast: IGMP (Internet Group Membership Protocol) is a protocol used by IP hosts to report their multicast group memberships to any immediately neighboring multicast routers. Check this item to enable IGMP multicast on that WAN interface for multicast forwarding. IGMP Multicast Source: Enable to support the “source filtering” which is the ability for a system to report interest in receiving packets “only ” from specific source address(es), or “all but” specific source address(es), sent to a particular multicast address. Note: It works only on IGMP version 3. No Multicast VLAN Filter: Enable to deactivate the multicast VLAN filter which allows users to filter on all multicast packets or on specific multicast groups. MLD Multicast Proxy: check whether to enable this function. MLD (Multicast Listener Discovery Protocol) Proxy intercepts the MLD request from Clients a set up the multicast-forwarding table. it takes over some of the router’s job, simplifying the router’s job and multicast communication. Support MLDv1 and MLDv2. MLD Multicast Source: Used in a similar way by IPv6 system as IGMP Multicast source in IPv4 system. Enable it to support the source filtering functionality for IPv6 system. Note: It works only on MLD version 2. MTU: Maximum Transmission Unit, the size of the largest datagram (excluding media-specific headers) that IP will attempt to send through the interface. MAC Spoofing: This option is required by some service providers specifying some specific MAC allowed to join in network. You must fill in the MAC address specified by your service provider when this information is required. 130 Bridging Description: User-defined description for the connection, commonly for friendly use. 802.1P Priority: The parameter indicates the frame priority level from 0 (lowest) to 7 (highest), which can be used to prioritize different classes of traffic (voice, video, data, etc). Enter the priority identification, tagged: 0-1, untagged: -1. 802.1Q VLAN ID: It is a parameter to specify the VLAN which the frame belongs. Enter the VLAN ID identification, tagged: 0-4094, untagged : -1. Allow as IGMP Multicast Source: Enable to support the “source filtering” which is the ability for a system to report interest in receiving packets “only ” from specific source address(es), or “all but” specific source address(es), sent to a particular multicast address. Note: It works only on IGMP version 3. Allow as MLD Multicast Source: Used in a similar way by IPv6 system as IGMP Multicast source in IPv4 system. Enable it to support the source filtering functionality for IPv6 system. Note: It works only on MLD version 2. 131 Failover Auto failover/failback is to ensure an always-on internet connection. Users can set a Master WAN interface (main WAN) and a slave interface (backup WAN), and when Master WAN fails, it will switch to slave WAN, and when master WAN restores, it will switch to master WAN interface again. L3 WAN Failover: Check Enable to activate L3 WAN failover. Master Interface: Select a master WAN interface. Ping: To ping to check the master WAN inteface’s connectivity. L Gateway: It will send ping packets to gateway of master interface and wait for response from it in every “Probe Cycle” to check the connectivity of the gateway of master interface. L Host: It will send ping packets to specific host and wait for response in every “Probe Cycle”. Slave Interface: Select a slave WAN interface as backup port. Ping: To ping to check the slave WAN inteface’s connectivity. L Gateway: It will send ping packets to gateway of slave interface and wait for response from it in every “Probe Cycle” to check the connectivity of the gateway of slave interface. L Host: It will send ping packets to specific host and wait for response in every “Probe Cycle”. Probe Cycle: Set the time duration for the Probe Cycle to determine when the router will switch to the backup connection once the main connection (main port) fails. For example, when set to 30 seconds, the probe will be conducted every 30 seconds. Connectivity Decision: Set how many times of probing failure to switch to backup port. Note: 1) The time set is for each probe cycle, but the decision to change to the backup port is determined by Probe Cycle multiplied by connection Decision amount (e.g. From the image above it will be 30 seconds multiplied by 3 consecutive fails, the router will determine failover to slave interface. 2).The failback setting follow the same decision policy as the failover. For example, according to settings above in the screenshot, the connection probe will be carried out every 30 seconds, and 3 consecutive times of probe success is found, the router will determine failback to master interface. 132 DSL This screen allows you to set DSL parameters. DSL knowledge is required to configure these settings. Contact your ISP to make sure that these parameters are correct. Modulation: There are 8 modes “G.Dmt”, “G.lite”, “T1.413”, “ADSL2”, “AnnexL”, ”ADSL2+”, “AnnexM”, “VDSL2” that user can select for this connection. Profile: VDSL profiles up to 17a. US0: Select to enable US0. In VDSL mode, profiles like 8a, 8b, 8c, 8d, 12a and 17a need users to enable US0 band. Phone line pair: This is for reserved only. You can choose "Inner Pair" or "Outer Pair". Capability: There are 2 options “Bitswap Enable” and “SRA Enable” that user can select for this connection. Bitswap Enable: Allows bitswaping function. SRA Enable: Allows seamless rate adaptation. PhyR: A new technology to control impulse and noise to improve the BER and DSL data quality. Click Apply to confirm the settings. 133 SNR Signal-to-noise ratio (often abbreviated SNR or S/N) is a measure used in science and engineering that compares the level of a desired signal to the level of background noise. It is defined as the ratio of signal power to the noise power. SNR: Change the value to adjust the DSL link rate, more suitable for an advanced user. 134 System Internet Time The router does not have a real time clock on board; instead, it uses the Network Time Protocol (NTP) to get the most current time from an NTP server. NTP is a protocol for synchronization of computers. It can enable computers synchronize to the NTP server or clock source with a high accuracy. Choose the NTP time server from the drop-down menu, if you prefer to specify an NTP server other than those in the drop-down list, simply enter its IP address in their appropriate blanks provided as shown above. Your ISP may also provide an SNTP server for you to use. Choose your local time zone from the drop-down menu. After a successful connection to the Internet, the router will retrieve the correct local time from the NTP server you have specified. If you prefer to specify an NTP server other than those in the drop-down list, simply enter its IP address in their appropriate blanks provided as shown above. Your ISP may also provide an NTP server for you to use. Click Apply to apply your settings. 135 Firmware Upgrade Software upgrading lets you experience new and integral functions of your router. Restart device with: Factory Default Settings: Restart the device with factory default settings automatically when finishing upgrading. Current Settings: Restart the device with the current settings automatically when finishing upgrading. Your router’s “firmware” is the software that allows it to operate and provides all its functionality. Think of your router as a dedicated computer, and the firmware as the software it runs. Over time this software may be improved and revised, and your router allows you to upgrade the software it runs to take advantage of these changes. Clicking on Browse will allow you to select the new firmware image file you have downloaded to your PC. Once the correct file is selected, click Upgrade to update the firmware in your router. 136 Backup / Update These functions allow you to save and backup your router’s current settings to a file on your PC, or to restore from a previously saved backup. This is useful if you wish to experiment with different settings, knowing that you have a backup handy in the case of any mistakes. It is advisable to backup your router’s settings before making any significant changes to your router’s configuration. Click Backup Settings, a window appears, click save , then browse the location where you want to save the backup file. Click Browse and browse to the location where your backup file is saved, the click Open. Then in the above page, click Update Settings, the following process indicating screen will appear. Let it update to 100%, it will automatically turn to the Device Info page. 137 Access Control Access Control is used to prevent unauthorized access to the router configuration page. Here you can change the login user password. Three user levels are provided here. Each user level there’s a default provided user. You must access the router with the appropriate username and password. Here the corresponding passwords are allowed to change. Level: select which level you want to change password to. There are three default levels. Administrator: the root user, corresponding default username and password are admin and admin respectively. Remote: username for the remote user to login, corresponding default username and password are support and support respectively. Local: username for the general user, when logon to the web page, only few items would be listed for common user, corresponding default username password are user and user respectively. Username: The default username for each user level. Old Password: Enter the old password. New Password: Enter the new password. Confirm Password: Enter again the new password to confirm. Note: By default the accounts of Remote and Local are disabled, please click Valid check-box to activate the accounts. Click Apply to apply your new settings. 138 Mail Alert Mail alert is designed to keep system administrator or other relevant personnel alerted of any unexpected events that might have occurred to the network computers or server for monitoring efficiency. With this alert system, appropriate solutions may be tackled to fix problems that may have arisen so that the server can be properly maintained. WAN Port: Mail Alert feature can be applicable to every WAN mode: Ethernet, DSL. Select the port you want to use Mail Alert. For example DSL, then when the WAN connection is in DSL mode and when there is any unexpected event, the alert message will be sent to your specified E-mail. Apply all settings to: check whether you want to have a copy of the settings to apply to other WAN port, suppose the above Main port is DSL, then if you enable this function, then Ethernet port will have the same configuration. SMTP Server: Enter the SMTP server that you would like to use for sending emails. Username: Enter the username of your email account to be used by the SMTP server. Password: Enter the password of your email account. Sender’s Email: Enter your email address. SSL: Check to whether to enable SSL encryption feature. Port: the port, default is 25. Account Test: Press this button to test the connectivity and feasibility to your sender’s e-mail. Recipient’s Email (Failover / Failback): Enter the email address that will receive the alert message once the failover or failback has been detected. Recipient’s Email (WAN IP Change Alert): Enter the email address that will receive the alert message once a WAN IP change has been detected.. Recipient’s Email (SIM lost): Enter the email address that will receive the alert message once the SIM card loss has been detected. 139 SMS Alert SMS, Short Message Service, is to inform clients the information clients subscribe. The BiPAC 8700AX-1600 offers SMS alert sending clients alert messages when a WAN IP change is detected. Recipient’s Number (WAN IP Change Alert): Enter the Recipient’s number that will receive the alert message once a WAN IP change has been detected. 140 Configure Log Log: Enable or disable this function. Log level: Select your log level. The log level allows you to configure which types of events are logged. There are eight log levels from high to low are displayed below: Emergency = system is unusable Alert = action must be taken immediately Critical = critical conditions Error = error conditions Warning = warning conditions Notice = normal but significant conditions Informational = information events Debugging = debug-level messages The gateway records all log events at the chosen level and above. For instance, if you set the log level to Critical, all critical, alert, and emergency events are logged, but none of the others are recorded Display Level: Display the log according to the level you set when you view system log. Once you set the display level, the logs of the same or higher priority will be displayed. Mode: Select the mode the system log adopted. Three modes: local, Remote and Both. Local: Select this mode to store the logs in the router’s local memory. Remote: Select this mode to send the log information to a remote log server. Then you must assign the remote log server and port, 514 is often used. Both: Logs stored adopting above two ways. Click Apply to save your settings. 141 USB Storage here refers to network sharing in the network environment. USB devices act as the storage carrier for common file sharing, DLNA. With a USB-based printer, the 8700AX-1600 can also serve as a network printer offering printing service for every client on the network. Storage Device Info This part provides users direct access to the storage information like the total volume, the used and the remaining capacity of the device. Volume Name: Display the storage volume name FileSystem: Display the storage device’s file system format, well-known is FAT. Total Space: Display the total space of the storage, with unit MB. Used Space: Display the remaining space of each partition, unit MB. Unmount: Click Unmount button if you want to uninstall the USB device. Please Note that first click Unmount before you uninstall your USB storage. 142 User Account Users here can add user accounts for access to the storage, in this way users can access the network sharing storage with the specified account, and again protect their own data. Default user admin. Click Add button, enter the user account-adding page: Username: user-defined name, but simpler and more convenient to remember would be favorable. Password: Set the password. Confirm Password: Reset the password for confirmation. Volume Name: Select Volume name, as to create access to the volume of the specified partition of the storage. For example, a user test is setup behind the disk1_1. 143 Accessing mechanism of Storage: In your computer, Click Start > Run, enter \\192.168.1.254 144 When accessing the network storage, you can see a folder named “public”, users should have the account to enter, and the account can be set at the User Accounts section. When first logged on to the network folder, you will see the “public” folder. Public: The public sharing space for each user in the USB Storage. When user register a USB account and log successfully, a private folder (the same name as the user account registered) exclusive for each user is established. Go on to see the details. 145 Access the folder public. 146 When successfully accessed, the private folder of each user is established, and user can see from the following picture. The test fold in the picture is the private space for each user. 147 Print Server The Print Server feature allows you to share a printer on your network by connecting a USB cable from your printer to the USB port on the 8700AX-1600 This allows you to print from any location on your network. Note: Only USB printers are supported Setup of the printer is a 3 step process (8700AX-1600 for example) 1. Connect the printer to the 8700AX-1600 ’s USB port 2. Enable the print server on the 8700AX-1600 3. Install the printer drivers on the PC you want to print from On-board Print Server: Check Enable to activate the print server Printer Name: Enter the Printer name, for example, OfficePrinter Make and Model: Enter in the Make and Model information for the printer, for example, Epson Stylus Photo R290 Note: The Printer name can be any text string up to 40 characters. It cannot contain spaces. The Make and Model can be any text string up to 128 characters. Setup of Printer client (Windows 7) Step 1: Click Start and select “Devices and Printers” 148 Step 2: Click ‘’Add a Printer’’. Step 3: Click “Add a network, wireless or Bluetooth printer 149 Step 4: Click “The printer that I want isn’t listed” Step 5: Select “Select a shared printer by name” Enter http://8700AX-1600 - LAN-IP:631/printers/printer-name or. Make sure printer’s name is the same as what you set in the 8700AX earlier For Example: http://192.168.1.254:631/printers/OfficePrinter OfficePrinter is the Printer Name we set up earlier 150 Step 6: Click “Next” to add the printer driver. If your printer is not listed and your printer came with an installation disk, click “Have Disk” find it and install the driver. Step 7: Click “Next” 151 Step 8: Click “Next” and you are done You will now be able to see your printer on the Devices and Printers Page 152 DLNA The Digital Living Network Alliance (DLNA) is a non-profit collaborative trade organization established by Sony in June 2003, which is responsible for defining interoperability guidelines to enable sharing of digital media between consumer devices such as computers, printers, cameras, cell phones and other multiple devices. DLNA uses Universal Plug and Play (UPnP) for media management, discovery and control. UPnP defines the types of devices (‘server’, ‘renderer’, ‘controller’) that DLNA supports and the mechanism for accessing media over a network. Overall, DLNA allows more convenience, more choices and enjoyment of your digital content through DLNA certified devices. Any DLNA certified devices or software can access the DLNA server. With USB storage, 8700AX-1600 can serve as a DLNA server. On-board digital media server: Enable to share the device as a DLNA server. Interface: The VLAN group, it is the bound interface for DLNA server accessing. Media Library Path: Default is disk1_1, total USB space (pictures, videos, music, etc, all can be accessed with this path). 153 Take Windows media player in Windows 7 accessing the DLNA server for example for usage of DLNA . 154 IP Tunnel An IP Tunnel is an Internet Protocol (IP) network communication channels between two networks of different protocols. It is used to transport another network protocol by encapsulation of its packets. IP Tunnels are often used to connect two disjoint IP networks that do not have a native routing path to each other, via an underlying routable protocol across an intermediate transport network, like VPN. Another prominent use of IP Tunnel is to connect islands of IPv6 installations across the IPv4 internet. IPv6inIPv4 6in4 is an Internet transition mechanism for migrating from IPv4 to IPv6. 6in4 uses tunneling to encapsulate IPv6 traffic over explicitly configured IPv4 links. The 6in4 traffic is sent over the IPv4 Internet inside IPv4 packets whose IP headers have the IP Protocol number set to 41. This protocol number is specifically designated for IPv6 capsulation. 6RD: 6RD is a mechanism to facilitate IPv6 rapid deployment across IPv4 infrastructures of internet service providers (ISPs). It is derived from 6to4, a preexisting mechanism to transporting IPv6 packets over IPv4 infrastructure network, with the significant change that it operates entirely within the enduser’s ISP network, thus avoiding the major architectural problems inherent in the original design of 6to4. Click Add button to manually add the 6in4 rules. Tunnel Name: User-defined name. Mechanism: Here only 6RD. Associated WAN Interface: The applied WAN interface with the set tunnel, thus when there are 155 packets from/to the WAN interface, the tunnel would be used to transport the packets. Associated LAN Interface: Set the linked LAN interface with the tunnel. Method: 6rd operation mechanism: manually configured or automatically configured. If manually, please fill out the following 6rd parameters. V4 Common Bit Length: Specify the length of IPv4 address carried in IPv6 prefix, for example, 0 means to carry all the 32 bits of IPv4 address while 8 carries 24 bits of the IPv4 address. 6rd Prefix with Prefix Length: Enter the 6rd prefix and prefix length you uniquely designate to 6rd by the ISP( The 6rd prefix and prefix length are to replace the standard 6to4 prefix 2002::/16 by an IPv6 prefix that belongs to the ISP-assigned.) Border Relay IPv4 Address: The IPv4 address of the border relay. The relay is used to unwrap capsulated IPv4 packets into IPv6 packets and send them to the IPv6 network. 156 IPv4inIPv6 4in6 refers to tunneling of IPv4 in IPv6. It is an inherent internet interoperation mechanism allowing IPv4 to be used in an IPv6 only network. 4in6 uses tunneling to encapsulate IPv4 traffic over configured IPv6 tunnels. 4in6 tunnels are usually manually configured but they can be automated using protocols such as TSP to allow easy connection to a tunnel broker. DS – Lite DS –Lite, or Dual-Stack Lite, is designed to let an ISP omit the deployment of any IPv4 address to the customer’s CPE. Instead, only global IPv6 addresses are provided (Regular Dual-Stack Lite deploys global addresses for both IPv4 and IPv6). The CPE distributes private IPv4 addresses for the LAN clients, the same as a NAT device. The subnet information is chosen by the customer, identically to the NAT model. However, instead of performing the NAT itself, the CPE encapsulates the IPv4 packet inside an IPv6 packet. Click Add button to manually add the 4in6 rules. Tunnel Name: User-defined tunnel name. Mechanism: It is the 4in6 tunnel operation technology. Please select DS-Lite. Associated WAN Interface: The applied WAN interface with the set tunnel, and when there are packets from/to the WAN interface, the tunnel would be used to transport the packets. Associated LAN Interface: Specify the linked LAN interface with the tunnel. Method: Manually to specify the AFTP (Address Family Transition Router) address or Automatic. AFTR: Specify the address of AFTP (Address Family Transition Router) from your ISP. 157 Security IP Filtering Outgoing IP filtering enables you to configure your router to block specified internal/external users (IP address) from Internet access, or you can disable specific service requests (Port number) to /from Internet. The relationship among all filters is “or” operation, which means that the router checks these different filter rules one by one, starting from the first rule. As long as one of the rules is satisfied, the specified action will be taken. Note: The maximum number of entries: 32. Click Add button to enter the exact rule setting page. Filter Name: A user-defined rule name. User can select simply from the list box for the application for quick setup. IP Version: Select the IP Version, IPv4 or IPv6. Protocol: Set the traffic type (TCP/UDP, TCP, UDP, ICMP, RAW, Any) rule applies to. Source IP address: This is the Address-Filter used to allow or block traffic to/from particular IP address(es) featured in the IP range. If you leave empty, it means any IP address. Source Port [port or port:port]: The port or port range defines traffic from the port (specific application) or port in the set port range blocked to go through the router. Default is set port from range 1 – 65535. Destination IP address: Traffic from LAN with the particular traffic destination address specified in the IP range is to be blocked from going through the router, similarly set as the Source IP address above. Destination Port [port or port: port]: Traffic with the particular set destination port or port in the set port range is to be blocked from going through the router. Default is set port from port range: 1 – 158 65535. Time Schedule: Select or set exactly when the rule works. When set to “Always On”, the rule will work all time; and also you can set the precise time when the rule works, like 01:00 - 19:00 from Monday to Friday. Or you can select the already set timeslot in “Time Schedule” during which the rule works. And when set to “Disable”, the rule is disabled or inactive and there will be an icon” ” in list table indicating the rule is inactive. See Time Schedule. Action: Select to drop or forward the packets fit the outgoing filtering rule. Log: check the check-box to record the security log. To check the log, users can turn to Security Log. Example: For example, if there is an outgoing rule set as follows, then the 21 application between source IP and destination IP will be forwarded. Or exactly in the rule below, all traffic trying to access FTP will be forwarded. (The rule is active; disable field shows the status of the rule, active or inactive) Add another Outgoing IP Filtering rule, users will find the “arrow” icon to change the IP outgoing filter rule working orders. 159 How to disable set rule. (Rule inactive) 160 IP Filtering Incoming Incoming IP Filtering is set by default to block all incoming traffic, but user can set rules to forward the specific incoming traffic. Note: 1. The maximum number of entries: 32. 2. When LAN side firewall or firewall in WAN interface(s) is enabled, user can move here to add allowing rules to pass through the firewall. Click Add button to enter the exact rule setting page. Filter Name: A user-defined rule name. User can select simply from the list box for the application for quick setup. IP Version: Select the IP Version, IPv4 or IPv6. Protocol: Set the traffic type (TCP/UDP, TCP, UDP, ICMP, RAW, Any ) that the rule applies to. Source IP address: This is the Address-Filter used to allow or block traffic to/from particular IP address(es) featured in the IP range.. If you leave empty, it means any IP address. Source Port [port or port:port]: The port or port range defines traffic from the port (specific application) or port in the set port range blocked to go through the router. Default is set port from range 1 – 65535. Destination IP address: Traffic from LAN with the particular traffic destination address specified in the IP range is to be blocked from going through the router, similarly set as the Source IP address above. Destination Port [port or port : port]: Traffic with the particular set destination port or port in the set port range is to be blocked from going through the router. Default is set port from port range: 1 – 65535 Interfaces: Check if the filter rule applies to all interfaces. User can base on need select interfaces to make the rule take effect with those interfaces. 161 Time Schedule: Select or set exactly when the rule works. When set to “Always On”, the rule will work all time; and also you can set the precise time when the rule works, like 01:00 - 19:00 from Monday to Friday. Or you can select the already set timeslot in “Time Schedule” during which the rule works. And when set to “Disable”, the rule is disabled or inactive and there will be an icon” ” in the list table indicating the rule is inactive. See Time Schedule. Log: check the check-box to record the security log. To check the log, users can turn to Security Log. 162 MAC Filtering MAC Filtering is only effective on ATM PVCs configured in Bridged mode. FORWARDED means that all MAC layer frames will be forwarded except those matching with any of the specified rules in the following table. BLOCKED means that all MAC layer frames will be blocked except those matching with any of the specified rules in the following table. By default, all MAC frames of the interface in Bridge Mode will be forwarded, you can check Change checkbox and then press Change Policy to change the settings to the interface. For example, from above, the interface atm0.1 is of bridge mode, and all the MAC layer frames will be forward, but you can set some rules to let some item matched the rules to be blocked. Click Add button to add the rules. Protocol type: Select from the drop-down menu the protocol that applies to this rule. Destination /Source MAC Address: Enter the destination/source address. Frame Direction: Select the frame direction this rule applies, both LAN and WAN: LAN <=>WAN, only LAN to WAN: LAN=>WAN, only WAN to LAN: WAN=>LAN. WAN Interfaces: Select the interfaces configured in Bridge mode. 163 Blocking WAN PING This feature is enabled to let your router not respond to any ping command when someone others “Ping” your WAN IP. 164 Time Restriction A MAC (Media Access Control) address is the unique network hardware identifier for each PC on your network’s interface (i.e. its Network Interface Card or Ethernet card). Using your router’s MAC Address Filter function, you can configure the network to block specific machines from accessing your LAN during the specified time. This page adds time of day restriction to a special LAN device connected to the router. Please click Add button to add the device(s) to be subject to Time Restriction rules (forward or drop connection to internet). Devices Not added will not comply with the rules and access internet and router willingly. To find out the MAC address of a window based PC, go to command window, and type “ipconfig/all”. Note: The maximum entries configured: 32. Click Add to add the rules. Host Label: User-defined name. MAC Address: Enter the MAC address(es) you want to allow or block to access the router and LAN. The format of MAC address could be: xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx. For convenience, user can select from the list box. Time Schedule: Configure to control the PC from accessing router and internet. L Drop: To drop the MAC entries always; in other words, the MACs are blocked access to router and internet always. L Forward: To forward the MAC entries always; in other words, the MACs are granted access to the router and internet always. L Check or select from listbox: To set the time duration during which the MACs are blocked from access the router and internet. “select from listbox” means that you can select the already set timeslot in “Time Schedule” section during which the MACs are blocked from access the router and internet. Click Apply to confirm your settings. The following prompt window will appear to remind you of the attention. 165 An example: Here you can see that the user “child-use” with a MAC of 18:a9:05:04:12:23 is blocked to access the router from 00:00 to 23:59 Monday through Friday. The “test” can access the internet always. If you needn’t this rule, you can check the box, press Remove, it will be OK. 166 URL Filter URL (Uniform Resource Locator – e.g. an address in the form of http://www.abcde.com or http://www.example.com) filter rules allow you to prevent users on your network from accessing particular websites by their URL. There are no pre-defined URL filter rules; you can add filter rules to meet your requirements. Note: 1) URL Filter rules apply to both IPv4 and IPv6 sources. to set the exception IP address(es) for IPv4 2) But in Except IP Address part, user can click and IPv6 respectively. Keywords Filtering: Allow blocking against specific keywords within a particular URL rather than having to specify a complete URL (e.g.to block any image called “advertisement.gif”). When enabled, your specified keywords list will be checked to see if any keywords are present in URLs accessed to determine if the connection attempt should be blocked. Please note that the URL filter blocks web browser (HTTP) connection attempts using port 80 only. Domains Filtering: This function checks the whole URL address but not the IP address against your list of domains to block or allow. If it is matched, the URL request will either be sent (Trusted) or dropped (Forbidden). Restrict URL Features: Click Block Java Applet to filter web access with Java Applet components. Click Block ActiveX to filter web access with ActiveX components. Click Block Cookie to filter web access with Cookie components. Click Block Proxy to filter web proxy access. Except IP Address: You can input a list of IP addresses as the exception list for URL filtering. These IPs will not be covered by the URL rules. Time Schedule: Select or set exactly when the rule works. When set to “Always On”, the rule will work all time; and also you can set the precise time when the rule works, like 01:00 - 19:00 from Monday to Friday. Or you can select the already set timeslot in “Time Schedule” during which the rule works. And when set to “Disable”, the rule is disabled. See Time Schedule. Log: Select Enable for this option if you will like to capture the logs for this URL filter policy. To check the log, users can turn to Security Log. 167 Keywords Filtering Note: Maximum number of entries: 32. Click to add the keywords. Enter the Keyword, for example image, and then click Add. You can add other keywords like this. The keywords you add will be listed as above. If you want to reedit the keyword, press the Edit radio button left beside the item, and the word will listed in the Keyword field, edit, and then press Edit/Delete to confirm. If you want to delete certain keyword, check Delete checkbox right beside the item, and press Edit/Delete. Click Return to be back to the previous page. Domains Filtering Note: Maximum number of entries: 32. Click to add Domains. Domains Filtering: enter the domain you want this filter to apply. Type: select the action this filter deals with the Domain. Forbidden Domain: The domain is forbidden access. Trusted Domain: The domain is trusted and allowed access. Enter a domain and select whether this domain is trusted or forbidden with the pull-down menu. Next, click Add. Your new domain will be added to either the Trusted Domain or Forbidden Domain listing, depending on which you selected previously. For specific process, please refer to Keywords 168 Filtering. Except IP Address In the section, users can set the exception IP respectively for IPv4 and IPv6. Click to add the IP Addresses. Enter the except IP address. Click Add to save your changes. The IP address will be entered into the Exception List, and excluded from the URL filtering rules in effect. For specific process, please refer to Keywords Filtering. For example, users can set IPv4 client 192.168.1.103 in your network as a exception address that is not limited to the rules set in URL filter ( or IPv4 clients (a range) ). And also an IPv6 client (2000:1211:1002:6ba4:d160:5adb:9009:87ae) or IPv6 clients(a range ) can be the exceptions from the URL rules. At the URL Filter page, press Apply to confirm your settings. 169 Parental Control Provider Parental Control Provider provides Web content filtering offering safer and more reliable web surfing for users. Please get an account and configure at the selected Provider “www.opendns.com” in advance. To use parental control (DNS), user needs to configure to use parental control (DNS provided by parental control provider) to access internet at WAN configuration or DNS page(See DNS). Host Name, Username and Password: Enter your registered domain name and your username and password at the provider website www.opendns.com. 170 QoS - Quality of Service Quality of Service QoS helps you to control the data upload traffic of each application from LAN (Ethernet) to WAN (Internet). This feature allows you to control the quality and speed of throughput for each application when the system is running with full upstream load. Note: VDSL/ADSL line speed is based on the VDSL/ADSL sync rate.. EWAN Line Speed Upstream / Downstream: Specify the upstream and downstream rate of the EWAN interface. Click Apply to save the EWAN rate settings. Click Add to enter QoS rules. IP Version: Select either IPv4 or IPv6 base on need. Application: Assign a name that identifies the new QoS application rule. Select from the list box for quick setup. Direction: Shows the direction mode of the QoS application. L LAN to WAN: You want to control the traffic from local network to the outside (Upstream). You can assign the priority for the application or you can limit the rate of the application. Eg: you have a FTP server inside the local network, and you want to have a limited control by the QoS policy and so you need to add a policy with LAN to WAN direction setting. L WAN to LAN: Control traffic from WAN to LAN (Downstream). Protocol: Select the supported protocol from the drop down list. 171 DSCP Marking: Differentiated Services Code Point (DSCP), it is the first 6 bits in the ToS byte. DSCP Marking allows users to classify the traffic of the application to be executed according to the DSCP value. IP Precedence and DSCP Mapping Table Default (000000) EF(101110) AF11 (001010) AF12 (001100) AF13 (001110) AF21 (010010) AF22 (010100) AF23 (010110) AF31 (011010) AF32 (011100) AF33 (011110) AF41 (100010) AF42 (100100) AF43 (100110) CS1(001000) CS2(010000) CS3(011000) CS4(100000) CS5(101000) CS6(110000) CS7(111000) Mapping Table Best Effort Expedited Forwarding Assured Forwarding Class1(L) Assured Forwarding Class1(M) Assured Forwarding Class1(H) Assured Forwarding Class1(L) Assured Forwarding Class1(M) Assured Forwarding Class1(H) Assured Forwarding Class1(L) Assured Forwarding Class1(M) Assured Forwarding Class1(H) Assured Forwarding Class1(L) Assured Forwarding Class1(M) Assured Forwarding Class1(H) Class Selector(IP precedence)1 Class Selector(IP precedence) 2 Class Selector(IP precedence)3 Class Selector(IP precedence) 4 Class Selector(IP precedence) 5 Class Selector(IP precedence) 6 Class Selector(IP precedence) 7 DSCP offers three levels of service, Class Selector (CS), Assured Forwarding (AF) and Expedited Forwarding (EF). AF1, AF2, AF3 and AF4 are four levels of assured forwarding services. Each AF has three different packet loss priorities from high, medium, to low. Also, CS1-CS7 indicates the IP precedence. Rate Type: You can choose Limited or Prioritization. L Limited (Maximum): Specify a limited data rate for this policy. It also is the maximum rate for this policy. When you choose Limited, type the Ratio proportion. As above FTP server example, you may want to “throttle” the outgoing FTP speed to 20% of 256K and limit to it, you may use this type. L Prioritization: Specify the rate type control for the rule to used. If you choose Prioritization for the rule, you parameter Priority would be available, you can set the priority for this rule. Set DSCP Marking: When select Set DSCP Marking, the packets matching the rule will be forwarded according to the pre-set DSCP marking. Ratio: The rate percent of each application/policy compared to total traffic on the interface with limited rate type. For example, we want to only allow 20% of the total data for the LAN-to-WAN direction to be used for FTP server. Then we can specify here with data ratio = 20. If you have ADSL LINE with 256K/bps.rate, the estimated data rate, in kbps, for this rule is 20%*256*0.9 = 46kbps. (For 0.9 is an estimated factor for the effective data transfer rate for an ADSL LINE from LAN to WAN. For WAN-to-LAN, it is 0.85 to 0.8) Priority: Set the priority given to each policy/application. Specify the priority for the use of bandwidth. You can specify which application can have higher priority to acquire the bandwidth. Its default setting is set to Normal. You may adjust this setting to fit your policy / application. Internal IP Address: The IP address values for Local LAN devices you want to give control. 172 Internal Port: The Port number on the LAN side, it is used to identify an application. External IP Address: The IP address on remote / WAN side. External Port: The Port number on the remote / WAN side. Time Schedule: Select or set exactly when the rule works. When set to “Always On”, the rule will work all time; and also you can set the precise time when the rule works, like 01:00 - 19:00 from Monday to Friday. Or you can select the already set timeslot in “Time Schedule” during which the rule works. And when set to “Disable”, the rule is disabled or inactive and there will be an icon” ” indicating the rule is inactive. See Time Schedule. 173 Examples: Common usage 1. Give outgoing VoIP traffic more priority. The default queue priority is normal, so if you have VoIP users in your local network, you can set a higher priority to the outgoing VoIP traffic. 2. Give regular web http access a limited rate 174 3. If you are actively engaged in P2P and are afraid of slowing down internet access for other users within your network, you can then use QoS to set a rule that has low priority. In this way, P2P application will not congest the data transmission with other applications. Other applications, like FTP, Mail access, users can use QoS to control based on need. 175 QoS Port Shaping QoS port shaping supports traffic shaping of Ethernet interfaces. It forcefully maximizes the throughput of the Ethernet interface. When “Shaping Rate” is set to “-1”, no shaping will be in place and the “Burst Size” is to be ignored. Interface: P1-P5. P5 used as EWAN also covered. Type: All LAN when P5 is LAN port; P5 used as EWAN, type WAN and all others LAN. QoS Shaping Rate (Kbps): Set the forcefully maximum rate. Burst Size(Bytes): Set the forcefully Burst Size. 176 NAT NAT (Network Address Translation) feature translates a private IP to a public IP, allowing multiple users to access the Internet through a single IP account, sharing the single IP address. It is a natural firewall for the private network. Exceptional Rule Group Exceptional Rule is dedicated to giving or blocking NAT/DMZ access to some specific IP or IPs(range). Users are allowed to set 8 different exceptional rule groups at most. In each group, user can add specific IP or IP range. Press Edit to set the exceptional IP (IP Range). Default Action: Please first set the range to make “Default Action” setting available. Select “Allow” to grant access to the listed IP or IPs to Virtual Server and DMZ Host. While choose “Block” to ban the listed IP or IPs to access the Virtual Server and DMZ Host. Apply: Press Apply button to apply the change. Exceptional Rule Range IP Address Range: Specify the IP address range; IPv4 address range can be supported. Click Add to add the IP Range. For instance, if user wants block IP range of 172.16.1.102-172.16.1.106 from accessing your set virtual server and DMZ host, you can add this IP range and valid it. 177 Virtual Servers In TCP/IP and UDP networks a port is a 16-bit number used to identify which application program (usually a server) incoming connections should be delivered to. Some ports have numbers that are pre-assigned to them by the IANA (the Internet Assigned Numbers Authority), and these are referred to as “well-known ports”. Servers follow the well-known port assignments so clients can locate them. If you wish to run a server on your network that can be accessed from the WAN (i.e. from other machines on the Internet that are outside your local network), or any application that can accept incoming connections (e.g. Peer-to-peer/P2P software such as instant messaging applications and P2P file-sharing applications) and are using NAT (Network Address Translation), then you will usually need to configure your router to forward these incoming connection attempts using specific ports to the PC on your network running the application. You will also need to use port forwarding if you want to host an online game server. The reason for this is that when using NAT, your publicly accessible IP address will be used by and point to your router, which then needs to deliver all traffic to the private IP addresses used by your PCs. Please see the WAN configuration section of this manual for more information on NAT. The device can be configured as a virtual server so that remote users accessing services such as Web or FTP services via the public (WAN) IP address can be automatically redirected to local servers in the LAN network. Depending on the requested service (TCP/UDP port number), the device redirects the external service request to the appropriate server within the LAN network. This part is only available when NAT is enabled. Note: The maximum number of entries: 64. It is virtual server listing table as you see, Click Add to move on. 178 The following configuration page will appear to let you configure. Interface: Select from the drop-down menu the interface you want the virtual server(s) to apply. WAN IP: To specify the exact WAN IP address. It can be flexible while there are multiple WAN IPs on one interface. If the WAN IP field is empty, 8700AX-1600 uses the current WAN IP of this interface. Server Name: Select the server name from the drop-down menu. Custom Service: It is a kind of service to let users customize the service they want. Enter the userdefined service name here. It is a parameter only available when users select Custom Service in the above parameter. Server IP Address: Enter your server IP Address here. User can select from the list box for quick setup. External Port L Start: Enter a port number as the external starting number for the range you want to give access to internal network. L End: Enter a port number as the external ending number for the range you want to give access to internal network. Internal Port L Start: Enter a port number as the internal staring number. L End: Here it will generate automatically according to the End port number of External port and can’t be modified. Protocol: select the protocol this service used: TCP/UDP, TCP, UDP. Time Schedule: Select or set exactly when the Virtual Server works. When set to “Always On”, the Virtual Server will work all time; and also you can set the precise time when Virtual Server works, like 01:00 - 19:00 from Monday to Friday. Or you can select the already set timeslot in Time Schedule during which the Virtual Server works. And when set to “Disable”, the rule is disabled and there will be an icon in the list table indicating the rule is disabled. See Time Schedule. Exceptional Rule Group: Select the exceptional group listed. It is to grant or block Virtual Server 179 access to a group of IPs. For example, as we set previously group 1 blocking access to 172.16.1.102-172.16.1.106. If here you want to block Virtual Server access to this IP range, you can select Group1. Set up 1. Select a Server Name from the drop-down menu, then the port will automatically appear, modify some as you like, or you can just leave it as default. Remember to enter your server IP Address. 2. Press Apply to conform, and the items will be list in the Virtual Servers Setup table. 180 ( Means the rule is inactive) Remove If you don’t need a specified Server, you can remove it. Check the check box beside the item you want to remove, then press Remove, it will be OK. 181 DMZ Host The DMZ Host is a local computer exposed to the Internet. When setting a particular internal IP address as the DMZ Host, all incoming packets will be checked by Firewall and NAT algorithms before being passed to the DMZ host, when a packet received does not use a port number used by any other Virtual Server entries. DMZ Host IP Address: Enter the IP Address of a host you want it to be a DMZ host. Select from the list box to quick set the DMZ. Time Schedule: Select or set exactly when the DMZ works. When set to “Always On”, the DMZ will work all time; and also you can set the precise time when DMZ works, like 01:00 - 19:00 from Monday to Friday. Or you can select the already set timeslot in Time Schedule during which the DMZ works. And when set to “Disable”, the rule is disabled. See Time Schedule. Exceptional Rule Group: Select the exceptional group listed. It is to grant or block DMZ access to a group of IPs. For example, as we set previously group 1 blocking access to 172.16.1.102172.16.1.106. If here you want to block DMZ Access to this IP range, you can select Group1. Using port mapping does have security implications, since outside users are able to connect to PCs on your network. For this reason you are advised to use specific Virtual Server entries just for the ports your application requires instead of simply using DMZ or creating a Virtual Server entry for “All” protocols, as doing so results in all connection attempts to your public IP address accessing the specified PC. Attention If you have disabled the NAT option in the WAN-ISP section, the Virtual Server function will hence be invalid. If the DHCP server option is enabled, you have to be very careful in assigning the IP addresses of the virtual servers in order to avoid conflicts. The easiest way of configuring Virtual Servers is to manually assign static IP address to each virtual server PC, with an address that does not fall into the range of IP addresses that are to be issued by the DHCP server. You can configure the virtual server IP address manually, but it must still be in the same subnet as the router. 182 One-to-One NAT One-to-One NAT maps a specific private/local address to a global/public IP address. If user has multiple global/public IP addresses from your ISP, you are free to use one-to-one NAT to assign some specific public IP for an internal IP like a public web server mapped with a global/public IP for outside access. Valid: Check whether to valid the one-to-one NAT mapping rule. WAN Interface: Select one based WAN interface to configure the one-to-one NAT. Global IP address: The Global IP mapped to an internal device. It can be left empty, and under this circumstance, it can be reached through the WAN IP of interface set in the field above. Internal Address: The IP address of an internal device in the LAN. Exceptional Rule Group: Select the exceptional group listed. It is to give or block access to a group of IPs to the server after One-to-One NAT. For example, a server with 192.168.1.3 is mapped to 123.1.1.2 by One-to-One NAT, then the exceptional group can be designated to have or have not access to 123.1.1.2. For example, you have an ADSL connection of pppoe_0_8_35/ppp0.1 interface with three fixed global IP, and you then can assign the other two global IPs to two internal devices respectively. If you have a WEB server (IP address: 192.168.1.3) and a FTP server (IP address: 192.168.1.4) in local network, owning a public IP address range of 123.1.1.2 to 123.1.1.4 assigned by ISP. 123.1.1.2 is used as WAN IP address of the router, 123.1.1.3 is used for WEB server and 123.1.1.4 is used for FTP server. With One-to-One NAT, the servers with private IP addresses can be accessed at the corresponding valid public IP addresses 183 Port Triggering Port triggering is a way to automate port forwarding with outbound traffic on predetermined ports (‘triggering ports’), incoming ports are dynamically forwarded to the initiating host, while the outbound ports are in use. Port triggering triggers can open an incoming port when a client on the local network makes an outgoing connection on a predetermined port or a range of ports. Click Add to add a port triggering rule. Interface: Select from the drop-down menu the interface you want the port triggering rules apply to. Application: Preinstalled applications or Custom Application user can customize the utility yourself. Custom Application: It is a kind of service to let users themselves customizes the service they want. Enter the user-defined service name here. Trigger Port L Start: Enter a port number as the triggering port starting number. L End: Enter a port number as the triggering port ending number. Any port in the range delimited by the ‘Start’ and ‘End’ would be the trigger port. 184 Open port L Start: Enter a port number as the open port staring number. L End: Enter a port number as the open port ending number. Any port in the range delimited by the ‘Start’ and ‘End’ would be the preset forwarding port or open port. Protocol: select the protocol this service used: TCP/UDP, TCP, UDP. Set up An example of how port triggering works, when a client behind a NAT router connecting to Aim Talk, it is a TCP connection with the default port 4099. When connecting to Aim Talk, the client typically makes an outgoing connection on port 4099 to the Aim Talk server, but when the computer is behind the NAT, the NAT silently drops this connection because it does not know which computer behind the NAT to send the request to connect. So, in this case, port triggering in the router is working, when an outbound connection is attempted on port 4099 (or any port in the range set), it should allow inbound connections to that particular computer. 1. Select a Server Name from the drop-down menu, then the port will automatically appear, modify some as you like, or you can just leave it as default. Remember to enter your server IP Address. 2. Press Apply to conform, and the items will be list in the Port TriggeringSetup table. 185 Edit/Remove If you don’t need a specified Server, you can remove it. Check the check box beside the item you want to remove, and then press Remove. Click Edit to re-edit your port-triggering rule. 186 ALG The ALG Controls enable or disable protocols over application layer. SIP: Enable the SIP ALG when SIP phone needs ALG to pass through the NAT. Disable the SIP when SIP phone includes NAT-Traversal algorithm. H.323: Enable to secure the voice communication using H.323 protocol when one or both terminals are behind a NAT. IPSec: Enable IPSec ALG to allow one or both peers to reside behind a NAT gateway (i.e., doing address- or port-translation)” 187 Wake On LAN Wake on LAN (WOL, sometimes WoL) is an Ethernet computer networking standard that allows a computer to be turned on or woken up remotely by a network message. Host Label: Enter identification for the host. Select: Select MAC address of the computer that you want to wake up or turn on remotely. Wake by Schedule: Enable to wake up your set device at some specific time. For instance, user can set to get some device woken up at 8:00 every weekday. Click Schedule to enter time schedule configuring page to set the exact timeline. Add: After selecting, click Add then you can submit the Wake-up action. Edit/Delete: Click to edit or delete the selected MAC address. Ready: “Yes” indicating the remote computer is ready for your waking up. “No” indicating the machine is not ready for your waking up. Delete: Delete the selected MAC address. 188 VPN A virtual private network (VPN) is a private network that interconnects remote (and often geographically separate) networks through primarily public communication infrastructures such as the Internet. VPNs provide security through tunneling protocols and security procedures such as encryption. For example, a VPN could be used to securely connect the branch offices of an organization to a head office network through the public Internet. IPSec Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite. It can be used in protecting data flows between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). Note: A maximum of 16 sessions for IPSec. NAT Traversal NAT Traversal: This directive enables use of the NAT-Traversal IPsec extension (NAT-T). NAT-T allows one or both peers to reside behind a NAT gateway (i.e., doing address- or port-translation). Keep Alive: Type the interval time(sec) for sending packets to keep the NAT Traversal alive. Click Apply to save and apply your settings. 189 Click Add to create IPSec connections. IPSec Settings L2TP over IPSec: Select Enable if user wants to use L2TP over IPSec. See L2TPover IPSec Connection Name: A given name for the connection, but it should contain no spaces (e.g. “connection-to-office”). WAN Interface: Select the set used interface for the IPSec connection, when you select adsl pppoe_0_0_35/ppp0.1 interface, the IPSec tunnel would transmit data via this interface to connect to the remote peer. IP Version: Select the IP version base on your network framework. Local Network: Set the IP address or subnet of the local network. Single Address: The IP address of the local host, for establishing an IPSec connection between a security gateway and a host (network-to-host). Subnet: The subnet of the local network, for establishing an IPSec tunnel between a pair of security gateways (network-to-network) IP Address: The local network address. Netmask: The local network netmask. Remote Secure Gateway: The IP address of the remote VPN device that is connected and establishes a VPN tunnel. Anonymous: Enable any IP to connect in. Remote Network: Set the IP address or subnet of the remote network. Single Address: The IP address of the local host, for establishing an IPSec connection between a security gateway and a host (network-to-host). If the remote peer is a host, select Single Address. L Subnet: The subnet of the local network, for establishing an IPSec tunnel between a pair of security gateways (network-to-network), If the remote peer is a network, select Subnet. 190 Key Exchange Method: Displays key exchange method. Pre-Shared Key: This is for the Internet Key Exchange (IKE) protocol, a string from 1 to 32 characters. Both sides should use the same key. IKE is used to establish a shared security policy and authenticated keys for services (such as IPSec) that require a key. Before any IPSec traffic can be passed, each router must be able to verify the identity of its peer. This can be done by manually entering the pre-shared key into both sides (router or hosts). Local ID Type and Remote ID Type: When the mode of phase 1 is aggressive, Local and Remote peers can be identified by other IDs. ID content: Enter ID content the name you want to identify when the Local and Remote Type are Domain Name; Enter ID content IP address you want to identify when the Local and Remote Type are IP addresses (IPv4 and IPv6 supported). Phase 1 Mode: Select IKE mode from the drop-down menu: Main or Aggressive. This IKE provides secured key generation and key management. Encryption Algorithm: Select the encryption algorithm from the drop-down menu. There are several options: 3DES and AES (128, 192 and 256). 3DES and AES are more powerful but increase latency. DES: Stands for Triple Data Encryption Standard, it uses 56 bits as an encryption method. 3DES: Stands for Triple Data Encryption Standard, it uses 168 (56*3) bits as an encryption method. AES: Stands for Advanced Encryption Standards, you can use 128, 192 or 256 bits as encryption method. Integrity Algorithm: Authentication establishes the integrity of the datagram and ensures it is not tampered with in transmit. There are 2 options: Message Digest 5 (MD5) and Secure Hash Algorithm (SHA1). SHA1 is more resistant to brute-force attacks than MD5. However, it is slower. MD5: A one-way hashing algorithm that produces a 128íbit hash. SHA1: A one-way hashing algorithm that produces a 160íbit hash. DH Group: It is a public-key cryptography protocol that allows two parties to establish a shared secret over an unsecured communication channel (i.e. over the Internet). MODP stands for Modular Exponentiation Groups. SA Lifetime: Specify the number of minutes that a Security Association (SA) will stay active before new encryption and authentication key will be exchanged. Enter a value to issue an initial connection request for a new VPN tunnel. Default is 480 minutes (28800 seconds). A short SA time increases security by forcing the two parties to update the keys. However, every time when the VPN tunnel re-negotiates, access through the tunnel will be temporarily disconnected. Phase 2 Encryption Algorithm: Select the encryption algorithm from the drop-down menu. There are several options: 3DES and AES (128, 192 and 256). 3DES and AES are more powerful but increase latency. Integrity Algorithm: Authentication establishes the integrity of the datagram and ensures it is not tampered with in transmit. There are 2 options: Message Digest 5 (MD5) and Secure Hash Algorithm (SHA1). SHA1 is more resistant to brute-force attacks than MD5. However, it is slower. DH Group: It is a public-key cryptography protocol that allows two parties to establish a shared secret over an unsecured communication channel (i.e. over the Internet). MODP stands for Modular Exponentiation Groups. 191 IPSec Lifetime: Specify the number of minutes that IPSec will stay active before new encryption and authentication key will be exchanged. Enter a value to negotiate and establish secure authentication. Default is 60 minutes (3600 seconds). A short time increases security by forcing the two parties to update the keys. However, every time when the VPN tunnel re- negotiates, access through the tunnel will be temporarily disconnected. Ping for Keep Alive: Select the operation methods: L None: The default setting is “None”. To this mode, it will not detect the remote IPSec peer has been lost or not. It only follows the policy of Disconnection time after no traffic, which the remote IPSec will be disconnected after the time you set in this function. L DPD: Dead peer detection (DPD) is a keeping alive mechanism that enables the router to be detected lively when the connection between the router and a remote IPSec peer has lost. Please be noted, it must be enabled on the both sites. Detection Interval: The period cycle for dead peer detection. The interval can be 180~86400 seconds. Idle Timeout: Auto-disconnect the IPSec connection after trying several consecutive times. L Ping: This mode will detect whether the remote IPSec peer has lost or not by pinging specify IP address. Ping IP: Type the IP for ping operation. It is able to IP Ping the remote PC with the specified IP address and alert when the connection fails. Once alter message is received, Router will drop this tunnel connection. Reestablish of this connection is required. Default setting is 0.0.0.0 which disables the function. Interval: This sets the time interval between Pings to the IP function to monitor the connection status. Default interval setting is 10 seconds. Time interval can be set from 0 to 3600 second, 0 second disables the function. MTU: Maximum Transmission Unit, maximum value is 1500. 192 IPSec for L2TP Connection Name: A given name for the connection, but it should contain no spaces (e.g. “connection-to-office”). WAN Interface: Select the set interface for the IPSec tunnel. Remote Security Gateway: Input the IP of remote security gateway. Key Exchange Method: Displays key exchange method. Pre-Shared Key: This is for the Internet Key Exchange (IKE) protocol, a string from 1 to 32 characters. Both sides should use the same key. IKE is used to establish a shared security policy and authenticated keys for services (such as IPSec) that require a key. Before any IPSec traffic can be passed, each router must be able to verify the identity of its peer. This can be done by manually entering the pre-shared key into both sides (router or hosts). Encryption Algorithm: Select the encryption algorithm from the drop-down menu. There are several options: 3DES and AES (128, 192 and 256). 3DES and AES are more powerful but increase latency. DES: Stands for Triple Data Encryption Standard, it uses 56 bits as an encryption method. 3DES: Stands for Triple Data Encryption Standard, it uses 168 (56*3) bits as an encryption method. AES: Stands for Advanced Encryption Standards, you can use 128, 192 or 256 bits as encryption method. Integrity Algorithm: Authentication establishes the integrity of the datagram and ensures it is not tampered with in transmit. There are 2 options: Message Digest 5 (MD5) and Secure Hash Algorithm (SHA1). SHA1 is more resistant to brute-force attacks than MD5. However, it is slower. MD5: A one-way hashing algorithm that produces a 128íbit hash. SHA1: A one-way hashing algorithm that produces a 160íbit hash. DH Group: It is a public-key cryptography protocol that allows two parties to establish a shared secret over an unsecured communication channel (i.e. over the Internet). MODP stands for Modular Exponentiation Groups. IPSec Lifetime: Specify the number of minutes that IPSec will stay active before new encryption and authentication key will be exchanged. Enter a value to negotiate and establish secure authentication. Default is 60 minutes (3600 seconds). A short time increases security by forcing the two parties to update the keys. However, every time when the VPN tunnel re- negotiates, access through the tunnel will be temporarily disconnected. 193 Examples: 1. LAN-to-LAN connection Two BiPAC 8700AX-1600s want to setup a secure IPSec VPN tunnel Note: The IPSec Settings shall be consistent between the two routers. Head Office Side: Setup details: Item Connection Name Function Description H-to-B Give a name for IPSec connection Local Network Subnet Select Subnet IP Address 192.168.1.0 Netmask Secure Gateway Address(Hostanme) Remote Network 255.255.255.0 Head Office network IP address of the Branch office router (on WAN side) 69.121.1.30 Subnet Select Subnet IP Address 192.168.0.0 Netmask 255.255.255.0 Branch office network Proposal Method ESP Authentication MD5 Encryption Prefer Forward Security Pre-shared Key 3DES Security Plan MODP 1024(group2) 123456 194 195
Source Exif Data:
File Type : PDF File Type Extension : pdf MIME Type : application/pdf PDF Version : 1.7 Linearized : No Author : Jessiezhu Comments : Document was created by Solid Converter PDF Professional Company : Billion Create Date : 2018:03:27 17:36:20+08:00 KSO Product Build Ver : 2052-8.1.0.3163 Modify Date : 2018:04:09 19:28:54-07:00 XMP Toolkit : Adobe XMP Core 5.2-c001 63.139439, 2010/09/27-13:37:26 Producer : Acrobat Distiller 7.0 (Windows) Metadata Date : 2018:04:09 19:28:54-07:00 Creator Tool : PScript5.dll Version 5.2 Document ID : uuid:C115DE47A231E811B9D6BD8C6D068735 Instance ID : uuid:662c77d8-8114-4ae7-b331-01dd7787df3e Derived From Instance ID : uuid:c140cb5e-6edf-4b64-9f16-22fa96325835 Derived From Document ID : uuid:b663c126-139e-4956-8eaa-57d3f509013a Format : application/pdf Title : Creator : Jessiezhu Page Count : 200EXIF Metadata provided by EXIF.tools