GUANGZHOU GAOKE COMMUNICATIONS TECHNOLOGY FG700X FIBER GATEWAY (Router) User Manual FG7008N

Guangzhou Gaoke Communications Technology Co., Ltd FIBER GATEWAY (Router) FG7008N

Contents

FG7008N User Manual -Part1

Download: GUANGZHOU GAOKE COMMUNICATIONS TECHNOLOGY FG700X FIBER GATEWAY (Router) User Manual FG7008N
Mirror Download [FCC.gov]GUANGZHOU GAOKE COMMUNICATIONS TECHNOLOGY FG700X FIBER GATEWAY (Router) User Manual FG7008N
Document ID2555501
Application IDqy8u0Ek34wi2BUeFlHpNEQ==
Document DescriptionFG7008N User Manual -Part1
Short Term ConfidentialNo
Permanent ConfidentialNo
SupercedeNo
Document TypeUser Manual
Display FormatAdobe Acrobat PDF - pdf
Filesize194.91kB (2436333 bits)
Date Submitted2015-03-15 00:00:00
Date Available2015-03-15 00:00:00
Creation Date2015-03-12 19:21:34
Producing SoftwareAcrobat Distiller 9.0.0 (Windows)
Document Lastmod2015-03-12 19:21:34
Document TitleMicrosoft Word - FG7008N User Manual.doc
Document CreatorPScript5.dll Version 5.2.2
Document Author: Administrator

FG7008N
User Manual
Guangzhou Gaoke Communications Technology Co., LTD.
FG7008N
User Manual
Version: FG7008N-13-12-100
We are enthusiastic for providing tech support in every way. You can get in touch
with local dearer as well as contact to Customer Service Department directly.
Guangzhou Gaoke Communications Technology Co., LTD.
Address: GaoKe Science Park, No.168 Gaopu Road, Guangzhou, P.R.C
Tel: Central: +86-20-82598555 Customer services: +86-20-82598191
Fax: +86-20-82598121
+86-20-82599989
P.C.: 510663
Website: www.gktel.cn
E-mail: info@gktel.com.cn
Copyright
Copyright by Guangzhou Gaoke Communications Technology Company Limited.
All rights are reserved.
No Part of this document may be reproduced or transmitted in any form or by any means
without prior written consent of Guangzhou Gaoke Communications Technology
Company Limited.
®
is the trademarks of Guangzhou Gaoke Communications Technology
Company Limited. No the trademarks may be counterfeited.
Disclaimer
Guangzhou Gaoke Communications Technology Company Limited reserves the right to
change the document from time to time at its sole discretion, and not to make the notice
to anyone in advance.
Preface
Version Statement
This Manual is provided for FG7008N gateway, the software version must be at least 1.10.
Brief Introduction
This manual provides technical information on how to configure and operate application for
your FG7008N unit.
Chapter 1: Provides an overview of FG7008N
Chapter 2: Introduces the product
Chapter 3: Introduces the configuration via WEB-based Management
Intended Audience
System administrators.
Network engineers.
Maintenance technicians.
Style Convention
Table 1 Style convention used in this manual
Style
Meanings
Multi-level catalogs or menus are separated by ‘\’ character. For
instance “file\new\directory” means the menu item “directory” in menu
“new” which in turn in the menu “file”.
Used to highlight important area in diagrams.
<>
[]
{ XX | XX }
Indicates the input data from operating terminal.
Indicates one parameter configuration or a function.
Indicates a syntax of CLI command options, multiple command options
in one “{}”, separated by “|”, means exclusive single selection.
Indicates user specified parameters.
e.g. for command:
host(italic)
tftp host {get | put} {sys | cfg} filename
The host and filename should be replaced by user specified real
parameters, such as: tftp 138.0.0.1 get sys sysfile.bin
Table 2
Operation
Click
Double click
Drag
Convention for Mouse Operation
Meanings
Press and release a mouse button quickly
Quickly press and release a mouse button twice
Press a mouse button and move the mouse
Table 3
Style
Ctrl + C
Convention for Keyboard Operation
Meanings
“+”means an operation which presses down several keys in the
keyboard in the same time. E.g. “Ctrl + C” means press down the key of
“Ctrl” and “C” in the same time。
CONTENTS
OVERVIEW ................................................................................................................................................... 1
PRODUCT INTRODUCTION ..................................................................................................................... 2
2.1
APPEARANCE ........................................................................................................................................... 2
2.2
HARDWARE INTERFACE ........................................................................................................................... 3
2.3
FEATURES ................................................................................................................................................ 4
2.4
WORKING ENVIRONMENT ....................................................................................................................... 5
CONFIGURATION INTRODUCTION ........................................................................................................ 6
3.1
LOGIN ...................................................................................................................................................... 6
3.2
HOME ...................................................................................................................................................... 6
3.3
NETWORK CONFIGURATION..................................................................................................................... 7
3.3.1
Network Status ............................................................................................................................. 7
3.3.2
WAN Configuration ...................................................................................................................... 8
3.3.3
LAN Configuration ..................................................................................................................... 14
3.3.4
WLAN .......................................................................................................................................... 17
3.3.5
3G Modem .................................................................................................................................. 23
3.3.6
Port Management ...................................................................................................................... 25
3.3.7
IPv6 Configuration ..................................................................................................................... 26
3.4
DATA SERVICE ....................................................................................................................................... 28
3.4.1
Status ........................................................................................................................................... 28
3.4.2
DHCP Server .............................................................................................................................. 29
3.4.3
NAT Config.................................................................................................................................. 31
3.4.4
Firewall Config............................................................................................................................ 34
3.4.5
QoS .............................................................................................................................................. 45
3.4.6
DDNS........................................................................................................................................... 50
3.4.7
VPN.............................................................................................................................................. 52
3.4.8
Routing ........................................................................................................................................ 60
3.4.9
Advanced Parameters .............................................................................................................. 63
3.4.10
Multicast ...................................................................................................................................... 64
3.4.11
USB Storage ............................................................................................................................... 64
3.5
VOIP SERVICE ....................................................................................................................................... 66
3.5.1
SIP Service ................................................................................................................................. 66
3.5.2
User ............................................................................................................................................. 68
3.5.3
Supplementary ........................................................................................................................... 69
3.5.4
Codec Parameters ..................................................................................................................... 72
3.5.5
DSP Parameters ........................................................................................................................ 73
3.5.6
Digitmap ...................................................................................................................................... 74
3.5.7
Signal Tone ................................................................................................................................. 75
3.5.8
FXS Parameters ........................................................................................................................ 76
3.5.9
Centrex ........................................................................................................................................ 77
3.5.10
Phone Book ................................................................................................................................ 79
3.6
SYSTEM ................................................................................................................................................. 79
3.6.1
Time Management ..................................................................................................................... 79
4
3.6.2
Upgrade....................................................................................................................................... 81
3.6.3
Reboot System........................................................................................................................... 82
3.6.4
Backup/Restore.......................................................................................................................... 82
3.6.5
Diagnostic ................................................................................................................................... 82
3.6.6
User Management ..................................................................................................................... 84
3.6.7
System Log ................................................................................................................................. 84
3.6.8
TR069 .......................................................................................................................................... 85
3.6.9
SNMP .......................................................................................................................................... 87
3.6.10
User Access Right ..................................................................................................................... 88
3.7
APPLY .................................................................................................................................................... 89
3.8
PRINT FUNCTION ................................................................................................................................... 89
CLI INTRODUCTION ................................................................................................................................ 95
4.1
LOGIN .................................................................................................................................................... 95
4.2
NETWORK .............................................................................................................................................. 96
4.2.1
3G Modem .................................................................................................................................. 96
4.2.2
Port Management ...................................................................................................................... 98
4.2.3
Wan Parameter ........................................................................................................................ 100
4.2.4
Lan Parameter.......................................................................................................................... 109
4.3
DATA SERVICE ....................................................................................................... 错误!未定义书签。
4.3.1
DHCP Server .............................................................................................. 错误!未定义书签。
4.3.2
NAT Config.................................................................................................. 错误!未定义书签。
4.3.3
Firewall Config............................................................................................ 错误!未定义书签。
4.3.4
QoS .............................................................................................................. 错误!未定义书签。
4.3.5
DDNS........................................................................................................... 错误!未定义书签。
4.3.6
VPN.............................................................................................................. 错误!未定义书签。
4.3.7
Routing ........................................................................................................ 错误!未定义书签。
4.3.8
Advanced Parameters .............................................................................. 错误!未定义书签。
4.3.9
Multicast ...................................................................................................... 错误!未定义书签。
4.4
VOIP SERVICE ....................................................................................................... 错误!未定义书签。
4.4.1
SIP Service ................................................................................................. 错误!未定义书签。
4.4.2
User ............................................................................................................. 错误!未定义书签。
4.4.3
Supplementary ........................................................................................... 错误!未定义书签。
4.4.4
Codec Parameters ..................................................................................... 错误!未定义书签。
4.4.5
DSP Parameters ........................................................................................ 错误!未定义书签。
4.4.6
Digitmap ...................................................................................................... 错误!未定义书签。
4.4.7
Signal Tone ................................................................................................. 错误!未定义书签。
4.4.8
Centrex ........................................................................................................ 错误!未定义书签。
4.4.9
Phone Book ................................................................................................ 错误!未定义书签。
4.4.10
Save and Reload VOIP Parameter ......................................................... 错误!未定义书签。
4.5
SYSTEM ................................................................................................................. 错误!未定义书签。
4.5.1
Time Management ..................................................................................... 错误!未定义书签。
4.5.2
Reboot System........................................................................................... 错误!未定义书签。
4.5.3
Backup/Restore.......................................................................................... 错误!未定义书签。
4.5.4
Diagnostic ................................................................................................... 错误!未定义书签。
4.5.5
System Log ................................................................................................. 错误!未定义书签。
4.5.6
TR069 .......................................................................................................... 错误!未定义书签。
4.5.7
SNMP .......................................................................................................... 错误!未定义书签。
FG7008N User Manual
1 Overview
A new series of ALL IN ONE INTELLIGENT Gateway FG7008N is perfectly designed for SOHO,
small and medium sized business (SMB) requiring application-based solutions of low-capital
investment to communicate with various kinds of users, the complete VoIP features are built in.
Comparing with other Voice equipments, FG7008N has integrated high data capacity of WIFI
300Mbps and GE LAN. Robust VPN functions support office users to create remote multiple
accessing of site-site encrypted private connections over public Internet. Multi-access way of
FG7008N has includes Ethernet, Optical and 3G.
Page 1 of 111
FG7008N User Manual
2 Product Introduction
2.1 Appearance
Figure 2-1
Table 2-1
LED
PWR
INTERNET
SFP
WAN
LAN1~LAN4
FG7008N Front View
LED
Status
Indication
Off
Power is off
Solid Green
Device is running
Off
Power is off
Slow Flash Green
INTERNET type WAN PPPoE connection
authenticate failed
Solid Green
INTERNET type WAN connection is up
Off
No optical signal is detected
Solid Green
Optical signal is detected
Off
No Ethernet signal is detected
Flash Green
User data going through Ethernet port
Solid Green
Ethernet interface is ready to work
Off
No Ethernet signal is detected
Flash Green
User data going through Ethernet port
Solid Green
Ethernet interface is ready to work
Page 2 of 111
FG7008N User Manual
Phone1&2
VPN
REG








Off
Phone is onhook
Solid Green
Phone is offhook
Off
No VPN connection
Solid Green
VPN is established
Off
All accounts register failure
Solid Green
All accounts register successfully
Flash Green
Some accounts register successfully and
rest register fails
Figure 2-2 FG7008N Rear View
WAN: 1000/100/10Mpbs ethernet ports.
LAN(N): 1000/100/10Mpbs ethernet ports.
SFP: Gigabit fiber interface.
SD: Interface for SD card.
FXS: Analog telephone interface.
POWER: DC power input connector.
Reset button: Use the button to restore the device to the factory defaults.
WPS: WIFI WPS switch.
2.2 Hardware Interface
Table 2-2
Hardware interface
LAN
4 100/1000BASE-T ports
WAN
1 FE ethernet port or 1 GE optical port
WIFI
4 WIFI access point, support 802.11b/g/n
Page 3 of 111
FG7008N User Manual
SFP
1 Gigabit fiber interface
USB
1 USB 2.0 port, use for storage or 3G modem
2.3 Features










Data Network
WAN: 1xGE,1xSFP and 1xUSB port for 2G/3G USB Modem Connectivity
LAN: 2x10/100/1000 Mbps Ethernet Port
WAN Access Mode: Static IP address, PPPoE, DHCP, PPTP and L2TP
Networking Interface: Multi WAN, Bridge Mode, 802.1Q
QOS: Destination/Source MAC/IP, Application, DSCP, Supports Bandwidth Control
Advance Routing: Static Route, Policy Route, DNS Proxy, RIP
Internal Address Management: DHCP Server, IP and MAC Address Bind, DHCP Relay
Networking Protocols: TCP/IP(IPv4/v6),UDP,RTP,SNTP,NAT,DHCP,DNS,DDNS,DLNA
VPN: IPSEC,PPTP,L2TP
IPTV: IGMP Proxy/Snooping, IPTV Bridge
Management
 Management Protocol: CLI,SNMPV1/2,Tr069,Web
 LED Indications: Total 12LEDS for Power, WAN/LAN, Phone
 Control Button: WPS Button, WLAN Button, Power Switch, Reset Button

NAT
Supports ALG, DMZ, PAT
Firewall & Security
 Firewall Protection: IDS&IPS, Block Ping/ICMP/IDENT, SPI Firewall, Portscan restriction
 Access control: Blocking by URL,IP Address, Mac Address, Protocol Type, Port
WIFI WLAN
 Standard: IEEE 802.11b/g/n(2.4GHz)
 Security: WEP,WPA,WPA2,PWA-PSK,WPA2-PSK
 WIFI Features: WMM,WLAN-LAN Isolation, Multi SSID(X4), AP Isolation
 Antenna Type: 2R2T
Voice Capacity and Functions
 Analog User/Co line: 2/4/8xLines FXS/FXO
Centrex Functions List
 Call Forward on Busy
 Call Forward on No Answer
 Call Forward Unconditional
 Caller ID
 Caller ID on Call Waiting
 Call Waiting
Page 4 of 111
FG7008N User Manual


Three-way Calling
Ring groups
USB storage/Print
 Support USB storage
 Support print sharing
2.4 Working Environment
Environment requirement includes storage temperature, working temperature and humidity.
1) Storage Temperature: -40ºC - 70ºC
2) Long Time Working Temperature: -10ºC - 50ºC
3) Short Time Working Temperature: -15ºC - 60ºC
4) Environment Humidity: 5% - 95% RH, no coagulation
Page 5 of 111
FG7008N User Manual
3 Configuration Introduction
3.1 Login
The Web interface is ready for accessing about one minute after the device power on. The default
LAN IP address is 192.168.100.1, you can access the Web interface via either WAN port or LAN
port. Enter IP address in the address bar of web browser and then press ENTER, you can get
access to the Login interface.There are two languages provided: Chinese and English.
Figure 3-1
Login Interface
3.2 Home
After successful login, you will see the main menus on the top of the Web-based GUI.
The System Status page provides the current status information about the Gateway. All information is
read-only.
Choose the menu Home to load the following page.
Page 6 of 111
FG7008N User Manual
Figure 3-2
System Status
3.3 Network Configuration
3.3.1
Network Status
The Status page shows all WAN and LAN interfaces configuration, and all physical ports connection
status related to this device.
3.3.1.1
WAN Status
Choose the menu Network→Status→WAN to load the following page.
Figure 3-3
3.3.1.2
WAN Status
LAN Status
Choose the menu Network→Status→LAN to load the following page.
Page 7 of 111
FG7008N User Manual
Figure 3-4
3.3.1.3
LAN Status
Link Status
Choose the menu Network→Status→Link Status to load the following page.
Figure 3-5
3.3.2
Link Status
WAN Configuration
The device supports 5 WAN interfaces:DATA,VOICE,MGMT,OTHER1,OTHER2; Every WAN interface
provides the following five Internet connection types: Static IP,DHCP,PPPoE,PPTP,L2TP.
Choose the menu Network→WAN to load the configuration show page.
Figure 3-6
WAN page
Select an Interface Name to load the configuration page.
1) Static IP
If a static IP address has been provided by your ISP, please choose the Static IP connection type to
configure the parameters for WAN port manually.
Page 8 of 111
FG7008N User Manual
Figure 3-7
WAN-Static IP
The following items are displayed on this screen:
► Enable:
► Type:
► VLAN
Enable:
► VLAN ID:
► Priority Level:
► Primary DNS:
Enable this WAN interface (DATA can’t be disabled).
Select Static IP if your ISP has assigned a static IP address for your.
Optional. Enable VLAN to configure VLAN ID and VLAN Priority Level.
Optional. VLAN ID of this WAN interface.
Optional. VLAN Priority Level of this WAN interface.
Enter the IP address of your ISP’s Primary DNS (Domain Name Server). If you are
not clear, please consult your ISP. It’s not allowed to access the Internet via
domain name if the Primary DNS field is blank.
► Secondary
DNS: Optional. If a Secondary DNS Server address is available, enter it.
► IP Address:
Enter the IP address assigned by your ISP. If you are not clear, please consult your
ISP.
► Netmask:
► Gateway:
Enter the Subnet Mask assigned by your ISP.
Optional. Enter the Gateway assigned by your ISP.
2) DHCP
If your ISP (Internet Service Provider) assigns the IP address automatically, please choose the DHCP
connection type to obtain the parameters for WAN port automatically.
Page 9 of 111
FG7008N User Manual
Figure 3-8
The following items are displayed on this screen:
► Enable:
Type:
► VLAN Enable:
► VLAN ID:
► Priority Level:
► Primary DNS:
►
► Secondary
DNS:
► Appoint Server IP:
WAN-DHCP
Enable this WAN interface (DATA can’t be disabled).
Select DHCP if your ISP assigns the IP address automatically.
Optional. Enable VLAN to configure VLAN ID and VLAN Priority Level.
Optional. VLAN ID of this WAN interface.
Optional. VLAN Priority Level of this WAN interface.
Enter the IP address of your ISP’s Primary DNS (Domain Name Server)
manually. If you are not clear, please consult your ISP. It’s not allowed to
access the Internet via domain name if the Primary DNS field is blank.
Optional. If a Secondary DNS Server address is available, enter it.
Optional. If network has multiple DHCP servers, enter the IP address of your
ISP’S DHCP server
► Vendor Class Identifier: Optional. This option (60) is used by DHCP clients to optionally identify the
vendor type and configuration of a DHCP client.
► Enterprise Code:
► Manufacture Name:
► Device Class:
► Device Type:
► Device Version:
Optional.
Optional.
Optional.
Optional.
Optional.
3) PPPoE
If your ISP (Internet Service Provider) has provided the account information for the PPPoE connection,
Page 10 of 111
FG7008N User Manual
please choose the PPPoE connection type (Used mainly for DSL Internet service).
Figure 3-9
The following items are displayed on this screen:
► Enable:
Type:
► VLAN Enable:
► VLAN ID:
► Priority Level:
► Primary DNS:
►
► Secondary
►
DNS:
Username:
WAN-PPPoE
Enable this WAN interface (DATA can’t be disabled).
Select PPPoE if your ISP provides xDSL Virtual Dial-up connection.
Optional. Enable VLAN to configure VLAN ID and VLAN Priority Level.
Optional. VLAN ID of this WAN interface.
Optional. VLAN Priority Level of this WAN interface.
Enter the IP address of your ISP’s Primary DNS (Domain Name Server)
manually. If you are not clear, please consult your ISP. It’s not allowed to
access the Internet via domain name if the Primary DNS field is blank.
Optional. If a Secondary DNS Server address is available, enter it.
Enter the Account Name provided by your ISP. If you are not clear, please
consult your ISP.
► Password:
Enter the Password provided by your ISP.
► Service Name /AC Name: Optional. The service name and AC (Access Concentrator) name, which
should not be configured unless you are sure it is necessary for your ISP. In
most cases, leaving these fields blank will work.
► LCP
Interval:
► LCP
Max Fails:
PPPoE will send an LCP echo-request frame to the peer every LCP interval
seconds.
PPPoE will presume the peer to be dead if LCP Max Fails LCP echo-requests
are send without receiving a valid LCP echo-reply.
4) L2TP
If your ISP (Internet Service Provider) has provided the account information for the L2TP connection,
please choose the L2TP connection type.
Page 11 of 111
FG7008N User Manual
Figure 3-10 WAN-L2TP
The following items are displayed on this screen:
► Enable:
Type:
► VLAN Enable:
► VLAN ID:
► Priority Level:
► Primary DNS:
►
► Secondary
DNS:
Enable this WAN interface (DATA can’t be disabled).
Select L2TP if your ISP provides a L2TP connection.
Optional. Enable VLAN to configure VLAN ID and VLAN Priority Level.
Optional. VLAN ID of this WAN interface.
Optional. VLAN Priority Level of this WAN interface.
Enter the IP address of your ISP’s Primary DNS (Domain Name Server). If
you are not clear, please consult your ISP. It’s not allowed to access the
Internet via domain name if the Primary DNS field is blank.
IP:
► Username:
Optional. If a Secondary DNS Server address is available, enter it.
Enter the Server IP provided by your ISP.
Enter the Account Name provided by your ISP. If you are not clear, please
consult your ISP.
► Password:
Enter the Password provided by your ISP.
► Server
Secondary Connection: Here allow you to configure the secondary connection. DHCP and Static IP
connection types are provided.
If Static is selected:
► IP Address:
► Netmask:
► Gateway:
If DHCP is selected:
► Appoint Server IP:
If Static IP is selected, configure the IP address of WAN port.
If Static IP is selected, configure the subnet mask of WAN port.
Optional. If Static IP is selected, configure the default gateway of WAN port.
Optional. If network has multiple DHCP servers, enter the IP address of your
ISP’s DHCP server.
►Vendor Class Identifier: Optional. This option (60) is used by DHCP clients to optionally identify the
Page 12 of 111
FG7008N User Manual
vendor type and configuration of a DHCP client.
► Enterprise Code:
► Manufacture Name:
► Device Class:
► Device Type:
► Device Version:
Optional.
Optional.
Optional.
Optional.
Optional.
5) PPTP
If your ISP (Internet Service Provider) has provided the account information for the PPTP connection,
please choose the PPTP connection type.
Figure 3-11 WAN-PPTP
The following items are displayed on this screen:
► Enable:
Type:
► VLAN Enable:
► VLAN ID:
► Priority Level:
► Primary DNS:
►
Enable this WAN interface (DATA can’t be disabled).
Select PPTP if your ISP provides a PPTP connection.
Optional. Enable VLAN to configure VLAN ID and VLAN Priority Level.
Optional. VLAN ID of this WAN interface.
Optional. VLAN Priority Level of this WAN interface.
Enter the IP address of your ISP’s Primary DNS (Domain Name Server)
Page 13 of 111
FG7008N User Manual
manually. If you are not clear, please consult your ISP. It’s not allowed to
access the Internet via domain name if the Primary DNS field is blank.
► Secondary
DNS:
► Server
IP:
► Username:
► Password:
► Enable
Encryption:
Optional. If a Secondary DNS Server address is available, enter it.
Enter the Server IP provided by your ISP.
Enter the Account Name provided by your ISP. If you are not clear, please
consult your ISP.
Enter the Password provided by your ISP.
Enable PPTP link encryption.
Secondary Connection: Here allow you to configure the secondary connection. DHCP and Static IP
connection types are provided.
If Static is selected:
Address:
► Netmask:
► Gateway:
► IP
If DHCP is selected:
► Appoint Server IP:
If Static IP is selected, configure the IP address of WAN port.
If Static IP is selected, configure the subnet mask of WAN port.
Optional. If Static IP is selected, configure the default gateway of WAN port.
Optional. If network has multiple DHCP servers, enter the IP address of your
ISP’s DHCP server.
►Vendor Class Identifier: Optional. This option (60) is used by DHCP clients to optionally identify the
vendor type and configuration of a DHCP client.
► Enterprise Code:
► Manufacture Name:
► Device Class:
► Device Type:
► Device Version:
3.3.3
Optional.
Optional.
Optional.
Optional.
Optional.
LAN Configuration
On this page, you can configure the parameters for LAN port.
Choose the menu Network→LAN to load the following page. There are three parts on this page.
Page 14 of 111
FG7008N User Manual
Figure 3-12 LAN page
1) Part 1: Configure LAN interfaces
Click the Interface Name of existent LAN interface you want to modify. If you want to delete the entry,
select it and click the Del (the VLAN1 is default existed, can’t be removed).
Click the Add button to add a new entry.
Figure 3-13 Configure LAN Interface
Page 15 of 111
FG7008N User Manual
The following items are displayed on this part.
► Interface Name:
► IP Address:
► Netmask:
► NAT:
► Assign NAT IP:
► Enable DHCP Server:
► Start IP:
Name of this LAN interface.
Enter the IP address for this LAN interface.
Enter the subnet mask for this LAN interface.
Optional Enable or disable NAT for this LAN interface
Optional If NAT is selected. NAT IP address can be assigned.
Enable or disable DHCP server on this LAN interface.
If Enable DHCP Server is selected, enter the Start IP address to define a
range for the DHCP server to assign dynamic IP addresses. This address
should be in the same IP address subnet with the IP address of this LAN
interface.
► End IP:
If Enable DHCP Server is selected, enter the End IP address to define a
range for the DHCP server to assign dynamic IP addresses. This address
should be in the same IP address subnet with the IP address of this LAN
interface.
► Netmask:
If Enable DHCP Server is selected, enter the Netmask to define a range for
the DHCP server to assign dynamic IP addresses.
► Gateway:
Optional .If Enable DHCP Server is selected, enter the Gateway address to
be assigned.
► Primary DNS:
Optional. If Enable DHCP Server is selected, enter the Primary DNS server
address to be assigned.
► Secondary DNS:
Optional. If Enable DHCP Server is selected, enter the Secondary DNS
server address to be assigned.
► Lease Time(Second):
If Enable DHCP Server is selected, specify the length of time the DHCP
server will reserve the IP address for each client. After the IP address
expired, the client will be automatically assigned a new one.
Advanced Parameter
► LAN Port:
► WAN Subinterface:
Select the physical LAN port to bind the IP address of this LAN interface.
Select the WAN subinterface which the packet from this LAN interface can
be sending to.
2) Part 2: Configure LAN Route/Bridge mode
The following items are displayed on this part.
► Port:
► Route/Bridge:
The physical LAN port name (LAN1~LAN4).
Mode of this physical LAN port. The following four modes are provided:
Route: route to WAN
Transparent bridge: not modify the packets;
Tagged bridge: LAN untagged, WAN tagged; only 1 VID supported
Promisc Mode: Tagged packets in bridge mode, untagged packets in route mode;
most 5 VIDs supported (e.g. 8, 10, 13).
► VLAN ID List:
If Tagged bridge/Promisc Mode is selected, configure the VID/VIDs.
3) Part 3: Configure IPTV
Page 16 of 111
FG7008N User Manual
Choose the menu Network→LAN→Advanced Parameters to load this page.
The following items are displayed on this part.
► LAN Isolate:
► Auto Bridge:
► DHCP Vendor ID:
► IPAddress:
► Netmask:
► VID:
► PRI:
► Automatic:
3.3.4
Check the box to prohibit the access between LAN interfaces.
Check the box to dynamically create IPTV bridge for STB.
Vendor class identifier List (DHCP 60 option), support at most two vendor IDs.
IP address of interface for STB data service.
Subnet mask of interface for STB data service.
VID of IPTV VLAN.
Priority level of IPTV VLAN.
Check the box to automatically detect the VID of STB data service.
WLAN
Wi-Fi is a WLAN (Wireless Local Area Network) technology. It provides short-range wireless high-speed
data connections between mobile data devices (such as laptops, PDAs or phones) and nearby Wi-Fi
access points (special hardware connected to a wired network).
3.3.4.1
Basic Settings
Choose the menu Network→WLAN→Basic Settings to load the following page.
Figure 3-14 Configure WIFI Basic Settings
The following items are displayed on this screen:
► Enable WiFi:
► Channel:
Enable or disable the WIFI AP function globally.
This field determines which operating frequency will be used. The default channel is
set to AutoSelect, so the AP will choose the best channel automatically. It is not
necessary to change the wireless channel unless you notice interference problems
with another nearby access point.
► Wireless Mode:
Select the desired mode.
11b:
Select if all of your wireless clients are 802.11b.
11g:
Select if all of your wireless clients are 802.11g.
11n:
Select only if all of your wireless clients are 802.11n.
11b/g: Select if you are using both 802.11b and 802.11g wireless clients.
11b/g/n: Select if you are using a mix of 802.11b, 11g and 11n wireless clients.
Page 17 of 111
FG7008N User Manual
► Channel Width:
Select any channel width from the drop-down list. The default setting is automatic,
which can automatically adjust the channel width for your clients. If you choose to
11n or 11b/g/n Wireless mode, this configuration is required. Two values of width
are provided: 20MHz and 20/40MHz.
The Service Set Identifier (SSID) is used to identify an 802.11 (Wi-Fi) network and it’s discovered by
network sniffing/scanning. FG7008N provides up to four SSID.
► Enable:
►SSID Name:
Enable or disable this entry of SSID. SSID1 can’t be disabled.
Enter the name of SSID. The name of SSID must be unique in all wireless
networks nearby.
► Bind Interface:
Select a network interface to be bridged to the SSID.
► Enable Broadcast: When wireless clients survey the local area for wireless networks to associate
with, they will detect the SSID broadcast by the device. If you select the Enable
Broadcast checkbox, the device will broadcast its name (SSID) on the air.
► Isolated:
Enable or disable isolate different clients from the same wireless station.
► LAN Isolated:
Enable or disable isolation between the LAN and SSID.
► Max Client:
Enter the maximum number of clients allowed to connect to the SSID.
► SSID AP Isolated: This function can isolate wireless stations on your network from each other.
Wireless devices will be able to communicate with the Router but not with each
other. To use this function, check this box. AP Isolation is disabled by default.
3.3.4.2
Security
Choose the menu Network→WLAN→Security to load the Security page. There are nine wireless
security modes supported by the device: Open WEP, Shared WEP, WEP Auto, WPA-PSK, WPA2-PSK,
WPAPSK/WPA2PSK, WPA, WPA2 and WPAWPA2.
If you do not want to use wireless security, select Disable, but it’s strongly recommended to choose one
of the following modes to enable security.
1) WPA-PSK, WPA2-PSK, WPAPSK/WPA2PSK: It’s the WPA/WPA2 authentication type based on
pre-shared passphrase. Choose one of these types, the following page is loaded.
Figure 3-15 Configure WIFI PSK Security
The following items are displayed on this screen:
► SSID:
► Authentication:
► Algorithm:
The SSID enabled in WLAN→Basic Settings page.Read only
The authentication type selected: WPA-PSK, WPA2-PSK, WPAPSK/WPA2PSK.
When WPA2-PSK or WPAPSK/WPA2PSK is set as the Authentication Type,
you can select either TKIP, or AES or TKIP/AES as Encryption. When
WPA-PSK is set as the Authentication Type, you can select either TKIP or AES
Page 18 of 111
FG7008N User Manual
as Encryption.
► WPA Pre-Shared Key: You can enter ASCII characters between 8 and 64 characters.
► Renew Interval:
Specify the group key update interval in seconds. Enter 0 to disable the update.
2) Open WEP, Shared WEP, WEP Auto: It is based on the IEEE 802.11 standard. Choose one of these
types, the following page is loaded.
Figure 3-16 Configure WIFI WEP Security
The following items are displayed on this screen:
► SSID:
The SSID enabled in WLAN→Basic Settings page.Read only
► Authentication: The authentication type selected: Open WEP, Shared WEP, WEP Auto.
► Default Key:
Select the default WEP key configure below.
► Key:
Provide up to four key. You can select the key type HEX(10/26 char) or ASCII(5/13
char)) for encryption and then enter the key. HEX(10/26 char) and ASCII(5/13 char)
formats are provided.
Hex(10/26 char): format stands for any combination of hexadecimal digits (0-9, a-f,
A-F) in the specified length.
ASCII(5/13 char): format stands for any combination of keyboard characters in the
specified length.
3) WPA, WPA2, WPA/WPA2: It’s based on Radius Server. Choose one of these types, the following
page is loaded.
Page 19 of 111
FG7008N User Manual
Figure 3-17 Configure WIFI WPA Security
The following items are displayed on this screen:
► SSID:
The SSID enabled in WLAN→Basic Settings page.Read only
► Authentication:
The authentication type selected: WPA, WPA2, WPA/WPA2.
► Algorithm:
You can select either TKIP, or AES or TKIP/AES.
► Renew Interval:
Specify the update interval in seconds. Enter 0 to disable the update.
► PMK Cache Period: Pairwise Master Key, PMK. Set WPA2 PMKID cache timeout period, after time
out, the cached key will be deleted.This parameter is valid when you select
WPA2 or WPA/WPA2.
► Enable Pre-Auth:
This is used to speed up roaming before pre-authenticating IEEE 802.1X/EAP
part of the full RSN authentication and key handshake before actually
associating with a new AP. Default is disable. This parameter is valid when
you select WPA2 or WPA/WPA2.
► Rasius Server IP:
Enter the IP address of the Radius Server.
► Rasius Server Port: Enter the port that radius service used.
► Shared Seret:
Enter the password for the Radius Server.
► Session Timeout:
Specify the session timeout in seconds, Enter 0 to not limit the timeout.
3.3.4.3
WPS
Wi-Fi Protected Setup (WPS; originally Wi-Fi Simple Config) is a computing standard that
attempts to allow easy establishment of a secure wireless home network.WPS currently supports two
methods: Personal Information Number (PIN) and Push Button Configuration (PBC).The difference
between the two methods is much pretty described in their names.
The PIN method involves entering a client device PIN, obtained either from a client application GUI
or a label on a device, into the appropriate admin screen on a Registrar device.
The PBC method requires the user to push buttons on the Registrar and Client devices within a
two-minute period to connect them. (The two-minute period also applies to the PIN method.) The buttons
can be physical, as they typically are on AP / router devices or virtual, as is normal on client devices.
Choose the menu Network→WLAN→WPS to load the WPS page.
1) PIN Mode
If PIN mode is selected, the following page is loaded.
Figure 3-18 Configure WIFI WPS-PIN
The following items are displayed on this screen:
► Enable WPS: Enable or disable the WIFI WPS function globally.
► WPS Mode: Choose the WPS mode: PIN.
Page 20 of 111
FG7008N User Manual
► PIN Code:
If PIN mode is chosen, enter the 8 digit PIN code, and then click Connect.
2) PBC Mode
If PBC mode is selected, the following page is loaded.
Figure 3-19 Configure WIFI WPS-PBC
The following items are displayed on this screen:
► Enable WPS: Enable or disable the WIFI WPS function globally.
► WPS Mode: Choose the WPS mode: PBC.
► PBC Set:
If PBC mode is chosen, then click Simulation Connect.
3.3.4.4
Advanced Settings
Choose the menu Network→WLAN→Advanced Settings to load the following page.
Figure 3-20 Configure WIFI Advanced Settings
The following items are displayed on this screen:
► Fragmentation Threshold: This value is the maximum size determining whether packets will be
fragmented. Setting the Fragmentation Threshold too low may result in
poor network performance since excessive packets. 2346 is the default
setting and is recommended.
► RTS Threshold:
Here you can specify the RTS (Request to Send) Threshold. If the
packet is larger than the specified RTS Threshold size, the device will
send RTS frames to a particular receiving station and negotiate the
sending of a data frame. The default value is 2347.
► Transmit Power:
Here you can specify the transmit power of device. 100 is the default
setting and is recommended.
► Enable WMM:
Enable or disable the WIFI WMM function globally. WMM function can
guarantee the packets with high-priority messages, being transmitted
Page 21 of 111
FG7008N User Manual
preferentially. It is strongly recommended enabled.
3.3.4.5
Clients Info
Choose the menu Network→WLAN→Clients Info to load the following page.
Figure 3-21 View Wifi Clients Info
This page shows all connected WIFI client information, read only.
The following items are displayed on this screen:
► MAC:
► AID:
The MAC address of this client entry.
The AID(Association ID) field is a value assigned by an AP during association that
represents the 16-bit ID of a STA.
► Bandwidth: Band width this client entry used.
► SSID:
The SSID this client entry used when connecting WIFI.
3.3.4.6
MAC Filtering
You can control the wireless access by configuring the Wireless MAC Filtering function.
Choose the menu Network→WLAN→MAC Filtering to load the following page.
Figure 3-22 View Wifi MAC Filtering
The following items are displayed on this screen:
► MAC Filtering:
► Filtering Rules:
Enable or disable the Wifi MAC filtering function globally.
Two MAC filtering rules are provided:
Allow: allow the stations specified by entries in the list to access.
Deny: deny the stations specified by entries in the list to access.
To delete Wireless MAC Address filtering entries, select the entries and click the Del button. To Add a
Wireless MAC Address filtering entry, click the Add button.
Page 22 of 111
FG7008N User Manual
Figure 3-23 Add WIFI MAC Filtering Entry
Enter the appropriate MAC Address into the MAC field. The format of the MAC Address is
XX:XX:XX:XX:XX:XX (X is any hexadecimal digit). Click Add button to add MAC address to the
Selected List, click Del button to delete the selected MAC address in the Selected List.
3.3.5
3G Modem
Typically, 3G Modem WAN is used as uplink port as a backup. When inserting 3G Modem into USB port,
the system recognized the SIM card and charges no problem. After dialing successful, 3G Modem will
serve as a backup uplink usage.
1) Basic Settings
Choose the menu Network→3G Modem to load the following page.
Page 23 of 111
FG7008N User Manual
Figure 3-24 Configure 3G Modem-Basic Settings
The following items are displayed on this screen:
► SP Network:
Other or Swisscom. If it is not the target user, you need to select the other.
► Connect Mode: Manual or Auto. The default is Auto.
► Online Mode: always online and disconnect after idle interval. The default is “always online”.
The default idle interval is 60 seconds.
If Other is selected, the following parameters appear:
► Username:
3G network dial-up username.
► Password:
3G network dial-up password.
► Dial Number:
3G network dial numbers.
► APN:
3G network access APN.
► PIN:
3G networks need to use dial-up PIN code, if not, can be set to empty.
2) Advanced Parameters
Choose the menu Network→3G Modem→Advanced Parameters to load the following page.
Figure 3-25 Configure 3G Modem-Advanced Parameters
The following items are displayed on this screen:
► Authentication:
► DNS:
3G dial-up authentication, CHAP,PAP,Auto are provided. Default is Auto.
The default is obtained from the dial-up network devices automatically. You can
also configure DNS manually.
► TCP MSS:
Configure TCP maximum segment, we recommend using the default value.
► MTU:
Configure 3G link MTU, the default value is recommended
► Data Link Backup: When enabled, if WAN uplink port is disconnected, the routing switches to the 3G
Page 24 of 111
FG7008N User Manual
link.
► Heartbeat Address: Set the heartbeat detecting address of the link, the default configuration is not
required.
3) Status
Figure 3-26 Configure 3G Modem-Status
The following items are displayed on this screen:
► Device Status:
► SIM Card Status:
Indicates whether to insert 3G module.
Indicates whether to insert 3G modem in the SIM card, the ready state means
the SIM card is detected.
► Product Name:
3G modem Product Type.
► Manufacturer Name: 3G modem vendor name.
► SP Name:
3G modem service provider name.
► Signal Quality:
Signal quality of 3G Modem, up to 31.
► Connection Status: Connected or disconnected.
3.3.6
3.3.6.1
Port Management
Port Mirror
Port Mirror, the packets obtaining technology, functions to forward copies of packets from one/multiple
ports (mirrored port) to a specific port (mirroring port). Usually, the mirroring port is connected to a data
diagnose device, which is used to analyze the mirrored packets for monitoring and troubleshooting the
network.
Choose the menu Network→Port Management→Port Mirror to load the following page.
Page 25 of 111
FG7008N User Manual
Figure 3-27 Port Mirror
The following items are displayed on this screen:
► Enable Port Mirror: Enable or disable port mirror.
► Destination Port:
The duplicate of packets from Source Port will send to this destination port.
► Source Port:
All packets received from Source Port will be duplicated and the duplicate will
be send to Destination Port.
3.3.6.2
Media Type
Choose the menu Network→Port Management→Media Type to load the following page.
Figure 3-28 Media Type
The following items are displayed on this screen:
► Media Type:
provides the following six modes to all physical ports: 10M Half Duplex, 10M Full
Duplex, 100M Half Duplex, 100M Full Duplex, 1000M Full Duplex,
Auto-Negotiation.
► Current Status:
Current link status of all physical ports. Read only.
3.3.7
IPv6 Configuration
Choose the menu Network→IPv6 to load the following page.
Page 26 of 111
FG7008N User Manual
Figure 3-29 Configure IPv6
The following items are displayed on this screen:
► IP Stack Version:
WAN Configuration
► Enable WAN:
► Access Mode:
► Link-Local Address:
Choose the IP stack version to use. Provides the following three types:
IPv4,IPv6,IPv4/v6.
If IPv6 or IPv4/v6 is chosen, select this to enable IPv6 stack on WAN.
Select access mode of WAN: IP or PPP.
Select type of Link-Local address: Auto or Manual. If Manual is selected,
you should specify address manually.
► Global Unicast Address:
Stateless,Manual,DHCPv6. If Manual is selected, you should specify
address manually.
► Default Gateway Address: Stateless,Manual. If Manual is selected, you should specify address
manually.
► DNS:
Stateless,Manual,DHCPv6. If Manual is selected, you should specify
DNS manually.
► Enable DHCP-PD:
Whether to enable DHCP-PD(prefix delegation) on WAN.
LAN Configuration
► Enable LAN:
► Link-Local Address:
► Global Unicast Address:
If IPv6 or IPv4/v6 is choseN, select this to enable IPv6 stack on LAN.
Select type of Link-Local address: Auto or Manual. If Manual is selected,
you should specify address manually.
Manual,Auto. If Manual is selected, you should specify address
manually.
► Address Auto Allocate Mode: SLAAC+RDNSS(Recursive DNS Server)
Page 27 of 111
FG7008N User Manual
SLAAC(Stateless address autoconfiguration)+DHCPv6
DHCPv6
► Manual Allocate Address Prefix: Configure the manual allocate address prefix.
► Prefix Life Time:
Enter the life time of prefix.
► Default Gateway Life Time: Enter the life time of default gateway.
► Primary DNS:
Enter the primary DNS address.
► Secondary DNS:
Enter the secondary DNS address.
3.4 Data Service
3.4.1
Status
The Status page shows the data services information, all information is read only.
3.4.1.1
Service State
The Service State page show all switch status of data services.
Choose the menu Data Service→Status→Service State to load the following page.
Figure 3-30 Service State
3.4.1.2
ARP Table
This page displays the ARP List;
Choose the menu Data Service→Status→ARP Table to load the following page.
Figure 3-31 ARP Table
3.4.1.3
Route Table
Choose the menu Data Service→Status→Route Table to load the following page.
Page 28 of 111
FG7008N User Manual
Figure 3-32 Route Table
3.4.1.4
Net State
Choose the menu Data Service→Status→Net State to load the following page.
Figure 3-33 Net State
3.4.2
3.4.2.1
DHCP Server
Static Address Assign
Choose the menu Data Service→DHCP Server→Static Address Assign, and then you can view and
add address which is assigned for clients. When you specify a static IP address for a client on the LAN,
that client will always receive the same IP address each time when it accesses the DHCP server. The
Reserved IP addresses should be assigned to the devices that require permanent IP settings.
Page 29 of 111
FG7008N User Manual
Figure 3-34 View Static Address Assign Configuration
Click the Index in the entry you want to modify. If you want to delete the entry, select it and click the Del.
Click the Add button to add a new entry.
Figure 3-35 Add or Modify An Static Address Assign Entry
The following items are displayed on this screen:
► Client
IP Addres: The IP address reserved.
► Client Mask:
The subnet mask of IP address reserved.
► Client MAC:
The MAC address you want to reserve IP address.
► Description:
The description of the entry to add or modify.
3.4.2.2
Status
Choose the menu Data Service→DHCP Server→Status, and then you can view the information about
the clients attached to the DHCP server.
Figure 3-36 DHCP Client Status
3.4.2.3
DHCP Relay
A DHCP relay agent is any host that forwards DHCP packets between clients and servers. Relay agents
are used to forward requests and replies between clients and servers when they are not on the same
physical subnet. Relay agent forwarding is distinct from the normal forwarding of an IP router, where IP
datagrams are switched between networks somewhat transparently. By contrast, relay agents receive
DHCP messages and then generate a new DHCP message to send on another interface. It listens for
client requests and adds vital configuration data, such as the client's link information, which is needed by
the server to allocate the address for the client. When the DHCP server responds, the DHCP relay agent
forwards the reply back to the DHCP client.
Page 30 of 111
FG7008N User Manual
Figure 3-37 DHCP Relay Overview
Choose the menu Data Service→DHCP Server→DHCP Relay to load the following page.
Figure 3-38 Configure DHCP Relay
The following items are displayed on this screen:
► Enable
DHCP Relay: Enable or disable DHCP Relay.
► Client Interface:
The interface to listen for DHCP client requests. Up to four interfaces can be
selected.
► Server
Interface:
► Server IP:
3.4.3
Choose the interface which connects DHCP server.
Configure the DHCP server IP address.
NAT Config
Network Address Translation (NAT) is a network protocol used in IPv4 networks that allows multiple
devices to connect a network protocol using the same public IPv4 address. NAT was originally designed
in an attempt to help conserve IPv4 addresses. NAT modifies the IP address information in IPv4 headers
while in transit across a traffic routing device.
3.4.3.1
Basic Settings
Choose the menu Data Service→NAT Config→Basic Settings to load the following page.
Page 31 of 111
FG7008N User Manual
Figure 3-39 Basic Settings
The following items are displayed on this screen:
► Max
Nat Connections:
Specify the maximum number of NAT connections.
► Enable MSS Auto Adaptive: Enable or disable auto adaptive the value of MSS(Maximum Segment
Size).
► TCP
MSS:
3.4.3.2
If Enable MSS Auto Adaptive is not selected, configure this to specify
the maximum segment size of the TCP protocol.
PAT Settings
Several internal addresses can be NATed to only one or a few external addresses by using a feature
called overload, which is also referred to as PAT. PAT is a subset of NAT functionality, where it maps
several internal addresses to a single external address. PAT statically uses unique port numbers on a
single outside IP address to distinguish between the various translations.
Choose the menu Data Service→NAT Config→PAT Settings to load the following page.
Figure 3-40 View PAT Settings
The following items are displayed on this screen:
► Enable
PAT: Enable or disable PAT globally.
Click the Index in the entry you want to modify. If you want to delete the entry, select it and click the Del.
Click the Add button to add a new entry.
Page 32 of 111
FG7008N User Manual
Figure 3-41 Add or Modify PAT Entry
The following items are displayed on this screen:
► Enable:
► Internet
Port:
► Intranet
Port:
► Intranet IP:
Enable or disable this PAT entry.
Enter the service port provided for accessing external network. All the requests
from internet to this service port will be redirected to the specified server in local
network.
Specify the service port of the LAN host as virtual server.
Enter the IP address of the specified internal server for the entry. All the requests
from the internet to the specified LAN port will be redirected to this host.
► Protocol:
Specify the protocol used for the entry.
► Internet Interface: Specify the interface to receive requests from the internet for the entry.
► Description:
Enter a name for Virtual Server entry.
3.4.3.3
DMZ Settings
In computer security, a DMZ or Demilitarized Zone (sometimes referred to as a perimeter network) is a
physical or logical network that contains and exposes an organization's external-facing services to a
larger and insecure network, usually the Internet. The purpose of a DMZ is to add an additional layer of
security to an organization's local area network (LAN); an external attacker only has direct access to
equipment in the DMZ, rather than any other part of the network.
Choose the menu Data Service→NAT Config→DMZ Settings to load the following page.
Figure 3-42 View DMZ Settings
The following items are displayed on this screen:
► Enable
DMZ: Enable or disable DMZ globally.
Click the Index in the entry you want to modify. If you want to delete the entry, select it and click the Del.
Click the Add button to add a new entry.
Figure 3-43 Add or Modify DMZ Entry
The following items are displayed on this screen:
► DMZ
Public IP:
The public IP address for this DMZ entry.
Page 33 of 111
FG7008N User Manual
► DMZ
Private IP:
► Description:
3.4.3.4
The private IP address for this DMZ entry.
Enter a description string for this DMZ entry
ALG Settings
Application Layer Gateway (ALG) allows customized Network Address Translation (NAT) traversal
filters to be plugged into the gateway to support address and port translation for certain application layer
"control/data" protocols such as FTP, H.323, PPTP, etc.
Choose the menu Data Service→NAT Config→ALG Settings to load the following page.
Figure 3-44 ALG Settings
The following items are displayed on this screen:
► Enable
SIP:
H323:
► Enable FTP:
► Enable PPTP:
► Enable RTSP:
► Enable
3.4.4
3.4.4.1
Enable or disable SIP ALG.
Allow Microsoft NetMeeting clients to communicate across NAT if selected.
Allow FTP clients and servers to transfer data across NAT if selected.
Enable or disable PPTP ALG.
Enable or disable RTSP ALG.
Firewall Config
Attack Defense
With Attack Defense function enabled, the device can distinguish the malicious packets and prevent the
port scanning from external network, so as to guarantee the network security. Configure this for
abnormal packets defense and flood attack defense. Flood attack is a commonly used DoS (Denial of
Service) attack, including TCP SYN, UDP, ICMP, and so on.
Choose the menu Data Service→Firewall Config→Attack Defense to load the following page.
Page 34 of 111
FG7008N User Manual
Figure 3-45 Attack Defense
The following items are displayed on this screen:
► Enable
Broadcast Storm Defense:
► Enable Block Ping:
► Enable TCP SYN Flood Defense:
► Enable UDP Flood Defense:
► Enable ICMP Defense:
► Enable ARP Attack Defense:
► Enable Port Scan Defense:
► Enable
►
►
Land Based Defense:
Enable Ping Of Death Defense:
Enable Teardrop Defense:
► Enable
Fraggle Defense:
Enable or disable Broadcast Storm Defense.
Enable or disable Block Ping function.
Enable or disable TCP SYN Flood Defense.
Enable or disable UDP Flood Defense.
Enable or disable ICMP Defense.
Enable or disable ARP Attack Defense.
A port scanner is a software application designed to probe a
server or host for open ports. Check the box to prevent port
scanning.
The Land Denial of Service attack works by sending a spoofed
packet with the SYN flag - used in a "handshake" between a
client and a host - set from a host to any port that is open and
listening. If the packet is programmed to have the same
destination and source IP address, when it is sent to a machine,
via IP spoofing, the transmission can fool the machine into
thinking it is sending itself a message, which, depending on the
operating system, will crash the machine. Check the box to
enable Land Based Defense.
Ping of death is a denial of service (DoS) attack caused by an
attacker deliberately sending an IP packet larger than the
65,536 bytes allowed by the IP protocol. Check the box to
enable Ping of Death Defense.
Teardrop is a program that sends IP fragments to a machine
connected to the Internet or a network. Check the box to enable
Teardrop Defense.
A fraggle attack is a variation of a Smurf attack where an
attacker sends a large amount of UDP traffic to ports 7 (echo)
and 19 (chargen) to an IP Broadcast Address, with the
Page 35 of 111
FG7008N User Manual
intended victim's spoofed source IP address. Check the box to
► Enable
Smurf Defense:
enable Fraggle Defense.
The Smurf Attack is a denial-of-service attack in which large
numbers of Internet Control Message Protocol (ICMP) packets
with the intended victim's spoofed source IP are broadcast to a
computer network using an IP Broadcast address. Check the
box to enable Smurf Defense.
3.4.4.2
Service Type
Service Type defines the entry with protocol and port range, which can be chosen in Internet
Access-Ctrl page. Choose the menu Data Service→Firewall Config→Service Type to load the
following page.
Figure 3-46 View Service Type Configuration
Click the Index in the entry you want to modify. If you want to delete the entry, select it and click the Del.
Click the Add button to add a new entry.
Figure 3-47 Add or Modify Service Type Entry
The following items are displayed on this screen:
► Name:
Name of this entry, it will be list in Internet Access-Ctrl page.
► Protocol:
Select the protocol for this entry. Four types are provided: TCP, UDP, ICMP and ALL.
► Port Range: Configure the port range for this entry.
► Description: Enter a description string for this entry
3.4.4.3
Internet Access-Ctrl
Each sub-page under this page is used to control Internet access.
3.4.4.3.1 Access Control
This sub-page is used to control Internet access through IP, port, and time.
Choose the menu Data Service→Firewall Config→Internet Access-Ctrl→Access Control to load the
following page.
Page 36 of 111
FG7008N User Manual
Figure 3-48 View Access Control Entry
The following items are displayed on this screen:
► Enable
►
Access Control: Enable or disable access control from WAN.
Policy:
Default policy of access control: Allow or Deny. If Allow is selected, all
packets will be allowed except the entries list on this page. If Deny is
selected, all packets will be denied except the entries list on this page.
Click the Index in the entry you want to modify. If you want to delete the entry, select it and click the Del.
Click the Add button to add a new entry.
Figure 3-49 Add or Modify Access Control Entry
The following items are displayed on this screen:
► Action:
The policy of this entry, Allow or Deny. It is the inverse of Policy. Read only.
► Enable Rule:
Enable or disable this rule.
► Description:
Enter a description string for this rule
► Source IP Range:
Enter the source IP range in dotted-decimal format (e.g. 192.168.1.23).
► Destination IP Range: Enter the destination IP range in dotted-decimal format (e.g. 192.168.1.23).
► Service Name:
Choose a service type that defined in Service Type page.
► Active Time:
Specify the time range for the entry to take effect.
► Active Day:
Specify the day range for the entry to take effect.
Page 37 of 111
FG7008N User Manual
3.4.4.3.2 User Authentication
This sub-page is used to control Internet access through username and password.
Choose the menu Data Service→Firewall Config→Internet Access-Ctrl→User Authentication to
load the following page.
Figure 3-50 View User Authentication Entry
The following items are displayed on this screen:
Enable User Authentication: Enable or disable user authentication globally. If enabled, only the
following list of users and passwords can access the Internet. Press Save button if you have modified
this parameter.
►
Click the Index in the entry you want to modify. If you want to delete the entry, select it and click the Del.
Click the Add button to add a new entry.
Figure 3-51 Add or Modify User Authentication Entry
The following items are displayed on this screen:
► Username:
► Password:
► Auth
Mode:
Enter the username of this entry.
Enter the password of this entry.
Choose the authentication mode of this entry. Provides four modes:
Allow Multi-PC Access: Allows multiple computers to access the Internet using this
account.
Allow One PC Access:
account.
Only allows one computer to access the Internet using this
Allow Special IP Access: Allowing only specified IP computer uses this account to
access the Internet.
Allow Special MAC Access: Allowing only specified MAC computer uses this account
to access the Internet
Page 38 of 111
FG7008N User Manual
3.4.4.3.3 Page Push
HTTP Page push is a mechanism for sending unsolicited (asynchronous) data from web server to a web
browser. When accessing the Internet for the first time, the specified HTTP page will be pushed to the
browser when enabled.
Choose the menu Data Service→Firewall Config→Internet Access-Ctrl→Page Push to load the
following page.
Figure 3-52 Configure Page Push
The following items are displayed on this screen:
►
Enable Page Push:
► Push
3.4.4.4
Http Url:
If enabled, push specified HTTP page to the browser when accessing the
Internet for the first time.
Specifies the HTTP URL of the page you want to push.
Network Access-Ctrl
3.4.4.4.1 WEB
Choose the menu Data Service→Firewall Config→Netword Access-Ctrl→WEB to load the following
page.
Figure 3-53 Configure WEB Access-Ctrl
The following items are displayed on this screen:
► HTTP
Port:
Port used with HTTP access device.
HTTP: Hypertext Transfer Protocol.
Page 39 of 111
FG7008N User Manual
► HTTPS
Port:
Port used with HTTPS access device.
HTTPS: it is the result of simply layering the Hypertext Transfer Protocol (HTTP) on
top of the SSL/TLS protocol.
Internet Web Access:
► Allow Access: If enabled, allow user to access the device from the Internet via WEB.
► IP Limit:
If enabled, allow only specific IP range to access the device from the Internet via
WEB.
► IP
►
Range:
If IP Limit enabled, specifies the IPv4 address range that is only allowed to access
to the device from the Internet via WEB.
IPv6 Range:
If IP Limit enabled, specifies the IPv6 address range that is only allowed to access to
the device from the Internet via WEB.
Intranet Web Access:
Access: If enabled, allow user to access the device from the Intranet via WEB.
► IP Limit:
If enabled, allow only specific IP range to access the device from the Intranet via
WEB.
► Allow
► IP
►
Range:
If IP Limit enabled, specifies the IPv4 address range that is only allowed to access
the device from the Intranet via WEB.
IPv6 Range:
If IP Limit enabled, specifies the IPv6 address range that is only allowed to access
the device from the Intranet via WEB.
3.4.4.4.2 TELNET
Choose the menu Data Service→Firewall Config→Netword Access-Ctrl→TELNET to load the
following page.
Figure 3-54 Configure Telnet Access-Ctrl
The following items are displayed on this screen:
► Port:
Port when using telnet tools access device.
Internet Web Access:
► Allow Access: If enabled, allow access to the device from the Internet via telnet.
► IP Limit:
If enabled, allow only specific IP range to access the device from the Internet via
telnet
►
IP Range:
If IP Limit enabled, specifies the IPv4 address range that only allow access to the
Page 40 of 111
FG7008N User Manual
device from the Internet via telnet.
►
IPv6 Range:
If IP Limit enabled, specifies the IPv6 address range that only allow access to the
device from the Internet via telnet.
Intranet Web Access:
► Allow Access: If enabled, allow access to the device from the Intranet via telnet.
► IP Limit:
If enabled, allow only specific IP range to access the device from the Intranet via
telnet
► IP
►
Range:
If IP Limit enabled, specifies the IPv4 address range that only allow access to the
device from the Intranet via telnet.
IPv6 Range:
If IP Limit enabled, specifies the IPv6 address range that only allow access to the
device from the Intranet via telnet.
3.4.4.4.3 SSH
Choose the menu Data Service→Firewall Config→Netword Access-Ctrl→SSH to load the following
page.
Figure 3-55 Configure SSH Access-Ctrl
The following items are displayed on this screen:
► Port:
Port when using SSH tools access device.
Internet Web Access:
► Allow Access: If enabled, allow access to the device from the Internet via SSH.
► IP Limit:
If enabled, allow only specific IP range to access the device from the Internet via
SSH
►
IP Range:
If IP Limit enabled, specifies the IPv4 address range that only allow access to the
device from the Internet via SSH.
►
IPv6 Range:
If IP Limit enabled, specifies the IPv6 address range that only allow access to the
device from the Internet via SSH.
Intranet Web Access:
► Allow Access: If enabled, allow access to the device from the Intranet via SSH.
► IP Limit:
If enabled, allow only specific IP range to access the device from the Intranet via
SSH
Page 41 of 111
FG7008N User Manual
► IP
►
Range:
If IP Limit enabled, specifies the IPv4 address range that only allow access to the
device from the Intranet via SSH.
IPv6 Range:
If IP Limit enabled, specifies the IPv6 address range that only allow access to the
device from the Intranet via SSH.
3.4.4.5
Filter Strategy
Each sub-page under this page is used to filter Internet access.
3.4.4.5.1 Keyword Filter
Choose the menu Data Service→Firewall Config→Filter Strategy→Keyword Filter to load the
following page.
Click the Index in the entry you want to modify. If you want to delete the entry, select it and click the Del.
Click the Add button to add a new entry.
Figure 3-56 Configure Keyword Filter
The following items are displayed on this screen:
► Keyword
Filter: If enabled, packet filtering is enabled by keyword.
► Policy:
The policy for filtering web page, Deny and Allow.
You can export all the keywords as a file. Of course, you can also import a file.
3.4.4.5.2 IP Filter
On this page, you can control the Internet access of local hosts by specifying their IP addresses.
Choose the menu Data Service→Firewall Config→Filter Strategy→IP Filter to load the following
page.
Click the Index in the entry you want to modify. If you want to delete the entry, select it and click the Del.
Click the Add button to add a new entry.
Page 42 of 111
FG7008N User Manual
Figure 3-57 Configure IP Filter
The following items are displayed on this screen:
► IP
Filter:
If enabled, packet filtering is enabled by IP address.
► Policy:
The policy for IP address list. Deny and Allow.
You can export all the IP addresses as a file. Of course, you can also import a file.
3.4.4.5.3 MAC Filter
On this page, you can control the Internet access of local hosts by specifying their MAC addresses.
Choose the menu Data Service→Firewall Config→Filter Strategy→MAC Filter to load the following
page.
Figure 3-58 Configure MAC Filter
The following items are displayed on this screen:
► IP
Filter:
If enabled, packet filtering is enabled by MAC.
► Policy:
The policy for MAC list. Deny and Allow.
You can export all the MAC addresses as a file. Of course, you can also import a file.
If you want to delete an entry, select it and click the Del. Click the Add button to add a new entry.
There are two ways to add MAC:
Artificial designated MAC: You can manually enter a MAC.
Page 43 of 111
FG7008N User Manual
Using Studying MAC: You can choose one or more MAC devices learned.
Figure 3-59 Add a MAC Filter Entry
3.4.4.6
IP&MAC Binding
Choose the menu Data Service→Firewall Config→IP&MAC Binding to load the following page.
There are two ways to add a binding entry: You can manually enter a pair of IP and MAC, and then press
Add Item. Alternatively you can select a pair of IP and MAC in Scan List that device learned.
Figure 3-60 Configure IP&MAC Binding
Page 44 of 111
FG7008N User Manual
3.4.5
3.4.5.1
QoS
Basic Settings
QOS feature is enabled by default, based on 802.1P, strict priority scheduling mode. The device
supports four priority queues, when QOS feature enabled.
Choose the menu Data Service→QoS→Basic Settings to load the following page.
Figure 3-61 Configure QoS Basic Settings
The following items are displayed on this screen:
Global Parameters
► Qos Enable:
► Scheduling Mode:
Enable or disable QoS functionality.
PQ: PQ means strict priority, that is, when congestion occurs, first
sending packets of high priority queue.
WRR: All queues use weighted fair queuing scheme which is defined in
Weight Ratio
PQ+WRR: Only highest queue use strict priority; others use weighted
fair queuing scheme.
►
Qos Priority:
DSCP: When you select DSCP value, corresponding to the following
relationship.
DSCP priority value
Priority queue
priority)
0-15
Queue 0
16 ~ 31
Queue 1
32 to 47
Queue 2
48 ~ 63
Queue 3
(queue
highest
802.1P: Select the queue classification mode, when selecting 802.1P
mode, depending on the value of 802.1p priority classification into
different queues, corresponding to the following relationship.
801.1p priority value
Priority queue
priority)
0 to 1
Queue 0
2.3
Queue 1
4.5
Queue 2
6-7
Queue 3
Page 45 of 111
(queue
highest
FG7008N User Manual
Bandwidth Setting
► Upstream Bandwidth:
► Downstream Bandwidth:
Advanced Parameters
► Enable Voice Reservation:
► Enable Video Reservation:
►
Remap Tos/DSCP to CoS:
3.4.5.2
Configure the bandwidth of upstream.
Configure the bandwidth of downstream.
Enable voice reservation and give the value to reserved for voice
Enable video reservation and give the value to reserved for video
Check the box that the system will remark 802.1P value with
TOS/DSCP of upstream packets, the mapping relationship is as
follows:
DSCP priority value
802.1p priority
0-7
8-15
16 ~ 23
24 ~ 31
32 to 39
40 ~ 47
48 ~ 55
56 to 63
Port Rate Limit
Rate limit for physical LAN ports, you can select the package type restrictions limiting the entrance. All
multiples of 32kbps speed requirements
Choose the menu Data Service→QoS→Port Rate Limit to load the following page.
Figure 3-62 Configure Qos Port Rate Limit
The following items are displayed on this screen:
► Port:
► Enable:
► Incoming
Rate Limit:
►Limit Packet Type:
► Outgoing Rate Limit:
3.4.5.3
Physical LAN port
Enable or disable rate limit function.
Enter incoming maximum rate, which must is times of 32Kbsp.
Select the packet type which is limited rate.
Enter Outgoing maximum rate, which must is times of 32Kbsp.
Flow Rate Limit
Choose the menu Data Service→QoS→Flow Rate Limit to load the following page.
Page 46 of 111
FG7008N User Manual
Figure 3-63 View QoS Flow Rate Limit Entry
Click the Index in the entry you want to modify. If you want to delete the entry, select it and click the Del.
Click the Add button to add a new entry.
Figure 3-64 Configure Qos Flow Rate Limit
The following items are displayed on this screen:
► IP
Range:
► Active Time:
► Active Day:
► Direction:
The IP range of LAN’s PC.
If not configured, which means that all time are in active
If not configured, which means that all time in active
Up: Check the frame from the direction of the LAN port to the WAN port,
and match the source IP and destination port;
Down: Check the frame from the direction of the WAN port to the LAN
port, and match the destination IP and source port;
► Limited
Bandwidth(CIR):
► Maximal Bandwidth(PIR):
If Application is selected:
► Application Protocol:
Bidirectional: Limit both upstream and downstream speed.
The limited bandwidth.
The maximum bandwidth.
Such as HTTP, HTTPS, FTP, TFTP, SMTP, POP3, TELNET, etc.
If Custom is selected, the following page will be loaded:
Page 47 of 111
FG7008N User Manual
Figure 3-65 Configure Custom of Qos Flow Rate Limit
The following items are displayed on this screen:
► Protocol
Type: Custom protocol type, UDP or TCP.
► Port Range:
Set port range.
3.4.5.4
Service
The device supports to remap scheduling priority and remark the value of DSCP or 802.1P according to
the service type.
Choose the menu Data Service→QoS→Service to load the following page.
Figure 3-66 View Qos Service
The following items are displayed on this screen:
► Name:
Service name. Read only.
► Remap Queue Priority: Check the box to remap scheduling queue.
► Priority:
There are four levels of priority. Priority 3 is highest, and priority 0 is the
lowest
► Remark
802.1p:
► 802.1p Value:
► Remark DSCP:
► DSCP Value:
3.4.5.5
Check the box to enable 802.1p priority remarking.
The value of remarking 802.1P.
Check the box to enable DSCP remarking.
The value of remarking DSCP.
ACL
Choose the menu Data Service→QoS→ACL to load the following page.
Figure 3-67 View Qos ACL
Page 48 of 111
FG7008N User Manual
Click the Del in the entry you want to delete.
Click the Index or Detail in the entry you want to modify, and then the following page will be loaded:
Figure 3-68 Modify Qos ACL
The following items are display on this page:
Condition:
► Rule Name:
The custom name.
► Physical Port:
Rule’s source port
► Rule Type:
Type of rule: L2 data or L3 data.
If L3 Data is selected:
Figure 3-69 L3 Data Rule Type
The following items are display on this page:
► Src IP/Netmask:
The
192.168.100.1/255.255.255.0.
source
IP
address
and
netmask
► Dest IP/Netmask: The destination IP address and netmask of packets.
► Protocol:
E.g. ICMP, UDP, TCP, or custom IP protocol types.
► L4 Src Port:
Source port range.
► L4 Dest Port:
Destination port range.
Page 49 of 111
of
packets,
such
is
FG7008N User Manual
If L2 Data is selected:
Figure 3-70 L2 Data Rule Type
The following items are display on this page:
► SRC MAC:
► DEST MAC:
► Ether Type:
► VLAN ID:
► 802.1p:
Source MAC address of packets.
Destination MAC address of packets.
The ether type of packets.
The VLAN id of packets.
The VLAN priority of packets.
Action
► Drop:
Drop the packets matched with the rule.
► Remark VID:
Change the VID of packets matched with the rule.
► Remark 802.1p:
Change the 802.1P priority of packets matched with the rule.
► Remark DSCP:
Change the DSCP of packets matched with the rule.
► Priority:
Change the scheduling queue of packets matched with the rule.
► Maximal Bandwidth: Limit the bandwidth of packet matched with the rule.
3.4.6
DDNS
DDNS(Dynamic DNS) service allows you to assign a fixed domain name to a dynamic WAN ip address,
which enables the Internet hosts to access the Router or the hosts in LAN using the domain names.
Choose the menu Data Service→DDNS to load the following page.
Page 50 of 111
FG7008N User Manual
Figure 3-71 Configure DDNS
The following items are display on this page:
► DDNS Enable:
► Username:
► Password:
► First Url:
► Second Url:
► Update Interval:
► Server Type:
Active or inactive dynamic DNS service.
Enter account name of your DDNS account.
Enter password of your DDNS account.
First domain name that you registered your DDNS service provider.
First domain name that you registered your DDNS service provider.
How often, in seconds, the IP is updated.
optional DDNS server type, can select from pull-dwon list:
DYNDNS: For dyndns.org
FREEDNS: For freedns.afraid.org
ZONE: For zoneedit.com
NOIP: For no-ip.com
3322: For 3322.org
CUSTOM: For custom self-defined DDNS server type.
► Server Name:
If CUSTOM is selected, specify server name of the device.
► Server Url:
If CUSTOM is selected, specify server URL of the device.
► Dyn DNS Server Name: If CUSTOM is selected, specify dyndns DNS server name of custom
self-defined.
► Dyn DNS Server Url:
If CUSTOM is selected, specify dyndns DNS server URL of custom
self-defined.
► System Item:
If CUSTOM is selected, specify system item of custom self-defined.
► DDNS Status:
Display the status of DDNS service. Read only.
Click the Save button when finished.
Click Refresh button to refresh the web page.
Page 51 of 111
FG7008N User Manual
3.4.7
VPN
VPN (Virtual Private Network) is a private network established via the public network, generally via the
Internet. However, the private network is a logical network without any physical network lines, so it is
called Virtual Private Network.
With the wide application of the Internet, more and more data are needed to be shared through the
Internet. Connecting the local network to the Internet directly, though can allow the data exchange, will
cause the private data to be exposed to all the users on the Internet. The VPN (Virtual Private Network)
technology is developed and used to establish the private network through the public network, which can
guarantee a secured data exchange.
VPN adopts the tunneling technology to establish a private connection between two endpoints. It is a
connection secured by encrypting the data and using point-to-point authentication. The following
diagram is a typical VPN topology.
Figure 3-72 VPN – Network Topology
As the packets are encapsulated and de-encapsulated in the Router, the tunneling topology
implemented by encapsulating packets is transparent to users. The tunneling protocols supported
contain Layer 3 IPSEC and Layer 2 L2TP/PPTP.
3.4.7.2
PPTP Server
Layer 2 VPN tunneling protocol consists of L2TP (Layer 2 Tunneling Protocol) and PPTP (Point to Point
Tunneling Protocol).Both L2TP and PPTP encapsulate packet and add extra header to the packet by
using PPP (Point to Point Protocol).
Table depicts the difference between L2TP and PPTP.
Protocol
Media
Tunnel
Length of Header
Authentication
PPTP
IP network
Single tunnel
6 bytes at least
Not supported
L2TP
IP network of UDP
Multiple tunnels
4 bytes at least
Supported
Figure 3-73 Difference between L2TP and PPTP
Choose the menu Data Service→VPN→PPTP Server to load the following page.
Page 52 of 111
FG7008N User Manual
Figure 3-74 Configure PPTP Server
The following items are displayed on this screen:
► Enable
PPTP Server:
Enable or disable the PPTP server function globally.
► IP Address Pool Range: Specify the start and the end IP address for IP Pool. The start IP address
should not exceed the end address and the IP ranges must not overlap.
► Enable
►
Authentication:
Enable Encryption:
Specify whether to enable authentication for the tunnel.
Specify whether to enable the encryption for the tunnel. If enabled, the
PPTP tunnel will be encrypted by MPPE.
Click the Index in the entry you want to modify. If you want to delete the entry, select it and click the Del.
Click the Add button to add a new entry.
Figure 3-75 Add or Modify PPTP Client Entry
The following items are displayed on this screen:
►
Username:
Enter the account name of PPTP tunnel. It should be configured identically on server
and client.
►
Password:
Enter the password of PPTP tunnel. It should be configured identically on server and
client.
► Binding
IP: Enter the IP address of the client which is allowed to connect to this PPTP server.
► Description: Enter the humane readable description for this account.
3.4.7.3
L2TP Server
Choose the menu Data Service→VPN→L2TP Server to load the following page.
Page 53 of 111
FG7008N User Manual
Figure 3-76 Configure L2TP Server
The following items are displayed on this screen:
► Enable
L2TP Server:
Enable or disable the L2TP server function globally.
► Local IP:
Enter the local IP address of L2TP server.
► IP Address Pool Range: Specify the start and the end IP address for IP Pool. The start IP address
should not exceed the end address and the IP ranges must not overlap.
►
Enable Authentication:
► Enable
Debug:
Specify whether to enable authentication for the tunnel. If enabled, enter
the authentication secret.
Specify whether to enable the debug for L2TP.
Click the Index in the entry you want to modify. If you want to delete the entry, select it and click the Del.
Click the Add button to add a new entry.
Figure 3-77 Add or Modify L2TP Client Entry
The following items are displayed on this screen:
►
Username:
Enter the account name of L2TP tunnel. It should be configured identically on server
and client.
►
Password:
Enter the password of L2TP tunnel. It should be configured identically on server and
client.
► Binding
IP: Enter the IP address of the client which is allowed to connect to this L2TP server.
► Description: Enter the humane readable description for this account.
Page 54 of 111
FG7008N User Manual
3.4.7.4
IPSEC
IPSEC (IP Security) is a set of services and protocols defined by IETF (Internet Engineering Task Force)
to provide high security for IP packets and prevent attacks. To ensure a secured communication, the two
IPSEC peers use IPSEC protocol to negotiate the data encryption algorithm and the security protocols
for checking the integrity of the transmission data, and exchange the key to data de-encryption. IPSEC
has two important security protocols, AH (Authentication Header) and ESP (Encapsulating Security
Payload). AH is used to guarantee the data integrity. If the packet has been tampered during
transmission, the receiver will drop this packet when validating the data integrity. ESP is used to check
the data integrity and encrypt the packets. Even if the encrypted packet is intercepted, the third party still
cannot get the actual information.
IKE: In the IPSEC VPN, to ensure a secure communication, the two peers should encapsulate and
de-encapsulate the packets using the information both known. Therefore the two peers need to
negotiate a security key for communication with IKE (Internet Key Exchange) protocols. Actually IKE is a
hybrid protocol based on three underlying security protocols, ISAKMP (Internet Security Association and
Key Management Protocol), Oakley Key Determination Protocol, and SKEME Security Key Exchange
Protocol. ISAKMP provides a framework for Key Exchange and SA (Security Association) negotiation.
Oakley describes a series of key exchange modes. SKEME describes another key exchange mode
different from those described by Oakley. IKE consists of two phases. Phase 1 is used to negotiate the
parameters, key exchange algorithm and encryption to establish an ISAKMP SA for securely exchanging
more information in Phase 2. During phase 2, the IKE peers use the ISAKMP SA established in Phase 1
to negotiate the parameters for security protocols in IPSEC and create IPSEC SA to secure the
transmission data.
3.4.7.4.1 IKE Safety Proposal
In this table, you can view the information of IKE Proposals.
Choose the menu Data Service→VPN→IPSec→IKE Safety Proposal to load the following page.
Figure 3-78 View IKE Safety Proposal Configuration
Click the Index in the entry you want to modify. If you want to delete the entry, select it and click the Del.
Click the Add button to add a new entry.
Page 55 of 111
FG7008N User Manual
Figure 3-79 Add or Modify IKE Safety Proposal Entry
The following items are displayed on this screen:
► Proposal
Name:
► Encryption
► Auth
Specify a unique name to the IKE proposal for identification and management
purposes. The IKE proposal can be applied to IPSEC proposal.
Algorithm: Specify the encryption algorithm for IKE negotiation. Options include:
DES: DES (Data Encryption Standard) encrypts a 64-bit block of plain text
with a 56-bit key.
Algorithm:
3DES: Triple DES, encrypts a plain text with 168-bit key.
AES: Uses the AES algorithm for encryption.
Select the authentication algorithm for IKE negotiation. Options include:
MD5: MD5 (Message Digest Algorithm) takes a message of arbitrary length
and generates a 128-bit message digest.
SHA1: SHA1 (Secure Hash Algorithm) takes a message less than 2^64 (the
64th power of 2) in bits and generates a 160-bit message digest.
► DH
Group:
Select the DH (Diffie-Hellman) group to be used in key negotiation phase 1.
The DH Group sets the strength of the algorithm in bits. Options include DH
768 modp, DH 1024 modp and DH 1536 modp.
3.4.7.4.2 IKE Safety Policy
In this table, you can view the information of IKE Policy.
Choose the menu Data Service→VPN→IPSec→IKE Safety Policy to load the following page.
Figure 3-80 View IKE Safety Policy Configuration
Click the Index in the entry you want to modify. If you want to delete the entry, select it and click the Del.
Click the Add button to add a new entry.
Page 56 of 111
FG7008N User Manual
Figure 3-81 Add or Modify IKE Safety Policy Entry
The following items are displayed on this screen:
► Policy
►
Name:
Operation Mode:
Specify a unique name to the IKE policy for identification and management
purposes. The IKE policy can be applied to IPSEC policy.
Select the IKE Exchange Mode in phase 1, and ensure the remote VPN
peer uses the same mode.
Main: Main mode provides identity protection and exchanges more
information, which applies to the scenarios with higher requirement for
identity protection.
Challenge: Challenge Mode establishes a faster connection but with lower
security, which applies to scenarios with lower requirement for identity
protection.
► Enable
Local ID:
Remote ID:
► Auth Mode:
► Enable
► Pre
Share Key:
► Enable
If enabled, enter a name for the local device as the ID in IKE negotiation.
If enabled, enter the name of the remote peer as the ID in IKE negotiation.
Select the authentication mode for this IKE policy entry.
PSK:
Certificate:
Enter the Pre-shared Key for IKE authentication, and ensure both the two
peers use the same key. The key should consist of visible characters
without blank space.
Safety Proposal: Select the Proposal for IKE negotiation phase 1. Up to four proposals can
be selected.
3.4.7.4.3 IPSEC Safety Proposal
In this table, you can view the information of IPSEC proposal.
Choose the menu Data Service→VPN→IPSec→IPSEC Safety Proposal to load the following page.
Page 57 of 111
FG7008N User Manual
Figure 3-82 View IPSEC Safety Proposal Configuration
Click the Index in the entry you want to modify. If you want to delete the entry, select it and click the Del.
Click the Add button to add a new entry.
Figure 3-83 Add or Modify IPSEC Safety Proposal Entry
The following items are displayed on this screen:
►
Proposal Name:
► IPSec
Protocol:
Specify a unique name to the IPSEC Proposal for identification and
management purposes. The IPSEC proposal can be applied to IPSEC
policy.
Select the security protocol to be used. Options include:
AH: AH (Authentication Header) provides data origin authentication, data
integrity and anti-replay services.
ESP: ESP (Encapsulating Security Payload) provides data encryption in
addition to origin authentication, data integrity, and anti-replay services.
►
Encryption Algorithm:
ESP+AH: Both ESP and AH security protocol.
Select the algorithm used to encrypt the data for ESP encryption. Options
include:
DES: DES (Data Encryption Standard) encrypts a 64-bit block of plain text
with a 56-bit key. The key should be 8 characters.
3DES: Triple DES, encrypts a plain text with 168-bit key. The key should
be 24 characters.
AES: Uses the AES algorithm for encryption. The key should be 16
characters.
► Auth
Algorithm:
Select the algorithm used to verify the integrity of the data. Options include:
MD5: MD5 (Message Digest Algorithm) takes a message of arbitrary
length and generates a 128-bit message digest.
SHA: SHA (Secure Hash Algorithm) takes a message less than the 64th
power of 2 in bits and generates a 160-bit message digest.
3.4.7.4.4 IPSEC Safety Policy
In this table, you can view the information of IPSEC policy.
Choose the menu Data Service→VPN→IPSec→IPSEC Safety Policy to load the following page.
Page 58 of 111
FG7008N User Manual
Figure 3-84 View IPSEC Safety Policy Configuration
Click the Index in the entry you want to modify. If you want to delete the entry, select it and click the Del.
Click the Add button to add a new entry.
Figure 3-85 Add or Modify IPSEC Safety Policy Entry
The following items are displayed on this screen:
► Enable
Ipsec:
► IPSEC Policy Name:
► Select Interface:
► VPN Mode:
Enable or disable this IPSEC entry.
Specify a unique name to the IPSEC policy.
Specify the local WAN port for this Policy.
Select the network mode for IPSEC policy. Options include:
Site To Site: Select this option when the client is a network.
PC to Site: Select this option when the client is a host.
► Local Subnet IP & Local Subnet Netmask: Specify IP address range on your local LAN to identify
which PCs on your LAN are covered by this policy.
►
Remote Address:
► Remote
If PC to Site is selected, specify IP address on your remote network to
identify which PCs on the remote network are covered by this policy.
Subnet IP & Remote Subnet Netmask: Specify IP address range on your remote network to
identify which PCs on the remote network are covered by this policy.
Specify the IKE policy. If there is no policy selection, add new policy on
VPN→IPSec→IKE Safety Policy page.
► Enable Safety Prososal: If enabled, Select IPSEC Proposal. If there is no policy selection, add new
IPSEC proposal on VPN→IPSec→IPSEC Safety Proposal page. Up to
►
IKE Safety Policy:
Page 59 of 111
FG7008N User Manual
four IPSEC Proposals can be selected.
3.4.8
Routing
3.4.8.1
Static Route
3.4.8.1.1 IPv4
Choose the menu Data Service→Routing→Static Route→IPv4 to load the following page.
Figure 3-86 Configure IPv4 Static Route
The following items are displayed on this screen:
► Enable:
Select it to add and modify the current route. Conversely, disable the current
route.
► Destination IP:
► Netmask:
► Next Hop Type:
► Next Hop Interface:
► Next Hop Address:
► Valid:
Enter the destination host the route leads to.
Enter the Subnet mask of the destination network.
Include Next Hop Interface and Next Hop Address(see following option)
Specify the interface of next hop for current route
Specify the address of next hop for current route
Show the status of current route.
3.4.8.1.2 IPv6
The menu IPV6 is hidden if you don’t enable Ipv6 stack, please refer to configuration index
Network→IPv6 for detail setting.
Choose the menu Data Service→Route→Static Route→IPv6 to load the following page.
Page 60 of 111
FG7008N User Manual
Figure 3-87 Configure IPv6 Static Route
The configuration options of Ipv6 is similar to Ipv4, the prefix length is equal to mask of Ipv4 address.
3.4.8.2
Policy Route
Choose the menu Data Service→Route→Policy Route to load the following page.
Figure 3-88 View Policy Route
Click the Index in the entry you want to modify. If you want to delete the entry, select it and click the Del.
Click the Add button to add a new entry.
Figure 3-89 Add or Modify Policy Route
The following items are displayed on this page:
Page 61 of 111
FG7008N User Manual
► Enable PoliceRoute: Enable or disable the entry
► Next Hop Type:
Select from pull-down list: Interface, Address.
► Interface:
Specify the interface of next hop for the entry.
► Address:
Specify the address of next hop for the entry.
► Description:
Give description for the entry.
► Protocol:
Specify the protocol, TCP, UDP or ALL.
► Source IP:
Enter IP address or IP range of source in the rule entry.
► Destination IP:
Enter IP address or IP range of destination in the rule entry.
► Destination Port:
Specify port or port range of destination in the rule entry.
► Active Time:
Specify the active time range for the rule entry.
► Active Day:
Specify the active days for the rule entry.
3.4.8.3
RIP
The Routing Information Protocol (RIP) is one of the oldest distance-vector routing protocols, which
employs the hop count as a routing metric.
3.4.8.3.1 RIP Service
Choose the menu Data Service→RIP→RIP Service to load the following page.
Figure 3-90 RIP Service Configuration
The following items are displayed on this page:
► Enable RIP Service: Enable or disable RIP service function globally.
Click the Index in the entry you want to modify. If you want to delete the entry, select it and click the Del.
Click the Add button to add a new entry.
Figure 3-91 Add or Modify RIP Service Entry
The following items are displayed on this page:
► Interface:
Specify the interface for the entry.
Page 62 of 111
FG7008N User Manual
► Receive RIP Version:
► Send RIP Version:
► Authorization Enable:
► Key Mode:
► Key Type:
► Simple String:
Specify receiving RIP version for the entry.
Specify sending RIP version for the entry.
Check the box to enable authorization.
Specify the encryption mode of key, TEXT(plaintext),MD5(cipertext).
Specify the key from Simple String or Key Chain.
If select Simple String in item of Key Type, enter simple string as key.
3.4.8.3.2 Key Chain
Key Chain is a chain of keys used as RIP authorization key.
Choose the menu Data Service→RIP→Key Chain to load the following page.
Figure 3-92 View RIP Key Chain Configuration
The following items are displayed on this page:
► Key Chain Name: Enter the name of key chain.
Click the Index in the entry you want to modify. If you want to delete the entry, select it and click the Del.
Click the Add button to add a new entry.
Figure 3-93 Add or Modify RIP Key Chain Entry
The following items are displayed on this page:
► Key ID:
► Key String:
3.4.9
3.4.9.1
Enter the ID of the entry.
Enter the Key of the entry.
Advanced Parameters
UPnP Parameter
The Universal Plug and Play (UPnP) technology is enabling a world in which music and other digital
entertainment content is accessible from various devices in the home without regard for where the media
is stored. Using UPnP devices the whole family can share in the fun together whether it's:
1) Viewing your best family photos via the TV
2) Watching home videos
Page 63 of 111
FG7008N User Manual
3) Listening to favorite tunes throughout the house
The Digital Living Network Alliance (DLNA) is a non-profit collaborative trade organization established
by Sony in June 2003, which is responsible for defining interoperability guidelines to enable sharing of
digital media between multimedia devices. DLNA uses UPnP for media management, discovery and
control.
Here, UPNP mainly for DLNA, DLNA server can be automatically discovered by sending NOTIFY via
Multicast, and DLNA clients can search DLNA servers by sending M-SEARCH via Multicast.
Choose the menu Data Service→Advanced Parameters→UPnp Parameter to load the following
page.
Figure 3-94 Configure UPnp
The following items are displayed on this screen:
► Enable
UPnP:
Enable or disable the UPnP function globally.
The network interface connected to the DLNA server.
► Upstream Interface:
► Downstream Interface: The network interface connected to the DLNA client.
3.4.10 Multicast
Choose the menu Data Service→Multicast to load the following page.
Figure 3-95 Configure Multicast
The following items are displayed on this screen:
► Enable
IGMP Proxy: Enable or disable the IGMP proxy function globally. Currently, IGMP proxy is
mainly used for IPTV.
3.4.11 USB Storage
USB Storage function let Windows OS share files of USB storage mounted on embedded device by
Samba and ftp.
1) User Management
Manage the list of users which access USB storage.
Choose menu Data Service→USB Storage to load the following page.
Page 64 of 111
FG7008N User Manual
Figure 3-96 View User Management Configuration
Click the Index in the entry you want to modify. If you want to delete the entry, select it and click the Del.
Click the Add button to add a new entry.
Figure 3-97 Add or Modify User Management Entry
The following items are displayed on this screen:
► Username:
Enter user name of this entry.
► Password:
Enter password of this entry.
► Access Right: Select access right from pull-down list, Read or Read/Write.
2) USB Storage
Scan the partitions of USB Storage by click Rescan button and umount specified partition by clicking
Umount button. Click start to start service, click stop to stop service.
Figure 3-98 View USB Storage
Click Modify to load the following page:
Figure 3-99 Modify USB Storage
The following items are displayed on this screen:
Page 65 of 111
FG7008N User Manual
► Share
Name: Enter the share name.
► Allowed User: Select the users need to access the partition of the entry.
3.5 VOIP Service
The Session Initiation Protocol (SIP) is a signaling protocol used for establishing sessions in an IP
network. The protocol can be used for creating, modifying and terminating two-party (unicast) or
multiparty (multicast) sessions. Sessions may consist of one or several media streams.
3.5.1
SIP Service
Choose the menu VOIP Service→SIP Service to load the following page.
Figure 3-100 Configure General Parameters of SIP Service
The following items are displayed on this screen:
► Primary Server Address: Domain or IP of SIP server.
► Primary Server Port:
Listening port of SIP server.
► Enable Backup Server:
Enable or disable backup SIP server.
► Backup Server Address: Domain or IP of backup SIP server.
► Backup Server Port:
Listening port of backup SIP server.
► Enable Proxy Server:
Enable or disable Proxy server.
► Proxy Address:
Domain or IP of proxy server.
► Proxy Port:
Listening port of proxy server.
► Enable Secondary Proxy: Enable or disable backup proxy server.
► Secondary Proxy Address: Domain or IP of backup proxy server.
► Secondary Proxy Port:
Listening port of backup proxy server.
► Register Interval:
Enter the desired time interval at which the sip UA will send register
Page 66 of 111
FG7008N User Manual
message.
► RTP Port:
► Local SIP Port:
Local RTP port range.
Local listening port.
Click +Advanced Parameters to load the following page.
Figure 3-101 Configure Advanced Parameters of SIP Service
The following items are displayed on this screen:
► Enable Alive:
After successful registration, whether to send keep-alive packets.
► Keep Alive Mode:
Keep alive mode: CLRF, OPTIONS or PING.
► Enable Realm:
Check the box to enable SIP signaling packets with realm field information.
► Enable Session Timer:
Enable or disable UAC / UAS session refresh mode.
► Enable SIP Retrans Timer: When registration fails, whether to initiate retransmission, retransmission
cycle and time with configuration.
► User Agent:
► Hold Mode:
► Enable Next Nonce:
Check the box to enable signaling packets with User Agent field.
Select the SIP signal format of call hold.
Enable SIP packets with nonce count field information, incremented each
one and with a maximum value.
► Support PRACK:
Enable or disable provisional response. If enabled, 1xx (except 100rel)
messages are required to respond with ACK.
► Support User=Phone:
► Update Register Cycle:
Whether SIP signaling packets with User = Phone field information.
Based on server response to update registration period.
Page 67 of 111
FG7008N User Manual
► Support Full Register:
Each registration packets are generated, rather than re-issued.
► First Package With Auth Info: The first registration packet with authentication information.
► SDP With Audio When T38 Faxing: T38 fax signaling packet with audio information.
3.5.2
3.5.2.1
User
User
Choose the menu VOIP Service→User→User to load the following page.
Figure 3-102 User Configuration
Click the Register button to start the registering to the SIP server.
Click the Unregister button to start the un-registering to the SIP server.
Click the User in the entry you want to modify to load the following page.
Figure 3-103 Configure User
The following items are displayed on this screen:
► Account:
► Auth Username:
► Password:
► Phone number:
► Enable Register:
► Ring Group Identity:
3.5.2.2
Account name registered to SIP server.
Username of the account.
Password of the account.
Caller and called number of subscriber line.
Enable registering.
Phone number configured as one hunt group, after saving, the configuration
can be seen in the Centrex page.
Wildcard Group
Choose the menu VOIP Service→User→Wildcard Group to load the following page.
Page 68 of 111
FG7008N User Manual
Figure 3-104 Wildcard Group Configuration
Click the Wildcard Group in the entry you want to modify. If you want to delete the entry, select it and
click the Del. Click the Add button to add a new entry.
Figure 3-105 Add or Modify Wildcard Group Configuration
The following items are displayed on this screen:
► Enable Group Register:
3.5.3
Enable or disable the group register function globally.
Supplementary
Choose the menu VOIP Service→Supplementary to load the following page.

Figure 3-106 User Supplementary
Click the User in the entry you want to modify to load the following page. You can also select
multiple, then click Batch Edit to batch configuration.
Page 69 of 111
FG7008N User Manual
Figure 3-107 Modify Supplementary Configuration
The following items are displayed on this screen:
► Call Forwarding Unconditional: Enable or disable CFU function, if enabled, enter Call Number.
1) Set by keypad service system: *57*TN#, TN is the phone
number to be redirected to.
► Call Forwarding No Reply:
► Call Forwarding On Busy:
► Hotline Number:
2) Cancel by keypad service system: #57#.
Enable or disable CFNR, if enabled, enter Call Number and Wait
Time Long.
1) Set by keypad service system: *41*TN#, TN is the phone
number to be redirected to.
2) Cancel by keypad service system: #41#.
Enable or disable CFB function, if enabled, enter Call Number.
1) Set by keypad service system: *40*TN#, TN is the phone
number to be redirected to.
2) Cancel by keypad service system: #40#.
Enter number to hotline function, empty expressed disable.
1) Set delay hotline number by Keypad service system: *52*TN#,
TN is the hotline number.
2) Cancel delay hotline number by Keypad service system: #52#.
3) Set instant hotline number by Keypad service system:
*42*TN#, TN is the hotline number.
4) Cancel instant hotline number by Keypad service system:
#42*EN#, instant hotline can only be deactivated with other
extension; EN is the extension number which needs to deactivate
Page 70 of 111
FG7008N User Manual
instant hotline.
► Delay Time:
Time 0 indicates immediate Hotline, Otherwise, indicates delay
Hotline. The Delay Time must be configured on the WEB.
► CID Restriction:
Enable or disable CID Restriction. If Anonymous As UserName is
chosen, user name content is Anonymous also.
► Enable No Disturb:
► Enable Call Waiting:
Allows block incoming calls at any time.
When you talking, a third party phone comes in, you can hear the
beep tone.
► Enable MWI:
► Enable CID:
► CID Mode:
Enable or disable MWI (Message-waiting indicator) function.
Enable or disable to send CID to phone.
There are two methods used for sending caller ID information
depending on the application and country specific requirements:
FSK: caller ID generation using Frequency Shift Keying (FSK)
DTMF: caller ID generation using DTMF signaling.
4) Abbreviated Dialing allows you to store selected phone numbers for quick and easy dialing. Each
telephone number can be dialed by using a one to two-digit code with a simple prefix. Stored
numbers may be up to 32 digits in length.
If you want to add or remove abbreviated dialing numbers, click the Abbr Dialing to load the
following page.
Figure 3-108 View Abbreviated Dialing Configuration
Click the Del button to delete the entries you select.
Click the Add button to add a new entry.
Figure 3-109 Add Abbreviated Dialing Entry
The following items are displayed on this screen:
► Abbreviated Number: Enter the abbreviated number.
► Phone Number:
Enter the Actual phone number.
5) If you want to add or remove black&white list, click the Black&White List to load the following page.
Figure 3-110 Black&White List Configuration
Page 71 of 111
FG7008N User Manual
Click the Information in the entry you want to modify. If you want to delete the entry, select it and click
the Del.
Click the Add button to add a new entry.
Figure 3-111 Add or Modify Black&White List Entry
The following items are displayed on this screen:
► List Type:
Choose type of Black&White List, four types are provided:
Incoming Blacklist, Incoming Whitelist, Outgoing Blacklist, Outgoing Whitelist.
► Information: Enter the phone number or sip account.
3.5.4
1.
Codec Parameters
Packet Period defines how long the device sends a RTP packet to the other side. The smaller the value,
the more bandwidth usage. The larger the value, the more voice delay. Choose the menu VOIP
Service→Codec Parameters to load the following page.
Figure 3-112 Configure Packet Period
► G.711A Packet Period: RTP packetization period of G.711A codec.
► G.711u Packet Period: RTP packetization period of G.711U codec.
► G.723 Packet Period: RTP packetization period of G.723 codec.
► G.729 Packet Period: RTP packetization period of G.729 codec.
2. Choose the menu VOIP Service→Codec Parameters to load the following page.
Figure 3-113 View Fax Mode&Codec Priority Configuration
To modify fax mode or codec priority of users, click the User in the entry you want to modify to load the
following page. You can also select multiple, then click Batch Edit to batch configuration.
Page 72 of 111
FG7008N User Manual
Figure 3-114 Add or Modify Fax Mode&Codec Priority
The following items are displayed on this screen:
► Fax Mode:
Choose fax mode, three types are provided: Transparent, T38, VBD.
► Codec Answer Strategy: Two modes are provided:
Use Answerer Priority: Codec selection decisions based on the priority
level configuration
Use Offerer Priority:
priority.
► Codec Priority:
3.5.5
Codec selection decision based on caller’s
If Use Answerer Priority is selected, set the priority of codec.
DSP Parameters
Choose the menu VOIP Service→DSP Parameters to load the following page.
Figure 3-115 Configure DSP Parameters
The following items are displayed on this screen:
► Echo Cancellation:
Enable or disable echo cancellation.
► Silence Detection/Suppression: Enable or disable silence detection and silence suppression.
► Input Gain:
Configure the input gain value.
► Output Gain:
Configure the input gain value
Page 73 of 111
FG7008N User Manual
► Delay Level:
► DTMF Transfer Model:
► RFC2833 Load Type:
► T38 Max FAX Rate:
► T38 Signaling Redundancy:
► T38 Data Redundancy:
► Ring Frequency:
► Impedance Type:
3.5.6
Choose the delay level, five levels are provided: Minimum,
Smaller, Moderate, Larger, Maximum.
Select DTMF transmission mode: In-Band, INFO, RFC2833.
If RFC2833 is selected, specify payload type of RFC2833.
Select the maximum rate, when using T38 fax mode: Unlimited,
2400bps, 4800bps, 7200bps, 9600bps, 12000bps, 14400bps.
Configure the redundancy of T38 signal.
Configure the redundancy of T38 data.
Choose the ring frequency: 20Hz, 25Hz.
Choose the impedance type: 600Ώ, China Standard, Switzerland
Standard.
Digitmap
The destination number will be sent all in one time for SIP application, digitmap is used to determine
exactly when there are enough digits entered from the user to place a call. If the number length of suited
route item is fixed, the number will be sent when specified number of digits is received; the call will be
disconnected when inter-digit timeout expires. If the number length of suited route item is indefinite,
there are 3 ways to determine whether the digits is enough, press pound(#) key, timeout expires or
digitmap comparing. If digits dialed partly matching with digitmap patterns, continue waiting of number
receiving. If they match, send the number immediately. If not, send the number immediately too, in order
to play the prompts.
Table 3-1
Digitmap Characters
Character
Description
0~9
Indicates specific digits in a telephone number expression.
Wildcard, matches any digit, excluding “#” and “*”.
Digit star
Digit pound
Connects the start and the end of a range
[]
Indicates the a range of numbers(not letters).
Matches an arbitrary number of occurrences of the
preceding digit, including 0.
Indicates a choice of matching expressions (OR).
Inter-digit timeout expires
Short timer expires, usually place at the middle of an
expression
Digitmap Example: 8XXXXXXX|1[0-24]0|2[18].3|3XXSXX|[0-9*#][0-9*#][0-9*#].#|[0-9*#].T
 “8XXXXXXX” denotes numbers start with 8, the length is 8.
 “1[0-24]0” denotes numbers include 100, 110, 120 and 140.
 “2[18].3” denotes numbers that start with 2 and end with 3, there can be arbitrary length of 1 or 8
after the first digit 2. 23, 213, 2183 is matched.
 “3XXSXX” denotes numbers start with 3, the length can be 3 or 5. If the short timer configured
expires between the third digit and the fourth digit, the number will be sent.
 “[0-9*#][0-9*#][0-9*#].#” denotes numbers end with #, and the length is no less than 2.
Page 74 of 111
FG7008N User Manual

“[0-9*#].T” denotes any number that dialing time out.
Choose the menu VOIP Service→Digitmap to load the following page.
Figure 3-116 Configure Digitmap
The following items are displayed on this screen:
► Enable:
Enable or disable digit map function.
► Short Timer: Enter the time of Short Timer in second.
► Digit Map:
Enter the digit map rules.
3.5.7
Signal Tone
Choose the menu VOIP Service→Signal Tone to load the following page.
Page 75 of 111
FG7008N User Manual
Figure 3-117 Configure Signal Tone
The following items are displayed on this screen:
► Tone Type:
Select the type of signal tone.
Dial Tone
► User Define Enable:
Whether to use user-defined dial tone frequency.
► Dial Tone Frequency 1:
► Dial Tone Frequency 2:
Busy Tone
► User Define Enable:
Whether to use user-defined busy tone frequency.
► Busy Tone Frequency 1:
► Busy Tone Frequency 2:
► On Time:
► Off Time:
Ring Back Tone
► User Define Enable:
Whether to use user-defined ringback tone frequency.
► Ring Back Tone Frequency 1:
► Ring Back Tone Frequency 2:
► On Time:
► Off Time:
Distinction Ring: Specify the ring cadence for the FXS port. In these fields, you specify the on and off
pulses for the ring. The ring cadence that should be configured differs between internal call and external
call.
3.5.8
FXS Parameters
Choose the menu VOIP Service→FXS Parameters to load the following page.
Page 76 of 111
FG7008N User Manual
Figure 3-118 Configure FXS Parameters
The following items are displayed on this screen:
► Min Flash Detect Time: The minimum time to detect the flash.
► Max Flash Detect Time: The maximum time to detect the flash.
► Flash Key Enable:
Whether to enable digit detect after flash.
► Switch&Release Call:
If the digit specified is detected after flash, terminate the active call and
recover the call on hold.
► Three Party Call:
► Reject Key:
► Switch Call Key:
If the digit specified is detected after flash, enter the conference mode.
If the digit specified is detected after flash, reject the call on hold.
If the digit specified is detected after flash, hold the active call and recover
the call on hold.
► Keep the hold call when onhook: If selected, when hanging up in this context, the telephone rings
to notify the user there is still a call on hold.
► (#)Quick Dial Key:
► Asterisk Func Key:
► Tap Report:
► Escape Seq:
► CID Enable:
► Callee Inverse Polarity:
► Caller Inverse Polarity:
3.5.9
Whether to send telephone number immediately after receiving the # key.
Whether to use the ‘*’ key as flash key.
Whether to report an event to server when flash detected.
Whether to use an escape characters when sending special DTMF.
Whether to enable caller id globally.
Whether to activate the Polarity Reversal for FXS callee.
Whether to activate the Polarity Reversal for FXS caller.
Centrex
To control call each other of internal number in the same device, choose the menu
VOIP Service→Centrex to load the following page.
Page 77 of 111
FG7008N User Manual
Figure 3-119 Centrex&Ring Group Configuration
The following items are displayed on this screen:
► Enable Centrex: Whether to enable centrex function globally.
A hunt group is a collection of extensions that ring in a particular order when the hunt group number is
dialed. Hunt groups usually have a phone number associated with them, which are referred to as the
group number. Ordinal hunt groups always start ringing the first extension in the list. Alternate hunt
groups remember the last number that ringed first and begins ringing on the next number in the list.
when the end of the list is reached, both wrap around to the first number in the list again. With a parallel
hunt group, all extensions in the list will ring at the same time.
To delete an exist entry, select it and click the Del.
To modify ring policy or ring time configuration, please click the Group Number in the exist entry which
you want to modify. You can also click the Add button to add a new entry.
Figure 3-120 Add or Modify RingGroup
The following items are displayed on this screen:
► Group Number: The phone number of this ring group.
► Ringing Policy: Phone ringing policy: Alternate, Ordinal, Parallel.
► Ring Time:
Ring time of each member.
Click Submit button when finished, then you can Add telephone numbers to this Ring Group, you can
also click the Phone Number in the exist entry to Add or Del telephone numbers.
Figure 3-121 Add or Delete Number of RingGroup
Page 78 of 111
FG7008N User Manual
The following items are displayed on this screen:
► Telephone Number: The number will be added to the ring group.
3.5.10 Phone Book
Choose the menu VOIP Service→Phone Book to load the following page.
Figure 3-122 Configure Phone Book
Click the Index in the entry you want to modify. If you want to delete the entry, select it and click the Del.
Click the Add button to add a new entry.
The following items are displayed on this screen:
► Phone Prefix: The prefix of this phone book.
► Total Length: The total length of number to wait before sending.
► Prefix Mode: Mode of processing number prefix: Unmodify, Remove, Add, Modify.
► IP/Domain:
The IP address or domain of destination.
► Port:
The port of destination.
► Description: Description of this rule.
3.6 System
3.6.1
Time Management
Menu of time management is used to manage system time.
1) Manual Configuration
Choose the menu Data Service→Time Management and select Manual Configuration to load the
following page.
Page 79 of 111
FG7008N User Manual
Figure 3-123 Time Manual Configuration
The following items are displayed on this screen:
Configuration mode: Specify configuration mode of time, Auto Configuration or Manual
Configuration, default is Manual Configuration.
► System Time:
Enter the system time under Manual Configuration.
► Daylight Saving Time: Enable or disable the Daylight Saving Time(DST).
► Offset:
Enter the offset of DST.
► Start Month:
Specify the start month of DST, range from 1 to 12 in one year.
► Start Day of Week:
Specify the start weekday of DST, range from Sunday to Saturday.
► Start Day of Week Last in Month: Specify the order of start weekday in the month from pull-down list
as following:
►
 First in Month
 Second in Month
 Third in Month
 Fourth in Month
 Last in Month
► Start Hour of Day:
Specify the start hour of DST, range from 0 to 23 in one day.
► End Month:
Specify the end month of DST, range from 1 to 12 in one year.
► End Day of Week:
Specify the end weekday of DST, range from Sunday to Saturday.
► End Day of Week Last in Month: Specify the order of end weekday in the month, similar as Start
Day of Week Last in Month.
► End Hour of Day:
Specify the end hour of DST, range from 0 to 23 in one day.
2) Auto Configuration
Choose Auto Configuration to load the following page:
Page 80 of 111
FG7008N User Manual
Figure 3-124 Time Auto Configuration
The following items are displayed on this screen:
Enable NTP:
Enable or disable NTP service.
► NTP Service Mode:
Specify CPE role as NTP Client or both Client and Server.
► Primary NTP Server: Specify the primary NTP server for role as NTP client.
► Second NTP Server: Specify the second NTP server for role as NTP client.
► Time Zone:
Enter the local time zone.
► Update Interval:
Specify update interval for role as NTP client.
►
3.6.2
3.6.2.1
Upgrade
Application
Firmware upgrade via WEB interface is available. There are 2 steps to complete firmware updating.
1)
Choose menu “SystemUpgrade”, then select the right firmware file, click Upgrade, wait a
few minutes for firmware downloading and programming.
2)
Choose menu “System Reboot”, then click Reboot button to reset the device.
3.6.2.2
Configuration
3.6.2.2.1 Update Configuration
Configuration updating via WEB interface is available. There are 2 steps to complete configuration
updating.
1)
Choose menu “SystemUpgrade”, then select the right configuration file, click Upgrade, wait
a few seconds for downloading and programming.
2) Choose menu“System Reboot”, then click Reboot button to reset the device.
3.6.2.2.2 Export Configuration
Configuration exporting via WEB interface is available. Click the "Export Configuration File" to export
the configuration file.
Page 81 of 111
FG7008N User Manual
Web interface configuration index: SystemUpgrade( Configuration).
3.6.3
Reboot System
Choose menu“System Reboot”, then click Reboot button to reset the device.
3.6.4
Backup/Restore
Choose the menu System→Backup/Restore to load the following page.
Figure 3-125 Backup/Restore Configurations
The following items are displayed on this screen:
Backup Current Configurations: Save current parameters as customer default parameters.
Load Default Configurations:
To reset to customer default parameters.
► Restore Factory Configurations: To reset to factory parameters.
►
►
3.6.5
Diagnostic
3.6.5.1
Ping
Choose menu “SystemDiagnosticPing”, and then you can use Ping function to check connectivity
of your network in the following screen.
Figure 3-126 Ping Diagnostic
The following items are displayed on this screen:
► Ping:
Enter the IP Address or Domain Name of the PC whose connection you wish to
diagnose.
Page 82 of 111
FG7008N User Manual
► Ping Count: Specifies the number of Echo Request messages sent.
► Result:
This page displays the result of diagnosis.
Click Start button to check the connectivity of the Internet.
Click Stop button to stop sending the Echo Request messages.
Click Refresh button to refresh the web page.
3.6.5.2
Tcpdump
You can use tcpdump tool to capture the packets, and show the result of capture packets.
Choose the menu System→Diagnostic→Tcpdump to load the following page.
Figure 3-127 Tcpdump Diagnostic
The following items are displayed on this screen:
► Interface: By selecting the interface, only packets through this interface will be captured.
► Protocol: By selecting the protocol, only packets of this protocol will be captured.
► Tcpdump: Enter some options of tcpdump(e.g. -n -s0 -c 100)
► Result:
This page displays the result of capture packets.
Click Start button to capture the packets which correspond to the configuration requirement.
Click Stop button to stop capturing the packets.
Click "*.pcap" to open or download the capture packets file.
Click "clean" to delete all the packets file.
Click Refresh button to refresh the web page.
3.6.5.3
WAN Speed Test
Test the download speed and upload speed of WAN interface, and show the result on the web page.
Choose the menu System→Diagnostic→WAN Speed Test to load the following page.
Figure 3-128 WAN Speed Test
Page 83 of 111
FG7008N User Manual
The following items are displayed on this screen:
► Download URL: Enter the URL to test the download speed of WAN. For example
http://speedtest1.szunicom.com/speedtest/random1000x1000.jpg
► Upload URL:
Enter the URL to test the upload speed of WAN. For example
http://speedtest1.szunicom.com/speedtest/random2000x2000.jpg
Click the Start button to starting test.
3.6.6
User Management
You can change the factory default user password of the device.
Choose the menu System→User Management to load the following page.
Figure 3-129 User Management
The following items are displayed on this screen:
► Username:
You can select the user with different permissions. However, you can not select
the user whose permission is higher than your permission.
► New Password:
Enter the new password for specified user, not more than 32 characters, and
the space is not supported.
► Confirm Password: Enter the new password again to confirm for specified user, not more than 32
characters, and the space is not supported.
Click the Save button when finished.
3.6.7
3.6.7.1
System Log
Log Config
Choose the menu System→System Log→Log Config to load the following page.
Figure 3-130 Configure System Log
The following items are displayed on this screen:
Page 84 of 111
FG7008N User Manual
► Log Level:
By selecting the log level, only logs of this level will be shown.
► Log Content:
By selecting the log content, only logs of selected content will be shown.
► Local Log Enable: Check this box to enable local log function.
► Remote Log Enable: Check this box to enable remote log function, the logs will be send to the Log
Server.
► Log Server IP:
Enter the IP address of the Log Server.
► Log Server Port:
Enter the port that Log service used.
Click the Save button when finished.
3.6.7.2
Log Display
Choose the menu System→System Log→Log Display to load the following page.
Figure 3-131 Display System Log
Click the Export button to export all the local logs as a file.
Click the Clear button to clear all the local logs from the device permanently, not just from the page.
Click Refresh button to refresh the web page.
3.6.8
TR069
TR-069 (Technical Report 069) is a Broadband Forum technical specification entitled CPE WAN
Management Protocol (CWMP). It defines an application layer protocol for remote management of
end-user devices. As a bi-directional SOAP/HTTP-based protocol, it provides the communication
between customer-premises equipment (CPE) and Auto Configuration Servers (ACS). It includes both a
safe auto configuration and the control of other CPE management functions within an integrated
framework.
Choose the menu System→TR069 to load the following page.
Page 85 of 111
FG7008N User Manual
Figure 3-132 Configure TR069
The following items are displayed on this screen:
► Serial Number:
► Enable:
► ACS Address:
► ACS Port:
► ACS Server Name:
► SSL Enable:
► Schedular Send Inform:
The serial number of device. Read only.
Enable or disable the TR069 function globally.
Enter the IP address or domain name of ACS.
Enter the port of ACS.
Enter the TR069 server name of ACS.
Enable or disable the SSL(Secure Sockets Layer) for TR069.
Whether or not the CPE must periodically send CPE information to
Server using the Inform method call. Enter the duration in seconds
of the interval if enabled.
► Single Account Enable:
► TR069 Account:
Whether or not the TR069 Account is enabled.
Username used to authenticate the CPE when making a
connection to the ACS.
► TR069 password:
Password used to authenticate the CPE when making a
connection to the ACS.
► Connection Request Auth:
Whether to authenticate an ACS making a Connection Request to
the CPE.
► Connection Request Username: Username used to authenticate an ACS making a Connection
Request to the CPE.
► Connection Request Password: Password used to authenticate an ACS making a Connection
Request to the CPE.
► CPE Server Name:
A part of the HTTP URL for an ACS to make a Connection
Page 86 of 111
FG7008N User Manual
► CPE Port:
► Status:
► Fail Reason:
Request notification to the CPE. In the form:http://host:port/path
A part of the HTTP URL for an ACS to make a Connection Request
notification to the CPE. In the form:http://host:port/path
Connection Status when CPE making a connection to the ACS.
Read only.
Show reason for the failure when CPE making a connection to the
ACS. Read only.
Click the Save button when finished.
Click Refresh button to refresh the web page.
3.6.9
SNMP
You can configure the SNMP parameters and view the registration status of SNMP. Choose the
menu System→SNMP to load the following page.
Figure 3-133 Configure SNMP
The following items are displayed on this screen:
► Register Enable:
► Server Address or Domain:
► Server Port:
► TRAP Message Interval:
► Regional Identity:
► Device Identifier:
► Enable Double Register Server:
► Backup Server Address or Domain:
Check this box to enable SNMP register.
Enter the IP address or domain name of register server.
Enter the port of Register Server.
Set the sending interval between TRAP messages.
Set the identity of regional.
Set the identifier of device.
Check this box to enable backup Register Server.
Enter the IP Address or Domain Name of Backup Register
Server.
► Backup Server Port:
Enter the port of Backup Register Server.
► Registration Status:
The status of registration.Read only.
Click the Save button when finished.
Click Refresh button to refresh the web page.
Page 87 of 111
FG7008N User Manual
3.6.10 User Access Right
If the permission level of login user is super, you can see this web page. On this page, you can
change the access right of the user to access the web pages.
Choose the menu System→User Access Right to load the following page.
Figure 3-134 View users
If you want to change the user access right, click detail in the entry to load the following page.
Page 88 of 111
FG7008N User Manual
Figure 3-135 Modify User Access Right
3.7 Apply
Follow the prompts,Some parameters will take effect after click the button of “Apply”.
Figure 3-136 Apply
3.8 Print Function
The device supports to link printer port and provides share printing capabilities to other computers. To
use print function, you need do the following steps.
2. Add Printer
Open the windows of the Control Panel, select Printers and Faxes, and add the printer
Page 89 of 111
FG7008N User Manual
Figure 3-137 Add Printer
3. Connecting local printer
Select "Local printer attached to this computer."
Page 90 of 111
FG7008N User Manual
Figure 3-138 Connecting local printer
4. Create a new port
Select "Create a new port" and select "Standard TCP / IP Port"
Figure 3-139 Create a new port
5. Add print device
Click Next, and add IP devices, assuming the device IP is 192.168.1.1.
Page 91 of 111
FG7008N User Manual
Figure 3-140 Add IP LAN devices
6. Configure printer port
Select "Custom", click "Settings" to confirm the agreement as "RAW (R)"
Page 92 of 111
FG7008N User Manual
Figure 3-141 Configuer printer port
7. Add Printer Driver
According to the printer manufacturer and printer type, select the appropriate driver. If the computer has
not printer driver, you need to install the printer driver.
After adding the printer, you can print through the USB printer.
Page 93 of 111
FG7008N User Manual
Figure 3-142 Add Printer Driver
Page 94 of 111
FG7008N User Manual
4 CLI Introduction
4.1 Login
The CLI interface is ready for accessing about one minute after the device powers on. The default
LAN IP address is 192.168.100.1, you can access the CLI interface via either WAN port or LAN port.
Enter telnet with IP address and then press ENTER, you can get access to the Login interface. Such
as IP address is 192.168.100.17, you can input “telnet 192.168.100.17”, and then press ENTER, it
will show as below:
Figure 4-1
Telnet Login
And input the “password” and “en” and the privileged password, you will enter the CLI command
interface:
Figure 4-2
Telnet Command Interface
Page 95 of 111
FG7008N User Manual
Input the command “set language” to set the CLI language:
Figure 4-3
Set CLI Language
4.2 Network
4.2.1
3G Modem
The command “show 3gmodem” show the 3G modem information as below:
Figure 4-4
Show 3G Modem Information
The command “set 3gmodem” configure the 3G modem parameters as below.
Page 96 of 111
FG7008N User Manual
Figure 4-5
Configure 3G Modem Parameters
The following items are displayed on this screen:
► SP Network:
Other or Swisscom. If it is not the target user, you need to select the other.
► Connect Mode: Manual or Auto. The default is Auto.
► Online Mode: always online and disconnect after idle interval. The default is “always online”.
The default idle interval is 60 seconds.
If Other is selected, the following parameters appear:
► Username:
3G network dial-up username.
► Password:
3G network dial-up password.
► Dial Number:
3G network dial numbers.
► APN:
3G network access APN.
► PIN:
3G networks need to use dial-up PIN code, if not, can be set to empty.
Advanced Parameters:
► Authentication:
3G dial-up authentication, CHAP,PAP,Auto are provided. Default is Auto.
► DNS:
The default is obtained from the dial-up network devices automatically. You can
also configure DNS manually.
► TCP MSS:
Configure TCP maximum segment, we recommend using the default value.
► MTU:
Configure 3G link MTU, the default value is recommended
► Data Link Backup: When enabled, if WAN uplink port is disconnected, the routing switches to the 3G
link.
► Heartbeat Address: Set the heartbeat detecting address of the link, the default configuration is not
required.
The command “show 3gmodem-status” show the 3G modem status as below:
Page 97 of 111
FG7008N User Manual
Figure 4-6
Show 3G Modem Status
The following items are displayed on this screen:
► Device Status:
► SIM Card Status:
Indicates whether to insert 3G module.
Indicates whether to insert 3G modem in the SIM card, the ready state means
the SIM card is detected.
► Product Name:
3G modem Product Type.
► Manufacturer Name: 3G modem vendor name.
► SP Name:
3G modem service provider name.
► Signal Quality:
Signal quality of 3G Modem, up to 31.
► Connection Status: Connected or disconnected.
4.2.2
4.2.2.1
Port Management
Port Mirror
The command “show port-mirror” show the port mirror information as below:
Figure 4-7
Show Port Mirror Information
The command “set port-mirror” configure the port mirror parameters as below.
Figure 4-8
Configure Port Mirror Parameters
The following items are displayed on this screen:
► Enable Port Mirror: Enable or disable port mirror.
► Destination Port:
The duplicate of packets from Source Port will send to this destination port.
► Source Port:
All packets received from Source Port will be duplicated and the duplicate will
be send to Destination Port.
4.2.2.2
Media Type
The command “show port-status” show the port status information as below:
Page 98 of 111
FG7008N User Manual
Figure 4-9
Show Port Status Information
The command “show port media-type” show the port media type information as below:
Figure 4-10 Show Port Media Type Information
The command “set port media-type” configure the port media type parameters as below.
Figure 4-11 Configure Port Media Type Parameters
The following items are displayed on this screen:
► Media Type:
provides the following six modes to all physical ports: 10M Half Duplex, 10M Full
Duplex, 100M Half Duplex, 100M Full Duplex, 1000M Full Duplex,
Auto-Negotiation.
► Current Status:
Current link status of all physical ports. Read only.
Page 99 of 111
FG7008N User Manual
4.2.3
4.2.3.1
Wan Parameter
Show Wan Parameter
The command “show wan” show the WAN interface configuration as below:
Figure 4-12 Show Wan Parameter
The wan interfaces include DATA、VOICE、MGMT、OTHER1 and OTHER2.
Input “1” to show DATA parameter as below:
Figure 4-13 Show DATA Interface Parameter
Input “2” to show VOICE parameter as below:
Page 100 of 111
FG7008N User Manual
Figure 4-14 Show VOICE Interface Parameter
Input “3” to show MGMT parameter as below:
Figure 4-15 Show MGMT Interface Parameter
Page 101 of 111
FG7008N User Manual
Input “4” to show OTHER1 parameter as below:
Figure 4-16 Show OTHER1 Interface Parameter
Input “5” to show OTHER2 parameter as below:
Page 102 of 111
FG7008N User Manual
Figure 4-17 Show OTHER2 Interface Parameter
4.2.3.2
Configure Wan Parameter
The command “set wan” configure the wan interface parameter as below:
Figure 4-18 Configure WAN Parameter
The wan interfaces include DATA、VOICE、MGMT、OTHER1 and OTHER2.
Input “1” to configure DATA parameter as below:
Page 103 of 111
FG7008N User Manual
Figure 4-19 Configure DATA Interface Parameter
The following items are displayed on this screen:
► Enable:
Type:
► VLAN Enable:
► VLAN ID:
► Priority Level:
► Primary DNS:
►
► Secondary
►
DNS:
Username:
Enable this WAN interface (DATA can’t be disabled).
Select PPPoE if your ISP provides xDSL Virtual Dial-up connection.
Optional. Enable VLAN to configure VLAN ID and VLAN Priority Level.
Optional. VLAN ID of this WAN interface.
Optional. VLAN Priority Level of this WAN interface.
Enter the IP address of your ISP’s Primary DNS (Domain Name Server)
manually. If you are not clear, please consult your ISP. It’s not allowed to
access the Internet via domain name if the Primary DNS field is blank.
Optional. If a Secondary DNS Server address is available, enter it.
Enter the Account Name provided by your ISP. If you are not clear, please
consult your ISP.
► Password:
Enter the Password provided by your ISP.
► Service Name /AC Name: Optional. The service name and AC (Access Concentrator) name, which
should not be configured unless you are sure it is necessary for your ISP. In
most cases, leaving these fields blank will work.
► LCP
Interval:
PPPoE will send an LCP echo-request frame to the peer every LCP interval
seconds.
► LCP
Max Fails:
PPPoE will presume the peer to be dead if LCP Max Fails LCP echo-requests
are send without receiving a valid LCP echo-reply.
Input “2” to configure VOICE parameter as below:
Page 104 of 111
FG7008N User Manual
Figure 4-20 Configure VOICE Interface Parameter
The following items are displayed on this screen:
► Enable:
► Type:
► VLAN
Enable:
► VLAN ID:
► Priority Level:
► Primary DNS:
Enable this WAN interface (DATA can’t be disabled).
Select Static IP if your ISP has assigned a static IP address for your.
Optional. Enable VLAN to configure VLAN ID and VLAN Priority Level.
Optional. VLAN ID of this WAN interface.
Optional. VLAN Priority Level of this WAN interface.
Enter the IP address of your ISP’s Primary DNS (Domain Name Server). If you are
not clear, please consult your ISP. It’s not allowed to access the Internet via
domain name if the Primary DNS field is blank.
► Secondary
DNS: Optional. If a Secondary DNS Server address is available, enter it.
► IP Address:
Enter the IP address assigned by your ISP. If you are not clear, please consult your
ISP.
► Netmask:
Enter the Subnet Mask assigned by your ISP.
► Gateway:
Optional. Enter the Gateway assigned by your ISP.
Input “3” to configure MGMT parameter as below:
Page 105 of 111
FG7008N User Manual
Figure 4-21 Configure MGMT Interface Parameter
The following items are displayed on this screen:
► Enable:
Type:
► VLAN Enable:
► VLAN ID:
► Priority Level:
► Primary DNS:
►
► Secondary
DNS:
► Appoint Server IP:
Enable this WAN interface (DATA can’t be disabled).
Select DHCP if your ISP assigns the IP address automatically.
Optional. Enable VLAN to configure VLAN ID and VLAN Priority Level.
Optional. VLAN ID of this WAN interface.
Optional. VLAN Priority Level of this WAN interface.
Enter the IP address of your ISP’s Primary DNS (Domain Name Server)
manually. If you are not clear, please consult your ISP. It’s not allowed to
access the Internet via domain name if the Primary DNS field is blank.
Optional. If a Secondary DNS Server address is available, enter it.
Optional. If network has multiple DHCP servers, enter the IP address of your
ISP’S DHCP server
► Vendor Class Identifier: Optional. This option (60) is used by DHCP clients to optionally identify the
vendor type and configuration of a DHCP client.
► Enterprise Code:
► Manufacture Name:
► Device Class:
► Device Type:
► Device Version:
Optional.
Optional.
Optional.
Optional.
Optional.
Input “4” to configure OTHER1 parameter as below:
Page 106 of 111
FG7008N User Manual
Figure 4-22 Configure OTHER1 Interface Parameter
The following items are displayed on this screen:
► Enable:
Type:
► VLAN Enable:
► VLAN ID:
► Priority Level:
► Primary DNS:
►
► Secondary
DNS:
► Server
IP:
► Username:
► Password:
► Enable
Encryption:
Enable this WAN interface (DATA can’t be disabled).
Select PPTP if your ISP provides a PPTP connection.
Optional. Enable VLAN to configure VLAN ID and VLAN Priority Level.
Optional. VLAN ID of this WAN interface.
Optional. VLAN Priority Level of this WAN interface.
Enter the IP address of your ISP’s Primary DNS (Domain Name Server)
manually. If you are not clear, please consult your ISP. It’s not allowed to
access the Internet via domain name if the Primary DNS field is blank.
Optional. If a Secondary DNS Server address is available, enter it.
Enter the Server IP provided by your ISP.
Enter the Account Name provided by your ISP. If you are not clear, please
consult your ISP.
Enter the Password provided by your ISP.
Enable PPTP link encryption.
Secondary Connection: Here allow you to configure the secondary connection. DHCP and Static IP
connection types are provided.
If Static is selected:
► IP Address:
► Netmask:
If Static IP is selected, configure the IP address of WAN port.
If Static IP is selected, configure the subnet mask of WAN port.
Page 107 of 111
FG7008N User Manual
► Gateway:
If DHCP is selected:
► Appoint Server IP:
Optional. If Static IP is selected, configure the default gateway of WAN port.
Optional. If network has multiple DHCP servers, enter the IP address of your
ISP’s DHCP server.
►Vendor Class Identifier: Optional. This option (60) is used by DHCP clients to optionally identify the
vendor type and configuration of a DHCP client.
► Enterprise Code:
► Manufacture Name:
► Device Class:
► Device Type:
► Device Version:
Optional.
Optional.
Optional.
Optional.
Optional.
Input “5” to configure OTHER2 parameter as below:
Figure 4-23 Configure OTHER2 Interface Parameter
The following items are displayed on this screen:
► Enable:
Type:
► VLAN Enable:
► VLAN ID:
► Priority Level:
► Primary DNS:
►
Enable this WAN interface (DATA can’t be disabled).
Select L2TP if your ISP provides a L2TP connection.
Optional. Enable VLAN to configure VLAN ID and VLAN Priority Level.
Optional. VLAN ID of this WAN interface.
Optional. VLAN Priority Level of this WAN interface.
Enter the IP address of your ISP’s Primary DNS (Domain Name Server). If
Page 108 of 111
FG7008N User Manual
you are not clear, please consult your ISP. It’s not allowed to access the
Internet via domain name if the Primary DNS field is blank.
► Secondary
DNS:
IP:
► Username:
Optional. If a Secondary DNS Server address is available, enter it.
Enter the Server IP provided by your ISP.
Enter the Account Name provided by your ISP. If you are not clear, please
consult your ISP.
► Password:
Enter the Password provided by your ISP.
► Server
Secondary Connection: Here allow you to configure the secondary connection. DHCP and Static IP
connection types are provided.
If Static is selected:
► IP Address:
► Netmask:
► Gateway:
If DHCP is selected:
► Appoint Server IP:
If Static IP is selected, configure the IP address of WAN port.
If Static IP is selected, configure the subnet mask of WAN port.
Optional. If Static IP is selected, configure the default gateway of WAN port.
Optional. If network has multiple DHCP servers, enter the IP address of your
ISP’s DHCP server.
►Vendor Class Identifier: Optional. This option (60) is used by DHCP clients to optionally identify the
vendor type and configuration of a DHCP client.
► Enterprise Code:
► Manufacture Name:
► Device Class:
► Device Type:
► Device Version:
4.2.4
4.2.4.1
Optional.
Optional.
Optional.
Optional.
Optional.
Lan Parameter
Show Lan Parameter
The command “show lan” show the LAN configuration as below:
Figure 4-24 Show LAN Parameter
Input “1” to show LAN static IP confguration as below:
Page 109 of 111
FG7008N User Manual
Figure 4-25 Show Static IP Parameter
Input “2” to show binding IP configuration as below:
Figure 4-26 Show Binding IP Parameter
Page 110 of 111
FG7008N User Manual
Input “3” to show port route/bridge mode as below:
Figure 4-27 Show Port Mode Parameter
Input “4” to show advanced parameters as below:
Figure 4-28 Show Advanced Parameter
4.2.4.2
Configure Lan Parameter
The command “set lan” configure the LAN parameter as below:
Figure 4-29 Configure LAN Parameter
Input “1” to configure static IP as below:
Page 111 of 111
FG7008N User Manual
Figure 4-30 Configure Static IP Parameter
The following items are displayed on this part.
► Interface Name:
► IP Address:
► Netmask:
► NAT:
► Assign NAT IP:
► Enable DHCP Server:
► Start IP:
Name of this LAN interface.
Enter the IP address for this LAN interface.
Enter the subnet mask for this LAN interface.
Optional Enable or disable NAT for this LAN interface
Optional If NAT is selected. NAT IP address can be assigned.
Enable or disable DHCP server on this LAN interface.
If Enable DHCP Server is selected, enter the Start IP address to define a
range for the DHCP server to assign dynamic IP addresses. This address
should be in the same IP address subnet with the IP address of this LAN
interface.
► End IP:
If Enable DHCP Server is selected, enter the End IP address to define a
range for the DHCP server to assign dynamic IP addresses. This address
should be in the same IP address subnet with the IP address of this LAN
interface.
► Netmask:
If Enable DHCP Server is selected, enter the Netmask to define a range for
the DHCP server to assign dynamic IP addresses.
Page 112 of 111
FG7008N User Manual
► Gateway:
Optional .If Enable DHCP Server is selected, enter the Gateway address to
be assigned.
► Primary DNS:
Optional. If Enable DHCP Server is selected, enter the Primary DNS server
address to be assigned.
► Secondary DNS:
Optional. If Enable DHCP Server is selected, enter the Secondary DNS
server address to be assigned.
► Lease Time(Second):
If Enable DHCP Server is selected, specify the length of time the DHCP
server will reserve the IP address for each client. After the IP address
expired, the client will be automatically assigned a new one.
► Binding LAN Port:
Select the physical LAN port to bind the IP address of this LAN interface.
► Binding WAN Subinterface: Select the WAN subinterface which the packet from this LAN interface
can be sending to.
Input “2” to configure binding IP as below:
Figure 4-31 Configure Binding IP Parameter
Input “3” to configure port route/bridge mode as below:
Page 113 of 111
FG7008N User Manual
Figure 4-32 Configure Port Mode Parameter
The following items are displayed on this part.
► Port:
► Route/Bridge:
The physical LAN port name (LAN1~LAN4).
Mode of this physical LAN port. The following four modes are provided:
Route: route to WAN
Transparent bridge: not modify the packets;
Tagged bridge: LAN untagged, WAN tagged; only 1 VID supported
Promisc Mode: Tagged packets in bridge mode, untagged packets in route mode;
most 5 VIDs supported (e.g. 8, 10, 13).
► VLAN ID List:
If Tagged bridge/Promisc Mode is selected, configure the VID/VIDs.
Input “4” to configure advanced parameters as below:
Page 114 of 111
FG7008N User Manual
Figure 4-33 Configure Advanced Parameter
The following items are displayed on this part.
► LAN Isolate:
► Auto Bridge:
► DHCP Vendor ID:
► IPAddress:
► Netmask:
► VID:
► PRI:
► Automatic:
4.2.5
4.2.5.1
Check the box to prohibit the access between LAN interfaces.
Check the box to dynamically create IPTV bridge for STB.
Vendor class identifier List (DHCP 60 option), support at most two vendor IDs.
IP address of interface for STB data service.
Subnet mask of interface for STB data service.
VID of IPTV VLAN.
Priority level of IPTV VLAN.
Check the box to automatically detect the VID of STB data service.
WLAN
Show WLAN Parameter
The command “show wlan” show the WLAN configuration as below:
Figure 4-34 Show WLAN Parameter
Input “1” to show basic settings as below:
Page 115 of 111
FG7008N User Manual
Figure 4-35 Show Basic Settings
Input “2” to show security configuration as below:
Figure 4-36 Show Security Parameter
Page 116 of 111
FG7008N User Manual
Input “3” to show advanced settings as below:
Figure 4-37 Show Advanced Settings
Input “4” to show client information as below:
Figure 4-38 Show Client Information
Input “5” to show WPS configuration as below:
Figure 4-39 Show WPS Parameter
Input “6” to show MAC filtering configuration as below:
Page 117 of 111
FG7008N User Manual
Figure 4-40 Show MAC Filtering Parameter
4.2.5.2
Configure WLAN Parameter
The command “set wlan” configure the WLAN parameter as below:
Figure 4-41 Configure WLAN Parameter
Input “1” to configure basic settings as below:
Page 118 of 111

Source Exif Data:
File Type                       : PDF
File Type Extension             : pdf
MIME Type                       : application/pdf
PDF Version                     : 1.5
Linearized                      : Yes
Author                          : Administrator
Create Date                     : 2015:03:12 19:21:34+08:00
Modify Date                     : 2015:03:12 19:21:34+08:00
XMP Toolkit                     : Adobe XMP Core 4.2.1-c041 52.342996, 2008/05/07-20:48:00
Format                          : application/pdf
Creator                         : Administrator
Title                           : Microsoft Word - FG7008N User Manual.doc
Creator Tool                    : PScript5.dll Version 5.2.2
Producer                        : Acrobat Distiller 9.0.0 (Windows)
Document ID                     : uuid:fa639eea-4919-49d6-b40a-0a63ca361112
Instance ID                     : uuid:046ad9d4-d8c9-4ffd-81a9-5eca51b89c60
Page Count                      : 126
EXIF Metadata provided by EXIF.tools
FCC ID Filing: 2AD5JFG700X

Navigation menu