Billion Electric Company 400G User's Manual
Contents
1. Edit Delete Source IP Netmask Source ports Inbound Edit Rule Name Time Schedule Protocol ee Delete Destination IP Metmask Destination ports Outbound O i htt Aj 0 0 0 0 0 0 0 0 0 py 0 65535 Block O i mei Always On E 05 ae 0 0 0 0 0 0 0 0 60 380 Allow Pe 0 0 0 0 0 0 0 0 O 65535 Block mei_dns Always On LIDP O a a 0 0 0 0 0 0 0 0 53 53 Allow O 48 Chapter 4 Configuration Billion 400G Router Example Predefined Port Filters Rules The predefined port filter rules for High Medium and Low security levels are listed See Table 1 Note Firewall For Blocked User defined you must define and create the port filter rules yourself No predefined rules are configured for these modes Table 1 Predefined Port Filter Port Number Firewall Low Firewall Medium Firewall High Application Protocol start Eno Outbound Outbound Outbound HTTP 80 TCP 6 po O pas pes fp pra fee F pr fee e me pe E h Soe NEWS NNTP Network TCP 6 RealAudio RealVideo UDP 17 7070 7070 YES 7070 HTTP HTTP Proxy TCP 6 8080 18080 8080 49 E a no ves no ve p fre v fie x Chapter 4 Configuration Billion 400G Router MSN 1863 TCP 6 YES MSN 7001 JUDP 17 7001 7001 YES sna VEDIO Inbound Internet to LAN Outbound LAN to Internet YES Allowed NO Blocked N A Not Applicable Packet Filter Add TCP UDP Filter i Configuration t Packet Filter Parameters Rul2. Manually mode makes you to set the ADSL line by manual If you choose Manually you will directly go to step 5 E Quick Start a Y WAN Pon WAN Wireless ADSL Line Is Ready Auto scan Apply Auto Manually i Quick Start YWAN Port WAN Wireless ADSL Line ls Ready Scanning Please wait for E seconds nO o A Chapter 4 Configuration Billion 400G Router 4 The list below has different mode applied for your choice Choose 0 33 PPPoE Recommended and click Apply i Quick Start N Ye fa Auto Scan qT OFSIPPPoE A 2 DISSIRFCE 1465 SHAPI LLE Bridged K Cancel 5 Please enter Username and Password as supplied by your ISP Internet Service Provider and click Apply to continue Quick Start WANPon WAN Wireless gt Connection Profile Port Username Password Authentication Protocol IP Address 0 0 0 0 means Obtain an IF address automatically Profile Port Select the connection mode There isADSL Encapsulation Select the encapsulation mode The default mode is PPPoE VPI VCI Enter the VPI and VCI information provided by your ISP Username Enter the username provided by your ISP Password Enter the password provided by your ISP Service Name This item is for identification purposes If it is required your ISP provides you the information Authentication Protocol Default is Auto Your ISP advises on using Chap or Pap IP Address Your WAN IP
3. Protocol The ATM protocol will be used in the device Description A given name for the connection VPI VCI Enter the information provided by your ISP ATM Class The Quality of Service for ATM layer Username Enter the username provided by your ISP You can input up to 128 alphanumeric characters case sensitive This is in the format of username ispname Password Enter the password provided by your ISP You can input up to 128 alphanumeric characters case sensitive Service Name This item is for identification purposes If it is required your ISP will provide you the information Maximum input is 15 alphanumeric characters NAT The NAT Network Address Translation feature allows multiple users to access the Internet through a single IP account sharing the single IP address If users on your LAN have public IP addresses and can access the Internet directly the NAT function can be disabled IP 0 0 0 0 Auto Specify IP addresses that are allowed to logon and access the router s web server Note P 0 0 0 0 indicates all users who are connected to this router are allowed to logon to the device and modify data Auth Protocol Default is Chap Auto Your ISP will advise you whether to use Chap or Pap Connection Always on l you want the router to establish a PPPoE session when starting up and to automatically re establish the PPPoE session when disconnected by the ISP Connect on Demand If you want to estab
4. Sent SSI Received L ak Packets 12 215 109 427 Properties Disable Cloze Figure 3 6 LAN Connection Status 21x General Connect using BY ASUSTeK Broadcom 440x 10 100 Integrated Controller 4 Select Internet Protocol TCP IP and click Properties See Fi g ure 3 7 Components checked are used by this connection V EM Client for Microsoft Networks Y A File and Printer Sharing for Microsoft Networks Internet Protocol TCP IP Install Uninstall Properties Description Transmission Control Protocol Internet Protocol The default wide area network protocol that provides communication across diverse interconnected networks Show icon in taskbar when connected OK Cancel Figure 3 7 TCP IP ax General You can get IP settings assigned automatically if pour network supports this capability Otherwise you need to ask pour network administrator for the appropriate IP settings 5 Select the Obtain an IP address automatically and Obtain DNS eee E server address automatically radio buttons See Figure 3 8 F iea tha lolo IP eee 6 Click OK to finish the configuration menie Subnet mast races Default gateway Obtain DNS server address automatically Use the following DNS server addresses Prefered DNS server Altenate DNS server Advanced Cerea Figure 3 8 IP Address amp D
5. amp Control Panel File Edit View Favorites Tools Help y e ya Search a Folders Ei 5 B Control Panel 1 Goto Start Control Panel in Classic View In the Control Panel double click Network Connections 2 Double click Local Area Connection See Figure 3 1 i Control Panel Network Phone and Power Options E Switch to Category View Se Modem See Also E w Printers and Regional and Scanners and a Windows Update Faxes Language Cameras 0 Help and Support r Da g Scheduled Sounds and Speech Tasks Audio Devices Local Area Connection Status General Support 3 In the LAN Area Connection Status window click Properties See Figure 3 2 Status Connected Duration 00 05 34 Connection Speed 100 0 Mbps Archivity Sent x Received Buttes 1 403 1 749 aces nc Figure 3 2 LAN Connection Status Local Area Connection Properties General Authentication Advanced 4 Select Internet Protocol TCP IP and click Properties See eto E ES ASUSTeK Broadcom 440x 10 100 Integrated Controller Figure 3 3 This connection uses the following items Client for Microsoft Networks a File and Printer Sharing for Microsoft Networks m QoS Packet Scheduler d Internet Protocol TCP IP Description Transmission Control Protocol Internet Protocol The default wide area network protocol that provi
6. Limit Used to limit the speed of inbound traffic Set in multiples of 32kbps Source IP Address Range The source IP address or range of packets to be monitored Source Port s The source port of packets to be monitored Destination IP Address Range The destination IP address or range of packets to be monitored Destination Port s The destination port of packets to be monitored 64 Chapter 4 Configuration Billion 400G Router Example QoS for your Network Connection Diagram po uy E O Normal PCs Restricted PC Information and Settings Upstream 928 kbps Downstream 8 Mbps VolP User 10 0 0 1 Normal Users 10 0 0 10 10 0 0 13 Restricted User 10 0 0 100 Configuration Prioritization Configuration from LAN to WAN packet Mame Priority High source IP Address Range 0 0 0 0 0 0 0 0 Destination IP Address Range 0 0 0 0 0 0 0 0 DSCP Marking Disabled Edit Delete lige Edit Mame Time Schedule Protocol Priority de PPTP Always On GRE High b VoIP Always On Any High CO Restricted Time slot Any High Chapter 4 Configuration Time Schedule Protocol source Pon Destination Port DSCP Marking Gold service iLi Gold service Ly Gold service Li w NM Ma C Delete O O O 65 Billion 400G Router Throughput m VoIP VPN HIGH mm Others NORMAL O Restricted LOW VolP VPN Others Restricted HIGH NORMAL LOW Mission cri
7. P2P users don t saturate upload bandwidth or office browsing doesnt bring client web serving to a halt In addition or alternatively you can simply change the priority of different types of upload data and let the router sort out the actual speeds Virtual Server port forwarding Users can specify some services to be visible from outside users The router can detect incoming service requests and forward either a single port or a range of ports to the specific local computer to handle it For example a user can assign a PC in the LAN acting as a WEB server inside and expose it to the outside network Outside users can browse inside web servers directly while it is protected by NAT A DMZ host setting is also provided to a local computer exposed to the outside network Internet Rich Packet Filtering Not only filters the packet based on IP address but also based on Port numbers It will filter packets from and to the Internet and also provides a higher level of security control y Dynamic Host Configuration Protocol DHCP Client and Server In the WAN site the DHCP client can get an IP address from the Internet Service Provider ISP automatically In the LAN site the DHCP server can allocate a range of client IP addresses and distribute them including IP address subnet mask as well as DNS IP address to local computers It provides an easy way to manage the local IP network Static and RIP1 2 Routing It has routing capability and
8. RFC 1483 encapsulation over ATM bridged or routed PPP over Ethernet RFC 2516 and IPoA to establish a connection with the ISP The product also supports VC based and LLC based multiplexing Furthermore the device supports multiple PPPoE connections on the same PVC to allow for smart traffic separation Quick Installation Wizard The router can be setup and managed by using the easy setup wizard software included on the CD or the GUI Graphical User Interface imbedded on the router accessed using the router s LAN IP address and a standard web browser application like Internet Explorer Universal Plug and Play UPnP and UPnP NAT Traversal This protocol is used to enable simple and robust connectivity among stand alone devices and PCs from many different vendors It makes network simple and affordable for users UPnP architecture leverages TCP IP and the Web to enable seamless proximity networking in addition to control and data transfer among networked devices With this feature enabled users can now connect to Net meeting or MSN Messenger seamlessly Network Address Translation NAT Allows multi users to access outside resources such as the Internet simultaneously with one IP address one Internet access account Many application layer gateways ALG are supported such as web browser ICQ FTP Telnet E mail News Net2phone Ping NetMeeting IP phone and others SOHO Firewall Security with DoS and SPI Along with the built in NAT natur
9. address Leave this at 0 0 0 0 to obtain automatically an IP address from your ISP 22 Chapter 4 Configuration Billion 400G Router 6 Configure the Wireless LAN setting A Quick Start Y Wireless WAN gt Wireless j Parameters WLAN Service f Enable Disable ESSID wlan ap ESSID Broadcast Enable Disable Regulation Domain NAmerica Channel ID Channel 1 2 412 GHZ security Parameters Security Mode Disable Apply Cancel hs WLAN Service Default setting is set to Enable If you want to use wireless both 802 11g and 802 11b device in your network you can select Enable ESSID The ESSID is the unique name of a wireless access point AP to be distinguished from another For security propose change to a unique ID name to the AP which is already built in to the router s wireless interface It is case sensitive and must not excess 32 characters Make sure your wireless clients have exactly the ESSID as the device in order to get connected to your network ESSID Broadcast It is function in which transmits its ESSID to the air so that when wireless client searches for a network router can then be discovered and recognized Default setting is Enable Enable When Enable is selected you can allow anybody with a wireless client to be able to locate the Access Point AP of your router Disable Select Disable if you do not want broadcast your ESSID When select Disable no one will be able to lo
10. as a DNS Server the ADSL Router will perform the domain name lookup find the IP address from the outside network automatically and forward it back to the requesting PC in the LAN your Local Area Network If you check DHCP Relay Agent and click Next then you will have to enter the IP address of the DHCP server which will assign an IP address back to the DHCP client in the LAN Use this function only if advised to do so by your network administrator or ISP Click Apply to enable this function 33 Chapter 4 Configuration Billion 400G Router WAN Wide Area Network WAN refers to your Wide Area Network connection i e your router s connection to your ISP and the Internet Here are the items within the WAN section WAN Profile and ADSL Mode WAN Profile PPPoE Connection PPPoE PPP over Ethernet provides access control in a manner which is similar to dial up services using PPP Configuration WAN Connection PPPoE Routed Profile Port Description WPIACI e ATM Class UBR Username fe Password fF service Marne NAT Y Enable IP 0 0 0 0 Auto Auth Protocol Connection Idle Timeout o mines MTU RIP O RP O RIPv2 O RIP v2 Multicast TCF MSS Clamp Enable MAC Spoofing Ll Enable oo oo oo oo oo oo Obtain DAS Dl Autornatic Primary fs Secondary Edit Mame Description Creator WPI W Delete 2 wanlink PPPoE Routed with Multiple Session WebAdmin 8 35 Profile Port Select the profile port ADSL
11. channel Here are the items within the QoS section Prioritization and Outbound Inbound IP Throttling bandwidth management Prioritization There are three priority settings to be provided in the Router High Normal The default is normal priority for all of traffic without setting Low And the balances of utilization for each priority are High 60 Normal 30 and Low 10 To delete the application you can choose the Delete option and then click Edit Delete H Configuration VU Prioritization Configuration from LAN to WAN packet Mame Time Schedule Priority High Protocol source IP Address Range 0 0 0 0 source Port lo jo Destination IP Address Range 0 0 0 0 Destination Port lo jo DSCP Marking Disabled w V Editi Deletes MSS__ A Edit Mame Time Schedule Protocol Priority DSCP Marking Delete ligt 61 Chapter 4 Configuration Billion 400G Router Name A user defined description identifying this new policy application Time Schedule The details of when this rule of your prioritization policy is active Priority The priority given to each policy application The default setting is High you may adjust this setting to fit your requirements Protocol The name of supported protocol Source IP Address Range The source IP address or range of packets to be monitored Source Port The source port of packets to be monitored Destination IP address Range The destination IP addres
12. e o O o O on E T 20 DOTES TARE ai dates 21 COIN aaa cca ce sein peek aw a oc sae awn naan espn pee ape pais avs U es SIS eee Eto eee 24 LAN Local Area IN OWEN atra 24 TS ABC y e Vo oc casein PAC OM E O O E 24 Me CMG 00 PP O o OU RES O RC O E O 25 A I II A 25 ile iit E E a L o IE E EET IENE EN E EET INE ENE NAE N E NAAT TNTET 26 M o Se seca POR noo go E O o EU AE A REO SEO O AE 27 VAISS SiC WIN o oct iia 29 Wireless Cuento NA Address PUE nen ere ree E iio ani 31 WE o e o ES PR COMES oO A sas PRO II ae a owe Pe ess 32 OTe a AA O ERE o E eens et oeutaesesnenetaeneseks 32 DHCP SV ci n 33 WAN Wide AFCON EW apiausieuineevsws xptaastemsstbunclunsautaboiewssdanawsuabiasenestusseansaiesentetinmeissriadsoectons 34 A E o E E E oE a 34 A MO ee r E E A E E EE E EA EE 40 DIN RA A as 4 TZ A esse ey o oO e o due acess A ET 41 RO Be A gt AR E e E e nn AARAA A 42 A e E o o CE e 42 Table of Contents Backup RES IO odos io di ooo codos 43 Restart ROMA a 44 Ustr Mands o MENTono kana a aaa 44 EIEWAlEana ACCESS COTTO aina rta 46 EEEo CLINGS ttre AA O A A A E T TE E T E A A A E E anes 4 Changed The O O a e Sonik 47 Packs Riera ios aiii 48 Mison Detection 55 URET eraa AE a 58 IMIP A a A e REP CE OR eese teres y Rr renner TTT ere Awe treee 60 Ei e DIO 6 a y 0 octets PEO icon es A O REP E OR tice a caanataal cu eats 61 DOS U SOVICO LA E iia 61 NP TOMI ZAC OM asses A AS 61 Outbound IP Fhrottline LAN to WAN Toi A A A sanded dete a
13. number of helpful information such as DSP firmware version f Status ADSL Status Parameters DSP Firmware Version E 25 41 18 A connected false Operational Mode Inactive Annex Type ANNEX Upstream O Downstream 0 SMR Margintllpstrearni 0 dB SMR hharginf Downstre an 0 0 dB Line Attenuation UWpstrearnm 0 0 dB Line Attenuation Downstream 0 0 dB CRC Errors Upstream CRC Errors Dowpnstre arm O Latencytlpstream LatencyiDownstream ARP Table This section displays the router s ARP Address Resolution Protocol Table which shows the mapping of Internet IP addresses to Ethernet MAC addresses This is useful as a quick way of determining the MAC address of the network interface of your PCs to use with the router s Firewall MAC Address Filter function See the Firewall section of this manual for more information on this feature Status ARP Table Wired IP Address MAC Address Interface static 10 0 0 100 00 03 0d 3d c0 Th iplan no Wireless IF Address MAC IP Address A list of IP addresses of devices on your LAN Local Area Network MAC Address The MAC Media Access Control addresses for each device on your LAN Interface The interface name on the router that this IP Address connects to Static Static status of the ARP table entry no for dynamically generated ARP table entries yes for static ARP table entries added by the user 17 Chapter 4 Configuration Billion 400G Router DHCP Ta
14. server located on the local network when the firewall is enabled you have to configure the Port Filters setting for HTTP As you can see from the diagram below when the firewall is enabled with one of the three presets Low Medium High inbound HTTP access is not allowed which means remote access through HTTP to your router is not allowed Note Inbound indicates accessing from Internet to LAN and Outbound is from LAN to the Internet t Packet Filter Parameters lt Belect e Rule Mame Helper Time schedule Always On Source IP Address es 0 0 0 0 Metmask 0 0 0 0 Destination IP Addresses 0 0 0 0 Metmask 0 0 0 0 Type TOP Protocol Number Source Port os 65535 Destination Port os 65535 Inbound Outbound Edit Delete Source IP Metmask source partis Inbound Edit Rule Mame Time Schedule Protocal Destination IP Metmask Destination portis Outbound 0000 0000 0 65535 Always On O 0 0 0 0 0 0 0 0 r E Al O INIA UDP Ll E SAA O mei_dns ways On gt a 1 0 0 0 0 0 0 0 0 53 53 Allow 0000 0000 0 65535 Block O mei_tdns Always On TCP O 0 0 0 0 0 0 0 0 53 53 Allouy 0 0 0 0 0 0 0 0 O 65535 Block y O mei ftp Always On TCP de 0 0 0 0 0 0 0 0 2121 Allow Chapter 4 Configuration Configuring Packet Filter Billion 400G Router 1 Click Packet Filters You will then be presented with the predefined port filter rules screen in this case for the low security level shown below Note You may click
15. supports easy static routing table or RIP1 2 routing protocol Simple Network Management Protocol SNMP lt is an easy way to remotely manage the router via SNMP Web based GUI The routers web based GUI is used for configuration and management It is user friendly and comes with on line help It also Supports remote management capability for remote users to configure and manage the router Firmware Upgradeable Device can be upgraded to the latest firmware through the WEB based GUI Rich Management Interfaces It supports flexible management interfaces with local console port LAN port and WAN port Users can use terminal applications through the console port to configure and manage the device or Telnet WEB GUI and SNMP through LAN or WAN ports to configure and manage the device TR 069 management is also supported but is normally implemented by Telkom or your ISP Chapter 1 Introduction Billion 400G Router Chapter 2 Installing the Router Important note for using this router Do not use this router under high humidity or high temperatures Do not use the same power source for this router as other equipment Do not open or repair the case by yourself If this router is too hot turn off the power immediately and have it repaired at a qualified service Warning cenier Avoid using this product and all accessories outdoors Y Place this router on a stable surface y Only use the power adapter that comes with th
16. to maximum 255 Note Maximum power Level is not necessarily the best choice in all cases Choose the most suitable level for your network and environment Connected Representing in true or false That it is the connection status between the system and the build in wireless card AP MAC Address It is a unique hardware address of the Access Point AP Firmware Version The Access Point firmware version Wireless Distribution System WDS This is a wireless access point mode that enables wireless linking and communication with other access points It is easy to install simply define the peer AP s MAC address The WDS system gives a cost saving and flexible method of extending wireless range since no extra wireless client device is required to bridge between two access points Using WDS the usercan extend an existing wired or wireless infrastructure network to create a larger network In addition WDS enhances its link connection security in WEP mode WEP key encryption must be the same for both access points WDS Service The default setting is Disabled Check Enable radio button to activate this function Peer WDS MAC Address this is the associated AP s MAC Address It is important that your peer s AP must include your MAC address in order to allow the AP s to acknowledge and communicate with each other Note For MAC Address Semicolon must be included 28 Chapter 4 Configuration Billion 400G Router Wireless Secu
17. you need to you connected to the Internet using your ADSL connection Features Express Internet Access The router complies with ADSL worldwide standards It supports downstream rate up to 12 24 Mbps with ADSL2 2 8Mbps with ADSL Users enjoy not only high speed ADSL services but also broadband multimedia applications such as interactive gaming video streaming and real time audio much easier and faster than ever It is compliant with Multi Mode standard ANSI T1 413 Issue 2 Gdmt ITU G 992 1 Glite ITU G 992 2 Ghs ITU G994 1 Gdmt bis ITU G 992 3 G dmt bis plus ITU G992 5 802 11g Wireless AP with WPA Support With integrated 802 11g Wireless Access Point in the router the device offers a quick and easy access among wired network wireless network and broadband connection ADSL with single device simplicity and as a result mobility to the users In addition to 54 Mbps 802 11g data rate it also interoperates backward with existing 802 11b equipment The Wireless Protected Access WPA1 and WPA2 and Wireless Encryption Protocol WEP supported features enhance the security level of data protection and access control via Wireless LAN Fast Ethernet Switch A 4 port 10 100Mbps fast Ethernet switch is built in with automatic switching between MDI and MDI X for 10Base T and 100Base TX ports An Ethernet straight or crossover cable can be used directly for auto detection Multi Protocol to Establish a Connection It supports PPPoA
18. 10 IP Address TCP IP Properties 2 x Bindings Advanced NetBIOS DNS Configuration Gateway WINS Configuration IP Address pe C Enable DNS 5 Then select the DNS Configuration tab See Figure 3 11 DIS Serve Search Ordo 6 Select the Disable DNS radio button and click OK to finish the configuration Chapter 3 Basic Installation Women sufi Search Wraer Host Domat Bele Remove Cancel Figure 3 11 DNS Configuration 11 Billion 400G Router Configuring PC in Windows NT4 0 1 Go to Start Settings Control Panel In the Control Panel double click Network and choose the Protocols tab 2 Select TCP IP Protocol and click Properties See Figure 3 12 3 Select the Obtain an IP address from a DHCP server radio button and click OK See Figure 3 13 Chapter 3 Basic Installation Network 21x Identification Services Protocols Adapters Bindings Network Protocols Y NetBEUI Protocol Y NWLink IPX SPX Compatible Transport Y NWLink NetBIOS Add Remove CEroperies gt paste Description Transport Control Protocol Internet Protocol The default wide area network protocol that provides communication across diverse interconnected networks Cancel Figure 3 12 TCP IP MierozoM TCPAP Properties IPAddress DHS WINS Addess Rowing n IF address can be automatically assigned bo this network card by a D
19. 20 predefined rules are available Application Protocol and External Redirect Ports will be filled after the selection has been made Protocol This is the protocol supported by the virtual server In addition to specifying the port number to be used you will also need to specify the protocol used The protocol used is determined by the particular application Most applications will use TCP or UDP Time Schedule The user defined time period to enable your virtual server You may specify a time schedule or Always on for the use of this Virtual Server Entry For setup and detail refer to the Time Schedule section External Port The Port number on the Remote WAN side used when accessing the virtual server Redirect Port The Port number used by the Local server in the LAN network Internal IP Address The private IP in the LAN network which will be providing the virtual server application Sele Y List all existing computers currently connected to the network You may assign a computer with an IP address or a MAC address from this list 70 Chapter 4 Configuration Billion 400G Router Example If you would like to remotely access your routers Web HTTP interface all the time you would need to enable port number 80 Web HTTP and map it to the Router s LAN IP Address All incoming HTTP requests on the WAN network will then be forwarded to the router s IP address of 10 0 0 2 Since port number 80 is already a predefined rule
20. 2P Blocking IM short for Instant Messaging is required to use client program software that allows users to communicate exchanging text message with other IM users in real time over the Internet A P2P application known as Peer to Peer is a group of computer users who share files to specific groups of people across the Internet Both Instant Messaging and Peer to Peer applications make communication faster and easier but your network can become increasingly insecure at the same time This router s IM and P2P blocking system helps users to restrict LAN computers from access to the commonly used IM Yahoo and MSN and P2P Bitlorrent and eDonkey applications over the Internet I Configuration a ps a INP 2P Blocking Configuration Instant Message Blocking Yahoo Messenger C Block MSN Messenger C Block Peer to Peer Blocking BitTorrent BitTorrent BitComet C Block eDonkey eDonkey ehule C Block Instant Message Blocking The default is set to Disabled Disabled The Instant Messaging blocking function is not activated No blocking will be performed Always On The Instant Messaging blocking function is activated Blocking is enabled TimeSlot1 TimeSlot16 These are user defined time periods You may specify the time period during which the URL filter rules apply i e during working hours For setup and details refer to Time Schedule section Yahoo MSN Messenger Select this box to block either Yahoo and or MSN Messeng
21. A As FA A ETA FAA O Enable Disable Port Connection Type this is where you can customize the connection type of each of the routers Ethernet ports There are Six options to choose from Auto disable 10M half duplex 10M full duplex 100M half duplex 100M full duplex and Disable Sometimes there are Ethernet compatibility problems with legacy Ethernet devices and you can configure a particular Ethernet port to one of the different types to solve compatibility issues The default is Auto which users should keep unless there are specific problems with computers not being able to access your LAN IPv4 TOS priority Control Advanced users TOS Type of Services is the 2 octet of an IP packet Bits 6 7 of this octet are reserved and bit 0 5 are used to specify the priority of the packet This feature uses bits 0 5 to classify the packet s priority If the packet is high priority it will flow first and will not be constrained by the Rate Limit Therefore when this feature is enabled the router s Ethernet switch will check the 2 octet of each IP packet If the value in the TOS field matches the checked values in the table 0 to 63 this packet will be treated as high priority 32 Chapter 4 Configuration Billion 400G Router DHCP Server You can disable or enable the DHCP Dynamic Host Configuration Protocol server or enable the router s DHCP relay functions The DHCP protocol allows your router to dynamically assign IP addresses to
22. Add new users who are able to access the device s configuration interface Once you have clicked on Edit you are shown the following options Configuration Ye Y User Management Current Defined Users Valid User Comment Password Confirm Password Edit Delete Edit Valid Liser Comment Delete true adnan Default admin user You can change the user s password whether their account is active and valid as well as add a comment to each user account Click Edit Delete button to save your revise You cannot delete the default admin account if you do you will be logged out However you can delete any other created accounts by clicking Delete when editing the user You are strongly advised to change the password on the default admin account when you receive your router and any time you reset your configuration to Factory Defaults 44 Chapter 4 Configuration Billion 400G Router f Configuration 4 t User Management Current Defined Users Valid User Comment Password Confirm Password A Edit Valid User comment Delete O true admin Default admin user To create a new user account first check the Valid box and then enter in the relevant details for User Comment Password and Confirm Password Click the Add button to add the new user account Configuration Vu E t User Management Current Defined Users Valid User Comment Password Confirm Password ES ES Edit Delete Edit Valid User comment Dele
23. Edit the predefined rule instead of Delete it This is an example to show to how you add a filter on your Own Configuration t Packet Filter Parameters Rule Mame Helper Time schedule source IP Address es Destination IP Address es Type source Port Destination Port Inbound Outbound Edit Delete LC ex Betect w Always On 3 0 0 0 0 Metmask 0 0 0 0 Metmask WA K LIDP TCPILIDP Lise Protocol Mumber Allow Ss Allow a gt MM 0 0 0 0 0 0 0 0 I 2 Choose the radio button for the existing HTTP rule that you wish to delete Click Edit Delete button to delete this existing HTTP rule o Configuration Packet Filter Parameters Rule Marne Helper Time Schedule source IP Addresses Destination IP Address es Type source Port Destination Fort Inbound Quthoun Edit Delete Edit Rule Name s lei_dns Time Schedule lej_ http Always On Always On Select v lei http Always Or 0 0 0 0 Metmask Metmask i TER 44 Protocol Number 65535 Block Be Hi Allow Source IP f Metmask source portis Protocol Destination IP f Metmask Destination ports 0 0 0 0 0 0 0 0 O 65535 TOP 0 0 0 0 0 0 0 0 80 80 0 0 0 0 0 0 0 0 O 65535 UDF 0 0 0 0 7 0 0 0 0 5353 vo 0 0 0 0 E Inbound Delete Outbound Block O Alloy Block O Allow 3 Input the Rule Name Time Schedule Source Destination IP Type Source Destination Port Inbou
24. Education Communication VE Thor gt Billion 400G BIINON www dobroadband co za 3 alll ell WwWwW sizwebroadband co za Table of Contents CHAPTER E ENTRODUCTION casara nana iaa idad 1 INTRODUCHONTO YOUR ROUTER sn tire l A E E nae see l CHAPTER Z INSTALLING THE ROUTER nicolas odds oa 3 IMPORTANT NOTE FOR USING THIS ROUTER uu ccccccccccccccccscccceeccccuecccuecccuscscuuscsuuscceuececcuceseuecsuecssecssucessuecsueceeuueseueceusass 3 PALA GE CONTE NDS AAA ATA AE TAA 3 THE TIONS ia NEAR Nip asi 4 TAE RKEAR PORN oct 5 CABE NOA A E E AAE E sisine 6 CHAPTERS BASICINSIALLATION caia aiii 7 CONNECINGYOUR ROUTER ii AAA A A A a E E ai 8 PA DEAD ES TNG Sun dios 13 Web Interface Username and Password nnnoooonnsnsnnnnnnnsssenennnnsssseeenonssssseeroosssssserenosssssereosssssseeroossssseereossssseeeeessssseeereo 13 Device LAN IP SOM aii 13 SP Sene I WAN MAA oa 13 D VV OF e E EE E E E EE E E E EEE E E ES 13 LAN and WAN PORTA TO OSOS A AN A RA a a 13 INFORMATION FROM YOUR ISP dies 14 CONFIGURING WITH YOUR WEB BROWSER cccccccsssecccceeccccusecccuuscsccuuecsccusecscuusececuuecscuunececuecseuuecseuusecssuuecsssueeceeauness 15 CHAPTER 4 CONFIGURATION sein ida 16 E A E PE E A A A N A A 17 AD a E o EEA 17 E A no A A E EAE 17 Dia LO TIC ae PEI e o II EEEE A EEEN 18 A A PP e PE O EP A 18 NAT DOS VI pac 19 DADAS A A u o O 19 A e e o II A 19 A OU AI A 20 TOTTI ROO ENN E no OAE o II e A 20 TE OMAE PU uo
25. Forwarding Add Virtual Server in IP interface Virtual Server Entry Application Helper Protocol External Port Internal IF Address Candidates Apply Edit Delete return e Edit O Application Time Schedule HTTP_Server Always On Intrusion Detection Configuration Intrusion Detection Parameters Intrusion Detection victim Protection Block Duration scan Attack Block Duration DOS Attack Block Duration Maximum TCF Open Handshaking Count Maximurn Ping Count Maximum ICMP Count Apply Clear Blacklist Billion 400G Router a tcp w tomo to f External Port 80 80 Protocol t an g Enable Disable e00 lseconds 6400 seconds 1800 seconds 100 her second 16 ber second 100 persecond ME Time Schedule Redirect Port IF Address Interface 192162 1 101 Redirect Port 40 80 ipwan Me Cielete The router s ntrusion Detection System IDS is used to detect hacker attacks and intrusion attempts from the Internet If the IDS function of the firewall is enabled inbound packets are filtered and blocked depending on whether they are detected as possible hacker attacks intrusion attempts or other connections that the router determines to be suspicious Blacklist If the router detects a possible attack the source IP or destination IP address will be added to the Blacklist Any further attempts using this IP address will be blocked for the time period s
26. HICP server IF your nebrork doss mot have a DHCP server ask pour retak administrator for an address and then bape Itin thie space beiw w Obtain an lP address irom a DHCP serwer Specily an IP address Peders AUD DEE ea episode Figure 3 13 IP Address 12 Billion 400G Router Factory Default Settings Before configuring your you need to know the following default settings Web Interface Username and Password lm Username admin Password admin The default username and password are admin and admin respectively If you ever forget the username password to login to the router you may press the RESET button for 6 8 seconds to restore the factory default settings Caution After pressing the RESET button for more than 6 seconds to be sure you power cycle the device again Attention Device LAN IP settings l IP Address 10 0 0 2 lh Subnet Mask 255 255 255 0 ISP setting in WAN site lb PPPoE DHCP server bl DHCP server is enabled m Start IP Address 10 0 0 100 P pool counts 100 LAN and WAN Port Addresses The parameters of LAN and WAN ports are pre set in the factory The default values are shown below IP address 10 0 0 2 255 255 255 0 The WAN protocol has been pre selected and set by Telkom DHCP server function Enabled for automated service a deployment and delivery IP addresses for distribution 100 IP addresses continuing from t
27. Here are the items within the LAN section Bridge Interface Ethernet IP Alias Ethernet Client Filter Wireless Wireless Security Wireless Client Filter WPS Port Settings DHCP Server Bridge Interface Configuration t Bridge Interface Parameters Bridge Interface ethernet ethernet ethernet ethernet3 Device Management Management Interface Chapter 4 Configuration VLAN Port Mp1 Mp MP3 MPa POr P3 Opa p Or OPa Opa Pi Or OPa OF4 6 ethernet Primary DNS 41 223 60 26 E la 24 Billion 400G Router You can setup member ports for each VLAN group under Bridge Interface section From the example two VLAN groups need to be created Ethernet P1 Port 1 Ethernet1 P2 P3 and P4 Port 2 3 4 Uncheck P2 P3 P4 from Ethernet VLAN port first Note You should setup each VLAN group with caution Each Bridge Interface is arranged in this order Bridge Interface VLAN Port Always starts with ethernet P1 P2 P3 P4 etherneti P2 P3 P4 ethernet2 P3 P4 ethernet3 Management Interface To specify which VLAN group has possibility to do device management like doing web management Note NAT NAPT can be applied to management interface only Ethernet Configuration Ethernet Primary IP Address Subnet Mask 255 255 255 o RIF C RP O Ripv O RIP v2 Multicast Primary IP Address IP Address The default IP on this router Subnet Mask The default subnet mask on thi
28. IP address to 0 0 0 0 will disable IP address restrictions allowing users to login from any IP address Expire to auto logout Specify a time frame for the system to auto logout the user s configuration session For Example User A changes the routers HTTP port number to 100 specifies their own IP address of 10 0 0 55 and sets the logout time to be 100 seconds The router will only allow User A access from the IP address 10 0 0 55 to logon to the Web GUI by typing http 10 0 0 2 100 in their web browser After 100 seconds the device will automatically logout User A 80 Chapter 4 Configuration Billion 400G Router Universal Plug and Play UPnP UPnP offers peer to peer network connectivity for PCs and other network devices along with control and data transfer between devices UPnP offers many advantages for users running NAT routers through UPnP NAT Traversal On supported systems it makes tasks such as port forwarding much easier by letting the application control the required settings thus removing the need for the user to control the advanced configuration of their router Both the user s Operating System and the relevant application must support UPnP in addition to the router Windows XP and Windows ME natively support UPnP when the component is installed and Windows 98 users may install the Internet Connection Sharing client from Windows XP in order to support UPnP Windows 2000 does not support UPnP Disable Select this o
29. NS Configuration 10 Chapter 3 Basic Installation Configuring PC in Windows 95 98 ME 1 Go to Start Settings Control Panel In the Control Panel double click Network and choose the Configuration tab 2 Select TCP IP gt NE2000 Compatible or the name of any Network Interface Card NIC in your PC See Figure 3 9 3 Click Properties 4 Select the IP Address tab In this page click the Obtain an IP address automatically radio button See Figure 3 10 Billion 400G Router Network Ei x Configuration Identification Access Control The following network components are installed Microsoft Family Logon a ASUSTeK Broadcom 440x 10 100 Integrated Controller 3 Dial Up Adapter Y TCP IP gt ASUSTeK Broadcom 440x 10 100 Integrated TCP IP gt Dial Up Adapter Add Remove E Primary Network Logon Microsoft Family Logon y File and Print Sharing Description TCP IF is the protocol you use to connect to the Internet and wide area networks OK Cancel Figure 3 9 TCP IP TCP IP Properties 71x Bindings Advanced NetBIOS DNS Configuration Gateway WINS Configuration P Address An IP address can be automatically assigned to this computer If pour network does not automatically assign IP addresses ask your network administrator for an address and then type it in the space below Specify an IP address Cancel Figure 3
30. PCs on your network if they are configured to obtain IP addresses automatically Configuration DHCP Server Configuration Disable DHCP Server O DHCP Relay Agent DHCP Server Mode Hext DHCP Server Status Allow Bootp true Allow Unknown Clients true Enable true Subnet Definitions Subnet value 10 0 0 0 Subnet Mask 255 255 255 0 Maximum Lease Time 26400 seconds Default Lease Time 43200 seconds Use local host address as ONS server true Lise local host address as default gateway true Get subnet trom IF interface iplan IP Range 1800700 1000799 Option domer naneservers 0 0 0 0 To disable the router s DHCP Server check Disabled and click Next then click Apply When the DHCP Server is disabled you will need to manually assign a fixed IP address to each PCs on your network and set the default gateway for each PCs to the IP address of the router by default this is 10 0 0 2 To configure the router s DHCP Server check DHCP Server and click Next You can then configure parameters of the DHCP Server including the IP pool starting IP address and ending IP address to be allocated to PCs on your network lease time for each assigned IP address the period of time the IP address assigned will be valid DNS IP address and the gateway IP address These details are sent to the DHCP client i e your PC when it requests an IP address from the DHCP server Click Apply to enable this function If you check Use Router
31. RIP v1 RIP v2 and RIP v2 Multicast Check to enable RIP function TCP MSS Clamp This option helps to discover the optimal MTU size automatically Default is enabled MAC Spoofing This option is required by some service providers You must fill in the MAC address that has been specified by the service provider when it is required Default is disabled Obtain DNS A Domain Name System DNS contains a mapping table for mapping between Domain Names and IP addresses On the Internet every host has a unique and user friendly name domain name such as www helloworld com as well as an IP address An IP address is a 32 bit number in the form of xxx xxx xxx xxx for example 10 0 0 2 You can think of an IP address as a telephone number for devices on the Internet and the DNS will allow you to find the telephone number for any particular domain name As an IP Address is hard to remember the DNS converts the friendly name into its equivalent IP Address You can obtain a Domain Name System DNS IP address automatically if your ISP provides it when you logon To use this automatically supplied DNS check the Enable box Primary DNS Enter the primary DNS Secondary DNS Enter the secondary DNS 3 Chapter 4 Configuration Billion 400G Router IPoA Routed Connection Configuration WAN Connection IPoA Routed Profile Port ADSL Description IPoA routed VPIVCI ATM Class UBR tw NAT E Enable MTU IP 0 0 0 0 Auta Netmask Ga
32. Router Chapter 5 Troubleshooting If the router is not functioning properly first check this chapter for simple troubleshooting before contacting the Help desk Problems starting up the router None of the LEDs are on when you turn on the Check the connection between the adapter and the router If the error persists you router may have a hardware problem In this case you should contact technical support You have forgotten your Try the default login and password refer to Chapter 3 If this fails you can router login and or restore your router to its factory settings by holding the Reset button on the back password of your router for 6 8 seconds Problems with the WAN Interface Initialization of the PVC Ensure that the telephone cable is connected properly from the ADSL port connection linesync to the wall jack The ADSL LED on the front panel of the router should failed be on Check that your VPI VCI encapsulation type and type of multiplexing settings are the same as those provided by your ISP Reboot the router If you still have problems you may need to verify these settings with your ISP Frequent loss of ADSL Ensure that all other devices connected to the same telephone line as your linesync router e g telephones fax machines analogue modems have a line filter disconnections connected between them and the wall socket and ensure that all line filters are correctly installed and the righ
33. al firewall feature the router also provides advanced hacker pattern filtering protection It can automatically detect and block Denial of Service DoS attacks The router is built with Stateful Packet Inspection SPI to determine if a data packet is allowed through the firewall to the private LAN Chapter 1 Introduction Billion 400G Router Domain Name System DNS Relay It provides an easy way to map the domain name a friendly name for users such as www yahoo com and IP address When a local machine sets its DNS server with this router s IP address every DNS conversion request packet from the PC to this router will be forwarded to the real DNS in the outside network e Dynamic Domain Name System DDNS The Dynamic DNS service allows you to alias a dynamic WAN IP address to a static hostname For example to use the service you must first apply for an account from a DDNS service like http www dyndns org More than 5 DDNS servers are supported Q Quality of Service QoS QoS gives you full control over which types of outgoing data traffic should be given priority by the router ensuring important data like gaming packets customer information or management information move through the router ay lightning speed even under heavy load The QoS features are configurable by source IP address destination IP address protocol and port You can throttle the speed at which different types of outgoing data pass through the router to ensure
34. ble Status DHCP Table Type Leased Expired Permanent Leased The DHCP assigned IP addresses information Expired The expired IP addresses information Permanent The fixed host mapping information Leased Table Leased Table IF Address MAC Address Client Host Mame Expiry IP Address The IP address that assigned to client MAC Address The MAC address of client Client Host Name The Host Name Computer Name of client Expiry The current lease time of client Routing Table Jo eg Routing Table Routing Table Valid Destination Metmask Gateway lntetace Cost RIP Routing Table Destination Metmask Gateway Cost Routing Table Valid It indicates a successful routing status Destination The IP address of the destination network Netmask The destination Netmask address Gateway Interface The IP address of the gateway or existing interface that this route will use Cost The number of hops counted as the cost of the route RIP Routing Table Destination The IP address of the destination network Netmask The destination Netmask address Gateway The IP address of the gateway that this route will use Cost The number of hops counted as the cost of the route 18 Chapter 4 Configuration Billion 400G Router NAT Sessions This section lists all current NAT sessions between interface of types external WAN and internal LAN ET UE E HAT Sessions No active NAT sesslons betwe
35. cate the Access Point AP of your router Channel ID Select the ID channel that you would like to use Security Mode You can disable or enable with WPA or WEP for protecting wireless network The default mode of wireless security is Disable 7 Wait for the configuration ff cuics Start 4 amp WAN Port WAN Wireless ImRouter Imipinteraces ipwan Save confguration Save configuration to FLASH Please wait for 5 seconds i Quick Start y Ye ej WAN Pom WAN Wireless Process finished SUCCESS The Quick Start process is finished Your device has been successfully configured 23 Chapter 4 Configuration 8 When ADSL is synchronic it will appear check Status Device Information Model Mame Bilion 4006 Hast Mame horme gateway system Up Time 00 43 315 Current Time Fri 04 Jul 2008 13 47 52 Hardware Version Solos ADSL MASS w1 00 software Version 5 53 53 0h2 064 MAC Address 00 04 E0 1 2 40 91 WAN Port Protocol VPIVCI Connection Connection established ADSL PPPoE a 135 Configuration Billion 400G Router Port Status Ethere wires Subnet Mask Default Gateway 41 221 227 151 255 255 255 255 0 0 0 0 Interface ipwan When you click this item you get following sub items to configure the ADSL router LAN WAN System Firewall VPN QoS Virtual Server Time Schedule and Advanced These functions are described below in the following sections LAN Local Area Network
36. ces teee ened 63 Inbound IP Throttine WANTto LAN Ti tens ots eda eue a nen 64 Virtual Server known as Port Forwarding tata 69 AEV S N a A E E A E ET 69 PECON HOS e a a a a a a a a deck obeents 71 ECON Z HOS A A A A A 72 Edit One to One NAT Network Address Translati0nN occoocccnncccnnoncnnnccnnnocnnnncnnnarononocnonocnnnaccnnnrcnnnocnnnornonaccnnrcnnnicnns 73 Time Schedule iS A dd A Z3 Contisuration OF Times CAU AAA T 76 PROV ACO A AAA A ATA AAA EA AA AA RA AAA A di A ian I State OU Sa noi E aii T1 Dynamic DN Sora aida ooo ada aos 78 Checa mala aca ato 79 Device Manas me AA A E E E A E E 80 MGT 5 E RR TTA T 83 VIN ICIS eE CP PAU AE eee aaiaiea aban acuegonsaenentien tne las ten oGaiyaeaadacahuna deme Leuiol auseale i uakascikunoanss 83 LOOOL Ta E TRA HO ret Rn EER PRET AP ERC TORU eR See cada 83 CHAPTERS TROUBLESHOO TIN Goiania IRE SO EEES EETA S 84 PROBLEMS STARTING UP THE ROUTER da ii ti 54 PROBLEMS W OTT WAN TINGE RACE 230 a A A EO EE AUE dda dence vee gee 54 PROBE MS WIT THE LAN INTERFACES a e UA 54 CONTACT TELKOM ADSI SOPPORE 3 A sana ae ea eae eee 55 CONTACT SIZWEBROADBAND FOR ROUTER SUPPORT ccccccccsssccccccsveeccccccueescccccusescccccseecseuuusescsseuuseccsseuueesssssensessessenes 85 Table of Contents ji Billion 400G Router Chapter 1 Introduction Introduction to your Router Your Billion 400G router is an all in one ADSL router combining an ADSL 2 2 modem router and network switch providing everything
37. cking section of the web interface which also provides details on the number of new messages waiting See the Status section of this manual for more information Configuration Ye Ej Check Email Parameters Check Email O Enable Disable Account Mame Password fF POP3 Mail Server fF Period minutes Dial out for Checking Emails CO Automatic Check Email Disable Select this option to disable the router s Email checking function Enable Select this option to enable the router s Email checking function The following fields will be activated and must be filled in Account Name Enter the name login of the POP3 account you wish to check Normally it is the text in your email address before the symbol If you have trouble with it please contact your ISP Password Enter the account s password POP3 Mail Server Enter your POP mail server name Your Internet Service Provider ISP or network administrator will be able to supply you with this Period Enter the value in minutes between periodic mail checks Dial out for checking emails When this function is enabled and your Internet connection is dropped your ADSL router will automatically connect to your ISP to check for emails Please be careful when using this feature if your ADSL service is charged by time spent online 79 Chapter 4 Configuration Billion 400G Router Device Management The Device Management configuration settings allow you to contro
38. click Helper in the Application section A predefined rules window will pop and you can select HTTP_Sever Application HTTP_Sever Time Schedule Always On Protocol tcp External Port 80 80 Redirect Port 80 80 IP Address 10 0 0 2 Configuration Port Forwarding Add Virtual Server in ipwan IP interface Virtual Server Entry Application HTTP_Server lt lt Select vw Protocol Time Schedule External Port frorn 80 wi80o Redirect Port from so ftoja Internal IF Address 10 0 0400 lee Select w Edit Application Time schedule Protocol External Port Redirect Port IP Address Interface Delete a HTTP Server Always On tcp 80 80 60 80 10 0 0 100 ipwan C Add Click it to apply your settings Edit Delete Click it to edit or delete this virtual server application Using port forwarding has security implications since outside users will be able to connect to Computers on your network For this reason you are advised to add specific Virtual Server entries only for the ports that your application actually requires instead of using the DMZ function Using the DMZ function will result in all connection attempts from the WAN network having access to the public IP specified in the DMZ config section If you have disabled the NAT option in the WAN ISP section the Virtual Server function will not work If the DHCP server option is enabled you have to be very careful when assigning the IP addresses of virtual servers s
39. d by your ISP Acceptable Frame Type Specify which kind of traffic goes through this connection all traffic or only VLAN tagged Filter Type Specify the type of ethernet filtering performed by the named bridge interface Al Allows all types of ethernet packets through the port IP Allows only IP ARP types of ethernet packets through the port PPPoE Allows only PPPoE types of ethernet packets through the port Obtain DNS A Domain Name System DNS contains a mapping table for mapping between Domain Names and IP addresses On the Internet every host has a unique and user friendly name domain name such as www helloworld com as well as an IP address An IP address is a 32 bit number in the form of XXX XXX XXX XXX for example 10 0 0 2 You can think of an IP address as a telephone number for devices on the Internet and the DNS will allow you to find the telephone number for any particular domain name As an IP Address is hard to remember the DNS converts the friendly name into its equivalent IP Address You can obtain a Domain Name System DNS IP address automatically if your ISP provides it when you logon To use this automatically supplied DNS check the Enable box Primary DNS Enter the primary DNS Secondary DNS Enter the secondary DNS 39 Chapter 4 Configuration Billion 400G Router ADSL Mode Configuration 1 aj ADSL Mode Parameters Connect Mode All Modulation G DmtbisPlusAuta Profile Type MAIN v Ac
40. des communication across diverse interconnected networks C Show icon in notification area when connected Figure 3 3 TCP IP Internet Protocol TCP IP Properties General Alternate Configuration 5 Select the Obtain an IP address automatically and Obtain DNS thie capably Others you need to ack your network administrator o server address automatically radio buttons See Figure 3 4 A A 6 Click OK to finish the configuration O Use the following IP address Obtain DNS server address automatically Use the following DNS server addresses Figure 3 4 IP Address amp DNS Configuration Chapter 3 Basic Installation Billion 400G Router Configuring PCs in Windows 2000 E3 Network and Dial up Connections E el Ioj xj File Edit View Favorites Tools Advanced Help 1 Go to Start Settings Control Panel In the Control Panel Taen Fis double click Network and Dial up Connections Eee es 2 Double click Local Area LAN Connection See Figure 3 5 F wa E Make New Network and Dial Connection up Connections Local Area Connection Type LAN Connection Status Enabled h Figure 3 5 LAN Area Connection Local Area Connection Status General Connection 3 In the LAN Area Connection Status window click Properties Status Connected Duration 06 16 26 See Figure 3 6 Speed 100 0 Mbps Activity a E
41. dress les Select w Edit Delete Edit Application Time Schedule Protocol External Fort Redirect Port IP Address Interface Delete Add Virtual Server Because NAT can act as a natural Internet firewall your router protects your network from being accessed by outside users when NAT is enabled all incoming connection attempts will point to your router unless you specifically created Virtual Server entries to forward those ports to a computer on your network When your router needs to allow outside users to access internal servers e g a web server FTP server Email server or game server the router can act as a virtual server You can set up a local server with a specific port number for the service to use e g web HT TP port 80 FTP port 21 Telnet port 23 SMTP port 25 or POP3 port 110 When an incoming access request for a specified port is received by the router it will be forwarded to the corresponding internal server 69 Chapter 4 Configuration Billion 400G Router f Configuration VU a Port Forwarding Add Virtual Server in ipwarn IP interface Virtual Server Entry Protocal tcp ka Time Schedule Aways On Edit Delete Edt Application Time Schedule Protocol External Port Redirect Port IP Address Interface Delete Application A user defined description used to identify this entry You can click drop down menu to select existing predefined rules Select
42. dress it is a fixed IP address IPoA Routed VPI VCI VC LLC based multiplexing IP address Subnet mask IP over ATM Gateway address and Domain Name System DNS IP address it is a fixed IP address 14 Chapter 3 Basic Installation Billion 400G Router Configuring with your Web Browser Open your web browser enter the IP address of your router which by default is 10 0 0 2 and click Go a user name and password window prompt will appear The default username and password are admin and admin respectively See Figure 3 14 Connect to 10 0 0 2 Web4dmin User name E admin e Remember my password Figure 3 14 User name amp Password Prompt Window Congratulations You are now successfully logged on to the Router 15 Chapter 3 Basic Installation Billion 400G Router Chapter 4 Configuration At the configuration homepage the left navigation pane where bookmarks are provided links you directly to the desired setup page including i Status ADSL Status ARP Table DHCP Table Routing Table NAT Sessions UPnP Portmap Email Status Event Log Error Log Diagnostic Quick Start Configuration LAN WAN System Firewall VPN Qos Virtual Server Time Schedule Advanced Chapter 4 Configuration Language provides user interface in English and French languages 16 Billion 400G Router Status ADSL Status This section displays the ADSL overall status which shows a
43. e A user define description to identify this new policy name Time Schedule The details of when this rule of your prioritization policy is active Refer to Time Schedule for more information Protocol The name of supported protocol Rate Limit Used to limit the speed of outbound traffic Set in multiples of 32kbps Source IP Address Range The source IP address or range of packets to be monitored Source Port s The source port of packets to be monitored Destination IP Address Range The destination IP address or range of packets to be monitored Destination Port s The destination port of packets to be monitored 63 Chapter 4 Configuration Billion 400G Router Inbound IP Throttling WAN to LAN IP Throttling allows you to limit the speed of IP traffic The value entered will limit the speed of the specified application to the specified value Set in multiples of 32kbps Configuration k Ye Ej Finbound IP Throttling Configuration from WAN to LAN packet Mame Time Schedule Protocol Rate Limit 1 fa kbps source IF Address Range source portis bo jo Destination IP Address Range Destination ports bo fo Edit Application Time Schedule Protocol Rate Limit Delete Name a user define description to identify this new policy application Time Schedule The details of when this rule of your prioritization policy is active Refer to Time Schedule for more information Protocol The name of supported protocol Rate
44. e Mame Helper fs Time Schedule source IP Address es Metmask Destination IP Addresses Metmask Type Protocol Number source Port Destination Port Inbound Outbound Rule Name Users define description to identify this entry or click Select drop down menu to select existing predefined rules The maximum name length is 32 characters P 2 ollo 2 4 Time Schedule It is self defined time period You may specify a time schedule for your prioritization policy For setup and detail refer to Time Schedule section Source IP Address es Destination IP Address es This is the Address Filter used to allow or block traffic to from particular IP address es Selecting the Subnet Mask of the IP address range you wish to allow block the traffic to or form set IP address and Subnet Mask to 0 0 0 0 to inactive the Address Filter rule Tip To block access to from a single IP address enter that IP address as the Host IP Address and use a Host Subnet Mask of 255 255 255 255 Source Port This Port or Port Range defines the port allowed to be used by the Remote WAN to connect to the application Default is set from range 0 65535 It is recommended that this option only be configured by advanced users Destination Port This is the Port or Port Ranges that define the application Type It is the packet protocol type used by the application select TCP UDP or both TCP UDP Protocol Number Insert the port number Inbound Ou
45. e currently connected to the router You can easily add a particular client to the Allow or Block list by checking the box next to the MAC address and selecting Add to insert to the client into the Wireless Client MAC Address Filter table 31 Chapter 4 Configuration Billion 400G Router WPS The WPS feature uses the Wi Fi Alliance standard to allow easy set up of security enabled Wi Fi networks in the home and small office environments WPS supports two connection methods via the routers Web GUI and through the push button found on the rear panel that will significantly reduce the number of steps required to set up the network Configuration Yu Ej WPS Parameters Registrar WPS PIN 80846444 Enrollee s PIN Po Port Setting This section allows you to configure the settings for the router s Ethernet ports to solve some of the compatibility problems that may be encountered while connecting to the Internet as well allowing users to tweak the performance of their network Configuration vu ay Port Setting Parameters Forti Connection Type Port Connection Type Ports Connection Type Auto Auto Auto Portd Connection Type Auto IPv4 TOS Priority Control Set High Priority TOS e3 O62 DO Oeo Oss O s58 L157 O56 Oss O54053 L152 O51 L150 0O 49 0O 48 Oar Oas Das Os L430 42 L141 O40 O39 0O38 Ola L136 Olas O34 O33032 Ha L130 A29 028 Plor 026 025 A 24 A23 A22 Aa A20 Ais Ais Alir Ais Pis Ai AA Aii Pos Ps AA
46. e package Using a different voltage rating power adaptor may damage this router Attention Package Contents e Billion 400G Router e CD ROM containing this online manual e 2xRJ 11 ADSL telephone Cable e Ethernet CAT 5 LAN Cable e Console tool kit e Integrated surge and AC DC power adapter 12VDC 1 2A e Adetachable antenna e ADSL Micro filter e ADSL Splitter e Quick Start Guide Chapter 2 Installing the router Billion 400G Router The Front LEDs Lit when power is ON If lit red it means the system has failed to load Restart the device or o contact router support LAN Port Lit when connected to an Ethernet device 1X 4X Green for 100Mbps Orange for 10Mbps RJ 45 connector Flashing when data is Transmitted Received Green when the wireless connection is established Flashing when sending receiving data Lit and flashing p periodically when there are emails in the Inbox ADSL E Green when the device is successfully connected to an ADSL a line line synch Lit red when WAN port fails to get IP address t green when WAN port gets IP address successfully Chapter 2 Installing the router Billion 400G Router The Rear Ports Power we ON Ethernet _ de OFF The Ethernet Port 4 can be used as a console port You need a special console tool which already includes in the package to connect with LAN port 4 and PC s RS 232 port 9 pin serial port Connect the detachab
47. e present in URLs accessed to determine if the connection attempt should be blocked Please note that the URL filter blocks web browser HTTP connection attempts using port 80 only For example if the URL is hitp www abc com abcde html it will be dropped as the keyword abcde occurs in the URL f contiguration 1 Ey t Keywords Filtering Create cenon O Block WEE URLs which contain these keywords Mame Keyword Return Domains Filtering This function checks the whole URL not the IP address in URLs accessed against your list of domains to block or allow If it is matched the URL request will be sent Trusted or dropped Forbidden For this function to be activated both check boxes must be checked Here is the checking procedure 1 The router checks the domain in the URL to determine if it is in the trusted list If it is then the connection attempt is sent to correct the remote web server 58 Chapter 4 Configuration Billion 400G Router 2 If not the router checks if the domain is listed in the forbidden list If itis then the connection attempt will be dropped 3 If the packet does not match either of the above two items it is sent to the remote web server 4 Please be note that the completed URL www domain name shall be specified For example to block traffic to www google com au enter www google or www google com In the example below the URL request for www abc com will be sent
48. e the quality of your VoIP service when the link is fully loaded 66 Chapter 4 Configuration Billion 400G Router Restricted Application Some users will setup a FTP server for downloading of their files by means of FTP Configuration Prioritization Configuration from LAN to WAN packet Priority High Source IP Address Range 0 00111 110 0 0 111 Destination IP Address Range 0000 00 00 DSCP Marking Gold serice Edit Mame Time Schedule Protocol Priority O ERTE Always On GRE High de VoIP Always On Ary High a Restricted Timeslot ANY High Time Schedule Protocol source Port Destination Port DSCP Marking Gold service Li Gold service iL Gold service Li Timeslotl b H b H Delete O O O The above settings will help to limit utilization of upstream bandwidth by the FTP connections A time schedule can be implemented to limit file downloads to non busy times Advanced setting by using IP throttling With IP throttling you can specify more detail for allocating bandwidth even the applications are located in the same level Upstream 928kbps 29 32kbps Mission critical Application 192kbps 6 32kbps Voice Application 128kbps 4 32kbps Restricted Application 160kbps 5 32kbps Other Applications 448kbps 14 32kbps 6 4 14 5 29 29 32kbps 928kbps i Configuration Outbound IP Throttling Configuration from LAN to WAN packet Protocol source IP Address Range Des
49. en interfaces of types external and internal UPnP Portmap The section lists all port mapping established using UPnP Universal Plug and Play See the Advanced section of this manual for more details on UPnP and the router s UPnP configuration options Jo w a UPnP Portmap UPnP Portmap Table Mame Protocol External Fort Redirect Port IF Address Email Status Details and status for the Email Account you have configured the router to check Please see the Advanced section of this manual for details on this function Status VU aj Email Status Email Account Mo accounts specified 19 Chapter 4 Configuration Billion 400G Router Event Log This page displays the router s Event Log entries Major events are logged to this window such as when the router s ADSL connection is disconnected as well as Firewall events when you have enabled Intrusion or Blocking Logging in the Configuration Firewall section of the interface Please see the Firewall section of this manual for more details on how to enable Firewall logging rats vu K Event Log system log buffer head 01 00 00 00 home gateway 1psec none INFO Start IPSEC Initialize 01 00 00 00 home gateway ipsec none INFO Start IPSEC Initialize 01 00 00 12 howe gateway im none Changed iplan IP address to 192 168 1 254 01 00 00 21 home gateway Iminone Reset SNMP community to factory default Error Log Any errors encountered by the router e g inval
50. er Be sure that you have enabled the Instant Message Blocking first Peer to Peer Blocking The default is set to Disabled Disabled The Instant Messaging blocking function is not active No connections will be blocked Always On The Instant Messaging blocking function is activated Blocking is enabled TimeSlot1 TimeSlot16 These are user defined time periods You may specify the time period during which the URL filter rules apply i e during working hours For setup and details refer to Time Schedule section BitTorrent eDonkey Select this box to block either Bit Torrent and or eDonkey To be sure you have first enabled the Peer to Peer Blocking function 60 Chapter 4 Configuration Billion 400G Router Firewall Log Configuration 1 Ej Firewall Log Event willbe shown inthe Status Event Log Filtering Log Enable Disable Intrusion Log O Enable Disable URL Blocking Log Enable Disable Apply Firewall Log display log information of any unexpected action with your firewall settings Check the Enable box to activate the logs Log information can be seen in the Status Event Log after enabling QoS Quality of Service The QoS function helps you to control your network traffic for each LAN Ethernet and or Wireless application that accesses the WAN Internet It allows you to control the quality and speed of throughput for each application when the system is running with a fully loaded upstream
51. et and the DNS will allow you to find the telephone number for any particular domain name As an IP Address is hard to remember the DNS converts the friendly name into its equivalent IP Address You can obtain a Domain Name System DNS IP address automatically if your ISP provides it when you logon To use this automatically supplied DNS check the Enable box Primary DNS Enter the primary DNS Secondary DNS Enter the secondary DNS PPPoA Connection Configuration WAN Connection PPPoA Routed Profile Part Protocol PPPoA RFC2864 PPP over AALS 3 w Description VPIWCI Bo fas ATM Class Username fe Password fo NAT Enable IP 0 0 0 0 Auto Auth Protocol Connection Idle Timeout o mings MITI RIP LJ RFP O RIP y2 C RIP v2 Multicast TCP MSS Clamp Enable Obtain DNS autormatic Primary fo Secondary f Edit Mame Description Creator VPI vel Delete e wanlink PPPoE Routed with Multiple Session WebA4dmin a 35 Profile Port Select the profile port ADSL Protocol The ATM protocol will be used in the device Description User definable name for the connection VPI VCI Enter the information provided by your ISP ATM Class The Quality of Service for ATM layer Username Enter the username provided by your ISP You can input up to 128 alphanumeric characters case sensitive This will usually be in the format of username ispname instead of simply username Password Enter the password provided by your ISP Yo
52. evel LIN i some apolications cannot work a er enabling Firewall please check the Packet Fifer especial Port Filter ries For example adding CR 443 outbound atiowed wii et ATT PSs date go through Firewall Block WAN Request O Enable Disable ie Erani for preventing any ping test from internet such as hacker attack Apply NOTE Attempting to perform this action remotely may result in blocking of all access to configuration and management of the device from the Internet Use this with caution when connecting over the WAN 47 Chapter 4 Configuration Billion 400G Router Packet Filter This function is only available when the Firewall is enabled and one of these four security levels is chosen All blocked High Medium and Low The preset port filter rules in the Packet Filter must be modified according to the level of Firewall which is selected See Table1 Predefined Port Filter for more detailed information Configuration 4 a Packet Filter Parameters Rule Name Helper lt lt Select Time schedule Always On M Source IP Address es 0 0 0 0 Netmask 0 0 0 0 Destination IP Address es 0 0 0 0 Netmask 0 0 0 0 Type TCP Protocol Number pra Source Port o es535_ Destination Port o essa5 Inbound Allow Outbound Allow Y
53. form Resource Locator e g an address in the form of http www abcde com or http www example com filter rules allow you to prevent users on your network from accessing particular websites by their URL There are no pre defined URL filter rules you can add filter rules to meet your requirements i Configuration ye ay URL Filter Configuration URL Filtering O Enable Disable Block Mode keywords Filtering C Enable Details O Enable Details gt C Disable all WEB traffic excepttor Trusted Domains _ Block Java Applet _ Block surfing by IP address Domains Filtering Restrict URL Features Exception List Enable Disable To enable or disable URL Filter feature Block Mode A list of the modes that you can choose to check the URL filter rules The default is set to Always On Disabled No action will be performed by the Block Mode Always On Action is enabled URL filter rules will be monitoring and checking at all hours of the day TimeSlot1 TimeSlot16 These are user defined time periods You may specify the time period during which the URL filter rules apply i e during working hours For setup and details refer to Time Schedule section Keywords Filtering Allows blocking by specific keywords within a particular URL rather than having to specify a complete URL e g to block any image called advertisement gif When enabled your specified keywords list will be checked to see if any keywords ar
54. id names given to entries are logged to this window status VU aj Error Log Error Log times are in seconds since lastreboot When Process Error Log Diagnostic It tests the connection to computer s which is connected to LAN ports and also the WAN Internet connection If PING www google com is shows as FAIL and the rest show as PASS you ought to check your PC s DNS settings is set correctly Jo wm Diagnostic LAN Connection Testing Ethernet LAN connection PASS Testing Wireless LAN connection PASS WAN Connection Testing ADSL Synchronization FAIL Testing WAN connection FAIL Pina Primary Domain Name Server FAIL PING wai google com FAIL 20 Chapter 4 Configuration Billion 400G Router Quick Start 1 Click Quick Start Select the connect mode you want ADSL from Connect Mode drop down menu and click Continue There are two options you can choose ADSL Select i Quick Start 4 WAN Port WAN Vireless Select WAN Port Connect Mode ADSL a Continue Jump to Wireless setting 2 lf your ADSL line is not ready you need to check your ADSL line has been set or not l Quick Start a gt MW ADSL Line Is Not Ready Please Check your ADSL Line and wait for a while Jump to wireless setting Y WAN Port WAN Wireless 3 If your ADSL line is ready the screen appears ADSL Line is Ready Choose Auto radio button and click Apply It will automatically scan the recommended mode for you
55. l your router s security options and device monitoring features Configuration y E t Device Management Device Host Hame Host Mame Embedded Web Server HTTP Fort 80 is default HTTP port Management IF Address 0 0 0 0 means Anyi ManagementiP Metmask ManadgementiP Address 2 ManagementlP Netmaski2 Expire to auto logout 150 seconds Universal Plug and Play UPnP UPnP Enable O Disable UPnP Port SNMP Access Control SNMP V1 and V2 Read Community IP Address Write Community IP Address Trap Community IPF Address SNMP V3 Username po Password YY Access Right Read Readyrite IP Address Tha setting will become effective afer vou save to Nash and restart the router hen vou eng ble remote access please disablefeng ble the remote access fo Update the ATT P port Device Host Name Host Name This is the name given to your router this should be in the form of name name Example Host Name homegateway gt Incorrect Host Name home gateway or my home gateway gt Correct Embedded Web Server 2 Management IP Accounts HTTP Port This is the port number of the router s embedded web server for web based configuration The default value is the standard HTTP port 80 Users may specify an alternative if for example they are running a web server on a PC within their LAN Management IP Address You may specify the IP addresses allowed to logon and access the router s web server Setting the
56. le Virtual Server Entry Application es Select Protocal Time Schedule Global IP po External Port from o tio Redirect Port from o tplo Internal IP Address Edit Delete pete 5elect ae Edit Application Time Schedule Protocol External Port Redirect Port IPF Address Interface Delete Application Users defined description to identify this entry or click drop down menu to select existing predefined rules Select 20 predefined rules are available Application Protocol and External Redirect Ports will be filled after the selection Protocol This is the protocol to be supported by the virtual server In addition to specifying the port number to be used you will also need to specify the protocol used The protocol used is determined by the particular application Most applications will use TCP or UDP Time Schedule The user defined time period during which your virtual server is enabled You may specify a time schedule or you can select Always on for this Virtual Server Entry For setup and details refer to the Time Schedule section Global IP Define a public WAN IP address for this Application to use 73 Chapter 4 Configuration Billion 400G Router External Port The Port number on the Remote WAN side that is used when accessing the virtual server Redirect Port The Port number that the Local server on the LAN network will be listening on Internal IP Address The pri
57. le antenna to this port Use the supplied RJ 11 telephone cable to connect this port to the ADSL telephone wall jack To connect your router to a PC oran office nome network of 10Mbps or 100Mbps use a UTP Ethernet cable Cat 5 or Cat 5e and connect to one of the LAN ports Caution Port 4 can be either a LAN or a Console port at any time but not simultaneously Press the WPS button to trigger Wi Fi Protected Setup function When the router is turned on gt the reset button is used to Reset the router press for 1 3 seconds Restore factory default settings press for 6 8 seconds and power cycle the router useful if you cannot login to the router or have forgotten your Username Password Caution After pressing the RESET button for 6 8 seconds be sure you power cycle the device Ifthe RESET button is pressed for more than 10 seconds the device will need to be power cycled before normal operation can be resumed Connect the supplied power adapter to this jack Power ON OFF switch Chapter 2 Installing the router Billion 400G Router Cabling One of the most common causes of problems is the bad cabling or ADSL line s Make sure that all connected devices are turned on On the front of the product is a bank of LEDs Verify that the LAN Link and ADSL line LEDs are lit If they are not verify that you are using the proper cables Ensure that all other devices connected to the same telephone line as your rou
58. lish a PPPoE session only when there is a packet requesting access to the Internet i e when a program on your computer attempts to access the Internet 34 Chapter 4 Configuration Billion 400G Router Idle Timeout Auto disconnect the router when there is no activity on the line for a predetermined period of time Detail You can define destination port and packet type TCP UDP information that will not result in the router checking the timer It allows you to set which outgoing traffic will not trigger and reset the idle timer MTU Maximum Transmission Unit The size of the largest datagram excluding media specific headers that IP will attempt to send through the interface RIP RIP v1 RIP v2 and RIP v2 Multicast Check to enable RIP function TCP MSS Clamp This option helps to discover the optimal MTU size automatically Default is enabled MAC Spoofing This option is required by some service providers You must fill in the MAC address that has been specified by the service provider when it is required Default is disabled Obtain DNS A Domain Name System DNS contains a mapping table for mapping between Domain Names and IP addresses On the Internet every host has a unique and user friendly name domain name such as www helloworld com as well as an IP address An IP address is a 32 bit number in the form of XXX XXX XXX XXX for example 10 0 0 2 You can think of an IP address as a telephone number for devices on the Intern
59. ment hosts from multicast group ontisuration Vu ay FIGMP Parameters IGMP Forwarding Enable Disable IGMP Snooping OEnable Disable Apply IGMP Forwarding Accepting multicast packet Default is set to Enable IGMP Snooping Allowing switched Ethernet to check and make correct forwarding decisions Default is set to Disable VLAN Bridge This section allows you to create VLAN groups and specify the members Configuration i we aj VLAN Bridge Parameters Mame VLAN ID Tagged Ports LUnTadged Ports edit Delete Detaultvlan 1 Mone ethernet wireless wireless wds wireless wads wireless wds3 wireless wds4 Edit Create VLAN Edit Edit your member ports in selected VLAN group Create VLAN To create another VLAN group Logout To exit the router s web interface choose Logout Please ensure that you have saved the configuration settings before you logout Be aware that the router is restricted to only one PC accessing the configuration web pages at a time Oncea PC has logged into the web interface other PCs cannot get access until the current PC has logged out of the web interface If the previous PC forgets to logout the second PC can access the page after a user defined period by default 3 minutes You can modify this value using the Advanced Device Management section of the web interface Please see the Advanced section of this manual for more information 83 Chapter 4 Configuration Billion 400G
60. n M Mon Tue ved Thu Ml Fri Ol Sat Start Time 08 w 00 End Time 18 00 _ Editi Delete Time Slot Edit ID Mame Day in a week Start Time End Time Delete ED 1 Time Stott SMTVWTF S Os 00 18 00 O 2 Timeslot2 sMTWTFS 06 00 18 00 O de a TimeSlot3 SMTWTFS 08 00 18 00 O Note The days that you have selected will show as capital letters Lower case letters show the day s that are not selected and no rule will apply on these days 2 The setting of this Time Slot will be shown in detail f contiguration Vu aj Time Schedule TimeSlaot Day Olsun 4 mon 4 Tue vved Thu Fri C Sat Start Time Time Slot Edit Day in a week Start Time End Time mn 2 Timeslot2 SMTVYTFs 08 00 18 00 O O 3 TimesSlot3 shiTwTFS 08 00 18 00 O ID This is the index of the time slot Name A user defined description identifying this time slot Day The default setting is for Monday till Friday to be enabled You should modify this according to your requirements Start Time The default is set at 8 00 AM You may specify any required start time for your schedule End Time The default is set at 18 00 6 00PM You may specify any required end time for your schedule Select the Edit radio button and click the Edit Delete button to apply your changes Delete a Time Slot Select the Delete radio button and click the Edit Delete button to delete the existing Time profile i e Erase the selected Days and retur
61. n Key WEP Authentication To prevent unauthorized wireless stations from accessing data transmitted over the network the router offers secure data encryption Known as WEP If you require high security for transmissions there are two options to select from Open System Share key WEP Encryption To prevent unauthorized wireless stations from accessing data transmitted over the network the router offers highly secure data encryption Known as WEP If you require high security for transmissions there are two alternatives to select from WEP 64 and WEP 128 WEP 128 will offer increased security over WEP 64 Passphrase This is used to generate WEP keys automatically based upon the input string and a pre defined algorithm in WEP64 or WEP128 Default Used WEP Key Select the encryption key ID please refer to Key 1 4 below Key 1 4 Enter the key to encrypt wireless data Io allow encrypted data transmission the WEP Encryption Key values on all wireless stations must be the same as the router There are four keys for your selection The input format is in HEX style 5 and 13 HEX codes are required for WEP64 and WEP 128 respectively the separator is lt Forexample usng WEP64 11 22 33 44 55 is a valid key whilst 1122334455 Is invalid 30 Chapter 4 Configuration Billion 400G Router Wireless Client MAC Address Filter The MAC Address supports up to 16 wireless network machines and helps you to manage your network control to accept
62. n to the default settings of Start Time End Time 76 Chapter 4 Configuration Billion 400G Router Advanced Configuration options within the Advanced section are for users who wish to take advantage of the more advanced features of the router Users who do not understand the features should not attempt to reconfigure their router unless advised to do so by support staff Here are the items within the Advanced section Static Route Dynamic DNS Check Email Device Management IGMP and VLAN Bridge Static Route Go to Configuration Advanced Static Route Configuration Vu a t Static Routing Static Routing Apply Edit Delete Edit Valid Destination Metmask Galewaywinterace Delete Destination This is the destination subnet IP address Netmask Subnet mask of the destination IP addresses given above Gateway This is the gateway IP address to which packets sent to the network defined above are to be forwarded Interface Select the interface through which packets are to be forwarded Cost This is the same meaning as Hop This should usually be left at 1 unless you know the actual path length T Chapter 4 Configuration Billion 400G Router Dynamic DNS The Dynamic DNS function allows you to alias a dynamic IP address to a static hostname allowing users whose ISP does not assign them a static IP address to use a domain name This is especially useful for hosting servers via your ADSL connection so that anyone wishi
63. nd and Outbound Chapter 4 Configuration 93 Example Application Cindy_ HTTP Time Schedule Always On Billion 400G Router Source Destination IP Address es 0 0 0 0 Allow all addresses Type TCP Please refer to Table1 Predefined Port Filter Source Port 0 65535 I allow all ports to connect with the application Redirect Port 80 80 This is Port defined for HTTP Inbound Outbound Allow i Configuration t Packet Filter K Parameters Fule Mame Helper Time Schedule source F Addressies Destination IP Addresses Type source Port Destination Port Inbound Outbound Edit Rule Name Cindy HTTP Always On o io o5 oe o o TOP Allow Allows we Source IP Netmask Time Schedule ww a Select ka x on d cn DJ J Destination IP Metmask 4 The new port filter rule for HTTP is shown below O Cindy HTTP Always On 5 Configure your Virtual Server port forwarding settings so that incoming HTTP requests on port 80 will be 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 forwarded to the PC running your web server Note For how to configure the HTTP in Virtual Server go to Add Virtual Server in Virtual Server section for more details Chapter 4 Configuration TOP Metmask 0 0 0 0 Metmask 0 0 0 0 Protocol Number source portis Inbound Protocol Destination portis Outbound O 65535 Allow O 20 80 Allow 94 i Configuration t Port
64. net Client Filter table The maximum Ethernet client is 16 Wireless Configuration Yu E Wireless Parameters WLAN Service Enable Disable Mode 802 11b 9 ESSID wian ap ESSID Broadcast Enable O Disable Regulation Domain M America w Channel ID Channel 1 2 412 GHz Tx PowerLevel a 1 127 Connected true AP MAC address AP Firmware Version 00 04 ed 00 00 01 2 17 24 0 Private Wireless Distribution System WI WDS Service O Enable Disable 1 Peer WDS MAC address 00 00 00 00 00 00 2 Peer WDS MAC address 100 00 00 00 00 00 3 Peer WDS MAC address 00 00 00 00 00 00 4 Peer WDS MAC address 00 00 00 00 00 00 Parameters WLAN Service Default setting is set to Enable If you do not have any wireless devices 802 11g or 802 11b on your network select Disable Mode The default setting is 802 11b g Mixed mode If you do not know what type of wireless devises you have or have both 11g and 11b devices in your network then keep the default setting mixed mode From the drop down menu you can select 802 11g if you have only 11g clients on your network or if you have only 11b clients on your network then select 802 11b ESSID The ESSID is the unique name of a wireless access point AP used to distinguish it from other AP s For security purposes change the default AP ID wlan ap to a unique ID name The ESSID is case sensitive and must not excess 32 characters Make
65. net MAC address filter rules you can add the filter rules to meet your requirements Configuration Vu Ej t Ethernet Client Filter Filtering Rules Ethernet Client Filter Disable Allowed Blocked MAC Address List Candidates Apply Ethernet Client Filter Default setting is set Disable Allowed check to authorize specific device accessing your LAN by insert the MAC Address in the space provided or click 2 4st 5 Make sure your PC s MAC is listed Blocked Io prevent unwanted device accessing your LAN insert the MAC Address in the space provided or click 23 5 Make sure your PC s MAC is not listed The maximum client is 16 The MAC addresses are 6 bytes long they are presented only in hexadecimal characters The number 0 9 and letters a f are acceptable Note Follow the MAC Address Format xx xx xx xx xx xx Semicolon must be included Candidates automatically detects devices connected to the router through the Ethernet Candidates Active PC in LAN 26 Chapter 4 Configuration Billion 400G Router E hitp 10 0 0 2 Active PC in LAN Microso Sie Active PC in LAN IPF Address MAC Address C 110 0 0 100 00 03 0d 3d c0 fb Active PC in LAN displays a list of individual Ethernet device s IP Address amp MAC Address which connecting to the router You can easily by checking the box next to the IP address to be blocked or allowed Then Add to insert to the Ether
66. ng to connect to you may use your domain name rather than having to use your dynamic IP address which changes from time to time This dynamic IP address is the WAN IP address of the router which is assigned to you by your ISP Configuration Vu a t Dynamic DNS Parameters Dynamic DMS O Enable Disable Dynamic ONS Server Wildcard C Enable You will first need to register and establish an account with the Dynamic DNS provider using their website for example http www dyndns org There are more than 5 DDNS services supported Dynamic DNS Disable Select this option to disable the Dynamic DNS function Enable Select this option to enable the Dynamic DNS function The following fields will be activated and must be filled in Dynamic DNS Server Select the DDNS service you have established an account with Domain Name Username and Password Enter your registered domain name and your username and password provided by your DDNS service Period Set the time period between updates This is the interval after which your router will exchange information with the DDNS server In addition to updating periodically as per your settings the router will perform an update when your dynamic IP address changes 18 Chapter 4 Configuration Billion 400G Router Check Email This function allows you to have the router check your POP3 mailbox for new Email messages You may view the status of this function using the Status Email Che
67. not result in the router checking the timer It allows you to set which outgoing traffic will not trigger and reset the idle timer MTU Maximum Transmission Unit The size of the largest datagram excluding media specific headers that IP will attempt to send through the interface RIP RIP v1 RIP v2 and RIP v2 Multicast Check to enable RIP function TCP MSS Clamp This option helps to discover the optimal MTU size automatically Default is enabled Obtain DNS A Domain Name System DNS contains a mapping table for mapping between Domain Names and IP addresses On the Internet every host has a unique and user friendly name domain name such as www helloworld com as well as an IP address An IP address is a 32 bit number in the form of xxx xxx xxx xxx for example 10 0 0 2 You can think of an IP address as a telephone number for devices on the Internet and the DNS will allow you to find the telephone number for any particular domain name As an IP Address is hard to remember the DNS converts the friendly name into its equivalent IP Address You can obtain a Domain Name System DNS IP address automatically if your ISP provides it when you logon To use this automatically supplied DNS check the Enable box Primary DNS Enter the primary DNS Secondary DNS Enter the secondary DNS 36 Chapter 4 Configuration Billion 400G Router MPOA Connection Configuration WAN Connection RFC 1483 Routed Profile Port Descripti
68. o PCs 10 0 0 100 through 10 0 0 199 13 Chapter 3 Basic Installation Billion 400G Router Information from your ISP Telkom ADSL connections use PPPoE and automatically assign a WAN IP address to your router The following information is provided should you wish to connect to an alternative ISP Gather the information as illustrated in the following table and keep it for reference VPI VCI VC LLC based multiplexing Username Password Service Name and Domain Name System DNS IP address this is automatically set by the Telkom network but be set manually should this be required PPPoE VPI VCI VC LLC based multiplexing Username Password Service Name Multisession Domain Name System DNS IP address and multiple sessions on the same PVC VPI YCI VC LLC based multiplexing Username Password Service Name and PPPoE PPPoE Domain Name System DNS IP address this is automatically set by the Telkom with Pass through network but be set manually should this be required In addition additional WAN address can be assigned using PPPoE dialer VPI VCI VC LLC based multiplexing Username Password and Domain Name System DNS IP address it can be automatically assigned by your ISP when you connect or be set manually RFC 1483 Bridged VPI VCI VC LLC based multiplexing to use Bridged Mode VPI VCI VC LLC based multiplexing IP address Subnet mask RFC 1483 Routed Gateway address and Domain Name System DNS IP ad
69. o that you avoid conflicting IP addresses The easiest Attention method of configuring Virtual Servers is to manually assign static IP address to each virtual server Computer with an address that does not fall into the range of IP addresses that are to be issued by the DHCP server These manually configured IP addresses MUST still be in the same subnet as the router 71 Chapter 4 Configuration Billion 400G Router Edit DMZ Host A DMZ Host is a computer on the LAN that is completely exposed to the Internet When you have configured a particular internal IP address as the DMZ Host all incoming packets will be checked by the routers firewall and NAT algorithms and if the packet does not use a port number that has been assigned by any Virtual Server entry it will be passed to the DMZ host Caution This local computer which is exposed to the Internet may face a variety of security risks you should make quite sure that it is adequately protected Go to Configuration gt Virtual Server gt Edit DMZ Host f Configuration Ye Ej Edit DMZ Host DMZ Host for ipwarnr IP interface O Enabled Disabled Apply Enabled This option disables the DMZ function Disabled This option enables the DMZ function and is the default setting Internal IP Address When the DMZ function is enabled supply the static IP address of the DMZ Host Be aware that this IP will be exposed to the WAN Internet Select Y List all Computers curren
70. oes not have a real time clock on board it uses the Simple Network Time Protocol SNTP to get the current time from an SNTP server from the Internet Refer to Time Zone for details Your router time should correspond with your local time If the time settings on you router are not set correctly the Time Schedule will not function properly l Configuration t Time Schedule Marne Day LI sun lv mon Y Tue W ved Thu lv Fri C sat Start Time og 00 ve End Time 18 we 00 Time Slot Edit ID Mame Day in a week Start Time End Time Delete O 1 TimeSlot sMTWTFS 08 00 18 00 O 2 Timeslot2 SMTVYTFs 08 00 18 00 O mn 3 TimeSlot3 sMTWTFS 08 00 18 00 O 4 TimeSlot4 sMTWTFS 08 00 18 00 O O 5 TimeSlots sMTWTFS 08 00 18 00 O O E Time slots SMTVYTF Ss 08 00 18 00 O de T TimeSlot sMTWTFSs 08 00 18 00 O O E Time Slate sMTWTFS 08 00 18 00 O O y TimeSlota sMTWTFS 08 00 18 00 O O 10 TimeSlotl 0 sMTWTFS 08 00 18 00 O 11 Timeslot 1 SMTWTEFS 08 00 18 00 O O 12 TimeSlotl 2 sMTWTFS 08 00 18 00 O O 13 TimeSloti 3 sMTWTFS 08 00 18 00 O 14 TimeSlotl4 sMTWTFS 08 00 18 00 O E 15 Timeslotl s SMTVYTF Ss 08 00 18 00 O de 16 TimeSlotl 6 sMTWTFS 08 00 18 00 O 70 Chapter 4 Configuration Billion 400G Router Configuration of Time Schedule Edit a Time Slot 1 Choose any Time Slot ID 1 to ID 16 to edit click Edit radio button f contiauration 4 a Time Schedule Mame TimesSlotl Day LC su
71. om this IP address will be able to view and modify the data SNMP Version SNMPv2c and SNMPv3 SNMPv2c is a combination of the enhanced protocol features of SNMPv2 without the SNMPv2 security The c comes from the fact that SNMPv2c uses the SNMPv1community string paradigm for security but is widely accepted as the SNMPv2 standard SNMPv3 is a strong authentication mechanism authorization with fine granularity for remote monitoring Traps supported Cold Start Authentication Failure The following MIBs are supported From RFC 1213 MIB II M System group Interfaces group Address Translation group IP group ICMP group TCP group S RE K KK UDP group EGP not applicable Transmission SNMP group x N K 81 Chapter 4 Configuration Billion 400G Router From RFC1650 EtherLike MIB M dot3Stats From RFC 1493 Bridge MIB M dotidBase group M dotidTp group M dotidStp group if configured as spanning tree From RFC 1471 PPP LCP MIB M pppLink group pppLar group not applicable From RFC 1472 PPP Security MIB M PPP Security Group From RFC 1473 PPP IP MIB M PPP IP Group From RFC 1474 PPP Bridge MIB M PPP Bridge Group From RFC1573 IfMIB M fMIBObjects Group From RFC1695 atmMIB M atmMIBObjects From RFC 1907 SNMPv2 M only snmpSetSerialNo OID Chapter 4 Configuration 82 Billion 400G Router IGMP IGMP known as Internet Group Management Protocol is used to manage
72. omain Names and IP addresses On the Internet every host has a unique and user friendly name domain name such as www helloworld com as well as an IP address An IP address is a 32 bit number in the form of XXX XXX XXX XXX for example 10 0 0 2 You can think of an IP address as a telephone number for devices on the Internet and the DNS will allow you to find the telephone number for any particular domain name As an IP Address is hard to remember the DNS converts the friendly name into its equivalent IP Address You can obtain a Domain Name System DNS IP address automatically if your ISP provides it when you logon To use this automatically supplied DNS check the Enable box Primary DNS Enter the primary DNS Secondary DNS Enter the secondary DNS 38 Chapter 4 Configuration Billion 400G Router Pure Bridge Configuration WAN Connection RFC 1483 Bridged Profile Port Description VPIACI E ATM Class UBR Encap Method Acceptable Frame Type Filter Type All vw Obtain DMS Cl Automatic Primary fo Secondary fo Edit Mame Description Creator VPI W Delete a wanlnk PPPoE Routed with Multiple Session WebAdmin a 35 Profile Port Select the profile port ADSL Protocol The AIM protocol will be used in the device Description User definable name for the connection VPI VCI Enter the information provided by your ISP ATM Class The Quality of Service for ATM layer Encap mode Select the encapsulation format this is provide
73. on RFC 1483 routed mode PIC 8 35 ATM Class UBR sw MAT Enable Encap Method MTL IP 0 0 0 0 Auto Netmask Gateway fs RIP O RIP O RIP v2 J RIP v2 Multicast TCP MSS Clamp Enable MAC Spoofing C Enable oo oo oo oo oo oo Obtain DNS _ Automatic Primary Secondary Edit Mame Description Creator VPI WEI Delete 2 wanlink PPPoE Routed with Multiple Session WebAdmin 5 35 Profile Port Select the profile port ADSL Protocol The ATM protocol will be used in the device Description User definable name for the connection VPI VCI Enter the information provided by your ISP ATM Class The Quality of Service for ATM layer NAT The NAT Network Address Translation feature allows multiple users to access the Internet through a single IP account sharing a single IP address If users on your LAN have public IP addresses and can access the Internet directly the NAT function can be disabled Encap mode Select the encapsulation format this is provided by your ISP MTU Maximum Transmission Unit The size of the largest datagram excluding media specific headers that IP will attempt to send through the interface IP 0 0 0 0 Auto Enter the WAN IP for the router Leave this at 0 0 0 0 to obtain an IP address automatically from your ISP Netmask The default is 255 255 255 0 This can be changed according to the settings assigned by you ISP Gateway Enter the IP address of the default gateway if specified RIP
74. one o Configuration A Ye Time Zone Parameters Time Zone Enable Disable Time Zone List O By City By Time Difference Local Time one GMT Time MT 02 00 Middle European Summer MEST Y 3 ligubu saix nel 2 sangoma saixnet SMTP Server IF Address 2 linduna sa x nel 4 time b nist gov Daylight Saving J Enabled Resyne Period 1440 minutes Y The router does not have a real time clock on board instead it uses the Simple Network Time Protocol SNTP to get the current time from an SNTP server outside your network Choose your local time zone click Enable and click the Apply button After a successful connection to the Internet the router will retrieve the correct local time from the SNTP server you have specified If you prefer to specify an SNTP server other than those in the list simply enter its IP address as shown above Your ISP may provide an SNTP server for you to use Daylight Saving is also known as Summer Time Period Many places in the world adapt it during summer time to move one hour of daylight from morning to the evening in local standard time Check Automatic box to auto set your local time Resync Period in minutes is the periodic interval that the router will wait before it re synchronizes the router s time with that of the specified SNTP server In order to avoid unnecessarily increasing the load on your specified SNTP server you should keep
75. our options when you enable the Firewall they are All blocked User defined no pre defined port or address filter rules by default meaning that all inbound Internet to LAN and outbound LAN to Internet packets will be blocked Users have to add their own filter rules for further access to the Internet High Medium Low security level the predefined port filter rules for High Medium and Low security are displayed in Port Filters of Packet Filter Select either High Medium or Low security level to enable the Firewall The only difference between these three security levels is the preset port filter rules in the Packet Filter Firewall functionality is the same for all levels it is only the list of preset port filters that changes between each setting For more detailed on level of preset port filter information refer to Table 1 Predefined Port Filter If you choose of the preset security levels and add custom filters this level of filter rules will be saved even and do not need to re configure the rules again if you disable or switch to other firewall level The Block WAN Request is a stand alone function and not related to whether security is enabled or disabled Mostly this is used to preventing a hacker on the WAN from using any scan tools i Configuration VU aj t General Settings Firewall Security Security OQ Enable Disable All blackedfUser detined Zaller High security level Medium security level Low security l
76. pecified as the Block Duration The default setting for this function is false disabled Some attack types are denied immediately without using the Blacklist function such as Land attack and Echo CharGen scan Intrusion Detection If enabled IDS will block Smurf attack attempts Default is false Block Duration Victim Protection Block Duration This is the duration for blocking Smurf attacks Default value is 600 seconds Scan Attack Block Duration This is the duration for blocking hosts that attempt a possible Scan attack Scan attack types include X mas scan IMAP SYN FIN scan and similar attempts Default value is 86400 seconds DoS Attack Block Duration This is the duration for blocking hosts that attempt a possible Denial of Service DoS attack Possible DoS attacks this attempts to block include Ascend Kill and WinNuke Default value is 1800 seconds Chapter 4 Configuration 55 Billion 400G Router Max TCP Open Handshaking Count This is a threshold value to decide whether a SYN Flood attempt is occurring or not Default value is 100 TCP SYN per seconds Max PING Count This is a threshold value to decide whether an ICMP Echo Storm is occurring or not Default value is 15 ICMP Echo Requests PING per second Max ICMP Count This is a threshold to decide whether an CMP flood is occurring or not Default value is 100 ICMP packets per seconds except ICMP Echo Requests PING For SYN Flood ICMP Echo Sto
77. ption to disable the router s UPnP functionality Enable Select this option to enable the router s UPnP functionality UPnP Port The default port setting is 2800 It is highly recommended that users use this port value If this value conflicts with other ports that are already being used you may wish to change it SNMP Access Control Software on a PC within the LAN is required in order to utilize this function Simple Network Management Protocol SNMP V1 and V2 Read Community Specify a name to be identified as the Read Community and an IP address This community string will be checked against the string entered in the configuration file Once the string name is matched the user on this IP address will be able to view the data Write Community Specify a name to be identified as the Write Community and an IP address This community string will be checked against the string entered in the configuration file Once the string name is matched users on this IP address will be able to view and modify the data Trap Community Specify a name to be identified as the Trap Community and an IP address This community string will be checked against the string entered in the configuration file Once the string name is matched users on this IP address will be sent SNMP Traps SNMP V3 Specify a name and password for authentication And define the access rights from identified IP address Once the authentication has succeeded users fr
78. rity You can disable or enable WPA or WEP for protecting your wireless network The default mode of wireless security is Enabled And the default security mode is WPA Configuration Vu aj Wireless Security Parameters WPA PSK WPA2 PSK WEP Configuration Wireless Security Parameters Security Mode WPA PSK WPA Algorithms There are two types of the WPA PSK WPA PSK and WPA2 PSK The WPA PSK adapts the TKIP Temporal Key Integrity Protocol encrypted algorithms which incorporates Message Integrity Code MIC to provide protection against hackers The WPA2 PSK adapts CCMP Cipher Block Chaining Message Authentication Code Protocol of the AES Advanced Encryption Security algorithms WPA Shared Key The key for network authentication The input format is in character style and key size should be in the range between 8 and 63 characters By default your Router is provided with a unique Key This key is also given on a label on the underside of your router Group Key Renewal The period of renewal time for changing the security key automatically between wireless client and Access Point AP Default value is 3600 seconds 29 Chapter 4 Configuration Billion 400G Router WEP Configuration Ye Ej Wireless Security Parameters security Mode WEP ka WEP Authentication WEP Encryption WEPS4 O WEP128 Fassphrase Generate Default Used WEP Key hog nd HINT Input 10 hexadecimal digits 0 9 a f i
79. rm and ICMP flood IDS will just warn the user in the Event Log It cannot protect against such attacks 96 Chapter 4 Configuration Billion 400G Router Table 2 Hacker attack types recognized by the IDS Type of Block Intrusion Name fpetect Parameter Duration Drop Packet Show Log Ascend xin fascene Kill data DoS TCP Src IP DoS Yes Yes Flag URG ICMP type 8 Des IP is broadcast Land attack SrclP DstIP UDP Echo Port and WinNuke Port 135 137 139 ictim Protection Yes Yes Yes Yes Yes Echo CharGen Scan CharGen Port Yes Yes UDP Dst Port Echo 7 Scan Yes Yes UDP Dst Port CharGen Scan CharGen 19 Src IP Scan Yes Yes X mas Tree Scan TCP Flag X mas Scan Yes Yes IMAP TCP Flag SYN FIN DstPort IMAP 143 scan Yes Yes ati SCAN SrePort 0 or 65535 TCP SYN FIN RST ACK No Existing session Src IP Scan Ves Yes Scan And Scan Hosts more than five SrclP Scan Yes Yes DTG D O D O O O a O v U v v v TCP No Existing session NAL BUS Span DstPort Net Bus 12345 12346 3456 J UDP DstPort Orifice Back Orifice Scan Port 31337 rclP Scan Yes Yes Max TCP Open SYN Flood Handshaking Count Default 100 c sec Max ICMP Count par vies Default 100 c sec Max PING Count deb EGI Default 15 c sec Src IP Source IP Src Port Source Port Dst Port Destination Port Dst IP Destination IP ep Yes Yes Yes 9 N Chapter 4 Configuration Billion 400G Router URL Filter URL Uni
80. s on the Internet making it much more difficult for a hacker to target a machine on your network This natural firewall is on when NAT function is enabled NOTE When using Virtual Servers your PCs will be exposed to the degree specified in your Virtual Server settings provided the ports specified are opened in your firewall packet filter settings Firewall Security and Policy General Settings Inbound direction of Packet Filter rules to prevent unauthorized computers or applications accessing your local network from the Internet Intrusion Detection Enable Intrusion Detection to detect prevent and log malicious attacks Access Control Prevents access from PCs on your local network Firewall Security and Policy General Settings Outbound direction of Packet Filter rules to prevent unauthorized computers or applications accessing the Internet URL Filter To block PCs on your local network from unwanted websites Here are the items within the Firewall section General Settings Packet Filter Intrusion Detection URL Filter IM P2P Blocking and Firewall Log 46 Chapter 4 Configuration Billion 400G Router General Settings You can choose not to enable the Firewall and still have access to URL Filter and IM P2P Blocking or you can enable the Firewall using preset filter rules and modify the port filter rules as required The Packet Filter is used to filter packets based on Applications Port or IP addresses There are f
81. s or range of packets to be monitored Destination Port The destination port of packets to be monitored DSCP Marking Differentiated Services Code Point DSCP it is the first 6 bits in the ToS byte DSCP Marking allows users to assign specific application traffic to be executed in priority by the backbone routers based on the DSCP value See Table 4 The DSCP Mapping Table Note To be sure all the routers on the backbones network have the capability of executing and checking DSCP so as to provide a QoS network Table 4 DSCP Mapping Table Wireless ADSL Router Standard DSCP Gold sence 1 Gold sence M Silver service L Silver service H Class 2 Bronze 010110 Bronze service L Class 3 Gold 011010 Bronze service M Class 3 Silver 011100 Bronze service H Class 3 Bronze 011110 Silver service M Class 2 Silver 010100 62 Chapter 4 Configuration Billion 400G Router Outbound IP Throttling LAN to WAN IP Throttling allows you to limit the speed of IP traffic The value entered will limit the speed of the specified application to the specified value Set in multiples of 32kbps Configuration N Ye aj F Outbound IP Throttling Configuration from LAN to WAN packet Mame Time schedule Protocol Rate Limit ho a kbps source IP Address Range source portis bo Ho Destination IP Address Range Destination portis bo Ho Edit Application Time Schedule Protocol Rate Limit Delete Nam
82. s router RIP RIP v1 RIP v2 and RIP v2 Multicast Check to enable RIP function IP Alias This function creates multiple virtual IP interfaces on this router It helps to connect two or more local networks to the ISP or remote node In this case an internal router is not required i Configuration Vu a IP Alias Parameters IP Address Metmask security Interface a Edit IP Address Subnet Mask security Interface Delete 25 Chapter 4 Configuration Billion 400G Router IP Address Specify an IP address on this virtual interface SubNetmask Specify a subnet mask on this virtual interface Security Interface Specify the firewall setting on this virtual interface Internal The network is behind NAT All traffic will do network address translation when sending out to Internet if NAT is enabled External There is no NAT on this IP interface and connected to the Internet directly Mostly it will be used when providing multiple public IP addresses by ISP In this case you can use public IP address in local network which gateway IP address point to the IP address on this interface DMZ Specify this network to DMZ area There is no NAT on this interface Ethernet Client Filter The Ethernet Client Filter supports up to 16 Ethernet network machines that helps you to manage your network control to accept traffic from specific authorized machines or can restrict unwanted machine s to access your LAN There are no pre define Ether
83. sk is 255 255 255 0 i e any attached Computer must be in the same subnet and have an IP address in the range of 10 0 0 1 to10 0 0 254 The best and easiest way is to configure the PC to get an IP address automatically from the router using DHCP If you encounter any problem accessing the router s web interface it may also be advisable to temporarily remove any kind of software firewall on your Computer s as they can cause problems accessing the 10 0 0 2 IP address of the router Users should always make their own decisions on how to best protect their network Please follow the steps below for your PC s network environment installation ANOTE Any TCP IP capable workstation can be used to communicate with or 4 through the router To configure other types of workstations please consult the manufacturer s documentation Chapter 3 Basic Installation Billion 400G Router Connecting Your Router 1 Connect the power adapter as illustrated below and power on the device make sure that the PWR LED is lit steadily 2 Connect your network or computer to the router using the LAN Local Area Network cable 3 Connect the ADSL telephone ADSL cable to the router s DSL port as illustrated below DSL 4 3 2 1 es e e e EE ee Enthernet Cable 18 Enthernet Cable ig Enthernet Cable a ji m 7 thei Chapter 3 Basic Installation Billion 400G Router Configuring PCs in Windows in Window XP
84. sure your wireless clients have exactly the same ESSID as the AP so that you will be able to connect to it 21 Chapter 4 Configuration Billion 400G Router ESSID Broadcast ESSID Broadcast is the function that controls the Routes transmission of its ESSID This transmission enables wireless clients to detect the presence of the AP when they search for AP s to connect to The default setting is Enabled Disable If you do not want broadcast your ESSID Any client uses any wireless setting cannot discover the Access Point AP of your router Enable Any client using the any setting can discover the Access Point AP Regulation Domain There are seven Regulation Domains for you to choose from including North America N America Europe France etc The Channel ID will be different based on this setting Channel ID Select the wireless connection ID channel that you would like to use Use the Scan Channel Usage to help to select non occupied wireless channel Scan Channel Usage Wireless channel scan takes up to 14 seconds to survey the wireless channels in the surrounding area The result will show which of the wireless channels are already being used and which are available for use Note Wireless performance may degrade if select ID channel is already being occupied by other AP s TX PowerLevel This function enhances the wireless transmitting signal strength Users may adjust this power level from minimum 0 up
85. t way around Missing line filters or line filters installed the wrong way around can cause problems with your ADSL connection including causing frequent disconnections Problems with the LAN Interface Can t ping any PCs on Check the Ethernet LEDs on the front panel The LED should be on for a port the LAN that has a PC connected If it is off check the cables between your router and the PC Make sure you have uninstalled any software firewall for troubleshooting Verify that the IP address and the subnet mask are consistent between the router and the workstations Most problems can be solved by referring to the Troubleshooting section in the User s Manual If you cannot resolve the problem with the Troubleshooting chapter please contact the dealer where you purchased this product 84 Chapter 5 Troubleshooting Billion 400G Router Contact Telkom ADSL support Telephone 0800 375 375 Operating hours 24hrs 7 days a week Contact SizweBroadband for Router Support Telephone 0860 110 041 Website www sizwebroadband co za Operating hours 8 00am to 17 00pm work days only Chapter 5 Troubleshooting 85
86. tbound Select Allow or Block the access to the Internet Outbound or from the Internet Inbound Click Add button to apply your changes 50 Chapter 4 Configuration Billion 400G Router Packet Filter Add Raw IP Filter Go to Type drop down menu select Use Protocol Number f contauration Vu K t Packet Filter Parameters Rule Mame Helper Poo Jex Select w Time Schedule source F Address es Metmask Destination IP Addresses Metmask Type Use Protocol Wumber Protocol Number Source Port Destination Port Inbound Allow e Outbound Allow Rule Name Helper Specifies a user defined description identifying this entry or click the drop down menu to select existing predefined rules Time Schedule This is the user defined time period applicable to the rule You may specify a time schedule for your prioritization policy For setup and detail refer to Time Schedule section Protocol Number Insert the port number i e GRE 47 Inbound Outbound Select Allow or Block the access to the Internet Outbound or from the Internet Inbound Click Add button to apply your changes 91 Chapter 4 Configuration Billion 400G Router Example Configuring your firewall to allow a publicly accessible web server on your LAN The predefined port filter rule for HTTP TCP port 80 is the same no matter whether the firewall is set to a high medium or low security level To setup a web
87. te true admin Default admin user f Configuration VU Ej User Management Current Defined Users Valid User Comment Password Confirm Password of i O O Edit Walig Liser Comment Delete O true admin Default admin user O true Test Test O To delete the user account select the Delete option and then click the Edit Delete button Configuration YE i FUser Management Current Defined Users Valid User Comment Password confirm Password 2 Edit Valid Liser comment Delete O true aN Default admin user C true Test Test Chapter 4 Configuration 45 Billion 400G Router Firewall and Access Control Your router includes a full SPI Stateful Packet Inspection firewall for controlling Internet access from your LAN as well as helping to prevent attacks from hackers Besides when using NAT the router acts as a natural Internet firewall as all PCs on your LAN will use private IP addresses that cannot be directly accessed from the Internet Internet Fouter Firewall Access Control NAT Packet filter es Packet filter Unauthorized users amp 7 S nay mae ee en e Intrusion Detection applications Ainaa aee ee Blacklisting Malicious attacks ACCESS Firewall amp Filter Firewall Prevents access from outside your network The router provides three levels of security support NAT natural firewall This masks LAN users IP addresses which is invisible to outside user
88. ter e g telephones fax machines analogue modems have a line filter connected between them and the wall socket unless you are using a Central Splitter or Central Filter installed by a qualified and licensed electrician and ensure that all line filters are correctly installed and the right way around Missing line filters or line filters installed the wrong way around can cause problems with your ADSL connection including causing frequent disconnections Chapter 2 Installing the router Billion 400G Router Chapter 3 Basic Installation The router can be configured with your web browser A web browser is included as a standard application in the following operating systems Linux Mac OS Windows 98 NT 2000 XP Me etc The product provides an easy and user friendly interface for configuration Please check your PC s network components The TCP IP protocol stack and Ethernet network adapter must be installed If not please refer to your Windows related or other operating system manuals You can connect your computer to the router either through an external hub switch or directly However please ensure that your computer has a properly installed Ethernet interface prior to connecting it to the router You ought to configure your Computers to obtain an IP address through a DHCP server or you can set them up with a fixed IP address that must be in the same subnet as the router The default IP address of the router is 10 0 0 2 and the subnet ma
89. teway fs RIP LI RP O RIPY2 CI RIP v2 Multicast TCP MSS Clamp Enable Obtain DNS Cl Automatic Primary Secondary Edit Mame Description Creator VP WE Delete 2 wanlink PPPoE Routed with Multiple session Webadmin a oS Profile Port Select the profile port ADSL Protocol The ATM protocol will be used in the device Description User definable name for the connection VPI VCI Enter the information provided by your ISP ATM Class The Quality of Service for ATM layer NAT The NAT Network Address Translation feature allows multiple users to access the Internet through a single IP account sharing a single IP address If users on your LAN have public IP addresses and can access the Internet directly the NAT function can be disabled MTU Maximum Transmission Unit The size of the largest datagram excluding media specific headers that IP will attempt to send through the interface IP 0 0 0 0 Auto Enter the WAN IP for the router Leave this at 0 0 0 0 to obtain an IP address automatically from your ISP Netmask The default is 255 255 255 0 This can be changed according to the settings assigned by you ISP Gateway Enter the IP address of the default gateway if specified RIP RIP v1 RIP v2 and RIP v2 Multicast Check to enable RIP function TCP MSS Clamp This option helps to discover the optimal MTU size automatically Default is enabled Obtain DNS A Domain Name System DNS contains a mapping table for mapping between D
90. the poll interval as high as possible at the absolute minimum every few hours or even days 41 Chapter 4 Configuration Billion 400G Router Remote Access Configuration N Ye Ej t Remote Access You may temporarily permit remote administration of this network device Allow Access for 30 minutes O means allowed allways To temporarily permit remote administration of the router i e from outside your LAN select a time period the router will permit remote access for and click Enable You may change other configuration options for the web administration interface using Device Management options in the Advanced section of the GUI If you wish to permanently enable remote access choose a time period of 0 minute Firmware Upgrade Configuration Ye aj Firmware Upgrade You may upgrade the system software on your network device New Firmware Image o Ee Your router s firmware is the software that allows it to operate and provides all its functionality Think of your router as a dedicated computer and the firmware as the software it runs Over time this software may be improved and revised and your router allows you to upgrade the software it runs to take advantage of these changes Clicking on Browse will allow you to select the new firmware image file you have downloaded to your PC Once the correct file is selected click Upgrade to update the firmware in your router DO NOT power down the router or interr
91. tical application Often a VPN connection is a mission critical application for exchanging data between Head and Branch offices f Configuration Ye aj Prioritization Configuration from LAN to WAN packet Marne PPTP Time Schedule Always On Priority High Protocal gre Source IF Address Range Source Fart bo Ho Destination IP Address Range 0 0 0 0 0 0 0 0 Destination Port lo fo DSCP Marking Gold service iLi e Edit Delete Edit Mame Time Schedule Protocal Priority CSCOP Marking Delete e REE Always On GRE High Gold service iL CO This mission critical application must be connected smoothly without any dropping To ensure this you should set the priority to the high level to preventing any other applications from saturating the bandwidth Voice application Voice applications are latency sensitive Most VoIP devices use the SIP protocol which automatically assigns a port number This means that it is better to use a fixed IP address to catch VoIP packets and rout them as high priority traffic Configuration Prioritization Configuration from LAN to WAN packet Mare Time Schedule Priority Protocal source IP Address Range source Port b jo Destination IP Address Range Destination Port b fo DSCP Marking Edit Name Time schedule Protocol Priority DSCP Marking Delete de FFTF Always On GRE High Gold service Li OC VoIP Always On Any High Gold service Li O The settings shown above will help to improv
92. tination IP Address Range Edit Mame Time Schedule Protocol PPTP Always On GRE O WolF Always On Ary O Restricted TimeSloti Ary CO Others TimeSloti Ary Chapter 4 Configuration Time Schedule Rate Limit source portis Destination ports Rate Limit E 4 5 14 a gt 1 532 kbps e Ho e Ho Delete ES 67 Billion 400G Router Sometime your customers or friends may upload their files to your FTP server and that will saturate your downstream bandwidth The settings below will help you to limit bandwidth for such an application that needs restriction Configuration Outbound IP Throttling Configuration from LAN to WAN packet Mame Protocol Source IP Address Range Destination IP Address Range Edit Delete Edit Marne Restricted Chapter 4 Configuration 0 0 0 0 0 0 0 0 10 0 0 111 10 0 0 111 Time Schedule Rate Limit 32 kbps Source patis b Ho Destination portis lo Ho Protocol Rate Limit Delete Any E4 O 68 Billion 400G Router Virtual Server known as Port Forwarding In TCP IP and UDP networks a port is a 16 bit number used to identify which application program incoming connections should be delivered to Some ports have numbers that are pre assigned to them by the IANA the Internet Assigned Numbers Authority and these are referred to as well known ports Servers follow the well known port assignments so clients can locate them If you wish to r
93. tivate Line true v coding Gain auto Y Connect Mode This mode will automatically detect your ADSL line mode ADSL2 ADSL2 Gdmt Gilite 11 413 AnnexM2 or AnnexM2 But in some areas multimode cannot detect the ADSL line mode very well If it is the case please adjust the ADSL line code to G dmt first If it still fails please check with your ISP for line connection information Modulation It will automatically detect capability of your ADSL line mode Please keep the factory settings unless ADSL is detected as the symptom of a synchronization problem Profile Type The profile type should be left in the default settings unless the ADSL mode is determined as the symptom of low link rate or instability problems If such a problem is encountered the profile setting may need to be changed to conform to the different DSLAM in the area Activate Line Select false and then select true to activate any new Connect Mode settings Coding Gain This reduces the router s transmit power and will effect to router s downstream performance General the higher the gain the higher the downstream rate but sometimes a gain that is too high will cause an unstable ADSL connection The configurable ADSL coding gain is from 0 dB to 7dB or automatic 40 Chapter 4 Configuration Billion 400G Router System Here are the items within the System section Time Zone Remote Access Firmware Upgrade Backup Restore Restart and User Management Time Z
94. tly connected to the network You may assign a Computer using its IP address and or its MAC address from this list Select the Apply button to apply your changes 12 Chapter 4 Configuration Billion 400G Router Edit One to One NAT Network Address Translation One to One NAT maps a specific private local LAN IP address to a particular global public WAN IP address If you have multiple public WAN IP addresses provided by your ISP you are will be able to use the One to One NAT function to utilize these IP addresses Go to Configuration gt Virtual Server gt Edit One to one NAT i Configuration Vu aj Global IP Pool in pwan IP interface Global Address Pool MAT Type Disable Public to Private Subnet Public to DMZ Zone Global IF Addresses OIP Range IPAddress End IP Po Apply One to one MAT Table NAT Type Select the desired NAT type By default the One to One NAT function is disabled Global IP Address Subnet The subnet of the public WAN IP addresses given by your ISP If your ISP has provided this information you may insert it here Otherwise use the IP Range method to define your addresses IP Range The IP address range of your public WAN IP addresses For example IP 10 0 0 5 end IP 10 0 0 14 Select the Apply button to apply your changes Check One to one NAT Table to create a new One to One NAT rule Il Configuration y Ye a Add Virtual Server in IP interface One to one NAT Tab
95. to the remote web server because it is listed in the trusted list whilst the URL request for www google or www google com will be dropped because www google is in the forbidden list f conttauration Vu Ky t Domains Filtering Domain Name Type Forbidden Domain Apply Trusted Domain Mara Domain itermdO Mita bo Cielete Forbidden Domain Mame Momar iter Ye google Delete Return K Example Andy wishes to disable all WEB traffic except for ones listed in the trusted domain which would prevent Bobby from accessing other web sites Andy selects both check boxes in Domain Filtering and thinks that this will stop Bobby But Bobby knows this function Domain Filtering ONLY disables all WEB traffic except for Trusted Domain BUT not connections using IP addresses In this situation the Block surfing by IP address function can be handy and helpful to Andy Now Andy can prevent Bobby from accessing sites both by IP and by domain name Restrict URL Features This function enhances the restriction to your URL rules Block Java Applet This function can block Web content that includes a Java Applet This is to prevent someone who wants to damage your system via standard HTTP protocol Block surfing by IP address This prevents someone who uses the IP address as URL from skipping the Domains Filtering function This is only Activate if Domain Filtering is enabled 59 Chapter 4 Configuration Billion 400G Router IM P
96. traffic from specific authorized machines or to restrict unwanted machine s from accessing your LAN There are no pre define MAC Address filter rules you can add the filter rules to meet your requirements Configuration Vu Wireless Client MAC Address Filter Filtering Rules Filter Action Disable Allowed Blocked MAC Address List Candidates po Apply Wireless Client Filter Default setting is set to Disable Allowed To allow a specific device access to your LAN insert the devices MAC Address in the space provided or click ndidates Make sure your computer s MAC is listed Blocked To prevent unwanted devices from accessing the LAN insert the MAC Address of an unwanted computer into the space provided or click 7 5 Make sure your computer s MAC is not listed The maximum number of clients is 16 MAC addresses are 6 bytes long they are presented only in hexadecimal format The numbers 0 9 and letters a f are acceptable MAC addresses are 6 bytes long Note Follow the MAC Address Format xx xx xx xx xx xx Semicolon must be included Candidates This function automatically detects devices connected to the router through the Wireless AP candidates Associated Wireless Clients F hitp 10 0 0 2 Associated Wi 2 X Associated Wireless Clients 100 13 ce 91 c0 01 Associate Wireless Client displays a list of individual wireless device s MAC Address that ar
97. ttings file you wish to use pressing Restore will load those settings into the router 43 Chapter 4 Configuration Billion 400G Router Restart Router Click Restart with option Current Settings to reboot your router and restore your last saved configuration i Configuration Vu ay t Restart Router After restarting please walt for afew seconds for system to come up you would like to reset all configuration to factory default settings please select the Factory Default Settings option Restart Router with Current Settings Factory Default Settings If you wish to restart the router using the factory default settings for example after a firmware upgrade or if you have saved an incorrect configuration select Factory Default Settings to reset to factory default settings You may also reset your router to factory settings by holding the small RESET pinhole button on the back of your router in for 6 8 seconds whilst the router is turned on and then power cycling your router User Management i Configuration Ye ay t User Management Current Defined Users Valid User Comment Password Contirm Password of O O Edit Valid User Comment Delete b true admin Default admin user In order to prevent unauthorized access to your router s configuration interface it requires all users to login with a password You can set up multiple user accounts each with their own password You are able to Edit existing users and
98. u can input up to 128 alphanumeric characters case sensitive 35 Chapter 4 Configuration Billion 400G Router Service Name This item is for identification purposes If it is required your ISP will provide you the information Maximum input is 15 alphanumeric characters NAT The NAT Network Address Translation feature allows multiple users to access the Internet through a single IP account sharing a single IP address If users on your LAN have public IP addresses and can access the Internet directly the NAT function can be disabled IP 0 0 0 0 Auto Specify IP addresses that are allowed to logon and access the router s web server Note IP 0 0 0 0 indicates all users who are connected to this router are allowed to logon to the device and modify data Auth Protocol Default is Chap Auto Your ISP will advise you whether to use Chap or Pap Connection Always on If you want the router to establish a PPPoA session when starting up and to automatically re establish the PPPoA session when disconnected by the ISP Connect on Demand If you want to establish a PPPoA session only when there is a packet requesting access to the Internet i e when a program on your computer attempts to access the Internet Idle Timeout Auto disconnect the broadband firewall gateway when there is no activity on the line for a predetermined period of time Detail You can define destination port and packet type TCP UDP information that will
99. un a server or any application e g Peer to peer P2P software such as instant messaging applications and P2P file sharing applications on your network that can be accessed from the WAN i e from machines on the Internet that are outside your local network and you are using NAT Network Address Translation then you will need to configure your router to forward these incoming connection attempts using specific ports to the computer on your network that is running the application server You will also need to use port forwarding if you want to host an online game server The reason for this is that when using NAT your publicly accessible IP address will be used by and point to your router which then needs to deliver all traffic to the private IP addresses used by your PCs Please see the WAN configuration section of this manual for more information on NAT The device can be configured as a virtual server so that remote users accessing services such as Web or FTP services on the routers public WAN IP address can be automatically redirected to local servers on the LAN network Depending on the requested service TCP UDP port number the router redirects the external service request to the appropriate server within the LAN network f Configuration yu ai Pont Forwarding Add Virtual Server in ipwarn IP interface Virtual Server Entry Application zg Protocol tcp ka Time Schedule External Port fom sta Redirect Port from o a Internal IP Ad
100. upt the firmware upgrading while it is still in process Improper operation could damage the router 42 Chapter 4 Configuration Billion 400G Router Backup Restore Configuration Vu Ej t Backup Restore Allows you to backup the configuration settings to your computer or restore configuration from your computer Backup Configuration Backup configuration to your computer Restore Configuration Restore Wi ovenvrite the current configuration and restart the device you want to keep he current configuration please Use Backup first to save current configuration These functions allow you to save and backup your router s current settings to a file on your PC or to restore a previously saved backup This is useful if you wish to experiment with different settings Knowing that you have a backup handy in the case of any mistakes It is advisable to backup your router s settings before making any significant changes to your router s configuration Press Backup to select where on your local PC to save the settings file You may also change the name of the file when saving if you wish to keep multiple backups Press Browse to select a file from your PC to restore You should only restore settings files that have been generated by the Backup function and that were created when using the current version of the router s firmware Settings files saved to your PC should not be manually edited in any way After selecting the se
101. vate IP on the LAN network of the virtual server application cet Y Lists all the existing computer connections on the network You may assign a Computer by IP address or MAC address from this list Select the Add button to apply your changes Example List of some well known and registered port numbers The Internet Assigned Numbers Authority IANA is the central coordinator for the assignment of unique parameter values for Internet protocols Port numbers range from 0 to 65535 but only ports numbers O to 1023 are reserved for privileged services and are designated as well known ports Please refer to Table 5 Registered ports are numbered from 1024 through 49151 The remaining ports referred to as dynamic or private ports are numbered from 49152 through 65535 For further information please see lANA s website at http www iana org assignmenis port numbers Table 5 Well known and registered Ports O fo eo fo JET Grial Fle Transfer Protoco OOO ee r e me E NTP Time Protocol Simple Network Time Protocol 14 Chapter 4 Configuration Billion 400G Router Time Schedule The Time Schedule function supports up to 16 time slots helping you to manage your Internet connection In each time profile you may schedule specific day s i e Monday through Sunday to restrict or allowing the usage of the Internet by users or applications This Time Schedule correlates closely to real time Since router d
Download Pdf Manuals
Related Search