Billion 810VNTX, User Manual

Page 1: ......

Page 2: ...t Filtering 5 Dynamic Host Configuration Protocol DHCP Client and Server 5 Static and RIP1 2 Routing 5 Simple Network Management Protocol SNMP 5 Web based GUI 5 Firmware Upgradeable 5 Rich Management Interfaces 5 Virtual Private Network VPN 5 CHAPTER 2 INSTALLING THE ROUTER 6 Package Contents 6 Device Description 7 The Front LEDs 7 The Rear Ports 8 Cabling 9 CHAPTER 3 BASIC INSTALLATION 10 Connect...

Page 3: ...tion 32 LAN Local Area Network 32 WAN Wide Area Network 41 System 52 Firewall and Access Control 57 VPN Virtual Private Networks 71 L2TP Layer Two Tunneling Protocol 86 VoIP Voice over Internet Protocol 96 SIP Accounts 98 Phone Port 99 QoS Quality of Service 107 Virtual Server known as Port Forwarding 114 Time Schedule 120 Advanced 122 Logout 127 Chapter 5 Troubleshooting 128 Problems with WAN int...

Page 4: ...automatic fail over to ensure an always on Internet connection in the event that one of your Internet services fails Secure WLAN setup is simplified by the web browser based configuration for easy access to the Internet wherever a 3G connection is available whether you re seated at your desk or taking a cross country train trip 802 11n Wireless AP with WPA Support With integrated 802 11n Wireless ...

Page 5: ...s its DNS server with this router s IP address every DNS conversion request packet from the PC to this router will be forwarded to the real DNS in the outside network Dynamic Domain Name System DDNS The Dynamic DNS service allows you to alias a dynamic IP address to a static hostname This dynamic IP address is the WAN IP address For example to use the service you must first apply for an account fr...

Page 6: ...supports web based GUI for configuration and management It is user friendly and comes with on line help It also supports remote management capability for remote users to configure and manage this product Firmware Upgradeable Device can be upgraded to the latest firmware through the WEB based GUI Rich Management Interfaces It supports flexible management interfaces with local console port LAN port ...

Page 7: ...DSL Micro Filter ADSL Splitter Quick Start Guide Warning Do not use the router in high humidity or high temperatures Do not use the same power source for the router as other equipment Do not open or repair the case yourself If the router is too hot turn off the power immediately and have it repaired at a qualified service center Avoid using this product and all accessories outdoors Place the route...

Page 8: ... USB device Flashing when data is received transmitted 4 Wireless Lit green when the wireless connection is established Flashes when sending receiving data 5 Phone 1X 2X RJ 11 connector Lit green when phone is off hook 6 LINE Lit green when the inbound and outbound calls are transmitted through PSTN 7 VoIP 1x 2x RJ 11 connector After SIP registration is complete the LED will light up green wheneve...

Page 9: ...cable to this port 6 Ethernet 1X 4X RJ 45 connector Connect a UTP Ethernet cable Cat 5 or Cat 5e to one of the LAN ports when connecting to a PC or an office home network of 10Mbps or 100Mbps Caution Port 4 can either be LAN or Console port but not both at the same time 7 RESET After the device is powered on press it to reset the device or restore to factory default settings 1 3 seconds reset the ...

Page 10: ...roper cables Make sure that all devices e g telephones fax machines analogue modems connected to the same telephone line as your router have a line filter connected between them and the wall outlet unless you are using a Central Splitter or Central Filter installed by a qualified and licensed electrician and that all line filters are correctly installed in a right way If line filter is not install...

Page 11: ... be in the same subnet as the router The default IP address of the router is 10 0 0 2 and the subnet mask is 255 255 255 0 i e any attached PC must be in the same subnet and have an IP address in the range of 10 0 0 100 to 10 0 0199 The best and easiest way is to configure the PC to get an IP address automatically from the router using DHCP If you encounter any problems accessing the router web in...

Page 12: ...e Network connections on the left window column 4 Select the Local Area Connection and right click the icon to select Properties 5 Select Internet Protocol Version 4 TCP IP then Click Next 6 In the TCP IPv4 properties window select the Obtain an IP address automatically and Obtain DNS Server address automatically radio buttons Then click OK to exit the setting 7 Click OK again in the Local Area Co...

Page 13: ...ouble click Network Connections 2 Double click Local Area Connection 3 In the LAN Area Connection Status window click Properties 4 Select Internet Protocol TCP IP and click Properties 5 Select the Obtain an IP address automatically and Obtain DNS server address automatically radio buttons 6 Click OK to finish the configuration ...

Page 14: ...Network and Dial up Connections 2 Double click Local Area Connection LAN 3 In the Local Area Connection status window click Properties 4 Select Internet Protocol TCP IP and click Properties 5 Select the Obtain an IP address automatically and Obtain DNS server address automatically radio buttons 6 Click OK to finish the configuration ...

Page 15: ...rk and choose the Configuration tab 2 Select TCP IP NE2000 Compatible or the name of any Network Interface Card NIC in your PC 3 Select the IP Address tab In this page click the Obtain an IP address automatically radio button 4 Then select the DNS Configuration tab 5 Select the Disable DNS radio button and click OK to finish the configuration ...

Page 16: ...n Windows NT4 0 1 Go to Start Settings Control Panel In the Control Panel double click Network and choose the Protocols tab 2 Select TCP IP Protocol and click Properties 3 Select the Obtain an IP address from a DHCP server radio button and click OK ...

Page 17: ...settings IP Address 10 0 0 2 Subnet Mask 255 255 255 0 ISP setting in WAN site PPPoE DHCP server DHCP server is enabled Start IP Address 10 0 0 100 IP pool counts 100 LAN and WAN Port Addresses The parameters of LAN and WAN ports are pre set in the factory The default values are shown in the tale LAN Port WAN Port IP address http 10 0 0 2 The PPPoE function is enabled to automatically get the WAN ...

Page 18: ...etwork but be set manually should this be required In addition additional WAN address can be assigned using PPPoE dialler PPPoA VPI VCI VC LLC based multiplexing Username Password and Domain Name System DNS IP address it can be automatically assigned by your ISP when you connect or be set manually RFC 1483 Bridged VPI VCI VC LLC based multiplexing to use Bridged Mode RFC 1483 Routed VPI VCI VC LLC...

Page 19: ...ge The category of each configuration page is listed as below Status ADSL Table 3G Status ARP Table DHCP Table Routing Table NAT Sessions UpnP Portmap PPTP Status IPSec Status L2TP Status Email Status VoIP Status VoIP Call Log Event Log Error Log Diagnostic Quick Start Configuration LAN WAN System Firewall VPN VoIP QoS Virtual Server Time Schedule Advanced ...

Page 20: ...h as DSP firmware version Operational mode Upstream downstream rate SNR margin Line Attenuation CRC Errors and Latency rate 3G Status This section displays the 3G Card overall status with information such as the current signal strength statistics of current data transmission and total data transmission ...

Page 21: ...of total data received in bytes packets since system ready ARP Table This section displays the router ARP Address Resolution Protocol Table which shows the mapping of Internet IP addresses to Ethernet MAC addresses This is a quick way of determining the MAC address of the network interface of your PCs that use the Firewall MAC Address Filter function See the Firewall section of this manual for mor...

Page 22: ...Shows the MAC address of each client Client Host Name Shows the Host Name Computer Name of the client Expiry Shows the current lease time of each client Routing Table Routing Table Valid A check mark indicates a successful routing status Destination Shows the IP address of the destination network Netmask Shows the destination Netmask address Gateway Interface Shows the IP address of the gateway or...

Page 23: ...y that this route will use Cost The number of hops counted as the cost of the route NAT Sessions This section lists all the current NAT sessions between external WAN and internal LAN interface UPnP Portmap This section lists all the established port mapping using UPnP Universal Plug and Play See the Advanced section of this manual for more details on UPnP and the router UPnP configuration options ...

Page 24: ...whether the Call for this VPN entry is currently connected Encryption Shows the encryption type used for this VPN connection IPSec Status This shows the details of your configured IPSec VPN Connections Name Shows the name you assign to a particular VPN entry Active Shows whether the VPN Connection is currently Active Connection State Shows the connection status of VPN Statistics Shows the statisti...

Page 25: ...n is currently enabled Active Shows whether the connection is currently active Tunnel Connected Shows the current connection status of the VPN Tunnel Call Connected Shows the current connection status of a particular VPN entry call Encryption Shows the encryption type used for this VPN connection VoIP Status This table shows the status of the phone ports when VoIP feature has been activated It dis...

Page 26: ... of the calls information about the missed calls and also incoming calls Event Log This page displays all the event Log entries of the router such as when the ADSL gets disconnected and during Firewall triggered events like Intrusion or Blocking Logging Please see the Firewall section of this manual for more details on how to enable Firewall logging ...

Page 27: ...mes given to entries are logged to this window Diagnostic It tests the connection to computer s which is connected to the LAN ports and also the WAN Internet connection If PING www google com is shown as FAIL and the rest is shown as PASS you should check if your PC s DNS settings are correct ...

Page 28: ...op down menu and click Continue 2 If your ADSL line is not ready you need to check your ADSL line has been set or not 3 If your ADSL line is ready the ADSL Line is Ready screen will appear Choose the Auto radio button and click Apply It will automatically scan the recommended mode for you If you choose to configure it manually then you must up the ADSL line settings manually ...

Page 29: ...e password provided by your ISP Service Name This item is for identification purposes If it is required your ISP provides you the information Authentication Protocol Default is Auto Your ISP advises on using Chap or Pap IP Address Your WAN IP address Leave this at 0 0 0 0 to obtain an IP address automatically from your ISP Obtain DNS automatically Click to activate DNS and to enable the system to ...

Page 30: ... not be able to view your wireless network unless they enter your ESSID manually Default setting is Enable Enable When Enable is selected anybody with a wireless network adapter will be able to view your wireless network Disable Select Disable if you do not want to broadcast your ESSID When Disable is selected no one will be able to view your wireless network Regulation Domain There are seven Regu...

Page 31: ...ows you to select the service provider When the selection is done respective parameters below are automatically displayed Phone Number This parameter holds the registration ID of the user within the VoIP SIP registrar Username If the username is the same as the Phone Number leave it blank Otherwise fill in the space with your username given by your VoIP provider Password This parameter holds the p...

Page 32: ...Billion 810VNTX Router Page 31 8 When the ADSL line has synchronized a check mark will appear next to the ADSL Port ...

Page 33: ...less Security Wireless Client Filter WPS Port Setting and DHCP Server Bridge Interface You can setup member ports for each VLAN group under Bridge Interface section Ethernet P1 P2 Port 1 2 Ethernet1 P3 P4 Wireless Port 3 4 wireless Uncheck P3 P4 Wireless from Ethernet VLAN port first Note You should setup each VLAN group with caution Each Bridge Interface is arranged in this order Bridge Interface...

Page 34: ... node In this case an internal router is not required IP Address Specify an IP address for this virtual interface Netmask Specify a subnet mask for this virtual interface Security Interface Specify the firewall setting for this virtual interface Internal This means the network is behind NAT All traffic will do network address translation when sending out data to the Internet if NAT is enabled Exte...

Page 35: ... Address in the space provided or click the Candidate button Make sure your PC s MAC is not listed The maximum number of clients is 16 The MAC addresses should be 6 bytes long and are represented only in hexadecimal characters Only numbers 0 9 and letters a f are acceptable Note Follow the MAC Address Format xx xx xx xx xx xx Colons must be included Candidates automatically detects devices that ar...

Page 36: ... ID It is case sensitive and must not exceed 32 characters Make sure your wireless clients have the same ESSID as the device in order to connect to your network Note It is case sensitive and must not exceed 32 characters ESSID Broadcast It is used to broadcast the routers ESSID over the network so that when a wireless client searches for a network the router can be discovered and recognized Defaul...

Page 37: ...sy to install simply by defining the peer s MAC address of the connected AP WDS takes advantage of the cost saving and flexibility because no extra wireless client device is required to bridge between two access points and extending an existing wired or wireless infrastructure network to create a larger network It can connect up to 4 wireless APs for extended coverage at the same time In addition ...

Page 38: ...are two options to select from Open System and Share key WEP Encryption To prevent unauthorized wireless stations from accessing data transmitted over the network the router offers highly secured data encryption known as WEP If you require high security for transmissions there are two settings to select from WEP 64 and WEP 128 WEP 128 will offer higher security over WEP 64 Passphrase This is used ...

Page 39: ... provided or by clicking on the Candidate button Make sure your PC s MAC is not listed The maximum number of clients is 16 The MAC addresses are 6 bytes long they are represented only in hexadecimal characters The numbers 0 9 and letters a f are acceptable Note Follow the MAC Address Format xx xx xx xx xx xx Colons must be included Candidates It automatically detects devices that are connected to ...

Page 40: ...0M half duplex 100M full duplex and Disable Sometimes there are Ethernet compatibility problems with legacy Ethernet devices and you can configure different types to solve compatibility issues The default is Auto which users should keep unless they have specific problems with PCs not being able to access your network IPv4 TOS priority Control Advanced users TOS Type of Services is the 2 nd octet o...

Page 41: ... of the DHCP Server including the IP pool starting IP address and ending IP address to be allocated to PCs on your network lease time for each assigned IP address the period of time the IP address assigned will be valid DNS IP address and the gateway IP address These details are sent to the DHCP client i e your PC when it requests an IP address from the DHCP server Click Apply to enable this funct...

Page 42: ...nnection fails the secondary connection will start up and connect to the internet automatically Time Schedule Select the time schedule when failover should be active Always on is the default value Keep Backup Interface Connected Keeps the backup interface connected to allow seamless changeover when your primary interface fails Connectivity Decision Set how many times probing must fail in order to ...

Page 43: ...ll be 3 seconds multiplied by 5 consecutive fails Detect Rule Rule 1 ADSL Down Rule 2 Ping Fail No Ping It will not send any ping packets to determine if the connection is active It disables ping detection Ping Gateway It will send ping packets to the gateway and wait for a response from the gateway in every Probe Cycle Ping Host It will send ping packets to a specific host and wait for a response...

Page 44: ...n Maximum input is 15 alpha numeric characters NAT The NAT Network Address Translation feature allows multiple users to access the Internet through a single ISP account sharing a single IP address If users on your LAN have public IP addresses and can access the Internet directly the NAT function can be disabled IP 0 0 0 0 Auto Your WAN IP address Leave this at 0 0 0 0 to obtain an IP address autom...

Page 45: ... MTU size automatically Default is enabled MAC Spoofing Some service providers require the configuration of this option You must fill in the MAC address that is specified by the service provider when it is required Default is disabled Obtain DNS A Domain Name System DNS contains a mapping table for domain name and IP addresses DNS helps to find the IP address of a specific domain name Check the ch...

Page 46: ...ternet through a single ISP account sharing a single IP address If users on your LAN have public IP addresses and can access the Internet directly the NAT function can be disabled IP 0 0 0 0 Auto Your WAN IP address Leave this at 0 0 0 0 to obtain an IP address automatically from your ISP Auth Protocol Default is Auto Your ISP should advise you on whether to use Chap or Pap Connection Always on If...

Page 47: ...scription A given name for the connection VPI VCI Enter the information provided by your ISP ATM Class The Quality of Service for ATM layer Username Enter the username provided by your ISP You can input up to 128 alpha numeric characters case sensitive This is the format of username username ispname instead of username Password Enter the password provided by your ISP You can input up to 128 alpha ...

Page 48: ... MSS Clamp This option enables discovery of the optimal MTU size automatically Default is enabled MAC Spoofing Some service providers require the configuration of this option You must fill in the MAC address that is specified by the service provider when it is required Default is disabled Obtain DNS A Domain Name System DNS contains a mapping table for domain name and IP addresses DNS helps to fin...

Page 49: ...type of Ethernet filtering performed by the named bridge interface All Allows all types of Ethernet packets through the port Ip Allows only IP ARP types of Ethernet packets through the port Pppoe Allows only PPPoE types of Ethernet packets through the port ...

Page 50: ...or PAP Password Authentication Protocol if you know which authentication type the server is using when acting as a client or the authentication type you want the clients to use when they are connecting to you when acting as a server When using PAP the password is sent unencrypted while CHAP encrypts the password before sending and also allows for challenges at different periods to ensure that an i...

Page 51: ...am on your computer attempts to access the Internet In this mode you must set Idle Timeout value Enabling Connect on Demand will give you the option of Idle Timeout Idle Timeout Auto disconnect the connection when there is no activity on this call for a pre determined period of time The default value is 10 seconds Obtain DNS Automatically Select this check box to use DNS Primary DNS Secondary DNS ...

Page 52: ...nstable then consider changing the value You may need to change the profile setting to reach the best ADSL line rate it depends on the DSLAM and location Activate Line Aborting false your ADSL line and making it active true again will take effect when setting the Connect Mode Coding Gain It reduces the router s transmit power which will affect the router s downstream performance Making the gain Hi...

Page 53: ...pecified If you prefer to specify a SNTP server other than those in the list simply enter its IP address as shown above Your ISP may provide a SNTP server for you to use Daylight Saving is also known as Summer Time Period Many places in the world adapt it during summer time to move one hour of daylight from morning to the evening in local standard time Check Enable checkbox to set your local time ...

Page 54: ...et the time period to 0 minute Firmware Upgrade Your router firmware is the software that enables it to operate and provides all its functionality Think of your router as a dedicated computer and the firmware as the software it runs Over time this software may be improved and revised and your router allows you to upgrade the software it runs to take advantage of these changes Clicking on Browse wi...

Page 55: ...ion of the router click Browse to locate the configuration file on your computer Once the file has been located click on the file then click on the Restore button to load the setting Note You should only restore the settings with files that have been created using the Backup function with the most current firmware version Settings files saved to your PC should not be manually edited in any way Res...

Page 56: ...access to the device configuration interface Edit Account Information You can change the information of any account whether the account is active or not 1 To edit an account select the Edit radio button of the account to be edited Once selected all information of that account will be displayed 2 Change the information that needs to be edited 3 When this is done simply click on the Edit Delete butt...

Page 57: ...nfirm Password 2 When this is done click the Add button To delete a user Account 1 Click on the Delete radio button of the account you want to delete 2 Then click the Edit Delete button to confirm the deletion Note You can delete any user account except for the default admin account Thus there is no delete radio button available for this account ...

Page 58: ...masks LAN users IP addresses which are invisible to users on the Internet thus making it more difficult for a hacker to target a machine on your network This natural firewall is turned on when the NAT function is enabled Firewall Security and Policy General Settings Inbound direction of Packet Filter rules to prevent unauthorized computers or applications from accessing your local network from the...

Page 59: ...les to access the Internet High Medium Low security level the predefined port filter rules for High Medium and Low security are displayed in the Port Filters of the Packet Filter Select either High Medium or Low security level to enable Firewall protection The only difference between these three is the preset port filter rules in the Packet Filter Firewall function is the same for all levels it is...

Page 60: ... when Firewall is enabled with one of the four security levels selected All blocked High Medium and Low The preset port filter rules in the Packet Filter must be modified accordingly to the security level selected See Table1 Predefined Port Filter for more detailed information ...

Page 61: ...YES NO YES NO YES POP3 110 TCP 6 110 110 NO YES NO YES NO YES NEWS NNTP Network News Transfer Protocol TCP 6 119 119 NO YES NO YES NO NO RealAudio RealVideo 7070 UDP 17 7070 7070 YES YES YES YES NO NO PING ICMP 1 N A N A NO YES NO YES NO YES H 323 1720 TCP 6 1720 1720 YES YES NO YES NO NO T 120 1503 TCP 6 1503 1503 YES YES NO YES NO NO SSH 22 TCP 6 22 22 NO YES NO YES NO NO NTP SNTP UDP 17 123 123...

Page 62: ...s range you wish to allow block the traffic to or from Set the IP address and Subnet Mask to 0 0 0 0 to de activate the Address Filter rule Tip To block access to from a single IP address enter that IP address as the Host IP Address and use a Host Subnet Mask of 255 255 255 255 Type This is the packet protocol type used by the application select TCP UDP or both TCP UDP Protocol Number Insert the p...

Page 63: ...ect TCP UDP or both TCP UDP Protocol Number Insert the port number i e GRE 47 Source Port This Port or Port Ranges defines the port allowed to be used by the Remote WAN to connect to the application Default is set from range 0 65535 It is recommended that this option be configured by an advanced user Destination Port This is the Port or Port Ranges that defines the application Inbound Outbound Sel...

Page 64: ...be presented with the predefined port filter rules screen in this case for the low security level shown below Note You may choose to Edit the predefined rule instead of Deleting0 it This is an example to show you how to add a filter on your own 2 If you want to delete a filter rule select the delete radio button of the HTTP rule you want to delete Then click the Edit Delete button to delete the ru...

Page 65: ...ton Example Application Cindy_HTTP Time Schedule Always On Source Destination IP Address es 0 0 0 0 I do not wish to activate the address filter using the port filter instead Type TCP Please refer to Table1 Predefined Port Filter Source Port 0 65535 I am allowing all ports to connect to the application Redirect Port 80 80 This is the Port defined for HTTP Inbound Outbound Allow ...

Page 66: ...Server please refer to the Add Virtual Server sub section under the Virtual Server section The new port filter rule for HTTP is shown below 1 Configure your Virtual Server port forwarding settings so that incoming HTTP requests on port 80 will be forwarded to the PC running your web server ...

Page 67: ...rotection Block Duration This is the duration for blocking Smurf attacks Default value is 600 seconds Scan Attack Block Duration This is the duration for blocking hosts that attempt a possible Scan attack Scan attack types include X mas scan IMAP SYN FIN scan and similar attempts Default value is 86400 seconds DoS Attack Block Duration This is the duration for blocking hosts that attempt a possibl...

Page 68: ...P Dst Port Echo 7 Src IP Scan Yes Yes CharGen Scan UDP Dst Port CharGen 19 Src IP Scan Yes Yes X mas Tree Scan TCP Flag X mas Src IP Scan Yes Yes IMAP SYN FIN Scan TCP Flag SYN FIN DstPort IMAP 143 SrcPort 0 or 65535 Src IP Scan Yes Yes SYN FIN RST ACK Scan TCP No Existing session And Scan Hosts more than five Src IP Scan Yes Yes Net Bus Scan TCP No Existing session DstPort Net Bus 12345 12346 345...

Page 69: ...filter rules will be monitoring and checking at all hours of the day TimeSlot1 TimeSlot16 It is a self defined time period You may specify the time period to check the URL filter rules i e during working hours For setup and detail refer to Time Schedule section Keywords Filtering Allow blocking against specific keywords within a particular URL rather than having to specify a complete URL e g to bl...

Page 70: ...www abc com will be sent to the remote web server because it is listed in the trusted list whilst the URL request for www google or www google com will be dropped because www google is in the forbidden list Example Andy wishes to disable all WEB traffic except for domains listed under the trusted domains which would prevent Bobby from accessing other websites Andy selects both conditions in Domain...

Page 71: ...ction will be taken Always On Instant Message blocking is enabled IM messages will be blocked TimeSlot1 TimeSlot16 This is the self defined time period You may specify the time period to activate blocking i e during working hours For setup and detail refer to the Time Schedule section Yahoo MSN Messenger Check the checkbox to block either Yahoo or and MSN Messenger or both Be sure to enable the In...

Page 72: ...l Private Networks Virtual Private Networks is a way to establish a secured communication tunnel with an organization network via the Internet Your router supports three main types of VPN Virtual Private Network PPTP IPSec and L2TP PPTP Point to Point Tunneling Protocol PPTP Connection LAN to LAN There are two types of PPTP VPN Remote Access and LAN to LAN please refer below for more information C...

Page 73: ...know which authentication type the server is using when acting as a client you may manually specify the Authentication type whether CHAP Challenge Handshake Authentication Protocol or PAP Password Authentication Protocol When acting as a server you can set the authentication type you want the clients connecting to you to use When using PAP the password is sent unencrypted while CHAP encrypts the p...

Page 74: ...ch office establishes a PPTP VPN tunnel with head office to connect two private networks over the Internet The routers are installed in the head office and branch offices accordingly Attention Configuring the PPTP VPN in the Head Office The IP address 192 168 1 201 will be assigned to the router located in the branch office Please make sure this IP is not used in the head office LAN ...

Page 75: ...given username password to authenticate the branch office network Password 123456 Auth Type Chap Auto Keep as the default value in most cases PPTP server client will determine the value automatically Refer to the manual for details if you want to change the settings Data Encryption Auto Key Length Auto Mode Stateful Configuring the PPTP VPN in the Head Office The IP address 69 1 121 30 is the Publ...

Page 76: ...fer to manual for details if you want to change the setting Data Encryption Auto Key Length Auto Mode Stateful PPTP Connection Remote Access Name A given name for the connection e g connection to office Connection Type Remote Access or LAN to LAN Type Check Dial Out if you want your router to operate as a client connecting to a remote VPN server e g your office server check Dial In if it operates ...

Page 77: ...t is set to Auto so that this setting is negotiated when establishing a connection you can also manually Enable or Disable the encryption Key Length The data can be encrypted by MPPE algorithm with 40 bits or 128 bits Default is Auto it is negotiated when establishing a connection 128 bit keys provide a stronger encryption than 40 bit keys Mode You may select Stateful or Stateless mode The key wil...

Page 78: ... type Remote Access Select Remote Access from the Connection Type drop down menu Type Dial out Select Dial out from the Type drop down menu IP Address or Domain name 69 121 1 33 A Dialed server IP Username Username A given username password to authenticate branch office network Password 123456 Auth Type Chap Auto Keep as default value in most cases PPTP server client will determine the value autom...

Page 79: ...ne class C subnet starting from 192 168 1 1 i e 192 168 1 1 through to 10 0 0 2 IP Range The IP address range of the local network For Example IP 192 168 1 1 end IP 192 168 1 10 IP Address Enter the IP address Remote Secure Gateway Address or Domain Name The IP address or hostname of the remote VPN device that is connected and establishes a VPN tunnel Remote Network Set the IP address subnet or ad...

Page 80: ...ured communication channel i e over the Internet There are three modes MODP 768 bit MODP 1024 bit and MODP 1536 bit MODP stands for Modular Exponentiation Groups IPSec Proposal Select the IPSec security method There are two methods of checking the authentication information AH authentication header and ESP Encapsulating Security Payload Use ESP for greater security so that data will be encrypted a...

Page 81: ...ction DPD is a keep alive mechanism that enables the router to be detected when the connection between the router and a remote IPSec peer has been lost Please note it must be enabled on both sites PING to the IP It is able to Ping the remote PC with the specified IP address and alert if the connection fails Once an alert message is received the router will drop this tunnel connection Re establishm...

Page 82: ...ring an IPSec LAN to LAN VPN Connection Table 3 Network Configuration and Security Plan Branch Office Head Office Local Network ID 192 168 0 0 24 192 168 0 0 24 Local Router IP 69 1 121 30 69 1 121 3 Remote Network ID 192 168 0 0 24 192 168 0 0 24 Remote Router IP 69 1 121 3 69 1 121 30 IKE Pre shared Key 12345678 12345678 VPN Connection Type Tunnel mode Tunnel mode VPN Connection Type ESP MD5 wit...

Page 83: ...u IP Address 192 168 1 0 Head office network Netmask 255 255 255 0 Remote Secure Gateway IP or Hostname 69 121 1 30 A given username password to authenticate branch office network Remote Network Subnet Select Subnet from the Remote Network drop down menu IP Address 192 168 1 0 Branch office network Netmask 255 255 255 0 Pre shared Key 12345678 Security plan Authentication MD5 Encryption 3DES Prefe...

Page 84: ... down menu IP Address 192 168 0 0 Branch office network Netmask 255 255 255 0 Remote Secure Gateway IP or Hostname 69 121 1 3 IP address of the head office router in WAN side Remote Network Subnet Select Subnet from the Remote Network drop down menu IP Address 192 168 1 0 Head office network Netmask 255 255 255 0 Pre shared Key 12345678 Security plan Authentication MD5 Encryption 3DES Prefer Forwa...

Page 85: ...Billion 810VNTX Router Page 84 Example Configuring an IPSec Host to LAN VPN Connection Configuring IPSec VPN in the Office ...

Page 86: ...ress 192 168 1 0 Branch office network Netmask 255 255 255 0 Remote Secure Gateway IP or Hostname 69 121 1 30 IP address of the head office router in WAN side Remote Network Subnet Select Subnet from the Remote Network drop down menu IP Address 69 121 1 30 Head office network Pre shared Key 12345678 Security plan Authentication MD5 Encryption 3DES Prefer Forward Security None ...

Page 87: ...o LAN please refer below for more information Fill in the blank with the information you need and click Add to create a new VPN connection account L2TP Connection Remote Access Connection Type Remote Access or LAN to LAN Name A given name for the connection e g connection to office Connection Type Remote Access or LAN to LAN ...

Page 88: ...hould be 16 characters which may include numbers and characters Active as default route Commonly used by the Dial out connection all packets will route through the VPN tunnel to the Internet therefore activating the function may degrade Internet performance Remote Host Name Optional Enter the hostname of the remote VPN device It is a tunnel identifier to check if the Remote VPN device matches with...

Page 89: ...re shared Key This is for the Internet Key Exchange IKE protocol a string from 4 to 128 characters Both sides should use the same key IKE is used to establish a shared security policy and authenticated keys for services such as IPSec that require a key Before any IPSec traffic can be passed each router must be able to verify the identity of its peer This can be done by manually entering the pre sh...

Page 90: ...ect Remote Access from the Connection Type drop down menu Type Dial in Select Dial in from the Type drop down menu IP Address 192 168 1 200 An IP assigned to the remote client Username username Enter the username and password to authenticate a remote client Password 123456 Auth Type Chap Auto Keep this as the default value in most cases IPSec Enable Enable this to enhance your L2TP VPN security Au...

Page 91: ...blishes a L2TP VPN connection with a file server located at a separate location The router is installed in the office connected to a couple of PCs and Servers Configuring L2TP VPN in the Office The input IP address 192 168 1 200 will be assigned to the remote worker Please make sure this IP is not used in the Office LAN ...

Page 92: ...tly Microsoft Windows operating systems do not support L2TP incoming services Additional software may be required to set up your L2TP incoming service L2TP Connection LAN to LAN L2TP VPN Connection Name A given name for the connection Connection Type Remote Access or LAN to LAN Type Check Dial Out if you want your router to operate as a client connecting to a remote VPN server e g your office serv...

Page 93: ...al VPN device that is connected established a VPN tunnel By default the router s default hostname is home gateway IPSec Enable to enhance your L2TP VPN security Authentication Authentication establishes the integrity of the datagram and ensures that it is not tampered with during transmission There are three options Message Digest 5 MD5 Secure Hash Algorithm SHA1 or NONE SHA1 is more resistant to ...

Page 94: ...changes Example Configuring L2TP LAN to LAN VPN Connection The branch office establishes a L2TP VPN tunnel with head office to connect two private networks over the Internet The routers are installed in the head office and branch office accordingly Attention Configuring L2TP VPN in the Head Office The IP address 192 168 1 200 will be assigned to the router located in the branch office Please make ...

Page 95: ...8 1 200 IP address assigned to the branch office network Peer Network IP 192 168 0 0 Branch office network Username username A username and password assigned to authenticate the branch office network Password 123456 Auth Type Chap Auto Keep this as the default value in most cases IPSec Enable Enable this to enhance your L2TP VPN security Authentication MD5 Both sides should use the same value Encr...

Page 96: ...N Select LAN to LAN from the Connection Type drop down menu Type Dial in Select Dial in from the Type drop down menu IP Address 69 121 1 33 IP address assigned to the branch office network Peer Network IP 192 168 1 0 Head office network Netmask 255 255 255 0 Username username A username and password assigned to authenticate the branch office network Password 123456 Auth Type Chap Auto Keep this as...

Page 97: ...re the items within the VoIP section SIP Device Parameters SIP Accounts Phone Port PSTN Dial Plan VoIP Dial Plan Call Features Speed Dial and Ring Tone SIP Device Parameters This section provides easy setup for your VoIP service Phone port 1 and 2 can be registered to different SIP Service Providers SIP Device Parameters SIP To use VoIP SIP as VoIP call signaling protocol Default is set to Disable...

Page 98: ...where to send receive the VoIP traffic it includes ipwan and iplan Easy way to select the interface is to check the location of the SIP server If it is located somewhere on the Internet then select ipwan If the VoIP SIP server is on the local Network then select iplan Voice Frame Size Frame size is available from 10ms to 60ms Frame size meaning how many milliseconds the Voice packets will be queue...

Page 99: ...to this device Set the OFFHOOK voltage to the lowest setting registered for all your telephones e g if your telephones return values of 4 5 and 7 then you should set your OFFHOOK voltage to 4 Note The detected values will not automatically be set by the Check Level function you must enter the lowest level detected after testing all your telephones SIP Accounts This section contains the basic setti...

Page 100: ...t information of the Phones Click Edit to update your phone information Port It allows you to change the phone port setting for a specific FXS port 69 Return Call Dial 69 to return the last missed call It is only available for VoIP call s 20 Do not Disturb ON Dial 20 to enable the No Disturb feature Your phone will not ring if someone calls 90x Blind Call Transfer Dial 90 phone number to transfer ...

Page 101: ...odulation PCM encoder and decoder to convert a 13 bit linear sample G 726 32 It is used to encode and decode voice information into a single packet to reduce bandwidth consumption Currently only supports bit rates of 32Kbps DTMF Method The Inband RFC 2833 and SIP INFO RFC 2976 are supported Volume Control Volume control enables you to adjust the voice quality of the telephones to a comfortable lev...

Page 102: ...hen making a regular call Note The prefix number dialed has to match the number of digits specified Dial without Prefix With this selected the prefix which is dialed together with the phone number will not be dialed out with the phone number via the FXO when making a regular call Note The length of the number of digits dialed should match the number of digits specified Dial at Timeout The number t...

Page 103: ... will be dialed out via FXO port for making a regular phone call 3 Dial at Timeout If you dial 01223 7070 the number 012237070 will be dialed to make a regular call via FXO port after a defined timeout interval even though the number of digits entered does not match the number of digits defined Number 7070 will still be a valid number for the device to complete the dialing because it does not exce...

Page 104: ...as not exceeded the number of digits defined VoIP Dial Plan This feature makes dialing a phone number more convenient and easy Instead of having to memorize the phone number of every contact VoIP Dial Plan gives you the option of create a dial plan that will enable you to make your phone calls without the need to memorize the phone number To access this feature go to Configuration VoIP VoIP Dial P...

Page 105: ... Service Provider Current Profile Refer to the VoIP account registered on the VoIP Wizard for Port 1 or 2 PSTN Making a telephone call via the PSTN line ENUM Making a VoIP SIP direct call via an Electronic number ENUM 164 to an ENUM caller Electronic Number ENUM uses DNS Domain Network System based technology to map between a traditional phone number PSTN to an Internet addresses SIP URL The ENUM ...

Page 106: ...m length is 16 xx Starting with sign any digit number 0 9 in variable length but no shorter than 1 digits Maximum length is 16 xx x Starting with sign any two digit numbers sign any number 0 9 in variable length Maximum length is 16 Call Feature VoIP has all the basic features of a traditional phone Besides the provided basic features VoIP also comes with several enhanced features that allow you t...

Page 107: ...e pound sign on the phone keypad to activate the function For example to speed dial to the phone number listed on 9 just press keypad 9 then Your router will automatically call the number listed on entry 9 Ring Tone This section allows advanced users to change the existing or newly defined parameters for various ring tones dial tone busy tone answer tone etc ...

Page 108: ...on Also it is recommended that this option be configured by an advanced user unless you are instructed to do so Click Apply to apply the settings QoS Quality of Service The QoS function helps you control the network traffic of each application from LAN Ethernet and or Wireless to WAN Internet It allows you to control the quality and speed of throughput for each application when the system is runni...

Page 109: ...CP Marking Differentiated Services Code Point DSCP it is the first 6 bits in the ToS byte DSCP Marking allows users to classify the traffic of the application to be executed according to the DSCP value See Table 4 for DSCP Mapping Table Note Make sure that the router s in the network backbone are capable of executing and checking the DSCP throughout the QoS network Table 4 DSCP Mapping Table DSCP ...

Page 110: ...ol The name of the supported protocol Rate Limit To limit the speed of the outbound traffic Source IP Address Range The source IP address or the range of packets to be monitored Source Port s The source port of the packets to be monitored Destination IP Address Range The destination IP address or the range of packets to be monitored Destination Port s The destination port of the packets to be moni...

Page 111: ...te Limit To limit the speed of the inbound traffic Source IP Address Range The source IP address or the range of the packets to be monitored Source Port s The source port of the packets to be monitored Destination IP Address Range The destination IP address or the range of the packets to be monitored Destination Port s The destination port of the packets to be monitored Example QoS for your Networ...

Page 112: ...Billion 810VNTX Router Page 111 Information and Settings Upstream 928 kbps Downstream 8 Mbps VoIP User 192 168 1 1 Normal Users 192 168 1 2 192 168 1 5 Restricted User 192 168 1 100 ...

Page 113: ...out any drop out Set the level of priority as high to prevent other applications from saturating the bandwidth Voice application Voice is a latency sensitive application Most VoIP devices use SIP protocol and the port number will be assigned by SIP modules automatically It is better to use fixed IP addresses to catch VoIP packets as high priority The setting above will help you improve the quality...

Page 114: ...edules also help to limit its utilization during daytime Advanced settings by using IP throttling IP throttling enables you to set parameters for bandwidth allocation although the applications may be located on the same level Upstream 928kbps 29 32kbps Mission critical Application 192kbps 6 32kbps Voice Application 128kbps 4 32kbps Restricted Application 160kbps 5 32kbps Other Applications 448kbps...

Page 115: ...nections e g Peer to peer P2P software such as instant messaging applications and P2P file sharing applications and are using NAT Network Address Translation then you will usually need to configure your router to forward these incoming connection attempts using specific ports to the PC on your network running the application You will also need to use port forwarding if you want to host an online g...

Page 116: ... protocol for the virtual server In addition to specifying the port number to be used you will also need to specify the protocol used The protocol used is determined by a particular application Most applications will use TCP or UDP Time Schedule A user defined time period to enable your virtual server You may specify a time schedule or select Always on for this Virtual Server Entry For setup and d...

Page 117: ...will not function If the DHCP option is enabled you must be careful while assigning IP addresses to Virtual Servers in order to avoid IP conflicts The easiest way of configuring a Virtual Server is to assign static IP addresses to each Virtual Server PC with addresses that do not fall into the range of IP addresses reserved for DHCP If you configure the IP address manually be sure that it is in th...

Page 118: ...ecked Be aware that this IP will be exposed to the WAN Internet Lists all PC s connected to the network You may assign a PC with an IP address from this list Select the Apply button to apply your changes Edit One to One NAT Network Address Translation One to One NAT maps a specific private local IP address to a global public IP address If you have multiple public WAN IP addresses from your ISP you...

Page 119: ...mber on the Remote WAN side used when accessing the virtual server Redirect Port The Port number used by the Local server in the LAN network Internal IP Address The private IP in the LAN network which provides the virtual server application Lists all the PC s currently connected to the network You may assign a PC with an IP address from this list Select the Add button to apply your changes Example...

Page 120: ...5 TCP SMTP Simple Mail Transfer Protocol 53 TCP UDP DNS Domain Name Server 69 UDP TFTP Trivial File Transfer Protocol 80 TCP World Wide Web HTTP 110 TCP POP3 Post Office Protocol Version 3 119 TCP NEWS Network News Transfer Protocol 123 UDP NTP Network Time Protocol SNTP Simple Network Time Protocol 161 TCP SNMP 443 TCP UDP HTTPS 1503 TCP T 120 1720 TCP H 323 4000 TCP ICQ 7070 UDP RealAudio ...

Page 121: ...trict or allow the use of the Internet by users or applications Time Schedules correlate closely with router time Since the router does not have a real time clock on board it uses the Simple Network Time Protocol SNTP to get the current time from an SNTP server Refer to Time Zone for details Your router time should correspond with your local time If the time is not set correctly your Time Schedule...

Page 122: ...etailed setting of this Time Slot will be shown ID This is the index of the time slot Name A user defined description to identify this time portfolio Day in a week The default is set from Monday through Friday You may also specify the days for the schedule to be applied to Start Time The default is set to 8 00 AM You may specify the start time of the schedule End Time The default is set to 18 00 6...

Page 123: ... do so by support staff These are the items within the Advanced section Static Route Dynamic DNS Check Email Device Management IGMP and VLAN Bridge Static Route Go to Configuration Advanced Static Route Destination This is the destination subnet IP address Netmask Subnet mask of the destination IP addresses based on the above destination subnet IP Gateway This is the gateway IP address to which pa...

Page 124: ... to register and establish an account with the Dynamic DNS provider using their website for example http www dyndns org There are more than 5 DDNS services supported Dynamic DNS Disable Check to disable the Dynamic DNS function Enable Check to enable the Dynamic DNS function The following fields will be activated and required Dynamic DNS Server Select the DDNS service you have established an accou...

Page 125: ...u to control your routers security options and device monitoring features Device Host Name Host Name Assign it a name Note The Host Name must have more than one word These two words should be separated bya period in between Example Host Name homegateway Incorrect Host Name home gateway or my home gateway Correct ...

Page 126: ...tems This makes tasks such as port forwarding easier by letting the application control the required settings remove the need for the user to control the advanced configuration of their device Both operating system and the relevant application must support UPnP in addition to the router Windows XP and Windows ME natively support UPnP when the component is installed while Windows 98 users may insta...

Page 127: ...munity string paradigm for security but is widely accepted as the SNMPv2 standard SNMPv3 is a strong authentication mechanism authorization with fine granularity for remote monitoring Traps supported Cold Start Authentication Failure The following MIBs are supported From RFC 1213 MIB II System group From RFC 1472 PPP Security MIB System group PPP security group Interface group Address Translation ...

Page 128: ...the router web interface choose Logout Please save your configuration setting before logging out of the system Be aware that the router configuration interface can only be accessed by one PC at a time Therefore when a PC has logged into the system interface the other users cannot access the system interface until the current user has logged out of the system If the previous user forgets to logout ...

Page 129: ...encapsulation type and type of multiplexing settings are the same as those provided to you by your ISP Reboot the router If you still have a problem you may need to verify these settings with your ISP Frequent loss of ADSL line sync disconnection Make sure that all devices e g telephone fax machine analogue modems that are connected to the same telephone line as your router have a line filter conn...

Page 130: ... contact Modem Support Contact Telkom Support Telephone 10210 Operating Hours 24hrs 7 days a week Contact Modem Support Telephone 0860 110 041 Website www sizwebroadband co za Operating Hours 8 00am to 17 00pm Mon Fri only MAC OS is a registered Trademark of Apple Computer Inc Windows 98 Windows NT Windows 2000 Windows Me Windows XP Windows Vista are registered Trademarks of Microsoft Corporation ...