Billion BiPAC SHDSL/SHDSL.bis (VPN) Firewall Bridge/ Router BiPAC 8500/8520 SHDSL VPN Firewall Bridge/ Router BiPAC 8501/8521 SHDSL.
Billion BiPAC SHDSL/SHDSL.bis (VPN) Firewall Bridge/ Router Table of Contents CHAPTER 1: INTRODUCTION ............................................................................................................. 1 INTRODUCTION TO YOUR ROUTER ........................................................................................................ 1 FEATURES .............................................................................................................................................
NAT Sessions ............................................................................................................................... 34 Diagnostic..................................................................................................................................... 34 UPnP Portmap .............................................................................................................................. 35 QUICK START ..................................................................
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Chapter 1: Introduction Introduction to your Router Welcome to the Billion BiPAC 8500/ 8501/ 8520/ 8521 SHDSL Router. Your SHDSL router is an “all-in-one” unit, combining an SHDSL modem, SHDSL router and Ethernet network switch, providing everything you need to get the machines on your network connected to the Internet over your SHDSL broadband connection.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router devices. With this feature enabled, users can now connect to Net meeting or MSN Messenger seamlessly. Network Address Translation (NAT) Allows multi-users to access outside resources such as the Internet simultaneously with one IP address/one Internet access account. Many application layer gateways (ALG) are supported such as web browser, ICQ, FTP, Telnet, E-mail, News, Net2phone, Ping, NetMeeting, IP phone and others.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Rich Packet Filtering Not only filters the packet based on IP address, but also based on Port numbers. It will filter packets from and to the Internet. It also provides a higher level of security control. Dynamic Host Configuration Protocol (DHCP) client and server In the WAN site, the DHCP client can get an IP address from the Internet Service Provider (ISP) automatically.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Chapter 2: Installing the Router Important note for using this Router Do not use the router in high humidity or high temperatures. Do not use the same power source for the router as other equipment. Do not open or repair the case yourself. If the router is too hot, turn off the power immediately and have it repaired at a qualified service center. Avoid using this product and all accessories outdoors.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router The Front LEDs of BiPAC 8500 1 4 2 LED 1 LINE 2 LAN Port 1X — 4X 3 Meaning Lit when successfully connected to SHDSL line and when it is synchronized. (RJ-45 connector) Lit when connected to an Ethernet device. Green for 100Mbps; Orange for 10Mbps. Blinking when data is Transmitted / Received. 3 SYS Lit when the system is ready. 4 PWR Lit when power is ON.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router The Front LEDs of BiPAC 8520 1 2 3 LED 1 4 5 Meaning LINE 1 & 2 Lit when successfully connected to SHDSL line and when it is synchronized. LAN Port 1X — 4X (RJ-45 connector) Lit when connected to an Ethernet device. Green for 100Mbps; Orange for 10Mbps. Blinking when data is Transmitted / Received. 4 SYS Lit when the system is ready. 5 PWR Lit when power is ON.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router The Front LEDs of BiPAC 8501 1 2 LED 3 4 Meaning 1 2 PWR SYS Lit when power is ON. Lit when the system is ready. 3 LAN Port 1X — 4X Lit when connected to an Ethernet device. Green for 100Mbps; Orange for 10Mbps. Blinking when data is Transmitted / Received. Lit when successfully connected to SHDSL line and when it is synchronized.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router The Front LEDs of BiPAC 8521 1 2 LED 1 PWR 2 SYS 3 LAN Port 1X — 4X (RJ-45 connector) 4 5 LINE 1 & 2 Chapter 2: Installing the router 3 4 5 Meaning Lit green when power is ON. Flashes when the system is being started. Then lit green when the system is ready. Lit when connected to an Ethernet device. Green for 100Mbps; Orange for 10Mbps. Blinking when data is Transmitted / Received.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router The Rear Ports of BiPAC 8500 / 8520 4 6 1 3 5 Port 2 Meaning 1 Power Switch Power ON/OFF switch 2 PWR Connect the supplied power adapter to this jack. 3 RESET To be sure the device is being turned on press RESET button for: 1-3 seconds: quick reset the device. 6 seconds above, and power off, power on the device: restore to factory default settings. (Cannot login to the router or forgot your Username/Password.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router The Rear Ports of BiPAC 8501 3 5 6 4 Port 1 2 Meaning 1 Power Switch Power ON/OFF switch 2 PWR Connect the supplied power adapter to this jack. 3 RESET To be sure the device is being turned on->press RESET button for: 1-3 seconds: quick reset the device. 6 seconds above, and power off, power on the device: restore to factory default settings. (Cannot login to the router or forgot your Username/Password.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router The Rear Ports of BiPAC 8521 6 5 4 Port 3 2 1 Meaning 1 Power Switch Power ON/OFF switch 2 PWR Connect the supplied power adapter to this jack. RESET To be sure the device is being turned on->press RESET button for: 1-3 seconds: quick reset the device. Press 6 seconds above to power off the device, then power on the device to restore the factory default settings.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Cabling One of the most common causes to problem is bad cabling or SHDSL line(s). Make sure that all connected devices are turned on. On the front panel of the product is a row of LEDs. Verify that the LAN Link and SHDSL line LEDs are lit. If they are not, verify that you are using the proper cables.
Billion BiPAC SHDSL/SHDSL.bis (VPN) Firewall Bridge/ Router Chapter 3: Basic Installation The router can be configured with your web browser. A web browser is included as a standard application in the following operating systems: Linux, Mac OS, Windows 98/NT/2000/XP/Me, etc. The product provides an easy and user-friendly interface for configuration. Please check your PC’s network components. The TCP/IP protocol stack and Ethernet network adapter must be installed.
Billion BiPAC SHDSL/SHDSL.bis (VPN) Firewall Bridge/ Router Network Configuration For Windows Vista 1. Go to Start. Click on Network. 2. Then click on Network and Sharing Center at the top bar. 3. When the Network and Sharing Center window pops up, select and click on Manage network connections on the left window pane. 4. Select the Local Area Connection, and right click the icon to select Properties.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router 5. Select Internet Protocol Version 4 (TCP/IPv4) then click Properties. 6. In the TCP/IPv4 properties window, select the Obtain an IP address automatically and Obtain DNS Server address automatically radio buttons. Then click OK to exit the setting. 7. Click OK again in the Local Area Connection Properties window to apply the new configuration.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router For Windows XP 1. Go to Start / Control Panel (in Classic View). In the Control Panel, double-click on Network Connections 2. Double-click Local Area Connection. 3. In the Local Area Connection Status window, click Properties.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router 4. Select Internet Protocol (TCP/IP) and click Properties. 5. Select the Obtain an IP address automatically and the Obtain DNS server address automatically radio buttons. 6. Click OK to finish the configuration.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router For Windows 2000 1. Go to Start / Settings / Control Panel. In the Control Panel, double-click on Network and Dial-up Connections. 2. Double-click Local Area Connection. 3. In the Local Area Connection Status window click Properties.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router 4. Select Internet Protocol (TCP/IP) and click Properties. 5. Select the Obtain an IP address automatically and the Obtain DNS server address automatically radio buttons. 6. Click OK to finish the configuration.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router For Windows 98/Me 1. Go to Start / Settings / Control Panel. In the Control Panel, double-click on Network and choose the Configuration tab. 2. Select TCP/IP ->NE2000 Compatible, or the name of your Network Interface Card (NIC) in your PC. Then click Properties. 3. Select the Obtain an IP address automatically radio button.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router 4. Then select the DNS Configuration tab. 5. Select the Disable DNS radio button and click OK to finish the configuration.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router For Windows NT4.0 1. Go to Start / Settings / Control Panel. In the Control Panel, double-click on Network and choose the Protocols tab. 2. Select TCP/IP Protocol and click Properties. 3. Select the Obtain an IP address from a DHCP server radio button and click OK.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Factory Default Settings Before configuring your router, you need to know the following default settings. Web Interface (Username and Password): Username: admin Password: admin The default username and password are “admin” and “admin” respectively. Attention Attention If you ever forget the username/password to login to the router, you may press the RESET button up to 6 seconds to restore the factory default settings.
Billion BiPAC SHDSL/SHDSL.bis (VPN) Firewall Bridge/ Router Information from your ISP Before configuring this device, you have to check with your ISP (Internet Service Provider) to find out what kind of service is provided such as DHCP (Obtain an IP Address Automatically, Static IP (Fixed IP Address) and PPPoE. Gather the information as illustrated in the following table and keep it for reference.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Configuring with your Web Browser Open your web browser, enter the IP address of your router, which by default is 192.168.1.254, and click “Go”, a user name and password window prompt will appear. The default username and password are “admin” and “admin”.
Billion BiPAC SHDSL/SHDSL.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Status ARP Table This section displays the router’s ARP (Address Resolution Protocol) Table, which shows the mapping of Internet (IP) addresses to Ethernet (MAC) addresses. This is a useful & quick way to determine the MAC address of your PCs network interface through the router’s Firewall – MAC Address Filter function. See the Firewall section of this manual for more information on this feature.
Billion BiPAC SHDSL/SHDSL.bis (VPN) Firewall Bridge/ Router Routing Table Routing Table Valid: It indicates a successful routing status. Destination: The IP address of the destination network. Netmask: The destination netmask address. Gateway/Interface: The IP address of the gateway or existing interface that this route will use. Cost: The number of hops counted as the cost of the route. RIP Routing Table Destination: The IP address of the destination network. Netmask: The destination netmask address.
Billion BiPAC SHDSL/SHDSL.bis (VPN) Firewall Bridge/ Router DHCP Table Leased: The DHCP assigned IP addresses information. IP Address: A list of IP addresses of devices on your LAN (Local Area Network). Expired: The expired IP addresses information. Permanent: The fixed host mapping information Leased Table IP Address: The IP address that assigned to client. MAC Address: The MAC address of client. Client Host Name: The Host Name (Computer Name) of client. Expiry: The current lease time of client.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router PPTP Status (BiPAC 8500/ 8501/ 8520 Only) This shows details of your configured PPTP VPN Connections. • Name: The name you assigned to the particular PPTP connection in your VPN configuration. • Type: The type of connection (dial-in/dial-out). • Enable: Whether the connection is currently enabled. • Active: Whether the connection is currently active. • Tunnel Connected: Whether the VPN Tunnel is currently connected.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router IPSec Status (BiPAC 8500/ 8501/ 8520 Only) This shows details of your configured IPSec VPN Connections. • Name: The name you assigned to the particular VPN entry. • Active: Whether the VPN Connection is currently Active. • Connection State: Whether the VPN is Connected or Disconnected. • Statistics: Statistics for this VPN Connection. • Local Subnet: The local IP Address or Subnet used.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router L2TP Status (BiPAC 8500/ 8501/ 8520 Only) This shows details of your configured L2TP VPN Connections. • Name: The name you assigned to the particular L2TP connection in your VPN configuration. • Type: The type of connection (dial-in/dial-out). • Enable: Whether the connection is currently enabled. • Active: Whether the connection is currently active. • Tunnel Connected: Whether the VPN Tunnel is currently connected.
Billion BiPAC SHDSL/SHDSL.bis (VPN) Firewall Bridge/ Router Event Log This page displays the router’s Event Log entries. Major events are logged to this window, such as when the router’s ADSL connection is disconnected, and Firewall events such as when you have enabled Intrusion or Blocking Logging in the Configuration – Firewall section of the interface. Please see the Firewall section of this manual for more details on how to enable Firewall logging. Error Log Any errors encountered by the router (e.g.
Billion BiPAC SHDSL/SHDSL.bis (VPN) Firewall Bridge/ Router NAT Sessions This section lists all current NAT sessions between interface of types external (WAN) and internal (LAN). Diagnostic It tests the connection of computer(s) which is connected to LAN ports and also the WAN Internet connection. If PING www.google.com is shown FAIL and the rest is PASS, you ought to check if your PC’s DNS setting is correct.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router UPnP Portmap The section lists all port-mapping established using UPnP (Universal Plug and Play). Please see the Advanced section of this manual for more details on UPnP and the router’s UPnP configuration options.
Billion BiPAC SHDSL/SHDSL.bis (VPN) Firewall Bridge/ Router Quick Start For detailed instructions on configuring your WAN settings, please see the WAN section of this manual. Usually, the only details you will need for the Quick Start wizard to get you online are your login (often in the form of username@ispname), your password and the encapsulation type. In addition to this, you can either provide a specific DNS, or check the Enable box to get the DNS automatically from your ISP.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Select the desired option from the list and click Apply to return to the Quick Start interface to continue configuring your ISP connection. Please note that the contents of this list will vary, depending on what is supported by your ISP.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Configuration When you click this item, you will get the following sub-items to configure your router: LAN, WAN, System, Firewall, VPN (not available in 8521), QoS, Virtual Server, Time Schedule and Advanced These functions are described below in the following sections. LAN (Local Area Network) There are seven items within the LAN section: Bridge Interface, Ethernet, IP Alias, Ethernet Client Filter, Port Setting and DHCP Server.
Billion BiPAC SHDSL/SHDSL.bis (VPN) Firewall Bridge/ Router Edit Ethernet Interface Parameter Click on a specific Ethernet you that you wish to edit its interface parameter under the Bridged Interface section. You can also edit the Ethernet Interface parameter such as its Acceptable Frame Type; Filter Type or PVID for Untagged Frames. When the editing is complete, click Apply to save the changes and then click Return to go back to the Bridged Interface page.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router IP Alias This function supports the creation of multiple virtual IP interfaces on this router. It helps to connect two or more local networks to the ISP or a remote node. In this case, an internal router is not required. Click Add to add a new IP alias. • IP Address: Specify an IP address on this virtual interface. • SubNetmask: Specify a subnet mask on this virtual interface.
Billion BiPAC SHDSL/SHDSL.bis (VPN) Firewall Bridge/ Router Ethernet Client Filter The Ethernet Client Filter supports up to 16 Ethernet network machines that helps you to manage your network control to accept traffic from specific authorized machines or to restrict unwanted machine(s) to access your LAN. There are no pre-define Ethernet MAC address filter rules; you can add the filter rules to meet your requirements. Ethernet Client Filter: Default setting is set to Disable.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Active PC in LAN displays a list of IP Address & MAC Address of each individual Ethernet device which is connected to the router. You can check the box next to the IP address to block or allow. Then, click Add to insert to the Ethernet Client Filter table. The maximum number of Ethernet client is 16.
Billion BiPAC SHDSL/SHDSL.bis (VPN) Firewall Bridge/ Router Port Setting This section allows you to configure the settings for the router’s Ethernet ports to solve some of the compatibility problems that may be encountered while connecting to the Internet, as well allowing users to tweak the performance of their network. • Port # Connection Type: Six options to choose from: Auto, 10M half-duplex, 10M fullduplex, 100M half-duplex, 100M full-duplex and Disable.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router DHCP Server You can disable or enable the DHCP (Dynamic Host Configuration Protocol) server or enable the router’s DHCP relay functions. The DHCP protocol allows your router to dynamically assign IP addresses to PCs on your network if they are configured to obtain IP addresses automatically. To disable the router’s DHCP Server, check Disabled and click Next, then click Apply.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router If you check DHCP Relay Agent and click Next, then you will have to enter the IP address of the DHCP server which will assign an IP address back to the DHCP client in the LAN. Use this function only if advised to do so by your network administrator or ISP. Click Apply to enable this function.
Billion BiPAC SHDSL/SHDSL.bis (VPN) Firewall Bridge/ Router WAN (Wide Area Network) WAN refers to your Wide Area Network connection, i.e. your router’s connection to your ISP and the Internet. There are three items within the WAN section: ISP, DNS and SHDSL. ISP The factory default is PPPoE. If your ISP uses this access protocol, click Edit to input other parameters as below. If your ISP does not use PPPoE, you can change the default WAN connection entry by clicking Change.
Billion BiPAC SHDSL/SHDSL.bis (VPN) Firewall Bridge/ Router RFC 1483 Routed Connections • Description: User-definable name for the connection. • VPI and VCI: Enter the information provided by your ISP. • ATM Class: The Quality of Service for ATM layer. • NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single IP account by sharing the single IP address.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router given by you our ISP. • RIP: RIP v1, RIP v2, and RIP v2 Multicast. Check to enable RIP function. • MTU: Maximum Transmission Unit. The size of the largest datagram (excluding mediaspecific headers) that IP will attempt to send through the interface. • TCP MSS Clamp: This option helps to auto detect the optimal MTU size. Default is enabled. • MAC Address Spoofing: This option is required by Service Providers.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router RFC 1483 Bridged Connections • Description: User-definable name for the connection. • VPI and VCI: Enter the information provided by your ISP. • ATM Class: The Quality of Service for ATM layer. • Encapsulation method: Select the encapsulation format, this is provided by your ISP. • Acceptable Frame Type: Specify what kind of traffic can pass through this connection, all traffic or only VLAN tagged.
Billion BiPAC SHDSL/SHDSL.bis (VPN) Firewall Bridge/ Router PPPoA Routed Connections • Description: User-definable name for the connection. • VPI/VCI: Enter the information provided by your ISP. • ATM Class: The Quality of Service for ATM layer. • NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single IP account by sharing a single IP address.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Provider (ISP) automatically or not. Please click Obtain an IP address automatically via DHCP client to enable the DHCP client function or click Specify an IP address to disable the DHCP client function, and specify the IP address manually. The setting of this item is specified by your ISP. • Authentication Protocol Type: Default is Chap (Auto). Your ISP will advise you whether to use Chap or Pap.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Advanced Options (PPPoA) • LLC Header: Select encapsulation mode, true for using LLC or false for using VC-Mux. • Create Route: This setting specifies whether a route is to be added to the system after IPCP (Internet Protocol Control Protocol) negotiation is complete. If set to enabled, a route will be created which directs packets to the remote end of the PPP link.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router IPoA Routed Connections • Description: User-definable name for the connection. • VPI/VCI: Enter the information provided by your ISP. • ATM Class: The Quality of Service for ATM layer. • NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single IP account by sharing a single IP address.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router • RIP: RIP v1, RIP v2, and RIP v2 Multicast. Check to enable RIP function. • MTU: Maximum Transmission Unit. The size of the largest datagram (excluding mediaspecific headers) that IP will attempt to send through the interface. • TCP MSS Clamp: This option helps to auto detect the optimal MTU size. Default is enabled.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router PPPoE Connections • Description: User-definable name for this connection. • VPI/VCI: Enter the information provided by your ISP. • ATM Class: The Quality of Service for ATM layer. • NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single IP account by sharing a single IP address.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router alphanumeric characters (case sensitive). This will usually be in the format of “username@ispname” instead of simply “username”. • Password: Enter the password provided by your ISP. You can input up to 128 alphanumeric characters (case sensitive). • Service Name: This item is for identification purposes. If it is required, your ISP will provide you the information. Maximum input is 20 alphanumeric characters.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Advanced Options (PPPoE) • LLC Header: Selects encapsulation mode, true for using LLC or false for using VC-Mux. • Create Route: This setting specify whether a route is to be added to the system after IPCP (Internet Protocol Control Protocol) negotiation is completed. If set to enabled, a route will be created which directs packets to the remote end of the PPP link.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router PPPoE with Pass-through Connections To access PPPoE with Pass-through Connection: Press Change > PPPoE Routed with PassThrough > Quick Start PPPoE with pass-through adapts the following method: PPPoE Routed mode + 1483 Bridge Mode. With pure PPPoE connection, the router can get one WAN address to the router.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router • Description: User-definable name for this connection. • VPI/VCI: Enter the information provided by your ISP. • ATM Class: The Quality of Service for ATM layer. • NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single IP account by sharing a single IP address.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router • Service Name: This item is for identification purposes. If it is required, your ISP will provide you the information. Maximum input is 20 alphanumeric characters. • IP Address: specify if the Router can get an IP address from the Internet Server Provider (ISP) automatically or not.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Advanced Options (PPPoE) LLC Header: Select encapsulation mode, true for using LLC or false for using VC-Mux. Create Route: This setting specifies whether a route is to be added to the system after IPCP (Internet Protocol Control Protocol) negotiation is complete. If set to enabled, a route will be created which directs packets to the remote end of the PPP link.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Discover Primary NBNS / Discover Secondary NBNS: This setting enables/disables whether the primary/secondary NBNS server address is requested from a remote PPP peer using IPCP. The default setting for this command is disabled. Discover Subnet Mask: Specify if the subnet mask given by IPCP negotiation process is to be used.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router DNS A Domain Name System (DNS) contains a mapping table for domain name and IP addresses. On the Internet, every host has a unique and user-friendly name (domain name) such as www.helloworld.com and an IP address. An IP address is a 32-bit number in the form of xxx.xxx.xxx.xxx, for example 192.168.1.254.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router SHDSL-BiPAC 8500 • Mode: The SHDSL device can function as a CPE (Customer Premises Equipment) or CO (Central Office). Select CPE mode when the BiPAC 8500 is connected to your ISP. • Back – to –back: it is a direct connection between two SHDSL devices with one being set to CPE and the other is set to CO by using a standard RJ-11 telephone cable. • Annex Type: It is the DSL operating mode standard.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router • Bit Rate: Display SHDSL line synch speed rate. Click Apply button to apply your changes.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router SHDSL – BiPAC 8520 Standard 4-wired connection: the 4-wired handshaking procedure that is compliant with ITU-T standard. False 4-wired connection: This mode is used when 4-wired connection is disabled.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Enhanced 4-wired connection: Conexant enhanced 4-wired mode and compliant with Conexant Legacy codes. Sustain2W 4-wired connection: This mode is used to auto detect whether the device uses 2wired connection or 4-wired connection. • 4-Wired Connection: BiPAC 8520 supports 4 types of SHDSL.bis connection: Standard, False, Enahnced & Sustain2W. Select the type of SHDSL.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Note: When select 2-wired mode, only Port 1 settings need to be configured and the SHDSL (RJ-11 cable) must be connected to LINE 1 on the back of the device.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router • Mode: The SHDSL device can function as a CPE (Customer Premises Equipment) or CO (Central Office). Select CPE mode when the BiPAC 8520 is connected to your ISP. • Back – to –back: it is a direct connection between two SHDSL devices with one being set to CPE and the other is set to CO by using a standard RJ-11 telephone cable. • Annex Type: It is the DSL operating mode standard. Select Annex A or Annex B to support up to 2.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router SHDSL – BiPAC 8501 • Mode: The SHDSL.bis device can function as a CPE (Customer Premises Equipment) or CO. Select CPE mode when the BiPAC 8501 is connecting to your ISP. • Annex Type: It is the DSL operating mode standard. Select Annex A or Annex B to support up to 5.7Mbps SHDSL.bis function. Select other annex such as Annex B_ANFP / Annex A_B_ANFP, you may consult with your ISP first.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router SHDSL – BiPAC 8521 Standard 4-wired connection: the 4-wired handshaking procedure that is compliant with ITU-T standard. False 4-wired connection: This mode is used when 4-wired connection is disabled.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Enhanced 4-wired connection: Conexant enhanced 4-wired mode and compliant with Conexant Legacy codes.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router • 4-Wired Connection: BiPAC 8521 supports 3 types of SHDSL.bis connection: Standard, False & Enahnced. Select the type of SHDSL.bis connection from the 4-wired connection drop down menu, then select Apply to activate the configuration page. Note: When select 2-wire mode, only Port 1 settings need to be configured and the SHDSL (RJ-11 cable) must be connected to LINE 1 on the back of the device. • Mode: The SHDSL.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router System Listed are items within the System section: Time Zone, Remote Access, Firmware Upgrade, Backup/Restore, Restart and User Management. Time Zone The router does not have a real time clock on board; instead, it uses the Simple Network Time Protocol (SNTP) to get the current time from an SNTP server outside your network. Choose your local time zone, click Enable and click the Apply button.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Remote Access To temporarily permit remote administration of the router (i.e. from outside your LAN), select a time period the router will permit remote access and click Enable. You may change other configuration options for the web administration interface using Device Management options in the Advanced section of the GUI. If you wish to permanently enable remote access, choose a time period of 0 minutes.
Billion BiPAC SHDSL/SHDSL.bis (VPN) Firewall Bridge/ Router Firmware Upgrade Your router’s “firmware” is the software that allows it to operate and provides all its functionality. Think of your router as a dedicated computer, and the firmware as the software it runs. Over time this software may be improved and modified, and your router allows you to upgrade the software it runs to take on advantage of these changes.
Billion BiPAC SHDSL/SHDSL.bis (VPN) Firewall Bridge/ Router Backup / Restore These functions allow you to save and to create a backup of your router current settings to a file on your PC, or to restore a previously saved setting. This is useful if you wish to experiment with different settings, knowing that you have a backup in hand in case any mistakes occur. It is advisable to backup your router’s settings before making any significant changes to your router’s configuration.
Billion BiPAC SHDSL/SHDSL.bis (VPN) Firewall Bridge/ Router Restart Router Click Restart with option Current Settings to reboot your router (and restore your last saved configuration). If you wish to restart the router using the factory default settings (for example, after a firmware upgrade or if you have saved an incorrect configuration), select Factory Default Settings to reset to factory default settings.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router User Management In order to prevent unauthorized access to your router’s configuration interface, all users are required to login to the system with a password. You can set up multiple user accounts, each with their own password. You are able to Edit existing user accounts or Create new user accounts to grant access permission to the device’s configuration interface.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Firewall and Access Control Your router includes a full SPI (Stateful Packet Inspection) firewall for controlling Internet access from your LAN, as well as helping to prevent attacks from hackers. In addition to this, when using NAT, the router acts as a “natural” Internet firewall, as all PCs on your LAN will use private IP addresses that cannot be directly accessed from the Internet.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router • Firewall Security and Policy (General Settings): Outbound direction of Packet Filter rules to prevent unauthorized computers or applications accessing the Internet. • URL Filter: To block PCs on your local network from unwanted websites. Listed are items under the Firewall section: General Settings, Packet Filter, Intrusion Detection, URL Filter, IM/P2P Blocking and Firewall Log.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router General Settings You can choose not to enable Firewall, you will not able to add filter rules by yourself in the Packet Filter, or enable the Firewall using preset filter rules and modify the packet filter rules as required. The Packet Filter is used to filter packets based-on Applications (Port) or IP addresses.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Packet Filter This function is only available when Firewall is enabled and one of these four security levels is chosen (All blocked, High, Medium and Low). The predefined port filter rules in the Packet Filter must modify according to the level of Firewall, which is selected. See Table1: Predefined Port Filter for more detailed information.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Example: Predefined Port Filters Rules The predefined port filter rules for High, Medium and Low security levels are listed. See Table 1. Note: Firewall – All Blocked/User-defined, you must define and create the port filter rules yourself.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Packet Filter – Add TCP/UDP Filter • Rule Name: User-define description to identify this entry or click existing predefined rules. The maximum name length is 32 characters. to select • Time Schedule: It is self-defined time period. You may specify a time schedule for your prioritization policy.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Packet Filter – Add Raw IP Filter • Rule Name: A user-defined name for identifying the rule. • Time Schedule: It is self-defined time period. You may specify a time schedule for your prioritization policy. For setup and detail, refer to Time Schedule section • Protocol Number: Insert the port number, i.e. GRE 47. • Inbound / Outbound: Select Allow or Block the access to the Internet (“Outbound”) or from the Internet (“Inbound”).
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Example: Configuring your firewall to allow for a publicly accessible web server on your LAN The predefined port filter rule for HTTP (TCP port 80) is the same whether the firewall is set to a high, medium or low security level. To setup a web server located on the local network when the firewall is enabled, you have to configure the Port Filters setting for HTTP.
Billion BiPAC SHDSL/SHDSL.bis (VPN) Firewall Bridge/ Router Configuring Packet Filter: 1. Click Port Filters. You will then be presented with the predefined port filter rules screen (in this case for the low security level), shown below: Note: You may click Edit the predefined rule instead of Delete it. This is an example to show to how you add a filter on your own. Click Delete 2. Click Delete to delete the existing HTTP rule. 3. Click Add TCP/UDP Filter. Click Add TCP/UDP Filter 4.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router 5. The new port filter rule for HTTP is shown below: 6. Configure your Virtual Server (“port forwarding”) settings so that incoming HTTP requests on port 80 will be forwarded to the PC running your web server: Note: For how to configure the HTTP in Virtual Server, go to Add Virtual Server in Virtual Server section for more details. .
Billion BiPAC SHDSL/SHDSL.bis (VPN) Firewall Bridge/ Router Intrusion Detection The router’s Intrusion Detection System (IDS) is used to detect hacker attacks and intrusion attempts from the Internet. If the IDS function of the firewall is enabled, inbound packets are filtered and blocked depending on whether they are detected as possible hacker attacks, intrusion attempts or other connections that the router determines to be suspicious.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router (PING). For SYN Flood, ICMP Echo Storm and ICMP flood, IDS will just warn the user in the Event Log. It cannot protect against such attacks. Table 2: Types of Hacker attack recognized by the IDS.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router ICMP Flood ICMP Echo Max ICMP Count (Default 100 c/sec) Max PING Count (Default 15 c/sec) Yes Yes Src IP: Source IP Src Port: Source Port Dst Port: Destination Port Dst IP: Destination IP 92 Chapter 4: Configuration
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router URL Filtering URL (Uniform Resource Locator – e.g. an address in the form of http://www.abcde.com or http://www.example.com) filter rules allow you to prevent users on your network from accessing particular websites by their URL. There are no pre-defined URL filter rules; you can add filter rules to meet your requirements. • Enable/Disable: To enable or disable URL Filter feature.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router dropped. 3. If the packet does not match either of the above two items, it is sent to the remote web server. 4. Please be noted that the completed URL, “www” + domain name, shall be specified. For example to block traffic to www.google.com.au, enter “www.google” or “www.google.com” In the example below, the URL request for www.abc.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router IM / P2P Blocking IM, short for Instant Message, is required to use client program software that allows users to communicate, in exchanging text message, with other IM users in real time over the Internet. A P2P application, known as Peer-to-peer, is a group of computer users who share files with specific groups of people across the Internet.
Billion BiPAC SHDSL/SHDSL.bis (VPN) Firewall Bridge/ Router Firewall Log Firewall Log displays log information of all unexpected action taken by your firewall settings. Check the Enable box to activate the logs. Log information can be seen in the Status – Event Log after enabling.
Billion BiPAC SHDSL/SHDSL.bis (VPN) Firewall Bridge/ Router VPN (Virtual Private Networks) (BiPAC 8500/ 8501/ 8520 Only) Virtual Private Networks is a way to establish a secured communication tunnel to an organization’s network via the Internet. Your router supports three main types of VPN (Virtual Private Network), PPTP, IPSec and L2TP.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router PPTP Connection - Remote Access(BiPAC 8500/ 8501/ 8520 Only) • Connection Name: A user-defined name for the connection (e.g. “connection to office”). • Type: Check Dial Out if you want your router to operate as a client (connecting to a remote VPN server, e.g. your office server), check Dial In if you want the router to operate as a VPN server.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router • Mode: You may select Stateful or Stateless mode. The key will be changed every 256 packets when you select Stateful mode. If you select Stateless mode, the key will be changed in each packet. • Idle Time: Auto-disconnect the VPN connection when there is no activity on the connection for a predetermined period of time. 0 means this connection is always on.
Billion BiPAC SHDSL/SHDSL.bis (VPN) Firewall Bridge/ Router Example: Configuring a Remote Access PPTP VPN Dial-out Connection An office of a company establishes a PPTP VPN connection with a file server located at a different location. The router is installed at the office, connecting to a couple of PCs and Servers.
Billion BiPAC SHDSL/SHDSL.bis (VPN) Firewall Bridge/ Router Configuring the PPTP VPN in the Office You can either input the IP address (69.1.121.33 in this case) or the hostname to reach the server. 1 2 3 4 5 Item 1 Function Connection VPN_PPTP Name Dial out 2 3 4 5 Given name of PPTP connection Check Dial out Server IP Address (or Hostname) 69.121.1.33 Username username Password 123456 Auth.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router PPTP Connection - LAN to LAN (BiPAC 8500/ 8501/ 8520 Only) • Connection Name: A user-define description of the connection. • Type: Check Dial Out if you want your router to operate as a client (connecting to a remote VPN server, e.g. your office server), check Dial In if you want it to operate as a VPN server. o When configuring your router as a Client, enter the remote Server IP Address (or Hostname) you wish to connect to.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router connection or you can manually Enable or Disable encryption. • Key Length: The data can be encrypted by MPPE algorithm with 40 bits or 128 bits. Default is Auto, it is negotiated when establishing a connection. 128 bit keys provide stronger encryption than 40 bit keys. • Mode: You may select Stateful or Stateless mode. The key will be changed every 256 packets when you select Stateful mode.
Billion BiPAC SHDSL/SHDSL.bis (VPN) Firewall Bridge/ Router Example: Configuring a PPTP LAN-to-LAN VPN Connection The branch office establishes a PPTP VPN tunnel with the head office to connect two private networks over the Internet. The routers are installed in the head office and the branch office respectively. Both office LAN networks MUST be in different subnet with LAN to LAN application.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Configuring PPTP VPN in the Head Office The IP address 192.168.1.201 will be assigned to the router located in the branch office. Please make sure this IP is not used in the head office LAN. 1 2 4 3 5 6 Item 1 Function Connection HeadOffice Name Dial in 2 3 4 5 6 Given a name of PPTP connection Check Dial in Private IP Address Assigned to Dialing User Peer Network IP Netmask 255.255.255.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router connection is always on. Configuring PPTP VPN in the Branch Office The IP address 69.1.121.30 is the Public IP address of the router located in the head office. If you registered the DDNS (please refer to the DDNS section of this manual), you can also use the domain name instead of the IP address to reach the router.
Billion BiPAC SHDSL/SHDSL.bis (VPN) Firewall Bridge/ Router IPSec (IP Security Protocol) (BiPAC 8500/ 8501/ 8520 Only) Click Create to create a new IPSec VPN connection account. After you have created the IPSec connection, account information will be displayed. (See example above). • Enable / Disable: This function activates or deactivates the IPSec connection. To interrupt the tunnel, check the Disable radio button and click the Apply button to deactivate the connection.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router IPSec VPN Connection (BiPAC 8500/ 8501/ 8520 Only) • Connection Name: User-defined name for the connection (e.g. “connection to office”). • Local Network: Set the IP address, subnet or address range of the local network. o Single Address: The IP address of the local host. o Subnet: The subnet of the local network. For example, IP: 192.168.1.0 with netmask 255.255.255.0 specifies one class C subnet starting from 192.168.1.1 (i.e. 192.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router o SHA1: A one-way hashing algorithm that produces a 160−bit hash. • Encryption: Select the encryption method from the pull-down menu. There are several options, DES, 3DES, AES (128, 192 and 256) and NULL. NULL means it is a tunnel only with no encryption. 3DES and AES are more powerful but increase the latency. o DES: Stand for Data Encryption Standard, it uses 56 bits as an encryption method.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Advanced Option This function is only available after finish creating an IPSec account. Click Advanced Option to change the following settings: • IKE (Internet key Exchange) Mode: Select IKE mode to Main mode or Aggressive mode. This IKE provides secured key generation and key management. IKE Proposal: o Hash Function: It is a Message Digest algorithm which coverts any length of a message into a unique set of bits.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router more powerful but increase the latency. DES: Stands for Data Encryption Standard, it uses 56 bits encryption method. 3DES: Stands for Triple Data Encryption Standard, it uses 168 (56*3) bits encryption method. AES: Stands for Advanced Encryption Standards, you can use 128, 192 or 256 bits encryption method.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router from 0 to 3600 second; 0 second disables the function. Ping to the IP Internal (sec) Ping to the IP Action 0.0.0.0 0 No 0.0.0.0 2000 No xxx.xxx.xxx.xxx (A valid IP Address) 0 No xxx.xxx.xxx.xxx(A valid IP Address) 2000 Yes, activate it in every 2000 second. Disconnection Time after no traffic: It is the NO Response time clock.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Branch Office Head Office Local Network ID 192.168.0.0/24 192.168.1.0/24 Local Router IP 69.1.121.30 69.1.121.3 Remote Network ID 192.168.1.0/24 192.168.0.0/24 Remote Router IP 69.1.121.3 69.1.121.30 IKE Pre-shared Key 12345678 12345678 VPN Connection Type Tunnel mode Tunnel mode Security Algorithm ESP:MD5 with AES ESP:MD5 with AES Attention Attention Both office LAN networks MUST be in different subnet with LAN to LAN application.
Billion BiPAC SHDSL/SHDSL.bis (VPN) Firewall Bridge/ Router Configuring IPSec VPN in the Head Office 1 2 3 4 5 Item 1 Function Connection Name IPSec_HeadOffice Given a name of IPSec connection Subnet 2 3 Check the Subnet radio button IP Address 192.168.1.0 Netmask Secure Gateway Address (or Hostname) 255.255.255.0 69.121.1.30 Subnet 4 5 Head office network IP address of the head office router (in WAN side) Check the Subnet radio button IP Address 192.168.0.0 Netmask 255.255.255.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Prefer Forward Security Pre-shared Key Chapter 4: Configuration None 12345678 115
Billion BiPAC SHDSL/SHDSL.bis (VPN) Firewall Bridge/ Router Configuring IPSec VPN in the Branch Offiece 1 2 3 4 5 Item 1 Function Connection Name Description IPSec_BranchOffice Given a name of IPSec connection Subnet 2 3 Check the Subnet radio button IP Address 192.168.0.0 Netmask Secure Gateway Address (or Hostname) 255.255.255.0 69.121.1.3 Subnet 4 5 IP address of the head office router (in WAN side) Check the Subnet radio button IP Address 192.168.1.0 Netmask 255.255.255.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Prefer Forward Security Pre-shared Key None 12345678 Example: Configuring a IPSec Host-to-LAN VPN Connection Chapter 4: Configuration 117
Billion BiPAC SHDSL/SHDSL.bis (VPN) Firewall Bridge/ Router Configuring IPSec VPN in the Office 1 2 3 4 5 Item 1 Function Connection Name Description IPSec Subnet 2 3 4 Check the Subnet radio button IP Address 192.168.1.0 Netmask Secure Gateway Address (or Hostname) 255.255.255.0 69.121.1.30 Single Address IP Address 69.121.1.
Billion BiPAC SHDSL/SHDSL.bis (VPN) Firewall Bridge/ Router L2TP (Layer Two Tunneling Protocol) (BiPAC 8500/ 8501/ 8520 Only) Support two types of L2TP VPN, Remote Access and LAN-to-LAN (please refer below for more information.). Click Create to create a new VPN connection account. After you have created L2TP connection, the account status will be displayed. (See example above). • Enable / Disable: This function activates or deactivates the L2TP connection.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router L2TP Connection - Remote Access (BiPAC 8500/ 8501/ 8520 Only) L2TP VPN Connection • Connection Name: User-defined name for the connection (e.g. “connection to office”). • Type: Check the Dial Out radio button if you want your router to operate as a client (connecting to a remote VPN server, e.g. your office server), check the Dial In radion button if it is to operate as a VPN server.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router • Idle Time: Auto-disconnect the VPN connection when there is no activity on the connection for a pre-determined period of time. 0 means this connection is always on. • Active as default route: Commonly used by the Dial-out connection which all packets will route through the VPN tunnel to the Internet; therefore, activate the function may downgrade the Internet performance. Click Apply after changing settings.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router • Remote Host Name (Optional): Enter hostname of remote VPN device. It is a tunnel identifier from the Remote VPN device that will match the Remote hostname provided. If the remote hostname is matched, the tunnel will be connected; otherwise, it will be dropped. Cautious: This is only when the router performs as a VPN server. This option should be used by advanced users only.
Billion BiPAC SHDSL/SHDSL.bis (VPN) Firewall Bridge/ Router Example: Configuring a L2TP VPN - Remote Access Dial-in Connection A remote worker establishes a L2TP VPN connection with the head office using Microsoft VPN Adapter (included with Windows XP/2000/ME, etc.). The router is installed in the head office, connecting to a couple of PCs and Servers.
Billion BiPAC SHDSL/SHDSL.bis (VPN) Firewall Bridge/ Router Configuring L2TP VPN in the Office The input IP address 192.168.1.200 will be assigned to the remote worker. Please make sure this IP is not used by the Office LAN. 1 2 3 4 5 6 Item 1 Function Connection Name VPN_L2TP Dial in Description Given a name of L2TP connection Check the Dial in radio button Private IP Address Assigned to Dialing User 192.168.1.200 An assigned IP address for the remote worker Username username 4 Password Auth.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router IPSec 6 Enabled for enhancing your L2TP VPN security. Authentication MD5 Encryption Perfect Forward Secrecy Pre-shared Key 3DES Both sites should use the same value. None 12345678 Example: Configuring a Remote Access L2TP VPN Dial-out Connection A company’s office establishes a L2TP VPN connection with a file server located at a different location. The router is installed in the office, connecting to a couple of PCs and Servers.
Billion BiPAC SHDSL/SHDSL.bis (VPN) Firewall Bridge/ Router Configuring the L2TP VPN in the Office 1 2 3 4 5 6 Item 1 Function Connection VPN_L2TP Name Dial out 2 69.121.1.33 Username username 4 Password Auth.Type 123456 Chap(Auto) 5 Idle Timeout 0 6 IPSec Chapter 4: Configuration Given name of L2TP connection Check the Dial out radio button Server IP Address (or Hostname) 3 Description A Dialed server IP A given username & password Kept as a default value in most cases.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Authentication MD5 Encryption Perfect Forward Secrecy Pre-shared Key 3DES Both sites should use the same value. None 12345678 Example: Configuring your Router to Dial-in to the Server Currently, Microsoft Windows operation system does not support L2TP incoming service. Additional software may be required to set up your L2TP incoming service.
Billion BiPAC SHDSL/SHDSL.bis (VPN) Firewall Bridge/ Router L2TP Connection - LAN to LAN (BiPAC 8500/ 8501/ 8520 Only) L2TP VPN Connection • Connection Name: User-defined description of the connection. • Type: Check the Dial Out radio button if you want your router to operate as a client (connecting to a remote VPN server, e.g. your office server), check the Dial In radio button if it is to operate as a VPN server.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router type the server is using (when acting as a client), or the authentication type you want clients to use (when acting as a server). When using PAP, the password is sent unencrypted, whilst CHAP encrypts the password before sending, and this presents challenges at different periods to ensure that the client has not been replaced by an intruder.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router must be able to verify the identity of its peer. This can be done by manually entering the pre-shared key into the router or hosts at both ends. • Remote Host Name (Optional): Enter hostname of remote VPN device. It is a tunnel identifier from the Remote VPN device that matches the Remote hostname provided. If remote hostname is matched, the tunnel will be connected; otherwise, it will be dropped.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Example: Configuring L2TP LAN-to-LAN VPN Connection The branch office establishes a L2TP VPN tunnel with the head office to connect two private networks over the Internet. The routers are installed in the head office and branch office respectively. Attention Attention Both office LAN networks MUST be in different subnet with LAN to LAN application.
Billion BiPAC SHDSL/SHDSL.bis (VPN) Firewall Bridge/ Router Configuring L2TP VPN in the Head Office The IP address 192.168.1.200 will be assigned to the router located at the branch office. Please make sure this IP is not used by the head office LAN. 1 2 3 4 5 6 7 Item 1 Function Connection Name HeadOffice Dial in 2 3 Private IP Address Assigned to Dialing User Peer Network IP Netmask Chapter 4: Configuration Description Given a name of L2TP connection Check the Dial in radio button 192.168.1.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Username username 5 Password Auth.Type 123456 Chap(Auto) 6 Idle Timeout 0 4 IPSec 7 Kept as a default value in most cases. The connection will be disconnected when there Is no traffic for a predefined period of time. Idle time 0 means the connection is always on. Enable for enhancing your L2TP VPN security.
Billion BiPAC SHDSL/SHDSL.bis (VPN) Firewall Bridge/ Router Configuring L2TP VPN in the Branch Office The IP address 69.1.121.30 is the Public IP address of the router located at head office. If you registered the DDNS (please refer to the DDNS section of this manual), you can also use the domain name instead of the IP address to reach the router.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router 6 Idle Timeout 0 Enabled for enhancing your L2TP VPN security. IPSec 7 Authentication MD5 Encryption Perfect Forward Secrecy Pre-shared Key 3DES Chapter 4: Configuration The connection will be disconnected when there Is no traffic for a predefined period of time. Idle time 0 means the connection is always on. Both ends should use the same value.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router QoS (Quality of Service) QoS function helps you to control your network traffic for each application from LAN (Ethernet and/or Wireless) to WAN (Internet). It facilitates you to control the different quality and speed of throughput for each application when the system is running with full upstream loading. You can find three items under the QoS section: Prioritization and Outbound / Inbound IP Throttling (bandwidth management).
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Prioritization There are three priority settings provided in the Router: • High • Normal (The default is normal priority for all of traffic without setting) • Low Average utilization of each priority type: High (60%), Normal (30%) and Low (10%). Click Clear You can click Clear to delete existing Application. • Application: A user-define description to identify this new policy/application.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router monitored. • DSCP Marking: Differentiated Services Code Point (DSCP), it is the first 6 bits in the ToS byte. DSCP Marking allows users to classify traffic based on DSCP value and send packets to next Router. See Table 4. The DSCP Mapping Table is shown below: Note: To be sure the router(s) in the backbones network have the capability in executing and checking the DSCP through-out the QoS network.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Outbound IP Throttling (LAN to WAN) IP Throttling allows you to limit the speed of IP traffic. The value entered will limit the speed of the application that you set to the specified value multiple of 32kbps. Click Clear You can click Clear to delete existing Application. • Application: A user-define description to identify this new policy/application. • Time Schedule: Scheduling your prioritization policy.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Inbound IP Throttling (WAN to LAN) IP Throttling allows you to limit the speed of IP traffic. The value entered will limit the speed of the application that you set to the specified value multiple of 32kbps. Click Clear You can click Clear to delete existing Application. • Application: A user-define description to identify this new policy/application. • Time Schedule: Scheduling your prioritization policy.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router • Inbound Rate Limit: To limit the speed of inbound traffic. Example: QoS for your Network Connection Diagram VoIP Normal PCs Restricted PC Information and Settings Upstream: 928 kbps Downstream: 8 Mbps VoIP User : 192.168.1.1 Normal Users : 192.168.1.2~192.168.1.5 Restricted User: 192.168.1.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Throughput 500 400 300 VoIP/VPN HIGH 200 Others NORMAL 100 Restricted LOW kbps 0 VoIP/VPN HIGH Others NORMAL Restricted LOW Mission-critical application VPN connection is a mission-critical application used for data exchange between head office and branch office. This mission-critical application must be sent out smoothly without any dropping.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Advanced setting by using IP throttling With IP throttling you can set more detailed parameters to manage bandwidth allocation even when the applications are located on the same level.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Virtual Server (“Port Forwarding”) In TCP/IP and UDP network, a port is a 16-bit number used to identify which application program (usually a server) incoming connections should be delivered to. Some ports have numbers that are pre-assigned to them by the IANA (the Internet Assigned Numbers Authority), and these are referred to as “well-known ports”. Servers follow the well-known port assignments so clients can locate them.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router internal server. • Time Schedule: A self-defined time period to enable your virtual server. You may specify a time schedule or Always on for the usage of this Virtual Server Entry. For setup and detail, refer to Time Schedule section • Application: Users-define description to identify this entry or click existing predefined rules. o to select : 20 predefined rules are available.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Example: If you like to access your Router remotely through the Web/HTTP at all time, you would need to enable port number 80 (Web/HTTP) and map to the Router IP Address. Then all incoming HTTP requests from you (Remote side) will be forwarded to the Router with the IP address of 192.168.1.254. Since port number 80 has already been predefined, next to the Application click Helper.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Edit DMZ Host The DMZ Host is a local computer exposed to the Internet. When setting a particular internal IP address as the DMZ Host, all incoming packets that use the port number different from the one used by other Virtual Server entries will be checked by the Firewall and NAT algorithms before being passed to the DMZ host. Cautious: This Local computer exposing to the Internet may face various security risks.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Edit One-to-One NAT (Network Address Translation) One-to-One NAT maps a specific private/local IP address to a global/public IP address. If you have multiple public/WAN IP addresses from you ISP, you are eligible for One-to-One NAT to utilize these IP addresses. • NAT Type: Select the desired NAT type. As set in default setting, it disables the One-toOne NAT function.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router • Time Schedule: A self-defined time period to enable your virtual server. You may specify a time schedule or Always on for the usage of this Virtual Server Entry. For setup and detail, refer to Time Schedule section • Application: Users-defined description to identify this entry or click the existing predefined rules. o to select : 20 predefined rules are available.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Example: List of some well-known and registered port numbers. The Internet Assigned Numbers Authority (IANA) is the central coordinator for the assigning unique parameter values to the Internet protocols. Port numbers range from 0 to 65535, but only ports numbers 0 to 1023 are reserved for privileged services and are designated as “wellknown ports” (Please refer to Table 5). The registered ports are numbered from 1024 through 49151.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Time Schedule The Time Schedule supports up to 16 time slots which helps you to manage your Internet connection. In each time profile, you may schedule specific day(s) i.e. Monday through Sunday to restrict or allow the usage of the Internet for certain users or applications.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Configuration of Time Schedule Edit a Time Slot 1. Choose any Time Slot (ID 1 to ID 16) to edit, click Edit. Click Edit Note: Watch it carefully, the days you have selected will present in capital letter. Lower case letter shows the day(s) is not selected, and no rule will apply on this day(s). 2. A detailed setting of this Time Slot will be shown below. • ID: This is the index of the time slot.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Advanced Configuration options within the Advanced section are for users who wish to take advantage of the more advanced features of the router. Users who do not understand the features should not attempt to reconfigure their router, unless advised to do so by the support staff. There are four items within the Advanced section: Static Route, Dynamic DNS, Check Email, Device Management, IGMP, and VLAN Bridge.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Dynamic DNS The Dynamic DNS function allows you to alias a dynamic IP address to a static hostname, allowing users whose ISP does not assign them a static IP address to use a domain name. This is especially useful for hosting servers via your ADSL connection, so that anyone wishing to connect to you may use your domain name, rather than having to use your dynamic IP address, which changes from time to time.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Check Emails This function allows you to have the router check your POP3 mailbox for new Email messages. The Mail LED on your router will lit when it detects new messages waiting for download. You may also view the status of this function using the Status – Email Checking section of the web interface, which also provides details on the number of new messages await for download. See the Status section of this manual for more information.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Device Management The Device Management advanced configuration settings allows you to control your router security options and device monitoring features. Embedded Web Server ( to Management IP accounts) • HTTP Port: This is the port number the router’s embedded web server (for web-based configuration) will use. The default value is the standard HTTP port, 80.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router For Example: User A changes HTTP port number to 100, specifies their own IP address of 192.168.1.55, and sets the logout time to be 100 seconds. The router will only allow User A access from the IP address 192.168.1.55 to logon to the Web GUI by typing: http://192.168.1.254:100 in their web browser. After 100 seconds, the device will automatically log User A out.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router SNMP V3: Specify a name and password for authentication. And define the access right from an identified IP address. Once the authentication has succeeded, user from this IP address will be able to view and modify the data. SNMP Version: SNMPv2c and SNMPv3 SNMPv2c is the combination of the enhanced protocol features of SNMPv2 without the SNMPv2 security.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router dot1dTp group dot1dStp group (if configured as spanning tree) From RFC 1471 (PPP/LCP MIB): pppLink group pppLqr group From RFC 1472 (PPP/Security MIB): From RFC 1473 (PPP/IP MIB): ifMIBObjects Group From RFC1695 (atmMIB): PPP Bridge Group From RFC1573 (IfMIB): PPP IP Group From RFC 1474 (PPP/Bridge MIB): PPP Security Group) atmMIBObjects From RFC 1907 (SNMPv2): only snmpSetSeria
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router IGMP IGMP, known as Internet Group Management Protocol, is used to manage hosts from multicast group. • IGMP Forwarding: Accept multicast packet. Default is set to Enable. • IGMP Snooping: Allow switched Ethernet to check and make correct forwarding decisions. Default is set to Disable. VLAN Bridge This section allows you to create a VLAN group and specify the members of the VLAN group.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Advanced VLAN Setup Example (Triply Play) VLAN_data: Ethernet Port 1, Wireless and Wireless WDS are reserved for Internet - On Ethernet port 1 I also need VC 0/40 bridged. VLAN_Vedio Ethernet ports: 2, 3 and 4: - 0/33 Bi-directional IP - 0/34 Video - 0/35 Video - 0/36 Video Subscriber Services (EPG, EAS, etc.) - 0/37 Video - 0/38 Video - 0/39 Spare Step 1: Setup Member Ports Go to Configuration LAN Bridge Interface.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router From the example, 0/40 is used for data/internet and with the assumption that PPPoE is used; click the Edit button to change the VPI/VCI to 0/40. Click Create to setup up an additional WAN interface for video applications. A total of 8 VLAN is supported; therefore, only 8 WAN interfaces can be created in the table. From the example, PVC 0/33 to 0/39 is assigned to video using 1483 Bridged mode.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router • Acceptable Frame Type: Specify what kind of traffic can pass through this connection, whether all traffic or only VLAN tagged traffic. • Filter Type: Specify the type of Ethernet filtering performed by the named bridge interface. All Ip Pppoe • Allows all types of ethernet packets through the port. Allows only IP/ARP types of ethernet packets through the port. Allows only PPPoE types of ethernet packets through the port.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router From the example: VLAN untagged ports for Data/Internet: ethernet, wireless and wireless_wds. VLAN untagged ports for Video: ethernet1, rfc-1483-0 ~ rfc-1483-6. Click Apply to made changes effective immediately. Mapping the VLAN Bridge with Bridge Interface created in Step1, you will see the relationship in these two screenshots. Step 4: IGMP Snooping Enable Go Configuration Advanced IGMP.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Save Configuration to Flash After changing the router configuration settings, you must save all of the configuration parameters to FLASH to avoid them being lost after turning off or resetting your router. Click Save to write your new configuration to FLASH. Logout To exit the router web interface, choose Logout. Please make sure that you have saved the configuration settings before you logout.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router Chapter 5: Troubleshooting If the router is not functioning properly, first check this chapter for simple troubleshooting before contacting your service provider. Problems starting up the router Problem Corrective Action None of the LEDs are on when you turn on the router. You have forgotten your router login and/or password. Check the connection between the adapter and the router.
Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router APPENDIX A: Product Support and Contact Information Most problems can be solved by referring to the Troubleshooting section in the User’s Manual. If you cannot resolve the problem with the Troubleshooting chapter, please contact the dealer where you purchased this product. Mac OS is a registered Trademark of Apple Computer, Inc.
