Billion BiPAC 4500NZ(L) User Manual
  1. Manuals
  2. Brands
  3. Billion Manuals
  4. Network Router
  5. BiPAC 4500NZ(L)
  6. User manual

Billion BiPAC 4500NZ(L) User Manual

4g/lte wireless-n (vpn) broadband router
Hide thumbs
Table of Contents

Advertisement

Quick Links

BiPAC 4500NZ(L)
4G/LTE Wireless-N (VPN) Broadband
Router

User Manual

Version release: v1.02b.rc8.dt6
Last revised date: January 6, 2015

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the BiPAC 4500NZ(L) and is the answer not in the manual?

Questions and answers

Related Manuals for Billion BiPAC 4500NZ(L)

Summary of Contents for Billion BiPAC 4500NZ(L)

  • Page 1: User Manual

    BiPAC 4500NZ(L) 4G/LTE Wireless-N (VPN) Broadband Router User Manual Version release: v1.02b.rc8.dt6 Last revised date: January 6, 2015...

  • Page 2: Table Of Contents

    Table of Contents Chapter 1: Introduction ............................1  Introduction to your Router ..........................1  Features & Specifications ..........................3  Hardware Specifications ........................... 6  Application Diagram ............................7  Chapter 2: Product Overview..........................8  Important Note for Using This Router......................8  Device Description............................9  Front Panel LEDs ............................9  Rear Panel Connectors ..........................10  Cabling ................................11  Chapter 3: Basic Installation..........................12  Network Configuration – IPv4 ........................13  Configuring PC in Windows 7/8 (IPv4)......................13  Configuring PC in Windows Vista (IPv4) .....................
  • Page 3 LAN................................51  Wireless ..............................55  Wireless MAC Filter ..........................64  Dual WAN ..............................65  General Setting ............................65  Advanced Setup............................67  Firewall ..............................68  Routing..............................69  NAT ................................. 70  Static DNS ............................... 75  QoS................................76  Port Isolation ............................77  Time Schedule............................78  VPN ................................79  IPSEC Setting............................79  PPTP Server............................. 90  PPTP Client..............................

  • Page 4: Chapter 1: Introduction

    Chapter 1: Introduction Introduction to your Router Congratulations on your purchase of the BiPAC 4500NZ(L) (4G/LTE Wireless (VPN) Broadband Router). This router is a compact and advanced broadband router that offers flexible and multiple Internet connection options, EWAN and embedded 4G/LTE interfaces, for home, SOHO, and office users to enjoy high-speed, high-level security Internet connection via cellular wireless and/or Ethernet WAN.
  • Page 5 IPv6 Supported Internet Protocol version 6 (IPv6) is a version of the Internet Protocol that is designed to succeed IPv4. IPv6 has a vastly larger address space than IPv4. The router is already supporting IPv6, you can use it in IPv6 environment no need to change device. The dual-stack protocol implementation in an operating system is a fundamental IPv4-to-IPv6 transition technology.

  • Page 6: Features & Specifications

    Features & Specifications • 4G/LTE for high speed mobile broadband connectivity • Gigabit Ethernet WAN (GbE WAN) for Cable/Fiber/xDSL high WAN throughput • Gigabit Ethernet LAN • IPv6 ready (IPv4/IPv6 dual stack) • Multiple wireless SSIDs with wireless guest access and client isolation •...
  • Page 7 Firewall • Built-in NAT Firewall • Stateful Packet Inspection (SPI) • DoS attack prevention including Land Attack, Ping of Death, etc • Access control • IP&MAC filter, URL Content Filter • Password protection for system management • VPN pass-through Quality of Service Control •...
  • Page 8 • GRE Tunnel Management • Quick Installation wizard • Web-based GUI for remote and local management (IPv4/IPv6) • Firmware upgrades and configuration data upload and download via web-based GUI • Supports DHCP server / client / relay • Supports SNMP v1, v2, v3, MIB-I and MIB-II •...

  • Page 9: Hardware Specifications

    Hardware Specifications Physical interface • 4G LTE antenna: 2 external antennas • WLAN: 2 internal PIFA antennas • SIM card slot: SIM card slot (for the SIM card from Telco / ISP) for mobile broadband connectivity • USB: USB 2.0 Type A Host port for storage service •...

  • Page 10: Application Diagram

    Application Diagram BiPAC 4500NZ(L) is an all-in-one router, supporting 2 connection options (4/LTE and EWAN) to connect to the Internet. 4G/LTE router mode With an embedded 4G/LTE module, the router can be used to connect to high speed mobile fixed wireless connection.

  • Page 11: Chapter 2: Product Overview

    Chapter 2: Product Overview Important Note for Using This Router Do not use the router in high humidity or high temperature.   Do not use the same power source for the BiPAC 4500NZ(L) on other equipment.  Do not open or repair the case yourself. If the device becomes Warning too hot, turn off the power immediately and have it repaired at a qualified service center.

  • Page 12: Device Description

    Device Description Front Panel LEDs STATUS DESCRIPTION Green System is up and ready Power Boot failure BiPAC 4500NZ(L) is successfully connected with a broadband connection Lit up device. Green Transmission speed is at Gigabit speed (1000Mbps) EWAN Orange Transmission speed is at 10/100Mbps Blinking Data being transmitted/received Green...

  • Page 13: Rear Panel Connectors

    Rear Panel Connectors  PORT MEANING the supplied 4G/LTE onto the Antenna Screw antennas antenna connectors on both sides. Insert the mini SIM card (2FF) with the gold contact facing down. SIM Card Slot Push the mini SIM card (2FF) inwards to eject it The USB can set up for storage/file sharing.

  • Page 14: Cabling

    Cabling One of the most common causes of problems is bad cabling. Make sure that all connected devices are turned on. On the front panel of the product is a bank of LEDs. Verify that the LAN Link and LEDs are lit.

  • Page 15: Chapter 3: Basic Installation

    Chapter 3: Basic Installation The router can be configured with your web browser. A web browser is included as a standard application in the following operating systems: Windows 98 / NT /2000 / XP / ME / 7 / Vista, Linux, Mac OS, etc.

  • Page 16: Network Configuration - Ipv4

    Network Configuration – IPv4 Configuring PC in Windows 7/8 (IPv4) Go to Start. Click on Control Panel. Then click on Network and Internet. When the Network and Sharing Center window pops up, select and click on Change adapter settings on the left window panel.
  • Page 17 Select Internet Protocol Version 4 (TCP/IPv4) then click Properties. In the TCP/IPv4 properties window, select the Obtain an IP address automatically Obtain Server address automatically radio buttons. Then click OK to exit the setting. Click OK again in the Local Area Connection Properties window to apply the new configuration.

  • Page 18: Configuring Pc In Windows Vista (Ipv4)

    Configuring PC in Windows Vista (IPv4) Go to Start. Click on Network. Then click on Network and Sharing Center at the top bar. When the Network and Sharing Center window pops up, select and click Manage network connections on the left window pane.
  • Page 19 Select Internet Protocol Version 4 (TCP/IPv4) then click Properties. In the TCP/IPv4 properties window, select the Obtain an IP address automatically and Obtain DNS Server address automatically radio buttons. Then click OK to exit the setting. Click OK again in the Local Area Connection Properties window to apply the new configuration.

  • Page 20: Configuring Pc In Windows Xp (Ipv4)

    Configuring PC in Windows XP (IPv4) 1. Go to Start. Click on Control Panel. 2. Then click on Network and Internet. 3. In the Local Area Connection Status window, click Properties. 4. Select Internet Protocol (TCP/IP) and click Properties. 5. Select the Obtain an IP address automatically and the Obtain DNS server address automatically radio buttons.

  • Page 21: Network Configuration - Ipv6

    Network Configuration – IPv6 Configuring PC in Windows 7/8 (IPv6) Go to Start. Click on Control Panel. Then click on Network and Internet. When the Network and Sharing Center window pops up, select and click on Change adapter settings on the left window panel.
  • Page 22 Select Internet Protocol Version 6 (TCP/IPv6) then click Properties. In the TCP/IPv6 properties window, select the Obtain an IPv6 address automatically Obtain Server address automatically radio buttons. Then click OK to exit the setting. Click OK again in the Local Area Connection Properties window to apply the new configuration.

  • Page 23: Configuring Pc In Windows Vista (Ipv6)

    Configuring PC in Windows Vista (IPv6) Go to Start. Click on Network. Then click on Network and Sharing Center at the top bar. When the Network and Sharing Center window pops up, select and click Manage network connections on the left window pane.
  • Page 24 Select Internet Protocol Version 6 (TCP/IPv6) then click Properties. In the TCP/IPv6 properties window, select the Obtain an IP address automatically and Obtain DNS Server address automatically radio buttons. Then click OK to exit the setting. Click OK again in the Local Area Connection Properties window to apply the new configuration.

  • Page 25: Configuring Pc In Windows Xp (Ipv6)

    Configuring PC in Windows XP (IPv6) IPv6 is supported by Windows XP, but you need to install it first. Please follow the steps to install IPv6: 1. On the Desktop, Click Start > Run, type cmd, then press Enter key in the keyboard, the following screen appears.

  • Page 26: Default Settings

    Default Settings Before configuring the router, you need to know the following default settings. Web Interface: (Username and Password) Username: admin Password: admin The default username and password are “admin” and “admin” respectively. If you ever forget the username/password to login to the router, you may press the RESET button up to 6 seconds then release it to restore the factory default settings.

  • Page 27: Information From Your Isp

    Information from Your ISP Before configuring this device, you have to check with your ISP (Internet Service Provider) what kind of service is provided such as EWAN ((Dynamic IP address, Static IP address, PPPoE, Bridge Mode). Gather the information as illustrated in the following table and keep it for reference. Username, Password, Service Name, and Domain Name System (DNS) IP address (it can be automatically assigned by PPPoE...

  • Page 28: Chapter 4: Device Configuration

    Chapter 4: Device Configuration Login to your Device Open your web browser, enter the IP address of your router, which by default is 192.168.1.254, and click “Go”, a user name and password window prompt appears. The default username and password is “admin” and “admin” respectively for the Administrator. NOTE: This username / password may vary by different Internet Service Providers.
  • Page 29 Once you have logged on to your BIPAC 4500NZ(L) via your web browser, you can begin to set it up according to your requirements. On the configuration homepage, the left navigation pane links you directly to the setup page, which includes: Status(Device Info, System Log, 3G/4G LTE Status, Statistics, DHCP Table, Gre Status, IPSEC Status, PPTP Status, L2TP Status, Disk Status) Quick Start (Wizard Setup)

  • Page 30: Status

    Status In this section, you can check the router working status, including Device Info, System Log, 3G Status, Statistics, DHCP Table, Gre Status, IPSEC Status, PPTP Status, L2TP Status, and Disk Status.

  • Page 31: Device Info

    Device Info It contains basic information of the device. Device Information Model Name: Show model name of the router Firmware Version: This is the Firmware version MAC Address: This is the MAC Address Date Time: The current date and time. System Up Time: The duration since system is up.
  • Page 32 IP Address: LAN IP address. Subnet Mask/Prefix Length: Subnet mask for IPv4 and Prefix length for IPv6 on LAN.. DHCP Server: LAN port DHCP information. Wireless Mode: The wireless mode in use. SSID: The SSID. Channel: The current channel. Security: The wireless security setting, authentication type.

  • Page 33: System Log

    System Log In system log, you can check the operations status and any glitches to the router. Refresh: Press this button to refresh the statistics.

  • Page 34: 3G/4G-Lte Status

    3G/4G-LTE Status This page contains 3G/4G-LTE connection information. Status: The current status of the 3G/4G-LTE connection. Signal Strength: The signal strength bar and dBm value indicates the current 3G/4G-LTE signal strength. The front panel 3G/4G-LTE Signal Strength LED indicates the signal strength as well. Signal Information: Shows important LTE signal parameters such as RSRP (Reference Signal Receiving Power), RSRQ (Reference Signal Receiving Quality), SINR (Signal to Interference plus Noise Ratio).

  • Page 35: Statistics

    Statistics  Ethernet Interface: List all available network interfaces in the router. You are currently checking on the physical status of the Ethernet port. Transmit Frames: This field displays the number of frames transmitted until the latest second. Transmit Multicast Frames: This field displays the number of multicast frames transmitted until the latest second.
  • Page 36  Wireless Interface: List all available network interfaces in the router. You are currently checking on the physical status of the Wireless. Transmit Frames: This field displays the number of frames transmitted until the latest second. Transmit Error Frames: This field displays the number of error frames transmitted until the latest second.
  • Page 37  EWAN Interface: List all available network interfaces in the router. You are currently checking on the physical status of the EWAN port. Transmit Frames: This field displays the total number of frames transmitted until the latest second. Transmit Multicast Frames: This field displays the total number of multicast frames transmitted till the latest second.
  • Page 38  3G/4G-LTE Interface: List all available network interfaces in the router. You are currently checking on the physical status of 3G/4G-LTE interface. Transmit Frames of Current Connection: This field displays the total number of 3G/4G-LTE frames transmitted until the latest second for the current connection. Transmit Bytes of Current Connection: This field shows the total bytes transmitted till the latest second for the current connection for the current connection.

  • Page 39: Dhcp Table

    DHCP Table DHCP table displays the devices connected to the router with clear information. #: The index identifying the connected devices. Host Name: Show the hostname of the PC. IP Address: The IP allocated to the device. MAC Address: The MAC of the connected device. Expire Time: The total remaining interval since the IP assignment to the PC.

  • Page 40: Gre Status (4500Nz Only)

    Gre Status (BiPAC 4500NZ only) Name: The GRE connection name. Active: Display the connection status with icons. Status: The connection status. Remote Gateway: The IP of remote gateway.

  • Page 41: Ipsec Status (4500Nz Only)

    IPSEC Status (BiPAC 4500NZ only) #: The IPSec entry index number. Connection Name: User-defined IPSEC VPN connection name. Remote Gateway: The IP of the remote gateway. Local Address: The IP and netmask of local access range. Remote address: The IP and netmask of remote access range. Connected: Show the connecting status.

  • Page 42: Pptp Status (4500Nz Only)

    PPTP Status (BiPAC 4500NZ only) PPTP Client User: Four users(sessions) for client sessions. Here shows the using user. Connection Name: Show user-defined PPTP VPN connection name. Active: Show if the tunnel is active for connection. Connection Type: Remote Access or LAN to LAN. Server IP: Show the IP of VPN Server.

  • Page 43: L2Tp Status (4500Nz Only)

    L2TP Status (BiPAC 4500NZ only) Name: Display the user-defined L2TP connection name. Type: The VPN mode: dialin or dialout. Connect: The connecting status. Active: Show if the L2TP tunnel is active for connection. Username: The user assigned to client (dialout use) or the user set for client to connect in (dialin use)

  • Page 44: Disk Status

    Disk Status Partition: Display the USB storage partition. Disk Space (KB): Display the total storage space of the NAS in Kbytes unit. Free Space (KB): Display the available space in Kbytes unit.

  • Page 45: Quick Start

    Quick Start This is a useful and easy utility to help you to setup the router quickly and to connect to your ISP (Internet Service Provider) with only a few steps. It will guide you step by step to setup time zone and WAN settings of your device.
  • Page 46 Step 3 – Wireless Set up your wireless connection if you want to connect to the Internet wirelessly on your PCs. Click NEXT to continue. Step 4 – ISP Connection Type Set up your Internet connection. 4.1 Select an appropriate WAN connection protocol then click NEXT to continue. 4.2 If selected 3G/4G-LTE Input all relevant 3G/4G-LTE parameters from your ISP.
  • Page 47 4.2 If selected EWAN / PPPoE, please enter PPPoE account information provided by your ISP. Click NEXT to continue. Step 5 – Quick Start Completed The Setup Wizard has completed. Click on BACK to modify changes or mistakes. Click NEXT to save the current settings.

  • Page 48: Configuration

    Configuration Click to access and configure the available features in the following: Interface Setup, Dual WAN, Advanced Setup, VPN, Access Management, and Maintenance. These functions are described in the following sections. Interface Setup Here are the features under Interface Setup: Internet, LAN, Wireless and Wireless MAC Filter.

  • Page 49: Internet

    Internet  EWAN Status: Select whether to enable the service. IPv4/IPv6 IP Version: Choose IPv4, IPv4/IPv6, IPv6 based on your environment. If you don’t know which one to choose from, please choose IPv4/IPv6 instead.
  • Page 50 ISP Connection Type: ISP: Select the encapsulation type your ISP uses.  Dynamic IP: Select this option if your ISP provides you an IP address automatically.  Static IP: Select this option to set static IP information. You will need to enter in the Connection type, IP address, subnet mask, and gateway address, provided to you by your ISP.
  • Page 51 IPv4 Options Get IP Address: Choose Static or Dynamic Static IP Address: If Static is selected in the above field, please enter the specific IP address you get from ISP and the following IP subnet mask and gateway address. IP Subnet Mask: The default is 0.0.0.0. User can change it to other such as 255.255.255.0.Type the subnet mask assigned to you by your ISP (if given).
  • Page 52  3G/4G-LTE Status: Choose Activated to enable the 3G/4G-LTE connection. Network Mode: There are 8 options of service standards: “Automatic”, “UMTS 3G only”, “GSM 2G Only”, “UMTS 3G Preferred”, “GSM 2G Preferred”, “GSM and UMTS Only”, “LTE Only”, “GSM, UMTS, LTE”.
  • Page 53 NAT: Select this option to Disabled/Enable the NAT (Network Address Translation) function. Enable NAT to grant multiples devices in LAN to access to the Internet through a single WAN IP.

  • Page 54: Lan

    A Local Area Network (LAN) is a shared communication system to which many computers are attached and is limited to the immediate area, usually the same building or floor of a building. IPv4 Parameters IP Address: Enter the IP address of Router in dotted decimal notation, for example, 192.168.1.254 (factory default).
  • Page 55 group. Dynamic Route: Select the RIP version from RIP1 or RIP2. DHCPv4 Server DHCP (Dynamic Host Configuration Protocol) allows individual clients to obtain TCP/IP configuration at start-up from a server. DHCPv4 Server: If set to Enabled, your BiPAC 4500NZ(L) can assign IP addresses, default gateway and DNS servers to the DHCP client.
  • Page 56 IPv6 parameters The IPv6 address composes of two parts, thus, the prefix and the interface ID. Interface Address / Prefix Length: Enter a static LAN IPv6 address. If you are not sure what to do with this field, please leave it empty as if contains false information it could result in LAN devices not being able to access other IPv6 device.
  • Page 57 prefix and the interface ID. Interface is like the Host ID compared to IPv4. End interface ID: enter the end interface ID. Leased Time (hour): the leased time, similar to leased time in DHCPv4, is a time limit assigned to clients, when expires, the assigned ID will be recycled and reassigned.

  • Page 58: Wireless

    Wireless This section introduces the wireless LAN and some basic configurations. Wireless LANs can be as complex as a number of computers with wireless LAN cards communicating through access points which bridge network traffic to the wired LAN. Access Point Settings Access Point: Default setting is set to Activated.
  • Page 59 AP MAC Address: The MAC address of wireless AP. Wireless Mode: The default setting is 802.11b+g+n (Mixed mode). If you do not know or have both 11g and 11b devices in your network, then keep the default in mixed mode. From the drop-down manual, you can select 802.11g if you have only 11g card.
  • Page 60 scanning. Clients Isolation: This parameter is to control access between two wireless clients. If you enabled this function, then each of your wireless clients will not be able to communicate with the other. SSID Activated: Select the time period during which the SSID is active. Default is always which means the SSID will be active all the time without time control.
  • Page 61 If you chose WEP 64-bit, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-F"). If you chose WEP 128-bit, then enter 13 ASCII characters or 26 hexadecimal characters ("0-9", "A-F"). You must configure all four keys, but only one key can be activated at any one time. The default key is key 1.
  • Page 62 Wi-Fi Protected Setup (WPS) Example I: PIN Method: Configure AP as Registrar 1. Jot down the client’s Pin (e.g. 04640776). 2. Enter the Enrollee (Client) PIN code and then press Start WPS.
  • Page 63 3. Launch the wireless client’s WPS utility (e.g. Ralink Utility). Set the Config Mode as Enrollee, press the WPS button on the top bar, select the AP (e.g. Billion_AP) from the WPS AP List column. Then press the PIN button located on the middle left of the page to run the scan. 4.
  • Page 64 Wi-Fi Protected Setup (WPS) Example II: PIN Method: Configure AP as Enrollee 1. Jot down the WPS PIN (e.g. 03454435). Press Start WPS. 2. Launch the wireless client’s WPS utility (e.g. Ralink Utility). Set the Config Mode as Registrar. Enter the PIN number in the PIN Code column then choose the correct AP (e.g.
  • Page 65 3. The router’s (AP’s) SSID and security setting will now be configured to match the SSID and security setting of the registrar (client). 4. Now to make sure that the setup is correctly done, cross check to see if the SSID and the security setting of the registrar setting match with the parameters found on both Wireless Configuration and Wireless Security Configuration page.
  • Page 66 Wi-Fi Protected Setup (WPS) Example III: PBC Method: 1. Press the PBC radio button, Then Start WPS. 2. Launch the wireless client’s WPS Utility (e.g. Ralink Utility). Set the Config Mode as Enrollee. Then press the WPS button and choose the correct AP (e.g. Billion_AP) from the WPS AP List section before pressing the PBC button to run the scan.

  • Page 67: Wireless Mac Filter

    Wireless MAC Filter The MAC filter screen allows you to configure the router to give exclusive access to up to 8 devices (Allow Association) or exclude up to 8 devices from accessing the router (Deny Association). Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:AA:BB:00:00:02.

  • Page 68: Dual Wan

    Dual WAN Dual WAN is specially designed to offer users failover/fallback. Auto failover/failback is to ensure an always-on internet connection. Users can set a WAN1 (main WAN) and WAN 2 (backup WAN), and when WAN1 fails, it will switch to WAN2, and when WAN1 restores, it will switch to WAN1 again.
  • Page 69 Note: 1) The time set is for each probe cycle, but the decision to change to the backup port is determined by Probe Cycle multiplied by connection Decision amount (e.g. From the image above it will be 30 seconds multiplied by 3 consecutive fails, the router will determine failover to WAN2 (backup port)). 2).The failback setting follow the same decision policy as the failover.

  • Page 70: Advanced Setup

    Advanced Setup Advanced Step provides advanced features including Firewall, Routing, NAT, Static DNS, QoS, Port Isolation and Time Schedule for advanced users.

  • Page 71: Firewall

    Firewall Your router includes a firewall for helping to prevent attacks from hackers. In addition to this, when using NAT (Network Address Translation) the router acts as a “natural” Internet firewall, since all PCs on your LAN use private IP addresses that cannot be directly accessed from the Internet. Firewall: To automatically detect and block Denial of Service (DoS) attacks, such as Ping of Death, SYN Flood, Port Scan and Land Attack.

  • Page 72: Routing

    Routing This is static route feature. You are equipped with the capability to control the routing of all the traffic across your network. With each routing rule created, user can specifically assign the destination where the traffic will be routed to. #: Item number Destination IP Address: IP address of the destination network Subnet Mask: The subnet mask of destination network.

  • Page 73: Nat

    The NAT (Network Address Translation) feature transforms a private IP into a public IP, allowing multiple users to access the internet through a single IP account, sharing the single IP address. NAT break the originally envisioned model of IP end-to-end connectivity across the internet so NAT can cause problems where IPSec/ PPTP encryption is applied or some application layer protocols such as SIP phones are located behind a NAT.
  • Page 74 NOTE: This feature disables automatically if WAN connection is in BRIDGE mode. The DMZ Host is a local computer exposed to the Internet. When setting a particular internal IP address as the DMZ Host, all incoming packets will be checked by the Firewall and NAT algorithms then passed to the DMZ host, when a packet received does not use a port number used by any other Virtual Server entries.
  • Page 75 Virtual Server NOTE: This feature disables automatically if WAN connection is in BRIDGE mode. In TCP/IP networks, a port is a 16-bit number used to identify which application program (usually a server) incoming connections should be delivered to. Some ports have numbers that are pre-assigned to them by the IANA (the Internet Assigned Numbers Authority), and these are referred to as “well-known ports”.
  • Page 76 The starting greater than zero (0) and the ending port must be the same or larger than the starting port. Local IP Address: Enter your server IP address in this field. Start / End Port Number (Local): Enter the start / end port number of the local application (service). Examples of well-known and registered port numbers are shown below.
  • Page 77 Example : How to setup Port Forwarding for port 21 (FTP server) If you have a FTP server in your LAN network and want others to access it through WAN. Step 1: Assign a static IP to your local computer that is hosting the FTP server. Step 2: Login to the Gateway and go to Configuration / Advanced Setup / NAT / Virtual Server.

  • Page 78: Static Dns

    Static DNS The Domain Name System (DNS) is a hierarchical naming system built on a distributed database for computers, services, or any resource connected to the Internet or a private network associates various information with domain names assigned to each of the participating entities. Most importantly, it translates domain names meaningful to humans into the numerical identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide.

  • Page 79: Qos

    QoS helps you control the upload traffic of each application from LAN (Ethernet and/or Wireless) to WAN (Internet). It facilitates you the features to control the quality of throughput for each application. This is useful when there on certain types of data you want giver higher priority to, such as voice data packets given higher priority than web data packets.

  • Page 80: Port Isolation

    Port Isolation Port isolation is a mechanism to allow or block devices in one port (indicates the LAN1 - LAN3 and WLAN1 - WLAN4, need to enable multiple SSID in wireless section) to access other devices in other ports. By default, all ports (LAN port and WLAN port) are sharing one group, and devices in all these ports can have access to each other.

  • Page 81: Time Schedule

    Time Schedule The Time Schedule supports up to 16 timeslots which helps you to manage your Internet connection. In each time profile, you may schedule specific day(s) i.e. Monday through Sunday to restrict or allowing the usage of the Internet by users or applications. This Time Schedule correlates closely with router’s time, since router does not have a real time clock on board;...

  • Page 82: Vpn

    VPN (BiPAC 4500NZ only) A Virtual Private Network (VPN) is a private network that interconnects remote (and often geographically separate) networks through primarily public communication infrastructures such as the Internet. VPNs provide security through tunneling protocols and security procedures such as encryption.
  • Page 83 Click Add New Connection to create IPSec connections. VPN Connection Setting Active: Select Yes to activate the tunnel. Connection Name: A given name for the connection (e.g. “connection to office”). Interface: Select the set used interface for the IPSec connection, when you select EWAN interface, the IPSec tunnel would transmit data via this interface to connect to the remote peer.
  • Page 84 characters. Both sides should use the same key. IKE is used to establish a shared security policy and authenticated keys for services (such as IPSec) that require a key. Before any IPSec traffic can be passed, each router must be able to verify the identity of its peer. This can be done by manually entering the pre-shared key into both sides (router or hosts).
  • Page 85 IKE negotiates and establishes SA on behalf of IPSec, an IKE SA is used by IKE.  Phase 1 (IKE): To issue an initial connection request for a new VPN tunnel. The range can be from 5 to 15,000 minutes, and the default is 480 minutes. ...
  • Page 86 Examples: How to establish an IPSec Tunnel 1. LAN-to-LAN connection Two BiPAC 4500NZs want to setup a secure IPSec VPN tunnel The IPSec Settings shall be consistent between the two routers. Note:...
  • Page 87 Head Office Side: Setup details: Item Function Description Connection Name H-to-B Give a name for IPSec connection Local Network Subnet Select Subnet IP Address 192.168.1.0 Head Office network Netmask 255.255.255.0 Secure Gateway IP address of the Branch office Address(Hostanm 69.121.1.30 router (on WAN side) Remote Network Subnet...
  • Page 89 Branch Office Side: Setup details: the same operation as done in Head Office side Item Function Description Connection Name B-to-H Give a name for IPSec connection Local Network Subnet Select Subnet IP Address 192.168.0.0 Branch Office network Netmask 255.255.255.0 Remote Secure Gateway IP address of the Head office 69.121.1.3...
  • Page 91 2. Host to LAN Router servers as VPN server, and host should install the IPSec client to connect to head office through IPSec VPN. Item Function Description Host-to-Headoff Give a name for IPSec Connection Name connection Local Network Subnet Select Subnet IP Address 192.168.1.0 Head Office network...

  • Page 93: Pptp Server

    PPTP Server The Point-to-Point Tunneling Protocol (PPTP) is a Layer2 tunneling protocol for implementing virtual private networks through IP network. PPTP uses an enhanced GRE (Generic Routing Encapsulation) mechanism to provide a flow- and congestion-controlled encapsulated datagram service for carrying PPP packets. In the Microsoft implementation, the tunneled PPP traffic can be authenticated with PAP, CHAP, and Microsoft CHAP V1/V2 .
  • Page 94 Password: Please input the password for this account. Connection Type: Select Remote Access for single user, Select LAN to LAN for remote gateway. Private IP Address Assigned to Dialin user: Specify the private IP address to be assigned to dialin clients, and the IP should be in the same subnet as local LAN, but not occupied.

  • Page 95: Pptp Client

    PPTP Client PPTP client can help you dial-in the PPTP server to establish PPTP tunnel over Internet. A total of 4 sessions can be created for PPTP client. User select: 4 sessions for client connection by default, user1 stands for the first session, and so does user2, etc.
  • Page 96 Example: PPTP Remote Access with Windows7 (Note: inside test with 172.16.1.233, just an example for illustration) Server Side: 1. Please move to Configuration > PPTP Server, Enable the PPTP Server and add an account as “test”. The exact setting can be found in the screenshot shown below.
  • Page 97 Client Side: 1. In Windows7 click Start > Control Panel> Network and Sharing Center, Click Set up a new connection or network.
  • Page 98 2. Click Connect to a workplace, and press Next. 3. Select Use my Internet connection (VPN) and press Next.
  • Page 99 4. Input Internet address and Destination name for this connection and press Next.
  • Page 100 5. Input the account (user name and password) and press Create.
  • Page 101 6. Connect to the server.
  • Page 102 7. Successfully connected. PS: You can also go to Network Connections shown below to check the detail of the connection. Right click “test” icon, and select “Properties” to change the security parameters (if the connection fails, users can go here to change the settings)
  • Page 104 Example: Configuring a LAN-to-LAN PPTP VPN Connection The branch office establishes a PPTP VPN tunnel with head office to connect two private networks over the Internet. The routers are installed in the head office and branch offices accordingly. Both office LAN networks must be in different subnets with the LAN-LAN application. Note: Server side: Head Office Set an account of “test”...
  • Page 105 Client Side: Branch Office The client user can set up a session connecting to the PPTP server.

  • Page 106: L2Tp

    L2TP L2TP, Layer 2 Tunneling Protocol is a tunneling protocol used to support virtual private networks (VPNs). It does not provide any encryption or confidentiality by itself; it relies on an encryption protocol that it passes within the tunnel to provide. 4 sessions for dial-in connections and 4 sessions for dial-out connections Note: Name: User-defined name for the connection.
  • Page 107  Dial in Active: To enable or disable the tunnel. Username: Please input the username for this account. Password: Please input the password for this account. Private IP Address Assigned to Dialin user: The private IP to be assigned to dialin user by L2TP server.
  • Page 108  Dial out Active: To enable or disable the tunnel. Username: Enter the username provided by your VPN Server. Password: Enter the password provided by your VPN Server. Server IP Address: Enter the IP address of your VPN Server. Auth. Type: Default is Auto(CHAP, Challenge Handshake Authentication Protocol) if you want the router to determine the authentication type to use, or else manually specify PAP (Password Authentication Protocol) if you know which type the server is using (when acting as a client), or else the authentication type you want clients connecting to you to use (when acting as a server).
  • Page 109 Examples: 1. Configuring a L2TP VPN - Remote Access Dial-in Connection A remote worker establishes a L2TP VPN connection with the head office using Microsoft's VPN Adapter (included with Windows XP/2000/ME, etc.). The router is installed in the head office, connected to a couple of PCs and Servers.
  • Page 110 Configuring L2TP VPN in the Office The input IP address 192.168.1.200 will be assigned to the remote worker. Please make sure this IP is not used in the Office LAN. Function Description Name VPN_Server Give a name of L2TP Connection Select Remote Access from the Connection Type Connection Type Remote Access...
  • Page 111 2. Configuring a Remote Access L2TP VPN Dial-out Connection A company’s office establishes a L2TP VPN connection with a file server located at a separate location. The router is installed in the office, connected to a couple of PCs and Servers.
  • Page 112 Configuring L2TP VPN in the Office Function Description Name VPN_Client Give a name of L2TP Connection Select Remote Access from the Connection Type Connection Type Remote Access drop-down menu Type Dial out Select Dial out from the Type drop down menu IP Address (or 69.121.1.33 A Dialed Server IP...
  • Page 113 Example: Configuring L2TP LAN-to-LAN VPN Connection The branch office establishes a L2TP VPN tunnel with head office to connect two private networks over the Internet. The routers are installed in the head office and branch office accordingly. Both office LAN networks must be in different subnets with the LAN-LAN application. Note:...
  • Page 114 Configuring L2TP VPN in the Head Office The IP address 192.168.1.200 will be assigned to the router located in the branch office. Please make sure this IP is not used in the head office LAN. Function Description Name HeadOffice Give a name of L2TP Connection Connection Type LAN to LAN Select LAN to LAN from the Connection Type...
  • Page 115 Configuring L2TP VPN in the Branch Office The IP address 69.1.121.33 is the Public IP address of the router located in head office. If you registered the DDNS (please refer to the DDNS section of this manual), you can also use the domain name instead of the IP address to reach the router.

  • Page 116: Gre Tunnel

    GRE Tunnel Generic Routing Encapsulation (GRE) is a tunneling protocol that can encapsulate a wide variety of network layer protocol packets inside virtual point-to-point links over an Internet Protocol (IP) network. And the common use can be GRE over IPSec. up to 8 tunnels can be added.

  • Page 117: Access Management

    Access Management Device Management Device management offers users a way to change the embedded web server accessing port, default 80. User can change the http port to 8080 or something else here.

  • Page 118: Snmp

    SNMP Simple Network Management Protocol (SNMP) is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. BiPAC 4500NZ(L) serves as a SNMP agent which allows a manager station to manage and monitor the router through the network.

  • Page 119: Universal Plug & Play

    Universal Plug & Play UPnP offers peer-to-peer network connectivity for PCs and other network devices, along with control and data transfer between devices. UPnP offers many advantages for users running NAT routers through UPnP NAT Traversal, and on supported systems makes tasks such as port forwarding much easier by letting the application control the required settings, removing the need for the user to control advanced configuration of their device.

  • Page 120: Dynamic Dns

    Dynamic DNS The Dynamic DNS function allows you to alias a dynamic IP address to a static hostname, allowing users whose ISP does not assign them a static IP address to use a domain name. This is especially useful for hosting servers via your internet connection, so that anyone wishing to connect to you may use your domain name, rather than having to use your dynamic IP address, which changes from time to time.
  • Page 121 Example: How to register a DDNS account first users have to go to the Dynamic DNS registration service provider to register an account. Note User test1 register a Dynamic Domain Names in DDNS provider http://www.dyndns.org/ DDNS: www.hometest.com using username/password test/test...

  • Page 122: Access Control

    Access Control Access Control Listing allows you to determine which services/protocols can access BiPAC 4500NZ(L) interface from which computers. It is a management tool aimed to allow IPs (set in secure IP address) to access specified embedded applications (Web, etc, user can set) through some specified interface (LAN, WAN or both).
  • Page 123 By default, the “Access Control” has two default rules. Default Rule 1: (Index 1), a rule to allow only clients from LAN to have access to all embedded applications (Web, FTP, etc). Under this situation, clients from WAN cannot access the router even from Ping.

  • Page 124: Packet Filter

    Packet Filter You can filter the packages by MAC address, IP address, Protocol, Port number and Application or URL.  Packet Filter - IP & MAC Filter Packet Filter Filter Type: There are three types “IP & MAC Filter”, “Application Filter”, and “URL Filter” that user can select for this filter rule.
  • Page 125 Source Subnet Mask: Enter the subnet mask of the source network. Source Port Number: The source port number of packets to be monitored. 0 means “Don’t care”. Destination IP Address: The destination IP address of packets to be monitored. 0.0.0.0 means “Don’t care”.
  • Page 126  Packet Filter - Application Filter Application Filter: Select this option to Activated/Deactivated the Application filter. ICQ: Select this option to Allow/Deny ICQ. MSN: Select this option to Allow/Deny MSN. YMSG: Select this option to Allow/Deny Yahoo messenger. Real Audio/Video (RTSP): Select this option to Allow/Deny Real Audio/Video (RTSP). ...

  • Page 127: Cwmp (Tr-069)

    CWMP (TR-069) CWMP, short for CPE WAN Management Protocol, also called TR069 is a Broadband Forum technical specification entitled CPE WAN Management Protocol (CWMP). It defines an application layer protocol for remote management of end-user devices. It defines an application layer protocol for remote management of end-user devices.
  • Page 128 Periodic Inform Config Periodic Inform: Select Activated to authorize the router to send an Inform message to the ACS automatically. Interval(s): Specify the inform interval time (sec) which CPE used to periodically send inform message to automatically connect to ACS. When the inform interval time arrives, the CPE will send inform message to automatically connect to ACS.

  • Page 129: Parental Control

    Parental Control Parental Control provides Web content filtering offering safer and more reliable web surfing for users. Please get an account and configure at the selected Provider “www.opendns.com” in advance. If activated, the Parental Control has the top priority as DNS when accessing internet. Host Name, Username and Password: Enter your registered domain name and your username and password at the provider website www.opendns.com.

  • Page 130: Samba & Ftp Server

    SAMBA & FTP Server Samba and FTP are served as network sharing. SAMBA Server: Activated to enable SAMBA sharing. Work Group: The same mechanism like in Microsoft work group, please set the Work Group name. NetBIOS Name: The sharing NetBIOS name. FTP Server: Activated to enable FTP sharing.
  • Page 131 Example: How to setup Samb 1. Go directly to Start > Run (enter \\192,168,1,254 (from LAN side), \\SambaSvr , but if you enter \\SambaSvr, please be sure your working PC is in the same workgroup as set in the samba server set above.) 2.
  • Page 132 Example: How to setup FTP: 1. Access via FTP tools Take popular FTP tool of FlashFXP for example: 1) Open FlashFXP 2) Create ftp sites (LAN IP / WAN IP, 192.168.1.254, and set the account, port). 3) Connect to the ftp site. 2.

  • Page 133: Maintenance

    Maintenance Maintenance equipments the users with the ability of maintaining the device as well as examining the connectivity of the WAN connections, including User Management, Time Zone, Firmware & Configuration, System Restart, and Diagnostic Tool. User Management User Management controls the Router Web GUI permission, FTP/SAMBA access to the specific account.
  • Page 134 FTP Authority Setup FTP Access: Enable to grant the user access to the FTP server. Permission: Set the operation permission for the user, Read/Write or Read. SAMBA Authority SAMBA Access: Enable to grant the user access to the SAMBA server. Permission: Set the operation permission for the user, Read/Write or Read.
  • Page 135  User / User and/or Adding additonal user accounts User Setup Index: User account index, total is 8. User Name: Users can create account(s) to give it (them) access to SAMBA and FTP. New Password: Type the password for the user account. Confirmed Password: Type password again for confirmation.
  • Page 136 Interface Setup: Enable to allowing access to Interface Setup with this account. Advanced Setup: Enable to allowing access to Advanced Setup with this account. Access Management: Enable to allowing access to Access Management with this account. Maintenance: Enable to allowing access to Maintenance with this account. When customers use the “user”...

  • Page 137: Time Zone

    Time Zone The router does not have a real time clock on board; instead, it uses the Simple Network Time Protocol (SNTP) to get the current time from an SNTP server outside your network. Choose your local time zone. After a successful connection to the Internet, the router will retrieve the correct local time from the SNTP server you have specified.

  • Page 138: Firmware & Configuration

    Firmware & Configuration Firmware is the software that controls the hardware and provides all functionalities which are available in the GUI. This software may be improved and/or modified; your BiPAC 4500NZ(L) provides an easy way to update the code to take advantage of the changes. . To upgrade the firmware of BiPAC 4500NZ(L) you should download or copy the firmware to your local environment first.
  • Page 139 DO NOT turn off / power off the device or interrupt the firmware upgrading while it is still in process. Improper operation could damage your BiPAC 4500VNP(O)Z.

  • Page 140: System Restart

    System Restart Click System Restart with option Current Settings to reboot your router. If you wish to restart the router using the factory default settings (for example, after a firmware upgrade or if you have saved an incorrect configuration), select Factory Default Settings to restore to factory default settings.

  • Page 141: Diagnostics Tool

    Diagnostics Tool The Diagnostic Test page shows the test results for the connectivity of the physical layer and protocol layer for both LAN and WAN sides. 3G/4G-LTE: Click START to begin to diagnose the connection.
  • Page 142 EWAN: Click START to begin to diagnose the connection.

  • Page 143: Chapter 5: Troubleshooting

    Chapter 5: Troubleshooting If your BiPAC 4500NZ(L) is not functioning properly, you can refer to this chapter for simple troubleshooting before contacting your service provider support. This can save you time and effort but if symptoms persist, consult your service provider. Problems with the Router Problem Suggested Action...

  • Page 144: Recovery Procedures

    Recovery Procedures Problem Suggested Action - The front LEDs display incorrectly 1. Power on the router, once the Power LED lit red, - Still cannot access to the router please press this reset button using the end of paper management interface after pressing the clip or other small pointed object immediately.

  • Page 145: Appendix: Product Support & Contact

    Appendix: Product Support & Contact If you come across any problems please contact the dealer from where you have purchased the product. Contact Billion WORLDWIDE http://www.billion.com MAC OS is a registered Trademark of Apple Computer, Inc. Windows 7/98, Windows NT, Windows 2000, Windows ME, Windows XP, and Windows Vista are registered Trademarks of Microsoft Corporation.
  • Page 146 This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.

Table of Contents

Save PDF