Page 1 BiPAC 8900X R3 3G/4G LTE VDSL2/ADSL2+ VPN Firewall Router User Manual Version Released: 2.52.d3 Last revised date: Sept. 21, 2018...
Page 2: Table Of Contents
Table of Contents Chapter 1: Introduction ..........................1 Introduction to your Router........................1 Features ..............................3 VDSl2/ADSL2+ Compliance ....................... 3 Network Protocols and Features ...................... 4 Firewall.............................. 4 Quality of Service Control ......................... 4 ATM, PTM and PPP Protocols ......................5 IPTV Applications ..........................
Page 3 VPN..............................50 IPSec............................50 PPTP ............................51 L2TP............................52 OpenVPN..........................53 GRE............................54 Log..............................55 System Log ..........................55 Security Log..........................56 Load Balance Status ......................... 57 Quick Start.............................. 58 Quick Start............................58 Configuration ............................62 LAN - Local Area Network ....................... 63 Ethernet ...........................
Page 4 QoS Port Shaping ........................140 NAT..............................141 Exceptional Rule Group......................141 Virtual Servers........................143 DMZ Host ..........................147 One-to-One NAT ........................148 Port Triggering ........................149 ALG ............................152 Wake On LAN ..........................153 VPN............................... 154 IPSec.............................. 154 VPN Account ..........................164 Exceptional Rule Group.........................
Page 5 Push Service ........................... 248 Diagnostics ..........................249 Fault Management......................... 250 Ethernet OAM ........................251 Restart..............................252 Chapter 5: Troubleshooting ........................253 Appendix: Product Support & Contact ....................... 255...
Page 6: Chapter 1: Introduction
Chapter 1: Introduction Introduction to your Router The Billion BiPAC 8900X R3, a multi service VDSL2 (17a) Router. It features fibre-ready triple-WAN VDSL2 supports backward compatibility to ADSL2+ for a longer reach distance, an all-in-one advanced device including Gigabit Ethernet, 3G/4G LTE, and NAS (Network Attached Storage) in one unit.
Page 7 deployment as an effort to alleviate IPv4 address exhaustion. IPv6 also implements new features that simplify aspects of address assignment (stateless address autoconfiguration) and network renumbering (prefix and router announcements) when changing Internet connectivity providers. The IPv6 subnet size has been standardized by fixing the size of the host identifier portion of an address to 64 bits to facilitate an automatic mechanism for forming the host identifier from Link Layer media addressing information (MAC address).
Page 8: Features
Features • IPv6 ready (IPv4/IPv6 dual stack) • Flexible WAN approach – VDSL2/ADSL2+, 3G/4G LTE mobile connection, and Ethernet WAN for Broadband Connectivity • High-speed Internet Access via VDSL2/ADSL2 / 2+; Backward Compatible with ADSL • F ibre (FTTC/FTTP/FTTH) ready with high WAN throughput •...
Page 9: Network Protocols And Features
• Supports VDSL2 band plan: 997 and 998 • Supports VDSL2 profiles: 8a, 8b, 8c, 8d, 12a, 12b, and 17a • ADSL/2/2+ fallback modes • Supports ATM and PTM modes Network Protocols and Features • IPv4 or IPv4 / IPv6 Dual Stack •...
Page 10: Atm, Ptm And Ppp Protocols
ATM, PTM and PPP Protocols • ATM Adaptation Layer Type 5 (AAL5) • Multiple Protocol over ALL5 (RFC 268, formerly RFC 1483) • Bridged or routed Ethernet encapsulation • VC and LLC based multiplexing • PPP over Ethernet (PPPoE) • PPP over ATM (RFC 2364) •...
Page 11 TR-069* supports remote management • • Available Syslog • Mail alert for WAN IP changed • Wake on LAN • Auto failover and fallback • Push Service 1. On request for Telco / ISP projects 2. IPTV application may require subscription to IPTV services from a Telco / ISP. 3.
Page 12: Hardware Specifications
Hardware Specifications Physical Interface • DSL: VDSL/ADSL port • USB 2.0 port for storage service and printer server, FTP, DLNA and 3G/4G LTE modem • Ethernet: 4-port 10 / 100 / 1000Mbps auto-crossover (MDI / MDI-X) Switch • EWAN: 1 Ethernet port (port#5) can be configured as a WAN interface for Broadband connectivity.
Page 13: Chapter 2: Installing The Router
Chapter 2: Installing the Router Package Contents • BiPAC 8900X R3 3G/4G LTE VDSL2/ADSL2+ VPN Firewall Router • Quick Start Guide • CD containing the on-line manual • RJ-45 Cat. 5e STP Ethernet cable • RJ-11 xDSL/ telephone cable • Power adapter...
Page 14: Important Note For Using This Router
Important note for using this router 1. Do not use the router in high humidity or high temperatures. 2. Do not use the same power source for the router as other equipment. 3. Do not open or repair the case yourself. If the router is too hot, turn off the power immediately and have it repaired at a qualified service center.
Page 15: Device Description
DSL cable unplugged Green IP connected and traffic is passing through the device Blinking Data being transmitted / received Internet BiPAC 8900X R3 fails to obtain and IP. BiPAC 8900X R3 is either in bridged mode or WAN/DSL connection is not ready...
Page 16: The Rear Ports
The Rear Ports Port Meaning ON/OFF Power ON/ OFF switch. Power Jack Connect the supplied power adapter to this jack. Push and hold the reset button for five (5) seconds to restore to its factory Reset default settings (this is used when you cannot login to the router, e.g. forgot your password) Connect to Fiber/ Cable/ xDSL Modem with a RJ-45 cable, for broadband connectivity.
Page 17: Cabling
Cabling One of the most common causes of problems is bad cabling or DSL line(s). Make sure that all connected devices are turned on. On the front panel of your router is a bank of LEDs. Verify that the LAN Link and DSL line LEDs are all lit. If they are not, verify if you are using the proper cables. If the error persists, you may have a hardware problem.
Page 18: Chapter 3: Basic Installation
Chapter 3: Basic Installation The router can be configured through your web browser. A web browser is included as a standard application in the following operating systems: Linux, Mac OS, Windows 10/ 8/ 7 / XP / Vista, etc. The product provides an easy and user-friendly interface for configuration. Please check your PC network components.
Page 19: Connecting Your Router
Connecting Your Router Users can connect the VDSL2/ADSL2+ router as the following. DSL Router mode: Broadband Router mode:...
Page 20 3G/LTE Router mode...
Page 21: Network Configuration
Network Configuration Configuring a PC in Windows 7/ 8/ 10 For Windows 7/8, go to Start. Click on Control Panel. For Windows 10, Users can click Start then click on Settings; or right click the mouse when it points at Windows ICON (Start), then click Control Panel.
Page 22 IPv4: Select Internet Protocol Version 4 (TCP/IPv4) then click Properties In the TCP/IPv4 properties window, select the Obtain an IP address automatically Obtain DNS Server address automatically radio buttons. Then click OK to exit the setting. Click OK again in the Local Area Connection Properties window apply...
Page 23 IPv6: 6. Select Internet Protocol Version 6 (TCP/IPv6) then click Properties 7. In TCP/IPv6 properties window, select the Obtain an IPv6 address automatically and Obtain DNS Server address automatically radio buttons. Then click OK to exit the setting. 8. Click OK again in the Local Area Connection Properties window to apply the new configuration.
Page 24: Configuring A Pc In Windows Vista
Configuring a PC in Windows Vista 1. Go to Start. Click on Network. 2. Then click on Network and Sharing Center at the top bar. 3. When the Network and Sharing Center window pops up, select and click on Manage network connections on the left window pane.
Page 25 IPv4: 5. Select Internet Protocol Version 4 (TCP/IPv4) then click Properties. 6. In TCP/IPv4 properties window, select the Obtain an IP address automatically Obtain DNS Server address automatically radio buttons. Then click OK to exit the setting. 7. Click OK again in the Local Area Connection Properties window to apply the new configuration.
Page 26 IPv6: 5. Select Internet Protocol Version 6 (TCP/IPv6) then click Properties. 6. In TCP/IPv6 properties window, select the Obtain an IPv6 address automatically and Obtain DNS Server address automatically radio buttons. Then click OK to exit the setting. 7. Click OK again in the Local Area Connection Properties window to apply the new configuration.
Page 27: Configuring A Pc In Windows Xp
Configuring a PC in Windows XP IPv4: 1. Go to Start / Control Panel (in Classic View). In the Control Panel, double-click on Network Connections 2. Double-click Local Area Connection. 3. In the Local Area Connection Status window, click Properties. 4.
Page 28 IPv6: IPv6 is supported by Windows XP, but you should install it first. Act as shown below: 1. On the desktop, Click Start > Run, type cmd, then press Enter key in the keyboard, the following screen appears. 2. Key in command ipv6 install Configuration is OK now, you can test whether it works ok.
Page 29: Factory Default Settings
Factory Default Settings Before configuring your router, you need to know the following default settings. Web Interface (Username and Password) Three user levels are provided by this router, namely Administrator, Remote and Local respectively. See Access Control Administrator Username: admin Password: admin Local Username: user...
Page 30 LAN and WAN Port Addresses The parameters of LAN and WAN ports are pre-set in the factory. The default values are shown in the table. IPv4 LAN Port WAN Port IPv4 address 192.168.1.254 Subnet Mask 255.255.255.0 The PPPoE function is enabled to automatically get DHCP server function Enabled...
Page 31: Information From Your Isp
Information from your ISP Before configuring this device, you have to check with your ISP (Internet Service Provider) to find out what kind of service is provided. Gather the information as illustrated in the following table and keep it for reference. VPI/VCI, VC / LLC-based multiplexing, Username, Password, Service PPPoE(RFC2516) Name, and Domain Name System (DNS) IP address (it can be...
Page 32: Easy Sign On (Ezso)
GUI for any detail configuration. This configuration method is usually auto initiated if user is to connect to the internet via Billion's router for the first time.
Page 33 2. Enter the username, password from your ISP, for IP and DNS settings; also refer to your ISP. Here IPv6 service is enabled by default. If the DSL line doesn’t synchronize, the page will pop up warning of the DSL connection failure. 3.
Page 34 Ethernet mode 1. Select Ethernet, press Continue to go on to next step. 2. Enter the username, password from your ISP, for IP and DNS settings, also refer to your ISP. Here IPv6 service is enabled by default. 3. Wait while the device is configured. 4.
Page 35 3G/4G LTE 1. Select 3G/4G LTE, press Continue to go on to next step. 2. Enter the APN, username, password from your ISP, for settings about Authentication method, PIN, etc, also refer to your ISP. 3. Wait while the device is configured. 4.
Page 36: Chapter 4: Configuration
Chapter 4: Configuration Configuration via Web Interface Open your web browser; enter the IP address of your router, which by default is 192.168.1.254, and click or press ‘Enter’ key on the keyboard, a login prompt window will appear. The default root username and password are “admin”...
Page 37 Once you have logged on to your BiPAC 8900X R3 Router via your web browser, you can begin to set it up according to your requirements. On the configuration homepage, the left navigation pane links you directly to the setup pages, which include:...
Page 38: Status
Status This Section gives users an easy access to the information about the working router and access to view the current status of the router. Here Summary, WAN, Statistics, Bandwidth Usage, 3G/4G Status, Route, ARP, DHCP, VPN, and subsections are included.
Page 39: Summary
Summary The basic information about the device is provided here (the following is a configured screenshots to let users understand clearly). Device Information Model Name: Displays the model name. Host Name: Displays the name of the router. System Up-Time: Displays the elapsed time since the device is on. Date/Time: Displays the current exact date and time.
Page 40: Wan
This table displays the information of the WAN connections, users can turn here for WAN connection information. Interface: The WAN connection interface. Description: The description of this connection. Type: The protocol used by this connection. Status: To disconnect or connect the link. Connection Time: The WAN connection time since WAN is up.
Page 41: Statistics
Statistics The table shows the statistics of LAN. Note: P5 can be configured as EWAN, and when the device is in EWAN profile, there is no P5/EWAN interface as P5 is working as a WAN port. If you need P5, please remove EWAN interface, EWAN Interface Removal.
Page 42: Wan Service
WAN Service The table shows the statistics of WAN. Interface: Display the connection interface. Description: The description for the connection. Bytes: Display the Received and Transmitted traffic statistics in Bytes for every WAN interface. Packets: Display the Received and Transmitted traffic statistics in Packests for every WAN interface. Errors: Display the statistics of errors arising in Receiving or Transmitting data for every WAN interface.
Page 43: Xtm
The Statistics-xTM screen displays all the xTM statistics Port Number: Shows number of the port for xTM. In Octets: Number of received octets over the interface. Out Octets: Number of transmitted octets over the interface. In Packets: Number of received packets over the interface. Out Packets: Number of transmitted packets over the interface.
Page 44: Xdsl
xDSL Mode: Modulation protocol, including G.dmt, G.lite, T1.413, ADSL2, AnnexL, ADSL2+ and AnnexM. Traffic Type: Transfer mode, here supports ATM and PTM. Status: Show the status of DSL link. Link Power State: Show link output power state. Line Coding (Trellis): Trellis on/off.
Page 45 SNR Margin (dB): Show the Signal to Noise Ratio(SNR) margin. Attenuation (dB): This is estimate of average loop attenuation of signal. Output Power (dBm): Show the output power. Attainable Rate (Kbps): The sync rate you would obtain. Rate (Kbps): Show the downstream and upstream rate in Kbps. MSGc (#of bytes in overhead channel message): The number of bytes in overhead channel message.
Page 46 Select the Tested Time(sec), press Start to start test. When it is OK, the following test result window will appear. You can view the quality of ADSL connection. Here the connection is OK. Reset: Click this button to reset the statistics.
Page 47: Bandwidth Usage
Bandwidth Usage Bandwidth Usage provides users direct view of bandwidth usage with simple diagram. Bandwidth usage shows the use of the bandwidth from two angles: Transmitted and Received, giving users a clear idea of the usage. Note: P5 can be configured as EWAN, and when the device is in EWAN profile, there is no P5/EWAN interface as P5 is working as a WAN port.
Page 48 When you press View WAN Traffic concurrently button, the WAN Bandwidth Usage pops up so that users can view the WAN traffic concurrently.
Page 49: Wan Service
WAN Service Press View WAN Transmitted button to change the diagram to the statistics from a Received Bytes of view.
Page 50 Press View LAN Traffic concurrently button to directly switch to the LAN Bandwidth Usage page to view the LAN traffic concurrently.
Page 51: 3G/4G Lte Status
3G/4G LTE Status Status: The current status of the 3G/4G LTE card. Signal Strength: The signal strength bar indicates current 3G/4G signal strength. Network Name: The network name that the device is connected to. Network Mode: The current operation mode for 3G/4G LTE card, it depends on service provider and card’s limitation, GSM or UMTS.
Page 52: Route
Route Destination: The IP address of destination network. Gateway: The IP address of the gateway this route uses. Subnet Mask: The destination subnet mask. Flag: Show the status of the route. U: Show the route is activated or enabled. H (host): destination is host not the subnet. G: Show that the outside gateway is needed to forward packets in this route.
Page 53: Arp
This section displays the router’s ARP (Address Resolution Protocol) Table, which shows the mapping of Internet (IP) addresses to Ethernet (MAC) addresses. This is useful as a quick way of determining the MAC address of the network interface of your PCs to use with the router’s Security –...
Page 54: Dhcp
DHCP The DHCP Table lists the DHCP lease information for all IP addresses assigned by the DHCP server in the device. Host Name: The Host Name of DHCP client. MAC Address: The MAC Address of internal DHCP client host. IP Address: The IP address which is assigned to the host with this MAC address. Expires in: Show the remaining time after registration.
Page 55: Vpn
VPN status viewing section provides users IPSec, PPTP, L2TP， OpenVPN and GRE VPN status. IPSec Name: The IPSec connection name. Active: Display the connection status. Local Subnet: Display the local network. Remote Subnet: Display the remote network. Remote Gateway: The remote gateway address. SA: The Security Association for this IPSec entry.
Page 56: Pptp
PPTP PPTP Server Name: The PPTP connection name. Enable: Display the connection status with icons. Status: The connection status. Connection Type: Remote Access or LAN to LAN. Peer Network IP: Display the remote network and subnet mask in LAN to LAN PPTP connection. Connected By: Display the IP of remote connected client.
Page 57: L2Tp
L2TP L2TP Server Name: The L2TP connection name. Enable: Display the connection status with icons. Status: The connection status. Connection Type: Remote Access or LAN to LAN. Peer Network IP: Display the remote network and subnet mask in LAN to LAN L2TP connection. Connected By: Display the IP of remote connected client.
Page 58: Openvpn
OpenVPN OpenVPN Server Name: The OpenVPN connection name. Enable: Display the connection status with icon. Status: The connection status. Connection Type: Remote Access or LAN to LAN. Peer Network IP: Display the subnet address of client side in LAN to LAN mode. Server IP: The tunnel virtual IP of server side assigned by server itself.
Page 59: Gre
Name: The GRE connection name. Enable: Display the connection status with icons. Status: The connection status, connected or disable. Remote Gateway: The IP of remote gateway. Refresh: Click this button to refresh the connection status.
Page 60: Log
System Log Display system logs accumulated up to the present time. You can trace historical information with this function. And the log policy can be configured in Configure Log section. Refresh: Click to update the system log. Clear: Click to clear the current log from the screen.
Page 61: Security Log
Security Log Security log displays the message logged about security, like filter messages and some firewall message. You can turn to IP Filtering Outgoing, IP Filtering Incoming, URL Filter to determine if you want to log this information. Also you can turn to Configure Log section below to determine the level to log the message.
Page 62: Load Balance Status
Load Balance Status WAN Interface: Show wan interface of join. TxBWUR: Upstream BandWidth Utilization Ration. RxBWUR: Downstream BandWidth Utilization Ration Weight : Sisplay weight value when using WRR method. Current Status: green check means L2 link is work, red cross means L2 link is failure. If L3 Health check option is used, status will display L3 status word as above figure, otherwise, only show L2 link status.
Page 63: Quick Start
Quick Start Quick Start This part allows you to quickly configure and connect your router to internet. DSL mode (ADSL mode, please choose ATM; VDSL, please choose PTM) Here take ADSL for example. 1. Select DSL, press Continue to go on to next step. 2.
Page 64 3. Wait while the device is configured. 4. Success.
Page 65 Ethernet mode 1. Select Ethernet, press Continue to go on to next step. 2. Enter the username, password from your ISP, for IP and DNS settings; also refer to your ISP. Here IPv6 service is enabled by default. 3. Wait while the device is configured. 4.
Page 66 3G/4G LTE 1. Select 3G/4G LTE, press Continue to go on to next step. 2. Select the 3G mode, and enter the APN, username, password from your ISP; and check with your ISP with the authentication method setting. 3. Wait while the device is configured. 4.
Page 67: Configuration
Configuration When you click this item, the column will expand to display the sub-items that will allow you to further configure your router. LAN, WAN, System, USB, Tunnel, Security, Quality of Service, Wake On LAN. The function of each configuration sub-item is described in the following sections.
Page 68: Lan - Local Area Network
LAN - Local Area Network A Local Area Network (LAN) is a shared communication system network where many computers are connected. This type of network is area defined and is usually limited to a confined region within a building. Ethernet Parameters Group Name: This refers to the group you set in Interface Grouping section;...
Page 69 IGMP LAN to LAN Multicast: Check to determine whether to support LAN to LAN (Intra LAN) Multicast. If user want to have a multicast data source on LAN side and he wants to get IGMP snooping enabled, then this LAN-to-LAN multicast feature should be enabled. LAN side firewall: Enable to drop all traffic from the specified LAN group interface.
Page 70 DHCP Server IP Address: Please enter the DHCP Server IP address. Static IP List The specified IP will be assigned to the corresponding MAC Address listed in the following table when DHCP Server assigns IP Addresses to Clients. Press Add to the Static IP List. Enter the MAC Address, IP Address, and then click Apply to confirm your settings.
Page 71: Ipv6 Autoconfig
IPv6 Autoconfig The IPv6 address composes of two parts, the prefix and the interface ID. There are two ways to dynamically configure IPv6 address on hosts. One is “stateful” configuration, for example using DHCPv6 (which resembles its counterpart DHCP in IPv4.) In the stateful auto- configuration model, hosts obtain interface addresses and/or configuration information and parameters from a DHCPv6 server.
Page 72 DHCPv6 Server Type: Select Stateless or Stateful. When DHCPv6 is enabled, this parameter is available. Stateless: If selected, the PCs in LAN are configured through RA mode, thus, the PCs in LAN are configured through RA mode, to obtain the prefix message and generate an address using a combination of locally available information (MAC address) and information (prefix) advertised by routers, but they can obtain such information like DNS from DHCPv6 Server.
Page 73 Stateless and Stateful IPv6 address Configuration Stateless: Two methods can be carried. With DHCPv6 disabled, but Issue Router Advertisement Enabled With this method, the PCs in LAN are configured through RA mode, thus, the PCs in LAN are configured through RA mode, to obtain the prefix message and generate an address using a combination of locally available information (MAC address) and information (prefix) advertised by routers.
Page 74 Stateful: two methods can be adopted. With only DHCPv6 enabled With this method, the PCs’ addresses are configured the same as in IPv4, that is addresses are assigned by DHCPv6 server. With both DHCPv6 and Issue Router Advertisement Enabled With this method, the PCs’ addresses are configured the same like above, and the address information in RA packets will be neglected.
Page 75: Interface Grouping
Interface Grouping Interface grouping is a function to group interfaces, known as VLAN. A Virtual LAN, commonly known as a VLAN, is a group of hosts with the common set of requirements that communicate as if they were attached to the same broadcast domain, regardless of the physical location. A VLAN has the same attributes as a physical LAN, but it allows for end stations to be grouped together even if they are not located on the same network switch.
Page 76 Click Add to add groups. Group Name: Type a group name. Grouped WAN Interfaces: Select from the box the WAN interface you want to applied in the group. Grouped LAN Interfaces: Select the LAN interfaces you want to group as a single group from Available LAN Interfaces.
Page 77 In group "test", P2 and PPP0.1 are grouped in one group, they have their only network , see LAN. If you want to remove the group, check the box as the following and press Remove. Note: If you like to automatically add LAN clients to a WAN Interface in the new group add the DHCP vendor ID string.
Page 78: Lan Vlan Setting
LAN VLAN Setting When LAN VLAN is opened on a LAN port, outgoing packets from the port will be tagged with the specific VLAN ID user set. LAN Port: Select the LAN port users want to set LAN VLAN. VLAN Mode: Check if to enable LAN VLAN for the selected port. Click Add to set the VLAN ID, Pbits for the port.
Page 79: Eth Port Control
Eth Port Control Eth port control features the control of Ethernet port working patterns like Max Bit Rate and Duplex Mode. Select to change the port working patterns in the Edit vertical column. Eth Port: Select the port, P1-P5/EWAN. Max Bit Rate: Manually specify the max bit rate for the Ethernet port, 10 or 100Mbps. Duplex Mode: Manually specify the duplex mode for the Ethernet port, half or full duplex.
Page 80: Wan-Wide Area Network
WAN-Wide Area Network A WAN (Wide Area Network) is a computer network that covers a broad geographical area (eg. Internet) used to connect LAN and other types of network systems. WAN Service Three WAN interfaces are provided for WAN connection: DSL (VDSL/ADSL), Ethernet and 3G/4GLTE.
Page 81 PPPoE PPPoE (PPP over Ethernet) provides access control in a manner which is similar to dial-up services using PPP. VPI/VCI: Enter the VPI/VCI combination from you ISP. Encapsulation Mode: Select the encapsulation mode, LLC/SNAP-BRIDGING, or VC/MUX. Description: User-defined description for the connection, commonly for friendly use. 802.1P Priority: The parameter indicates the frame priority level from 0 (lowest) to 7 (highest), which can be used to prioritize different classes of traffic (voice, video, data, etc).
Page 82 Note: In PPPoE connection, NAT is enabled by default, you can determine whether to enable Fullcone NAT or disable Fullcone NAT and only use NAT, the default NAT type is Port Restricted cone NAT. Of Port-Restricted cone NAT, the restriction includes port numbers. Specifically, an external host can send a packet, with source IP address X and source port P, to the internal host only if the internal host had previously sent a packet to IP address X and port P IPv4 Address: Select whether to set static IPv4 address or obtain automatically.
Page 83 Click Next to continue to set the default gateway and DNS for IPv4 and IPv6. Default Gateway Select default gateway for you connection (IPv4 and IPv6). IPv4 Three ways to set an IPv4 DNS server Available WAN interfaces: Select a desirable WAN interface as the IPv4 DNS server. Static DNS Address: To specify DNS server manually by entering your primary and secondary DNS server addresses.
Page 84 If you don’t need a service, select the item you want to remove, check the checkbox, then press Remove. Press Edit button to re-edit this service settings. Here you can configure WAN Service, if it is OK, you can access the internet. You can go to Status >WAN or Summary to view the WAN connection information (if your ISP provides IPv6 service, then you will obtain an IPv6 address).
Page 85 PPPoA VPI/VCI: Enter the VPI/VCI combination from you ISP. Encapsulation Mode: Select the encapsulation mode, LLC/SNAP-BRIDGING, or VC/MUX. Description: User-defined description for the connection. Username: Enter the account obtained from the ISP. Password: Enter the password obtained from the ISP. Authentication Method: Default is Auto.
Page 86 useful when saving internet fees. Inactivity Timeout: The set Inactivity timeout period, unit: minutes. It is combined use with Dial on Demand, users should specify the concrete time interval for dial on demand. IPv6 for this service: Enable to use IPv6 service. IPv6 Address: Select whether to set static IPv6 address or obtain automatically.
Page 87 IP over Ethernet VPI/VCI: Enter the VPI/VCI combination from you ISP. Encapsulation Mode: Select the encapsulation mode, LLC/SNAP-BRIDGING, or VC/MUX. Description: User-defined description for the connection, commonly for friendly use. Authentication Method: Default is Auto. Or else your ISP will advise you the appropriate mode. 802.1P Priority: The parameter indicates the frame priority level from 0 (lowest) to 7 (highest), which can be used to prioritize different classes of traffic (voice, video, data, etc).
Page 88 option 125 message into DHCP offer packet before forward it to clients. After the clients receive the packet, it check the option 125 field in the packet with the prestored message, if it is matched, then the client accepts this offer, otherwise it will be abandoned. Check Enable or Disable this function. Default setting is Disable.
Page 89 IPoA VPI/VCI: Enter the VPI/VCI combination from you ISP. Encapsulation Mode: Select the encapsulation mode, LLC/SNAP-BRIDGING, or VC/MUX. Description: User-defined description for the connection, commonly for friendly use. WAN IP: Enter the WAN IP from the ISP. WAN Subnet Mask: Enter the WAN Subnet Mask from the ISP. NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single IP account by sharing the single IP address.
Page 90 Bridging VPI/VCI: Enter the VPI/VCI combination from you ISP. Encapsulation Mode: Select the encapsulation mode, LLC/SNAP-BRIDGING, or VC/MUX. Description: User-defined description for the connection, commonly for friendly use. 802.1P Priority: The parameter indicates the frame priority level from 0 (lowest) to 7 (highest), which can be used to prioritize different classes of traffic (voice, video, data, etc).
Page 91: Ethernet
Ethernet Ethernet WAN connection is well known as directly broadband WAN connection. Note: P5 can be configured as EWAN, and when the device is in EWAN profile, there is no P5/EWAN interface as P5 is working as a WAN port. If you need P5, please remove EWAN interface. PPPoE Description: User-defined description for the connection, commonly for friendly use.
Page 92 identification, tagged: 0-1, untagged: -1. 802.1Q VLAN ID: It is a parameter to specify the VLAN which the frame belongs. Enter the VLAN ID identification, tagged: 0-4094, untagged : -1. Username: Enter the account obtained from the ISP. Password: Enter the password obtained from the ISP. Service Name: The item is for identification purpose, user can define it yourselfe.
Page 93 MLD Multicast Source: Used in a similar way by IPv6 system as IGMP Multicast source in IPv4 system. Enable it to support the source filtering functionality for IPv6 system. Note: It works only on MLD version 2. Click Next to continue to set the default gateway and DNS for IPv4 and IPv6. Default Gateway Select default gateway for you connection (IPv4 and IPv6).
Page 94 IPv6 DNS Server address. If you don’t need the EWAN service, select the item you want to remove, check the checkbox, then press Remove, it will be OK. (Remove all the EWAN rules to release EWAN port to become a LAN port.) Press Edit button to re-edit this service settings.
Page 95 IP over Ethernet Description: User-defined description for the connection, commonly for friendly use. 802.1P Priority: The parameter indicates the frame priority level from 0 (lowest) to 7 (highest), which can be used to prioritize different classes of traffic (voice, video, data, etc). Enter the priority identification, tagged: 0-1, untagged: -1.
Page 96 WAN gateway IP Address: Enter your gateway IP address to the device provided by your ISP. IPv6 for this service: Enable to use IPv6 service. Obtain an IPv6 address automatically: check whether to enable or disable this feature. WAN IPv6 Address/Prefix Length: Enter the WAN IPv6 Address/Prefix Length from your ISP. WAN Next-Hop IPv6 Address: Enter the WAN Next-Hop IPv6 Address from your ISP.
Page 97 Bridging Description: User-defined description for the connection, commonly for friendly use. 802.1P Priority: The parameter indicates the frame priority level from 0 (lowest) to 7 (highest), which can be used to prioritize different classes of traffic (voice, video, data, etc). Enter the priority identification, tagged: 0-1, untagged: -1.
Page 98: 3G/4G Lte
3G/4G LTE Select 3G/4G LTE to configure the route to enjoy the mobility. By default the 3G/LTE interface is on, user can edit the parameters to meet your own requirements. Click Edit button to enter the 3G/4G LTE configuration page. Dial on demand: If enabled, the 3G/4G LTE will work in dial on demand and be brought up only when there is no active default route.
Page 99 preferred, UMTS 3G preferred, Automatic, and Use 3G/4G LTE dongle settings. If you are uncertain what services are available to you, and then please select Automatic. TEL No.: The dial string to make a 3G/LTE user internetworking call. It may provide by your mobile service provider.
Page 100 secondary DNS server addresses. Parent Controls: If user registers and gets a DNS account in the parental control provider website, expecting to enjoy a more reliable and safer internet surfing environment, please select this option (need to configure at Parental Control Provider).
Page 101: Dsl
This screen allows you to set DSL parameters. DSL knowledge is required to configure these settings. Contact your ISP to make sure that these parameters are correct. Modulation: There are 8 modes “G.Dmt”, “G.lite”, “T1.413”, “ADSL2”, “AnnexL”, ”ADSL2+”, “AnnexM”, “VDSL2” that user can select for this connection. Profile: VDSL profiles up to 17a.
Page 102: Failover
Failover Auto failover/failback is to ensure an always-on internet connection. Users can set a Master WAN interface (main WAN) and a slave interface (backup WAN), and when Master WAN fails, it will switch to slave WAN, and when master WAN restores, it will switch to master WAN interface again. L3 WAN Failover: Check Enable to activate L3 WAN failover.
Page 103: Snr
Signal-to-noise ratio (often abbreviated SNR or S/N) is a measure used in science and engineering that compares the level of a desired signal to the level of background noise. It is defined as the ratio of signal power to the noise power. SNR: Change the value to adjust the DSL link rate, more suitable for an advanced user.
Page 104: System
System Internet Time The router does not have a real time clock on board; instead, it uses the Network Time Protocol (NTP) to get the most current time from an NTP server. NTP is a protocol for synchronization of computers. It can enable computers synchronize to the NTP server or clock source with a high accuracy.
Page 105: Firmware Upgrade
Firmware Upgrade Software upgrading lets you experience new and integral functions of your router. Restart device with: Factory Default Settings: Restart the device with factory default settings automatically when finishing upgrading. Current Settings: Restart the device with the current settings automatically when finishing upgrading.
Page 106: Backup / Update
Backup / Update These functions allow you to save and backup your router’s current settings to a file on your PC, or to restore from a previously saved backup. This is useful if you wish to experiment with different settings, knowing that you have a backup handy in the case of any mistakes. It is advisable to backup your router’s settings before making any significant changes to your router’s configuration.
Page 107: Access Control
Access Control Access Control is used to prevent unauthorized access to the router configuration page. Here you can change the login user password. Three user levels are provided here. Each user level there’s a default provided user. You must access the router with the appropriate username and password. Here the corresponding passwords are allowed to change.
Page 108: Mail Alert
Mail Alert Mail alert is designed to keep system administrator or other relevant personnel alerted of any unexpected events that might have occurred to the network computers or server for monitoring efficiency. With this alert system, appropriate solutions may be tackled to fix problems that may have arisen so that the server can be properly maintained.
Page 109: Sms Alert
SMS Alert SMS, Short Message Service, is to inform clients the information clients subscribe. The BiPAC 8900X R3 offers SMS alert sending clients alert messages when a WAN IP change is detected. Recipient’s Number (WAN IP Change Alert): Enter the Recipient’s number that will receive the alert message once a WAN IP change has been detected.
Page 110: Configure Log
Configure Log Log: Enable or disable this function. Log level: Select your log level. The log level allows you to configure which types of events are logged. There are eight log levels from high to low are displayed below: Emergency = system is unusable Alert = action must be taken immediately Critical = critical conditions Error = error conditions...
Page 111: Usb
Storage here refers to network sharing in the network environment, USB devices act as the storage carrier for DLNA, common file sharing. Storage Device Info This part provides users direct access to the storage information like the total volume, the used and the remaining capacity of the device.
Page 112: User Account
User Account Users here can add user accounts for access to the storage, in this way users can access the network sharing storage with the specified account, and again protect their own data. Default user admin. Click Add button, enter the user account-adding page: Username: user-defined name, but simpler and more convenient to remember would be favorable.
Page 113 Accessing mechanism of Storage: In your computer, Click Start > Run, enter \\192.168.1.254...
Page 114 When accessing the network storage, you can see a folder named “public”, users should have the account to enter, and the account can be set at the User Accounts section. When first logged on to the network folder, you will see the “public” folder. Public: The public sharing space for each user in the USB Storage.
Page 115 Access the folder public.
Page 116 When successfully accessed, the private folder of each user is established, and user can see from the following picture. The test fold in the picture is the private space for each user.
Page 117: Print Server
Print Server The Print Server feature allows you to share a printer on your network by connecting a USB cable from your printer to the USB port on the 8900X R3. This allows you to print from any location on your network.
Page 118 Step 2: Click ‘’Add a Printer’’. Step 3: Click “Add a network, wireless or Bluetooth printer...
Page 119 Step 4: Click “The printer that I want isn’t listed” Step 5: Select “Select a shared printer by name” Enter http://8900XR3- LAN-IP:631/printers/printer-name or. Make sure printer’s name is the same as what you set in the router earlier For Example: http://192.168.1.254:631/printers/OfficePrinter OfficePrinter is the Printer Name we setup earlier...
Page 120 Step 6: Click “Next” to add the printer driver. If your printer is not listed and your printer came with an installation disk, click “Have Disk” find it and install the driver. Step 7: Click “Next”...
Page 121 Step 8: Click “Next” and you are done You will now be able to see your printer on the Devices and Printers Page...
Page 122: Dlna
DLNA The Digital Living Network Alliance (DLNA) is a non-profit collaborative trade organization established by Sony in June 2003, which is responsible for defining interoperability guidelines to enable sharing of digital media between consumer devices such as computers, printers, cameras, cell phones and other multiple devices.
Page 123 Take Windows media player in Windows 7 accessing the DLNA server for example for usage of DLNA .
Page 124: Ip Tunnel
IP Tunnel An IP Tunnel is an Internet Protocol (IP) network communication channels between two networks of different protocols. It is used to transport another network protocol by encapsulation of its packets. IP Tunnels are often used to connect two disjoint IP networks that do not have a native routing path to each other, via an underlying routable protocol across an intermediate transport network, like VPN.
Page 125 Associated WAN Interface: The applied WAN interface with the set tunnel, thus when there are packets from/to the WAN interface, the tunnel would be used to transport the packets. Associated LAN Interface: Set the linked LAN interface with the tunnel. Method: 6rd operation mechanism: manually configured or automatically configured.
Page 126: Ipv4Inipv6
IPv4inIPv6 4in6 refers to tunneling of IPv4 in IPv6. It is an inherent internet interoperation mechanism allowing IPv4 to be used in an IPv6 only network. 4in6 uses tunneling to encapsulate IPv4 traffic over configured IPv6 tunnels. 4in6 tunnels are usually manually configured but they can be automated using protocols such as TSP(Tunnel Setup Protocol) to allow easy connection to a tunnel broker.
Page 127: Security
Security IP Filtering Outgoing IP filtering enables you to configure your router to block specified internal/external users (IP address) from Internet access, or you can disable specific service requests (Port number) to /from Internet. The relationship among all filters is “or” operation, which means that the router checks these different filter rules one by one, starting from the first rule.
Page 128 Destination Port [port or port: port]: Traffic with the particular set destination port or port in the set port range is to be blocked from going through the router. Default is set port from port range: 1 – 65535. Time Schedule: Select or set exactly when the rule works. When set to “Always On”, the rule will work all time;...
Page 129 (Rule inactive)
Page 130: Ip Filtering Incoming
IP Filtering Incoming Incoming IP Filtering is set by default to block all incoming traffic, but user can set rules to forward the specific incoming traffic. Note: 1. The maximum number of entries: 32. 2. When LAN side firewall or firewall in WAN interface(s) is enabled, user can move here to add allowing rules to pass through the firewall.
Page 131 Time Schedule: Select or set exactly when the rule works. When set to “Always On”, the rule will work all time; and also you can set the precise time when the rule works, like 01:00-19:00 from Monday to Friday. Or you can select the already set timeslot in “Time Schedule” during which the rule works.
Page 132: Mac Filtering
MAC Filtering MAC Filtering is only effective on ATM PVCs configured in Bridged mode. FORWARDED means that all MAC layer frames will be forwarded except those matching with any of the specified rules in the following table. BLOCKED means that all MAC layer frames will be blocked except those matching with any of the specified rules in the following table.
Page 133: Blocking Wan Ping
Blocking WAN PING This feature is enabled to let your router not respond to any ping command when someone others “Ping” your WAN IP.
Page 134: Time Restriction
Time Restriction A MAC (Media Access Control) address is the unique network hardware identifier for each PC on your network’s interface (i.e. its Network Interface Card or Ethernet card). Using your router’s MAC Address Filter function, you can configure the network to block specific machines from accessing your LAN during the specified time.
Page 135 An example: Here you can see that the user “child-use” with a MAC of 18:a9:05:04:12:23 is blocked to access the router from 00:00 to 23:59 Monday through Friday. The “test” can access the internet always. If you needn’t this rule, you can check the box, press Remove, it will be OK.
Page 136: Url Filter
URL Filter URL (Uniform Resource Locator – e.g. an address in the form of http://www.abcde.com or http://www.example.com) filter rules allow you to prevent users on your network from accessing particular websites by their URL. There are no pre-defined URL filter rules; you can add filter rules to meet your requirements.
Page 137 Keywords Filtering Note: Maximum number of entries: 32. Click to add the keywords. Enter the Keyword, for example image, and then click Add. You can add other keywords like this. The keywords you add will be listed as above. If you want to reedit the keyword, press the Edit radio button left beside the item, and the word will listed in the Keyword field, edit, and then press Edit/Delete to confirm.
Page 138 Except IP Address In the section, users can set the exception IP respectively for IPv4 and IPv6. Click to add the IP Addresses. Enter the except IP address. Click Add to save your changes. The IP address will be entered into the Exception List, and excluded from the URL filtering rules in effect.
Page 139: Parental Control Provider
Parental Control Provider Parental Control Provider provides Web content filtering offering safer and more reliable web surfing for users. Please get an account and configure at the selected Provider “www.opendns.com” in advance. To use parental control (DNS), user needs to configure to use parental control (DNS provided by parental control provider) to access internet at WAN configuration or DNS page(See DNS).
Page 140: Qos - Quality Of Service
QoS - Quality of Service Quality of Service QoS helps you to control the data upload traffic of each application from LAN (Ethernet) to WAN (Internet). This feature allows you to control the quality and speed of throughput for each application when the system is running with full upstream load.
Page 141 Protocol: Select the supported protocol from the drop down list. DSCP Marking: Differentiated Services Code Point (DSCP), it is the first 6 bits in the ToS byte. DSCP Marking allows users to classify the traffic of the application to be executed according to the DSCP value.
Page 142 Priority: Set the priority given to each policy/application. Specify the priority for the use of bandwidth. You can specify which application can have higher priority to acquire the bandwidth. Its default setting is set to Normal. You may adjust this setting to fit your policy / application. Internal IP Address: The IP address values for Local LAN devices you want to give control.
Page 143 Examples: Common usage 1. Give outgoing VoIP traffic more priority. The default queue priority is normal, so if you have VoIP users in your local network, you can set a higher priority to the outgoing VoIP traffic. 2. Give regular web http access a limited rate...
Page 144 3. If you are actively engaged in P2P and are afraid of slowing down internet access for other users within your network, you can then use QoS to set a rule that has low priority. In this way, P2P application will not congest the data transmission with other applications. Other applications, like FTP, Mail access, users can use QoS to control based on need.
Page 145: Qos Port Shaping
QoS Port Shaping QoS port shaping supports traffic shaping of Ethernet interfaces. It forcefully maximizes the throughput of the Ethernet interface. When “Shaping Rate” is set to “-1”, no shaping will be in place and the “Burst Size” is to be ignored. Interface: P1-P5.
Page 146: Nat
NAT (Network Address Translation) feature translates a private IP to a public IP, allowing multiple users to access the Internet through a single IP account, sharing the single IP address. It is a natural firewall for the private network. Exceptional Rule Group Exceptional Rule is dedicated to giving or blocking Virtual Server/ DMZ access to some specific IP or IPs(range).
Page 147 Exceptional Rule Range IP Address Range: Specify the IP address range; IPv4 address range can be supported. Click Add to add the IP Range. For instance, if user wants to block IP range of 172.16.1.102-172.16.1.106 from accessing your set virtual server and DMZ host, you can add this IP range and valid it.
Page 148: Virtual Servers
Virtual Servers In TCP/IP and UDP networks a port is a 16-bit number used to identify which application program (usually a server) incoming connections should be delivered to. Some ports have numbers that are pre-assigned to them by the IANA (the Internet Assigned Numbers Authority), and these are referred to as “well-known ports”.
Page 149 The following configuration page will appear to let you configure. Interface: Select from the drop-down menu the interface you want the virtual server(s) to apply. WAN IP: To specify the exact WAN IP address. It can be flexible while there are multiple WAN IPs on one interface.
Page 150 Exceptional Rule Group: Select the exceptional group listed. It is to grant or block Virtual Server access to a group of IPs. For example, as we set previously group 1 blocking access to 172.16.1.102-172.16.1.106. If here you want to block Virtual Server access to this IP range, you can select Group1.
Page 151 Means the rule is inactive) Remove If you don’t need a specified Server, you can remove it. Check the check box beside the item you want to remove, then press Remove, it will be OK.
Page 152: Dmz Host
DMZ Host The DMZ Host is a local computer exposed to the Internet. When setting a particular internal IP address as the DMZ Host, all incoming packets will be checked by Firewall and NAT algorithms before being passed to the DMZ host, when a packet received does not use a port number used by any other Virtual Server entries.
Page 153: One-To-One Nat
One-to-One NAT One-to-One NAT maps a specific private/local address to a global/public IP address. If user has multiple global/public IP addresses from your ISP, you are free to use one-to-one NAT to assign some specific public IP for an internal IP like a public web server mapped with a global/public IP for outside access.
Page 154: Port Triggering
Port Triggering Port triggering is a way to automate port forwarding with outbound traffic on predetermined ports (‘triggering ports’), incoming ports are dynamically forwarded to the initiating host, while the outbound ports are in use. Port triggering triggers can open an incoming port when a client on the local network makes an outgoing connection on a predetermined port or a range of ports.
Page 155 Open port Start: Enter a port number as the open port staring number. End: Enter a port number as the open port ending number. Any port in the range delimited by the ‘Start’ and ‘End’ would be the preset forwarding port or open port.
Page 156 Edit/Remove If you don’t need a specified Server, you can remove it. Check the check box beside the item you want to remove, and then press Remove. Click Edit to re-edit your port-triggering rule.
Page 157: Alg
The ALG Controls enable or disable protocols over application layer. SIP: Enable the SIP ALG when SIP phone needs ALG to pass through the NAT. Disable the SIP when SIP phone includes NAT-Traversal algorithm. H.323: Enable to secure the voice communication using H.323 protocol when one or both terminals are behind a NAT.
Page 158: Wake On Lan
Wake On LAN Wake on LAN (WOL, sometimes WoL) is an Ethernet computer networking standard that allows a computer to be turned on or woken up remotely by a network message. Host Label: Enter identification for the host. Select: Select MAC address of the computer that you want to wake up or turn on remotely. Wake by Schedule: Enable to wake up your set device at some specific time.
Page 159: Vpn
A virtual private network (VPN) is a private network that interconnects remote (and often geographically separate) networks through primarily public communication infrastructures such as the Internet. VPNs provide security through tunneling protocols and security procedures such as encryption. For example, a VPN could be used to securely connect the branch offices of an organization to a head office network through the public Internet.
Page 160 Click Add to create IPSec connections. IPSec Settings L2TP over IPSec: Select Enable if user wants to use L2TP over IPSec. See L2TPover IPSec Connection Name: A given name for the connection, but it should contain no spaces (e.g. “connection-to-office”). WAN Interface: Select the set used interface for the IPSec connection, when you select adsl pppoe_0_0_35/ppp0.1 interface, the IPSec tunnel would transmit data via this interface to connect to the remote peer.
Page 161 Key Exchange Method: Displays key exchange method. Pre-Shared Key: This is for the Internet Key Exchange (IKE) protocol, a string from 1 to 32 characters. Both sides should use the same key. IKE is used to establish a shared security policy and authenticated keys for services (such as IPSec) that require a key.
Page 162 IPSec Lifetime: Specify the number of minutes that IPSec will stay active before new encryption and authentication key will be exchanged. Enter a value to negotiate and establish secure authentication. Default is 60 minutes (3600 seconds). A short time increases security by forcing the two parties to update the keys.
Page 163 IPSec for L2TP Connection Name: A given name for the connection, but it should contain no spaces (e.g. “connection-to-office”). WAN Interface: Select the set interface for the IPSec tunnel. Remote Security Gateway: Input the IP of remote security gateway. Key Exchange Method: Displays key exchange method. Pre-Shared Key: This is for the Internet Key Exchange (IKE) protocol, a string from 1 to 32 characters.
Page 164 Examples: 1. LAN-to-LAN connection Two BiPAC 8900X R3s want to setup a secure IPSec VPN tunnel Note: The IPSec Settings shall be consistent between the two routers. Head Office Side: Setup details: Item Function Description Connection Name H-to-B Give a name for IPSec connection Local Network Subnet Select Subnet...
Page 166 Branch Office Side: Setup details: the same operation as done in Head Office side Item Function Description Connection Name B-to-H Give a name for IPSec connection Local Network Subnet Select Subnet IP Address 192.168.0.0 Branch Office network Netmask 255.255.255.0 Remote Secure IP address of the Head office router Gateway...
Page 167 2. Host to LAN Router servers as VPN server, and host should install the IPSec client to connect to head office through IPSec VPN. Item Function Description Headoffice-to-Host Connection Name Give a name for IPSec connection Local Network Subnet Select Subnet IP Address 192.168.1.0 Head Office network...
Page 169: Vpn Account
VPN Account PPTP and L2TP server share the same account database set in VPN Account page. Name: A user-defined name for the connection. Tunnel: Select Enable to activate the account. PPTP(L2TP) server is waiting for the client to connect to this account. Username: Please input the username for this account.
Page 170: Exceptional Rule Group
Exceptional Rule Group Exceptional Rule is dedicated to giving or blocking PPTP/L2TP server access to some specific IP or IPs(range). Users are allowed to set 8 different exceptional rule groups at most. In each group, user can add specific IP or IP range. Press Edit to set the exceptional IP (IP Range).
Page 171 Exceptional Rule Range IP Address Range: Specify the IP address range; IPv4 address range can be supported. Click Add to add the IP Range. For instance, if user wants to block IP range of 172.16.1.102-172.16.1.106 from accessing your PPTP and L2TP server, you can add this IP range and valid it.
Page 172: Pptp
PPTP The Point-to-Point Tunneling Protocol (PPTP) is a Layer2 tunneling protocol for implementing virtual private networks through IP network. PPTP uses an enhanced GRE (Generic Routing Encapsulation) mechanism to provide a flow- and congestion-controlled encapsulated datagram service for carrying PPP packets. In the Microsoft implementation, the tunneled PPP traffic can be authenticated with PAP, CHAP, Microsoft CHAP V1/V2 or EAP-TLS.
Page 173: Pptp Client
Idle Timeout: Specify the time for remote peer to be disconnected without any activities, from 0~120 minutes. Exceptional Rule Group: Select to grant or block access to a group of IPs to the PPTP server. See Exceptional Rule Group. If there is not any restriction, select none. Click Apply to submit your PPTP Server basic settings.
Page 174 Example: PPTP Remote Access with Windows series (Note: 1. inside test with 172.16.1.208, just an example for illustration 2. Here is a configuration example on Windows 7; Windows series including Windows 10/ 8/ 7 vista/ also supports the application with similar steps. ) Server Side: 1.
Page 175 2. Create a PPTP Account “test”. Client Side: Windows series Note: Here is a configuration example on Windows 7; Windows series including Windows 10/ vista/ 8/ 7 also supports the application with similar steps. 1. In Windows7, click Start > Control Panel> Network and Sharing Center, Click Set up a new connection network.
Page 176 For Windows 10, Users can click Start > Settings; or right click the mouse when it points at Windows ICON (Start), then click Control Panel > Network and Sharing Center, then Set up a new connection network. (Windows 10)
Page 177 2. Click Connect to a workplace, and press Next. 3. Select Use my Internet connection (VPN) and press Next.
Page 178 4. Input Internet address and Destination name for this connection and press Next.
Page 179 5. Input the account (user name and password) and press Create.
Page 180 6. Connect to the server.
Page 181 7. Successfully connected. You can also go to Network Connections shown below to check the detail of the connection. Right click “test” icon, and select “Properties” to change the security parameters (if the connection fails, users can go here to change the settings)
Page 183 Example: Configuring a LAN-to-LAN PPTP VPN Connection The branch office establishes a PPTP VPN tunnel with head office to connect two private networks over the Internet. The routers are installed in the head office and branch offices accordingly. Server side: Head Office The above is the common setting for PPTP Server, set as you like for authentication and encryption.
Page 184 Then the PPTP Account. Client Side: Branch Office The client user can set up a tunnel connecting to the PPTP server, and can also set the tunnel as the default route for all outgoing traffic. Note: users can see the “Default Gateway” item in the bar, and user can check to select the tunnel as the default gateway (default route) for traffic.
Page 185: L2Tp
L2TP The Layer 2 Tunneling Protocol (L2TP) is a Layer2 tunneling protocol for implementing virtual private networks. L2TP does not provide confidentiality or strong authentication by itself. IPsec is often used to secure L2TP packets by providing confidentiality, authentication and integrity. The combination of these two protocols is generally known as L2TP/IPsec.
Page 186 and set the same in the client side. Secret: Enter the secretly pre-shared password for tunnel authentication. Remote Host Name: Enter the remote host name (of peer) featuring the destination of the L2TP tunnel. Local Host Name: Enter the local host name featuring the source of the L2TP tunnel. Exceptional Rule Group: Select to grant or block access to a group of IPs to the L2TP server.
Page 187: L2Tp Client
L2TP Client L2TP client can help you dial-in the L2TP server to establish L2TP tunnel over Internet. Name: user-defined name for identification. L2TP over IPSec: If your L2TP server has used L2TP over IPSec feature, please enable this item. under this circumstance, client and server communicate using L2TP over IPSec. Enable IPSec Tunnel: Select the appropriate IPSec for L2TP rule configured for the L2TP Client.
Page 188 Connection Type: Select Remote Access for single user, Select LAN to LAN for remote gateway. Peer Network IP: Please input the subnet IP for Server. Peer Netmask: Please input the Netmask for Server. Tunnel Authentication: Select whether to enable L2TP tunnel authentication, if the server side enables this feature, please follow.
Page 189 Secret: Enter the set secret password in the server side. Remote Host Name: Enter the remote host name featuring the destination of the L2TP tunnel. Local Host Name: Enter the local host name featuring the source of the L2TP tunnel. Click Add button to save your changes.
Page 190 Example: L2TP over IPSec Remote Access with Windows series (Note: 1. inside test with 172.16.1.185, just an example for illustration 2. Here is a configuration example on Windows 7; Windows series including Windows 10/ 8/ 7 vista/ also supports the application with similar steps. ) Server Side: 1.
Page 191 2. Create a L2TP Account “test1”. Client Side: Windows series Note: Here is a configuration example on Windows 7; Windows series including Windows 10/ vista/ 8/ 7 also supports the application with similar steps. 1. In Windows7, click Start > Control Panel> Network and Sharing Center, Click Set up a new connection network.
Page 192 For Windows 10, Users can click Start > Settings; or right click the mouse when it points at Windows ICON (Start), then click Control Panel > Network and Sharing Center, then Set up a new connection network. (Windows 10)
Page 193 2. Click Connect to a workplace, and press Next. 3. Select Use my Internet connection (VPN) and press Next.
Page 194 4. Input Internet address and Destination name for this connection and press Next.
Page 195 5. Input the account (user name and password) and press Create.
Page 196 6. Connection created. Press Close. 7. Go to Network Connections shown below to check the detail of the connection. Right click “L2TP_IPSec” icon, and select “Properties” to change the security parameters.
Page 197 8. Chang the type of VPN to “Layer 2 Tunneling Protocol with IPSec (L2TP/IPSec)” and Click Advanced Settings to set the pre-shared (set in IPSec) key for authentication.
Page 198 9. Go to Network connections, enter username and password to connect L2TP_IPSec and check the connection status.
Page 199 Example: Configuring L2TP LAN-to-LAN VPN Connection The branch office establishes a L2TP VPN tunnel with head office to connect two private networks over the Internet. The routers are installed in the head office and branch office accordingly. Note: Both office LAN networks must be in different subnets with the LAN-LAN application. Server side: Head Office...
Page 200 The above is the commonly setting for L2TP Server, set as you like for authentication and encryption. The settings in Client side should be in accordance with settings in Server side. Then account the L2TP Account.
Page 201 Client Side: Branch Office The client user can set up a tunnel connecting to the L2TP server, and can also set the tunnel as the default route for all outgoing traffic. Note: users can see the “Default Gateway” item in the bar, and user can check to select the tunnel as the default gateway (default route) for traffic.
Page 202: Openvpn
OpenVPN OpenVPN is an open source software application that implements v irtual private network (VPN) 2 3 7 H 2 4 5 H 2 4 5 H 2 4 5 H techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities.
Page 203 HMAC Authentication: OpenVPN support H MAC authentication, please select authentication item 2 5 5 H 2 6 3 H 2 6 3 H 2 6 3 H from the list. lzo Compression: Enable to use the L ZO compression library to compress the data stream. 2 5 6 H 2 6 4 H 2 6 4 H 2 6 4 H Click Apply to submit your OpenVPN Server basic settings.
Page 204: Openvpn Ca
2 5 7 H 2 6 5 H 2 6 5 H 2 6 5 H with certificate-based being the most robust. Generally, the part offers the billion factory-defined authentication certificate. Recipient’s Email: Set the recipient’s email address to send the trusted CA to the OpenVPN client.
Page 205: Openvpn Client
OpenVPN Client OpenVPN client can help you dial-in the OpenVPN server to establish a trusted OpenVPN tunnel over Internet. Name: user-defined name for identification. WAN Interface: Select the exact WAN interface configured as source for the tunnel. Select Default to use the now-working WAN interface for the tunnel. Username: Enter the username provided by your OpenVPN Server.
Page 206 How to establish OpenVPN tunnel 1. Remote Access OpenVPN (If the client wants to remotely access the OpenVPN Server, on client side, users had better install an OpenVPN client application/installer and connect to server accordingly. Here only give the configuration on server side.) Server side on router 1.
Page 207 3. Set the OpenVPN client’s E-mail address to receive trusted CA from server to establish a trusted OpenVPN tunnel.
Page 208 2. LAN-to-LAN OpenVPN The branch office establishes a OpenVPN tunnel with head office to connect two private networks over the Internet. The routers are installed in the head office and branch office accordingly. Configured in this way, head office and branch office can access each other. Note: Both office LAN networks must be in different subnets with the LAN-to-LAN application.
Page 209 2. Create an account for client to connect in 3. Set the OpenVPN client’s E-mail address to receive trusted CA from server to establish a trusted OpenVPN tunnel.
Page 210 Client Side: Branch Office 1. Import your trusted certificate from server side, which is used to authenticate between client and server for establishing trusted OpenVPN tunnel. 2. On the OpenVPN client side, fill in the parameters the same as set for OpenVPN server.
Page 211 Note: users can see the “Default Gateway” item in the bar, and user can check to select the tunnel as the default gateway (default route) for traffic. If selected, all outgoing traffic will be forwarded to this tunnel and routed to the next hop.
Page 212: Gre
Generic Routing Encapsulation (GRE) is a tunneling protocol that can encapsulate a wide variety of network layer protocol packets inside virtual point-to-point links over an Internet Protocol (IP) network. Note: up to 8 tunnels can be added, but only 4 can be activated. Name: User-defined identification.
Page 213: Advanced Setup
Advanced Setup There are sub-items within the System section: Routing, DNS, Static ARP, UPnP, Certificate, Multicast, Management, and Diagnostics.
Page 214: Routing
Routing Default Gateway WAN port: Select the port this gateway applies to. To set Default Gateway and Available Routed WAN Interface. This interfaces are the ones you have set in WAN section, here select the one you want to be the default gateway by moving the interface via .
Page 215: Static Route
Static Route With static route feature, you can control the routing of all the traffic across your network. With each routing rule created, you can specifically assign the destination where the traffic will be routed. Above is the static route listing table, click Add to create static routing. IP Version: Select the IP version, IPv4 or IPv6.
Page 216: Policy Routing
Policy Routing Here users can set a route for the host (source IP) in a LAN interface to access outside through a specified Default Gateway or a WAN interface. The following is the policy Routing listing table. Click Add to create a policy route. Policy Name: User-defined name.
Page 217: Rip
RIP, Router Information Protocol, is a simple Interior Gateway Protocol (IGP). RIP supports RIP-1 , RIP-2 and both. Interface: the interface the rule applies to. Version: select the RIP version, RIP-1, RIP-2 and both. Operation: RIP has two operation mode. Passive: only receive the routing information broadcasted by other routers and modifies its routing table according to the received information.
Page 218: Load Balance
Load Balance This is outbound load balance to distribute internet traffic across multiple wan. There are two methods to choose that depends on your network Bandwidth. SDB(Smart Detecting Balancer) method can dynamic detecting the traffic status among multiple WAN and adjust the traffic pass through the proper WAN interface.
Page 219 Cases on load balance I. Similar rates between WAN interfaces or no disparity for example: VDSL2 100/100 & LTE 100/50Mbps Select SDB: VDSL: 90% of speed on upstream/downstream LTE: 90% of speed on upstream/downstream II: Huge speed disparity between WAN interfaces for example WAN ETH 1000/1000 & LTE 100/50Mbps Select WRR.
Page 220 III Multiple WAN interfaces VDSL2 50/50 & WAN eth 1000 & LTE 100/50Mbps Please select Method: WRR. It’s because speed between VDSL, Eth and LTE are 1:20:2. Hence, we need to use WRR to 10:200:20. VDSL: 90% of speed on upstream/downstream Ethernet WAN: 90% of speed on upstream/downstream LTE: 90% of speed on upstream/downstream Note: If there is a huge disparity between interfaces, please use WRR.
Page 221: Dns
DNS, Domain Name System, is a distributed database of TCP/IP application. DNS provides translation from Domain name to IP. IPv4 Three ways to set an IPv4 DNS server Select DNS server from available WAN interfaces: Select a desirable WAN interface as the IPv4 DNS server.
Page 222 Use the following Static IPv6 DNS address Primary IPv6 DNS Server / Secondary IPv6 DNS Server: Type the specific primary and secondary IPv6 DNS Server address.
Page 223: Dynamic Dns
Dynamic DNS The Dynamic DNS function allows you to alias a dynamic IP address to a static hostname, allowing users whose ISP does not assign them a static IP address to use a domain name. This is especially useful for hosting servers via your ADSL connection, so that anyone wishing to connect to you may use your domain name, rather than having to use your dynamic IP address, which changes from time to time.
Page 224 User can register different DDNS to different interfaces. Examples: Note first users have to go to the Dynamic DNS registration service provider to register an account. User test register two Dynamic Domain Names in DDNS provider http://www.dyndns.org/ 1. pppoe_0_8_35 with DDNS: www.hometest.com using username/password test/test...
Page 225 2. ipoe_eth0 with DDNS: www.hometest1.com using username/password test/test.
Page 226: Dns Proxy
DNS Proxy DNS proxy is used to forward request and response message between DNS Client and DNS Server. Hosts in LAN can use router serving as a DNS proxy to connect to the DNS Server in public to correctly resolve Domain name to access the internet. DNS Proxy: Select whether to enable or disable DNS Proxy function, default is enabled.
Page 227: Static Dns
Static DNS Static DNS is a concept relative to Dynamic DNS; in static DNS system, the IP mapped is static without change. You can map the specific IP to a user-friendly domain name. In LAN, you can map a PC to a domain name for convenient access.
Page 228: Static Arp
Static ARP ARP (Address Resolution Protocol) is a TCP/IP protocol that allows the resolution of network layer addresses into the link layer addresses. And “Static ARP” here allows user to map manually the layer-3 MAC (Media Access Control) address to the layer-2 IP address of the device. IP Address: Enter the IP of the device that the corresponding MAC address will be mapped to.
Page 229: Upnp
UPnP UPnP offers peer-to-peer network connectivity for PCs and other network devices, along with control and data transfer between devices. UPnP offers many advantages for users running NAT routers through UPnP NAT Traversal, and on supported systems makes tasks such as port forwarding much easier by letting the application control the required settings, removing the need for the user to control advanced configuration of their device.
Page 230 Installing UPnP in Windows Example Follow the steps below to install the UPnP in Windows Me. Step 1: Click Start and Control Panel. Double-click Add/Remove Programs. Step 2: Click on the Windows Setup tab and select Communication in the Components selection box.
Page 231 Step 5: Restart the computer when prompted. Follow the steps below to install the UPnP in Windows XP. Step 1: Click Start and Control Panel. Step 2: Double-click Network Connections. Step 3: In the Network Connections window, click Advanced in the main menu and select Optional Networking Components ….
Page 232 Step 5: In the Networking Services window, select the Universal Plug and Play check box. Step 6: Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. Auto-discover Your UPnP-enabled Network Device Step 1: Click start and Control Panel. Double-click Network Connections. An icon displays under Internet Gateway.
Page 233 Step 3: In the Internet Connection Properties window, click Settings to see the port mappings that were automatically created. Step 4: You may edit or delete the port mappings or click Add to manually add port mappings.
Page 234 Step 5: Select Show icon in notification area when connected option and click OK. An icon displays in the system tray Step 6: Double-click on the icon to display your current Internet connection status.
Page 235: Certificate
Certificate This feature is used for TR069 ACS Server authentication of the device using certificate, if necessary. If the imported certificate doesn't match the authorized certificate of the ACS Server, the device will have no access to the server. Trusted CA Certificate Name: The certificate identification name.
Page 236 Click Import Certificate button to import your certificate. Enter the certificate name and insert the certificate.
Page 237 Click Apply to confirm your settings.
Page 238: Multicast
Multicast Multicast is one of the three network transmission modes, Unicast, Multicast, Broadcast. It is a transmission mode that supports point-to-multipoint connections between the sender and the recipient. IGMP protocol is used to establish and maintain the relationship between IP host and the host directly connected multicast router.
Page 239 Last Member Query Interval: Enter the interval time (sec) the multicast router query the specified group after it has received leave message. Robustness Value: Enter the router robustness parameter, 2-7, the greater the robustness value, the more robust the Querier is. Maximum Multicast Groups: Enter the Maximum Multicast Groups.
Page 240: Management
Management SNMP Agent SNMP, Simple Network Management Protocol, is the most popular one in network. It consists of SNMP Manager，SNMP Agent and MIB. Every network device supporting SNMP will have a SNMP Agent which is a management software running in the device. SNMP Manager, the management software running on the server, it uses SNMP protocol to send GetRequest、GetNextRequest, SetRequest message to Agent to view and change the information of the device.
Page 241: Tr- 069 Client
TR- 069 Client TR-069 (short for Technical Report 069) is a DSL Forum (which was later renamed as Broadband Forum) technical specification entitled CPE WAN Management Protocol (CWMP). It defines an application layer protocol for remote management of end-user devices. As a bidirectional SOAP/HTTP based protocol it can provides the communication between customer premises equipment (CPE) and Auto Configuration Server (ACS).
Page 242 GetRPCMethods：Supported by both CPE and ACS, display the supported RFC listing methods. Click Apply to apply your settings.
Page 243: Http Port
HTTP Port The device equips user to change the embedded web server accessing port. Default is 80.
Page 244: Remote Access
Remote Access It is to allow remote access to the router to view or configure. Remote Access: Select “Enable” to allow management access from remote side (mostly from internet). If disabled, no remote access is allowed for any IPs even if you set allowed access IP address.
Page 245: Mobile Networks
Mobile Networks User can press Scan to discover available 3G/4G LTE mobile network.
Page 246: 3G/4G Lte Usage Allowance
3G/4G LTE Usage Allowance 3G/4G LTE usage allowance is designated for users to monitor and control the mobile flow usage. Mode: include Volume-based and Time-based control. Volume-based include “only Download”,”only Upload” and “Download and Upload” to limit the flow. Time-based control the flow by providing specific hours per month. The billing period begins on: The beginning day of billing each month.
Page 247: Power Management
Power Management Power management is a feature of some electrical appliances, especially computers that turn off the power or switch to a low-power state when inactive. Five main parameters are listed for users to check to manage the performance of the router.
Page 248: Time Schedule
Time Schedule The Time Schedule supports up to 32 timeslots which helps you to manage your Internet connection. In each time profile, you may schedule specific day(s) i.e. Monday through Sunday to restrict or allowing the usage of the Internet by users or applications. This Time Schedule correlates closely with router’s time, since router does not have a real time clock on board;...
Page 249: Auto Reboot
Auto Reboot Auto reboot offers flexible rebooting service (reboot with the current configuration) of router for users in line with scheduled timetable settings. Enable to set the time schedule for rebooting. For example, the router is scheduled to reboot at 22:00 every single weekday, and to reboot at 9:00 on Saturday and Sunday.
Page 250: Diagnostics
Diagnostics Diagnostics Tools BiPAC 8900X R3 offers diagnostics tools including “Ping” and “Trace route test” tools to check for problems associated with network connections. Ping Test: to verify the connectivity between source and destination. Destination Host: Enter the destination host (IP, domain name) to be checked for connectivity.
Page 251 Example: Ping www.google.com...
Page 252 Example: “trace” www.google.com...
Page 253: Push Service
Push Service With push service, the system can send email messages with consumption data and system information. Recipient’s E-mail: Enter the destination mail address. The email is used to receive system log ， system configuration，security log sent by the device when the Push Now button is pressed (information sent only when pressing the button ), but the mail address is not remembered.
Page 254: Diagnostics
Diagnostics Check the connections, including Ethernet connection, Internet Connection and wireless connection. Click Help link that can lead you to the interpretation of the results and the possible, simply troubleshooting.
Page 255: Fault Management
Fault Management IEEE 802.1ag Connectivity Fault Management (CFM) is a standard defined by IEEE. It defines protocols and practices for OAM (Operations, Administration, and Maintenance) for paths through 802.1 bridges and local area networks (LANs). Fault Management is to uniquely test the VDSL PTM connection;...
Page 256: Ethernet Oam
Ethernet OAM 8900X R3 offers industry standard OAM capabilities to enable network providers to provision and operate their networks with full visibility and control, simply and efficiently to minimize ongoing OPEX. Both peers should be Ethernet-OAM-enabled. There are two phases of how Ethernet OAM is usually realized: 1.) Ethernet Link OAM: Ethernet in the First Mile (EFM) Link OAM as defined in IEEE 802.3ah, Designed for testing and maintaining access links between EFM-OAM-enabled devices on L2.
Page 257: Restart
Restart This section lets you restart your router if necessary. Click in the low right corner of each configuration page. If you wish to restart the router using the factory default settings (for example, after a firmware upgrade or if you have saved an incorrect configuration), select Factory Default Settings to reset to factory default settings.
Page 258: Chapter 5: Troubleshooting
If your router is not functioning properly, please refer to the suggested solutions provided in this chapter. If your problems persist or the suggested solutions do not meet your needs, please kindly contact your service provider or Billion for support. Problems with the router...
Page 259 Problem with LAN interface Problem Suggested Action Cannot PING any PC on LAN Check the Ethernet LEDs on the front panel. The LED should be on for the port that has a PC connected. If it does not lit, check to see if the cable between your router and the PC is properly connected.
Page 260: Appendix: Product Support & Contact
Appendix: Product Support & Contact If you come across any problems please contact the dealer from where you purchased your product. Contact Billion Worldwide: http://www.billion.com MAC OS is a registered Trademark of Apple Computer, Inc. Windows 10/ 8/ 7, Windows XP and Windows Vista are registered Trademarks of Microsoft Corporation.
Page 261 Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.

Billion BiPAC 8900X R3 User Manual

Chapter 1: Introduction

Chapter 2: Installing the Router

Chapter 3: Basic Installation

Chapter 4: Configuration

Chapter 5: Troubleshooting

Appendix: Product Support & Contact

Quick Links

Related Manuals for Billion BiPAC 8900X R3

Summary of Contents for Billion BiPAC 8900X R3

Table of Contents