|
|
|
 
  Support
FAQs

Firewall ADSL Modem / Router Series

 

|
 
  BiPAC 740 GE and BiPAC 743 GE issues
 

What can I do for the reset button in back panel?
The firmware specification for 'Reset Button' as below:
In 4.21c or before, when the router already startup
- push Reset Button > 1 seconds and un-push before 3 seconds --> router will restart
- push Reset Button > 3 seconds and < 6 seconds --> no action
- push Reset Button > 6 seconds --> will restore factory setting immediately
In 4.21d or later, add one function for Reset Button
- power off router, pushing Reset Button and power on router --> will force router to read factory setting instead of previous saved setting

Why can CPE not sync with ADSL DSLAM (CO site)?
There are few things needed to check,
1. Make sure the connector and cable are well pluged
2. Check the ADSL LED of CPE, it should be blinking (meaning it does try to establish a connection.)
3. Check the ADSL line code setting. The default is AUTO, it will detect the ADSL line code, G.dmt, G.lite, and T1.413 automatically. But in some area, it can not detect the ADSL line code well. At this time, please adjust the ADSL line code to G.dmt or G.dmt_auto first.
If it still fails, please try the other values such as Alcatel.......
4. If you have done above methods, please contact our support department for help.

What is Auto-Scan-PVC?
The firmware V4.21 can support the Aauto-Scan-PVC.
To build up an easy-to-configuration environment, we provide the feature.
With this feature, user just click this button the router will search the active PVCs
and list them. User can select the right one from the list and then continually configure the other parameters such as username and password.

In version 4.21, we can detect following PVCs
0/32-40
8/32-35
8/48
8/67
1/32
0/100

There are three encapsulations can not be detected,
IPoA
1483 routed, LLC
1483 routed, VC-Mux

Can I use UPnP?
The BiPAC 740 GE and BiPAC 743 GE are supporting UPnP now. If your PC has installed UPnP components, Windows will inform you automatically when the router is startup. The default icon named as 'DSL IGD'. If you double click the icon, you can enter the Web GUI directly.
By default, Windows ME did not installed UPnP. User has to installed (or enabled) it. It seems no UPnP for Windows 2000 while Windows XP need to enable.
The one advantage of UPnP is 'UPnP NAT Transversal'. If some applications is UPnP-aware, it can negotiate with router to open 'Virtual Server' ports implicitly, i.e. User did not need to configure the Virtual Server by himself.

Can the ADSL routers supports multiple WAN and LAN?
Yes, the ADSL routers support multiple WAN and LAN interfaces.
Originally, the web GUI is designed for normal end-users. Some of functions need to
configure via CLI command set.
- Multiple WAN interface: you can create via web GUI or CLI
- Multiple LAN interface: only can create via CLI
- Multiple NAT: only created via CLI

How to configure the router as pure ADSL bridged modem?
1.1 Using CLI command
(1) Restore to Factory setting via
- 'system config restore factory' CLI command; or
- push Reset Button more than 6 seconds

(2) Clear existing, unused transports
'pppoe clear transports'
'pppoa clear transports'
'rfc1483 clear transports'
ipoa clear transport

(3) Setup a new WAN transport as
pppoe add transports p1 dialout pvc 1 a1 0 32
pppoa add transports p1 dialout pvc 1 a1 0 32
'rfc1483 add transport r1483 a1 0 32 llc bridged'
ipoa add transports i1 pvc a1 0 32
(note: the parameters are depending on your ADSL line configuration)

(4) Create an new bridge interface
- 'bridge add interface br1483'

(5) Attach the WAN transport to new bridge interface
- 'bridge attach br1483 r1483'

(6) If everything configured well, you can start the PPPoE client running in PC

(7) You can check packet flow by 'transports list' to find out the packets counts
1.2 Using Web GUI

How to configure the router as ZIPB ADSL modem?
ZIPB (Zero Installation PPP Bridge) mode is a mixture of bridge and relay functions in the device.
1.1 Using CLI command
(1) Restore to Factory setting via
- 'system config restore factory' CLI command; or
- push Reset Button more than 6 seconds

(2) Clear existing, unused transports
'pppoe clear transports'
'pppoa clear transports'
'rfc1483 clear transports'
ipoa clear transport

(3) Setup a new WAN transport as
pppoe add transports p1 dialout pvc 1 a1 0 32
pppoa add transports p1 dialout pvc 1 a1 0 32
'rfc1483 add transport r1483 a1 0 32 llc bridged'
ipoa add transports i1 pvc a1 0 32
(note: the parameters are depending on your ADSL line configuration)
1.2 Using Web GUI

How to configure the router as PPTP-to-PPPoA Relay?
1.1 Using CLI command
(1) Restore to Factory setting via
- 'system config restore factory' CLI command; or
- push Reset Button more than 6 seconds

(2) Clear existing, unused transports
'pppoe clear transports'
'pppoa clear transports'
'rfc1483 clear transports'
ipoa clear transport

(3) Setup a new WAN transport as
pppoe add transports p1 dialout pvc 1 a1 0 32
pppoa add transports p1 dialout pvc 1 a1 0 32
'rfc1483 add transport r1483 a1 0 32 llc bridged'
ipoa add transports i1 pvc a1 0 32
(note: the parameters are depending on your ADSL line configuration)

(4) Create an new bridge interface
- 'bridge add interface br1483'

(5) Attach the WAN transport to new bridge interface
- 'bridge attach br1483 r1483'

(6) If everything configured well, you can start the PPPoE client running in PC

(7) You can check packet flow by 'transports list' to find out the packets counts
1.2 Using Web GUI

How to change the ADSL Line code with WEB GUI?
Access the router, page please click
STATUS -> Port Status -> A1 -> Connect Mode:
Then you can select the right ADSL Line code here.
After the selection, please click (in the same page as Connect Mode)
ActiveLine: false -> [Apply]
This will disconnect the ADSL line.
ActiveLine: true -> [Apply]
This will make the ADSL line again.
If you want to use the new ADSL line code, please do not forget to
save the configration.

How to use one-to-one NAT?
One-to-one NAT: translate between a public IP address and a specific private IP address
Note: There is only be configured by CLI. No web configuration provided.
Environmetn Example:
- ISP provide you a public (or global) pool, e.g. 61. 210.39.1 to 61.210.39.4
- Your private IP address is ranged as 192.168.1.0/255.255.255.0
Procedure:
- After the basic configuration, there will be one 'external' interface and one 'internal' interface. You can check by "security list interfaces" CLI command. Assume the 'external' interface named as 'ipwan'
- Adding the global IP pool into 'external' interface as "nat add globalpool gp1 ipwan internal 61.210.39.1 endaddress 61.210.39.4"
- Adding one-to-one mapping for redirect PING packet as example "nat add resvmap rm1 globalip ipwan 61.210.39.2 192.168.1.100 icmp"
- You can change 'icmp' above to all for mapping all protocols
- Delete mapping by using "nat delete resvmap" CLI command.

Dose router supports Multiple VPN tunnel passthrough?
In such environment, router supports multiple VPN tunnels passthrough.
PC1 (VPN-IPsec) <--> router <--> Internet <--> VPN servers
PC can create multiple tunnels with different servers.
But if two PCs in LAN environment, the second PC can not initial to establish a tunnel if PC1 has established a tunnel already. Because the returned packet from VPN server can not be forwarded correctly to the initial PC, returned packet from WAN site carries the same port and same destination IP address.

How to enable the IPCP subnet function of PPPoE or PPPoA?
In the quick start, please make sure those fields are set
1. PPPoE or PPPoA in the encapsulation
2. Leave IP address field as blank, 0.0.0.0
3. Leave mask field as blank, 0.0.0.0
4. Leave gateway field as blank, 0.0.0.0
5. Set ture for another two fields at
WAN -> ISP-> edit -> advanced option -> PPPoE (PPPoA) ->
Give Subnet Mask To DHCPServer ==> true
Discover Subnet Mask ==> true

Then a group of IP addresses (subnet) from the server will be forwarded to the DHCP server and assigned to PCs in LAN when PC tries to get IP address from DHCP server in router.

How to enable syslog feature?
This feature should be enabled by CLI command. Major commands are listed,
"system log list" to see process names
"system log enable ppp to console", "system log enable ppp to syslog"
The ppp is the process name which you can get it from above commands.
"system syslog set daemon 192.168.1.100" The 192.168.1.100 is an example, this field is for IP address to receive this syslog.

How to enable remote configuration permarently?
Basically, "Remote Access" has a timer to disable access automatically for security consideration. If want permanent remote access, please set up virtual servers (tcp/80 for web, tcp/23 for telnet) to 192.168.1.254 (device's IP address). It will be permanent.

How to enable SNMP Trap?
You can click "Configuration/Advanced/Device Management/SNMP Access Control, Trap Community" to set IP Address of your local PC to receive the Trap message.

What is the secondary IP address in the LAN configuration WEB page?
It is used for
1. To create virtual IP subnet attaching to the same physical LAN interface, therefore, there are two IP addresses assigned to the LAN interface of router and there are two subnets available in the LAN. Those secondary IP addresses can access the WAN too, but they can not be assigned by DHCP server from router. DHCP server support the main IP subnet only.
2. Create a secondary IP address which is located at the same IP subnet as LAN IP interface. Sometimes, it is used for management.

SNMP functions support
Please note:
1. After upgrading to 4.20e or later, the SNMP communities have been moved to another database.Users have to manually add back the communities via CLI commands below:
- 'snmp add access read public'
- 'snmp add access write password'
2. When added successfully, the new settings can be saved into flash via 'Sav Config to FLASH', and then activated in each rebooting hereafter.
3. The max. access communities is up to 5.
4. You can also add trap receiver by using CLI commands, 'snmp add trap'

SNMP version:SNMPv2c
(SNMPv2c is the combination of the enhanced protocol features of SNMPv2 without the SNMPv2 security. The "c" comes from the fact that SNMPv2c uses the SNMPv1 community string paradigm for "security", but is widely accepted as the SNMPv2 standard.)
Trap supported: Cold Start, Authentification Failure.

The following MIBs are supported:

>From RFC 1213 (MIB-II):
v System group
v Interfaces group
v Address Translation group
v IP group
v ICMP group
v TCP group
v UDP group
x EGP (not applicable)
v Transmission
v SNMP group

>From RFC1650 (EtherLike-MIB):
v dot3Stats

>From RFC 1493 (Bridge MIB):
v dot1dBase group
v dot1dTp group
v dot1dStp group (if configured as spanning tree)

>From RFC 1471 (PPP/LCP MIB):
v pppLink group
x pppLqr group

>From RFC 1472 (PPP/Security MIB):
v PPP Security Group)

>From RFC 1473 (PPP/IP MIB):
v PPP IP Group

>From RFC 1474 (PPP/Bridge MIB):
v PPP Bridge Group

>From RFC1573 (IfMIB):
v ifMIBObjects Group

>From RFC1695 (atmMIB):
v atmMIBObjects

>From RFC 1907 (SNMPv2):
v only snmpSetSerialNo OID

VPN Specification:
Remote Administarion : HTTP
IPSec mode : Tunnel mode
Palys both roles of Initiator (client) & Responder (server) (depending on who first initials request)
Authentication method: Pre-shared Secret
IPSec protocol: AH, ESP
Encryption: DES, 3DES, AES
Hash function: MD5, SHA1
PFS-group: MODP 768 (group 1), MODP 1024 (group 2), MODP 1536 (group 5)

What is the VPN-IPSec performance?
In the situation of 3DES and MD5, it is around 400Kbps in RFC1483 routed mode.

What is the performance of VPN-PPTP with MPPE (128bits) encryption?
In the situation of PPTP and MPPE (128 bits), it is around 760Kbps in RFC1483 routed mode.

Please provide an example of URL blocking feature, e.g. to block http://ww.example.com/banner.gif. How can I add a rule to block the entire www.example.com domain or else block the image banner.gif from every single website in existence.
1. If you want to block http://www.example.com request, you can add a rule to block "example" in the domain-name rule or keyword rule. Then the URL Filtering will block all the links containing "example" string, including http://www.example.com/banner.gif.
2. If you only want to block a file coming from http://www.example.com/banner.gif web site, you can add a rule to block "example.com/banner.gif" in the domain-name rule. Then URL Filtering will block the file.
3. If you want to block a file, "banner.gif" from all websites. You can add a rule to block "banner.gif" in the keyword rule. Then the file will be blocked, you will never see it.

Can BiPAC 743 GE support 802.11g by firmware upgrade?
BiPAC 743 GE cannot upgrade to 802.11g because the embedded wireless H/W is totally different.

Why the CPE can not stay SYNC with ADSL DSLAM (CO site)?
Please check two points first. Pleasecheck the ADSL line code setting. The default is AUTO, it will detect the ADSL line code, G.dmt, G.lite, and T1.413 automatically. But in some area, it can not detect the ADSL line code well. At this time, please adjust the ADSL line code to G.dmt or G.dmt_auto first. If it still fails, please try the other values such as Alcatel.......
(refer below figure, you can get this figure by click the “a1” in the status web page.)
2. You may use the console command to adjust the TX_Attenuation to try it again.
- 'port a1 set ActivateLine false'
- 'port a1 set TxAttenuation 2'
- 'port a1 set ActivateLine true'

It can be done in WEB GUI too, please click the a1 in the STATUS web page and get the below picture.
- set the ActiveLine to false and click Apply
- set the TxAttenuation 2, ActiveLine to ture and click Apply

Why does the DC++ application be blocked when enable the firewall feature?
Please add port (411) into the port filter and set ALLOW for inbond and outbond traffic. This port is used for DC++ application to communicate with server.
Without this port ALLOWED, it is not possible to exchange information with server.

To provide an example of URL blocking feature, e.g. to block www.example.com/banner.gif. How can I add a rule to block the entire www.example.com domain or else block the image banner.gif from every single website in existence.
1. If you want to block http://www.example.com request, you can add a rule to block "example" in the domain-name rule or keyword rule. Then the URL Filtering will block all the links containing "example" string, including http://www.example.com/banner.gif.
2. If you only want to block a file coming from http://www.example.com/banner.gif web site, you can add a rule to block "example.com/banner.gif" in the domain-name rule. Then URL Filtering will block the file.
3. If you want to block a file, "banner.gif" from all websites. You can add a rule to block "banner.gif" in the keyword rule. Then the file will be blocked, you will never see it.

What is the ToS?
It is Type of Service and implemented as IPv4 TOS priority control.
It is a fully decoded to determine the priority from the 6 bit TOS field in the IP header.
The most significant 6 bits of the TOS field are fully decoded into 64 possibilities, and the singular code that results is compared against the corresponding bit in the IPv4 TOS priority control bit(0~63).

If the bit is set, the priority is high; Otherwise, the priority is low.
three bits: IP priority (0 to 7)
one bit: No delay
one bit: high throughput
one bit: hgh reliability
two bits: resevered

How to establish a VPN tunnel between two remote offices, 1 with a BiPAC 743GE and the other with a FSV318 (Netgear)?
Thanks to Mr. Nic Baxter to give us this example.
My case - Billion with V4.23 firmware on dynamic ip adsl & Netgear with V1.4 firmware on fixed ip adsl. 2 different subnets (to allow routing)
First - on the Billion set up a new vpn connection with any name you like. Then add the local Subnet & Netmask - I used 192.168.0.0 & 255.255.255.0
Remote - Secure Gateway Address - add the IP address of the Netgear.
Remote Network add the subnet & netmask of the remote network (Netgear). I used 192.168.1.0 & 255.255.255.0
The Proposal was ESP with MD5 authentication, 3DES encryption, MODP 768 (Group 1) Perfect Forward Secrecy & Pre-shared Key at least 16 characters long.
Next - on Netgear set up a new vpn connection with any name - it does not have to match the Billion one.
Put 0.0.0.0 for both the local & Remote IPSec Identifier
Tunnel can be accessed from - select 'a subnet of local address' from the drop down
Local LAN start IP Address - put 192.168.1.0
Local LAN IP Subnetmask - put 255.255.255.0
Tunnel can access - select 'a subnet of remote address' from the drop down
Remote LAN start IP - put 192.168.0.0
Remote LAN IP Subnetmask - put 255.255.255.0
Remote WAN IP or FQDN - leave blank
Secure Association - select 'Main Mode' from drop down
Perfect Forward Secrecy - click on Enabled
PreShared key - put the same one as the Billion
Leave Key Life & IKE Life Time at the defaults
NETBIOS Enable - tick
There it is now just ping the Netgear from the Billion and the VPN negoitiation process will start. It may take a minute to make the connection. If it doesn't then look at the logs on the Netgear but it works for me.

How to increase the tx power?
After the version 4.22c1, you can adjust the WLAN tx power with following command.
The commands as (case-sensitive):
- 'console enable'
- 'bun set port wireless/SpecialTest=p<x>' where x is -44 to 20dB;
e.g. 'bun set port wireless/SpecialTest=p20'
With our test, we use Site Survey to check the signal level.
p10 (default) ----> 73%
p20 ----> 86% or up to 93%
p-30 ----> 66%
p-44 ----> 40%


 
|

 
 
 

  FAQs
Firewall ADS2+ Routers
Wireless ADS2+ Routers
VoIP Routers
3G/Broadband Routers
iBusiness Security Routers
Home Networking Routers
ISDN Products

  Support
FAQs
Firmware / Drivers
User Manuals
Datasheets
Quick Start Guides
Product Pictures
Billion.com ::::: Powering Communications with Security

Copyright © Billion Electric Co., Ltd. All rights reserved.