FAQ

Firewall ADSL Modem / Router Series

  • How to connect to modem by using serial cable (RS-232)?
  • Mostly you can use the HyperTerminal which the windows has built-in or other such kind of software. Basically, you can find the HyperTerminal program at " Start" => "Programs" => "Accessories" => "Communications" and do the settings as below. Connect using (COM Port): COM1 (It depends on which port you connect on PC.)

    Bit per second (Baud rate): 9600
    Data bits: 8 bit
    Parity:none
    Stop bits: 1 bit
    Flow control: none
  • What is Auto Scan PVC?
  • To build up an easy-to-configuration environment, we provide a feature, Auto Scan PVC. With this feature, user just clicks this button. The router will search the active PVCs and list them. User can select the right one from the list and then continually configure the other parameters such as username and password.

  • Why can CPE not sync with ADSL DSLAM (CO site)?
  • There are few things needed to check,

    1. Make sure the connector and cables are well plugged
    2. Check the ADSL LED of CPE, it should be blinking (meaning it does try to establish a connection.)
    3. Check the ADSL line code setting. The default is AUTO, it will detect the ADSL line code, G.dmt, G.lite, and T1.413 automatically. But in some area, it can not detect the ADSL line code well. At this time, please adjust the ADSL line code to G.dmt or G.dmt_auto first. If it still fails, please try the other values such as Alcatel...
    4. If you have done above methods, please contact our support department for help.
  • How to enable remote configuration permanently?
  • Basically, "Remote Access" has a timer to disable access automatically for security consideration. If you want to use permanent remote access, please set up virtual servers (tcp/80 for web, tcp/23 for telnet) to 192.168.1.254 (device's IP address). It will be permanent.

  • What is the TOS?
  • It is Type of Service and implemented as IPv4 TOS priority control. It is a fully decoded to determine the priority from the 6 bit TOS field in the IP header. The most significant 6 bits of the TOS field are fully decoded into 64 possibilities, and the singular code that results is compared against the corresponding bit in the IPv4 TOS priority control bit(0~63). If the bit is set, the priority is high; otherwise, the priority is low.

    Three bits: IP priority (0 to 7)
    One bit: No delay
    One bit: high throughput
    One bit: high reliability
    Two bits: reserved
  • Can the ADSL routers supports multiple WAN and LAN?
  • Yes, the ADSL routers support multiple WAN and LAN interfaces. Originally, the web GUI is designed for normal end-users. Some of functions need to configure via CLI command set.

    - Multiple WAN interface: you can create via web GUI or CLI
    - Multiple LAN interface: only can create via CLI
    - Multiple NAT: only created via CLI
  • Dose router supports Multiple VPN tunnel pass through?
  • In such environment, router supports multiple VPN tunnels pass through.

    - PC1 (VPN-IPsec) <--> router <--> Internet <--> VPN servers
    - PC can create multiple tunnels with different servers.
    But if two PCs in LAN environment, the second PC cannot initial to establish a tunnel if PC1 has established a tunnel already. Because the returned packet from VPN server can not be forwarded correctly to the initial PC, returned packet from WAN site carries the same port and same destination IP address.
  • How to enable SNMP Trap?
  • You can click "Configuration/Advanced/Device Management/SNMP Access Control, Trap Community" to set IP Address of your local PC to receive the Trap message.

  • How to enable the remote SNMP monitor function?
  • By default, you cannot use SNMP from WAN side except you configure a Virtual Server with UDP Port 161 to the Router's LAN IP.

  • SNMP Support
  • Please note:

    1. After upgrading to 4.20e or later, the SNMP communities have been moved to another database.
      Users have to manually add back the communities via CLI commands below:
      - 'snmp add access read public'
      - 'snmp add access write password'
    2. When added successfully, the new settings can be saved into flash via 'Save Config to FLASH', and then activated in each rebooting hereafter.
    3. The maximum access communities is up to 5.
    4. You can also add trap receiver by using CLI commands, 'snmp add trap'

    SNMP version : SNMPv2c

    (SNMPv2c is the combination of the enhanced protocol features of SNMPv2 without the SNMPv2 security. The "c" comes from the fact that SNMPv2c uses the SNMPv1 community string paradigm for "security", but is widely accepted as the SNMPv2 standard.) Trap supported: Cold Start, Authentification Failure. The following MIBs are supported:

    RFC 1213 (MIB-II) System Group Interfaces Group SNMP Group IP Group
    ICMP Group TCP Group UDP Group EGP (not applicable)
    Transmission Address Translation Group .
    RFC 1650 (Ether Link-MIB)
    dot3Stats
    RFC 1493 (Bridge MIB) dot1dBase Group dot1dTp Group dot1dStp Group
    (If configured as spanning tree)
    RFC 1471 (PPP/LCP MIB) pppLink Group pppLqr Group
    RFC 1472 (PPP/Security MIB) PPP Security Group
    RFC 1473 (PPP/IP MIB) PPP IP Group
    RFC 1474 (PPP/Bridge MIB) PPP Bridge Group
    RFC 1573(IfMIB) IfMIBObjects Group
    RFC 1695(atmMIB) AtmMIBObjects Group
    RFC 1907 (SNMPv2) Only snmpSetSerialNo OID
  • How to assign the public IP subnet addresses to PCs in LAN if the encapsulation is PPPoA/PPPoE?
  • This is a special service from ISP that ISP will assign a subnet (group IPs) negotiated in the IPCP, to subscriber through PPPoA or PPPoE connection. Then subscriber can use these public IPs to surf Internet directly.Pl ease follow the following steps to configure router to achieve this feature.

    1. Access router and click "Configuration" => "WAN" => "ISP" => "Edit" => "Advanced Options" => "PPP"
    2. Enable both functions "Give Subnet Mask to DHCP Server" and "Discover Subnet Mask"
    3. Disable the NAT in PPPoA/PPPoE WEB page
    4. Save the configuration to flash and restart to enable this setting.
  • How to make DDNS work when firewall enabled?
  • If you are use DDNS with server "www.dyndns.org", please add packet filtering rule to allow outbound traffic with port 8245/TCP. For other servers, you have to add packet-filtering rule to allow outbound traffic with port 80/TCP.

  • Why does the MSN Messenger not work when firewall enabled?
  • When user enable the firewall, some of ports are needed to configure in the packet filter. The communication ports of MSN Messenger are 443/TCP, 1863/TCP and 7001/UDP. In this case, the outbound and inbound of the above ports should set "allowed". Then all MSN Messenger features would be working.

  • Why does the ICQ not work when firewall enabled?
  • When user enables the firewall, some of ports are needed to configure in the packet filter. The communication port of ICQ and AIM is TCP 5190. In this case, the outbound and inbound of the port 5190 should set "allowed". Then ICQ and AIM would be working.

  • Why does PPTP function not work when firewall enabled?
  • PPTP uses two protocols: TCP/1723 for session control and IP protocol 47 (GRE) for data phase. If firewall enabled, please add packet-filtering rule for both TCP/1723 and protocol/47.

  • Why does the DC++ application be blocked when firewall enabled?
  • Please add port (411) into the port filter and set ALLOW for inbound and outbound traffic. This port is used for DC++ application to communicate with server. Without this port ALLOWED, it is not possible to exchange information with server.

  • With V4.23 firmware or later, how to receive VoIP phone (SIP) call?
  • For SIP phone call out, there is no need to configure the virtual server. But for receiving SIP phone call, we need to add UDP port, 5060, 5062, and 5064... in the virtual server. Normally, it should be 5060 if you have one SIP phone only.

  • Does Billion product support UPnP?
  • The BiPAC Serials are supporting UPnP now. If your PC has installed UPnP components, Windows will inform you automatically when the router is startup. The default icon named as 'DSL IGD'. If you double click the icon, you can enter the Web GUI directly. By default, Windows ME did not installed UPnP. User has to install (or enable) it. It seems no UPnP for Windows 2000 while Windows XP need to enable. The one advantage of UPnP is 'UPnP NAT Transversal'. If some applications is UPnP-aware, it can negotiate with router to open 'Virtual Server' ports implicitly, i.e. User did not need to configure the Virtual Server by himself.

  • How to use one-to-one NAT?
  • One-to-one NAT: translate between a public IP address and a specific private IP address


    Note: There is only be configured by CLI. No web configuration provided.

    Environment Example:
    - ISP provide you a public (or global) pool, e.g. 61. 210.39.1 to 61.210.39.4
    - Your private IP address is ranged as 192.168.1.0/255.255.255.0

    Procedure:
    - After the basic configuration, there will be one 'external' interface and one 'internal' interface. You can check by "security list interfaces" CLI command. Assume the 'external' interface named as 'ipwan'
    - Adding the global IP pool into 'external' interface as "nat add globalpool gp1 ipwan internal 61.210.39.1 endaddress 61.210.39.4"
    - Adding one-to-one mapping for redirect PING packet as example "nat add resvmap rm1 globalip ipwan 61.210.39.2 192.168.1.100 icmp"
    - You can change 'icmp' above to all for mapping all protocols
    - Delete mapping by using "nat delete resvmap" CLI command.
  • How to use Multi-NAT?
  • Currently only CLI command can support the settings of Multi-NAT. It is useful when you have over than one public IP address and want to setup two servers at LAN site. And these servers will provide the same service and use standard port number for outside network, like WEB server(HTTP 80). Below is the example for two public IPs and map to two different PCs at internal network.
    Example:
    Public IP1: 203.217.21.22
    Public IP2: 203.217.21.23
    WEB Server1: 192.168.1.1
    WEB Server2: 192.168.1.2

    For first one, you can refer the section of Virtual Server in user manual. And it can be set via WEB GUI.
    For second one, you have to type CLI command as below.
    Step 1:‘nat add globalpool <gp1> <ipwan> internal 203.217.21.22 subnetmask 255.255.255.252’or ‘nat add globalpool <gp1> <ipwan> internal 203.217.21.22 endaddress 203.217.21.23’
    Syntax: nat add globalpool <name> <interfacename> {internal|dmz} <ipaddress> {subnetmask <mask>|endaddress <address>}

    Step 2:‘nat add resvmap <rm2> globalip <ipwan> 203.217.21.23 192.168.1.2 tcp 80’

    Syntax: nat add resvmap <name> globalip <interfacename> <globalip> <internalip> {tcp|udp} <portno> [<2ndportno> [<localportno> [2ndlocalportno]]]

    <gp1>, <ipwan>, <rm2> are names, defined by users.
    The concept is adding a global (or said public) IP pool in WAN side and let NAT module know it. Then, create another kind of Virtual Server to map it. If possible, he could use 'all' instead of 'tcp 80' at first stage to test the reach ability.

  • Before I use Billion ADSL product, what I should know?
  • Please make sure something with your ISP before you use ADSL device:

    1. Is it Annex A, B or U-R2?
    2. WAN protocol? PPPoA, PPPoE, or RFC1483 llcbridged/DHCP client?
    3. PVC: VPI? VCI?

    You must configure correct parameters to use ADSL.

  • What is Annex A, Annex B and U-R2?
  • Shortly, Annex A is "ADSL over POTS"; Annex B is "ADSL over ISDN". They are used in different telephone line depending on the telco or country. The U-R2 is used in Germany.

  • Can Billion ADSL products support 'Dying Gasp'?
  • 'Dying Gasp' is one special signal to tell DSLAM that CPE is going to 'die'.
    Normally, when CPE losing of power, it will send 'Dying Gasp' to DSLAM such that DSLAM may do some housekeeping or else.
    So, if CPE want to implement Dying Gasp, it need a 'big' capacitor to store a little power to be used during losing power. But, DSLAM still have other methods to monitor the CPE existences.
    Normally, ADSL PCI cards or ADSL USB modems do not implement Dying Gasp.
  • How do BiPAC 702 AE modify the MTU size?
  • BiPAC 702 AE can automatically work with different MTU size with ISP. Therefore, the PCI ADSL modem card doesn't provide any way to modify the MTU size.
  • BiPAC 711 issues
  • It seems something wrong with my BiPAC 711.
    a. Please use the RS-232 cable, bundled with the BiPAC 711 package, connecting to your computer.
    b. You can use HyperTerminal and set 9600,N,8,1 to enter the Command mode.
    c. Please use "factorysetting" to reset the BiPAC 711 to default setting
    d. You can use "restart" to reboot the BiPAC 711
    e. After the BiPAC 711 reboot, please run Winipcfg to renew an IP and enter the web configuration page.

    If it is still not working, when you enter Command mode, you can find the firmware version, please tell us the information and the serial number of your BiPAC 711 to trace the problem for you.

    Please follow below steps to get more information to us,
    a. Connect RS-232 cable
    b. Open Hyperterminal, (9600,8,N,1)
    c. Power on the router
    d. Enter the password
    e. Enter the commands,
    - "version"
    - "bun list channels"
    - "bun show port ethernet"
    - "config print"

    Please send back the messages from RS-232.

    Can BiPAC 711 supports SSH?
    Yes, BiPAC 711 VPN IPSec can communicate with SSH Sentinel (Both v3.x & v4.0).
    We ever got problem reported about 711 IPSec, and the problem has been resolved (due to inconsistence of configuration).

    Can I change the MTU?
    Currently we support CLI commands to change MTU through Telnet or Console.
    a. Use 'ip device' to list all of IP devices and related settings.
    b. If there is an IP device named as 'ipwan', you can use 'ip enable ipwan mtu 1460' to change the MTU to 1460bytes.
    c. User can use 'help' to ask for on-line help, e.g. 'ip help enable' to display the help of 'ip enable'.

    Is there anything for BiPAC 711 to avoid hacker attack?
    We build two control points in BiPAC 711:
    a. In Web, 'Firewall/Block WAN Request': which control reply any 'ping' from WAN side or not
    b. In console, 'remotetelnet yes|no' console command.

    If 'Block WAN Request' is enabled (this is default value), 711 will not reply any PING request from WAN (i.e. from Internet). Such that, it is more hard to find 711 in Internet.

    If 'remotetelnet no', user cannot telnet (port 23) into 711 from Internet. Normally, remotetelnet is no in factory setting. BUT, some agents request to yes by default.

    If 'Block WAN Request' is enabled and 'remotetelnet no', no hacker can telnet. But, if it is opened by user accidentally or some agents, it will be hacking.

    Is there any information for BiPAC 711 SPI rule?
    Default SPI rule must reject connection issued by remote host UNLESS packter filter ALLOWS the connection.
    User must build packet filter rules to allow specific remote host.
    But, to make users convenient, SPI allows the connection to virtual servers and the services on the router UNLESS packet filter DROP the connection.
    So, current SPI doesn't stop remote user connecting to Telnet on 711 if local user hasn't add DROP rule in packet filter

  • BiPAC 711 CE/C2, BiPAC 741C2 and BiPAC 7100/S issues
  • Can the ADSL router do remote telnet?
    BiPAC 711 CE/C2 and BiPAC 741 C2 do not provide management/configuration through Telnet.
    BiPAC 7100/S provide management/configuration through Telnet.

    What should I note when I use static IP to use the ADSL router?
    If you want to use static IP address in PC, please make sure:
    a. The static IP address should be located at the same subnet as the ADSL router for example, 192.168.1.254 is 711 CE IP address 255.255.255.0 is the subnet mask in 711 CE. Then you can set one of 192.168.1.1 to 192.168.1.253 in the PC, but not located at the IP pool of DHCP server
    b. Set the PC's gateway IP address to 711 CE
    c. Set the PC's DNS to real DNS IP address in the Internet.

    You can connect 2 PCs to BiPAC 711 CE by the USB and Ethernet port to share the internet speed for 2 computers.
    If you want to use USB network interface, please disable another network card in system device.
    Because PC will go wrong routing path, if your PC has existed another LAN card.

    Can Billion ADSL router auto re-connect?
    To auto re-connect, you have to enable several options.
    a. In the Configuration/WAN page , set disconnect timeout
    b. In Admin Privilege/Misc Configuration, turn on PPP reconnect on WAN access.

    Does Billion ADSL router provide VPN functions?
    BiPAC 7100/S support VPN IPsec.

    Can Billion ADSL router supports ‘Dying Gasp’ or ‘G.lite’?
    BiPAC 711 CE does NOT support Dying Gasp and G.lite.
    BiPAC 711 C2/741 C2and BiPAC 7100/S support Dying Gasp and G.lite.

    How to upgrade the latest firmware?
    a.Please connect the http://www.billion.com and download the latest firmware
    b.Set the static IP address the same subnet as the ADSL router for example, 192.168.1.254 is 711 C2 IP address 255.255.255.0 is the subnet mask in 711 C2 192.168.1.254 is the gateway in 711C2
    c.Please excute the new firmware file that you download.

    Why the SYS indicator light on BiPAC 711C2 isn’t bright and can’t use ?
    You can try to restart the power first and upgrade to new firmware.
    If the SYS light still not shining please take it to have RMA service with your local retail.

    May I use the MSN Messenger Voice & Video services in Billion ADSL router?
    Yes, Billion ADSL router will auto-forward the port which the MSN program need.

    Why do I use the browser to connect the ADSL router and it will be prompted for an user name and password. Is it the security flaw in the ADSL router?
    No, It is the "Auto Complete " function in the Microsoft Internet Explorer.
    If you want to solve that security problem you can open you IE first and choose " Tools " >> " Content " >> "AutoComplete">> " Please Disable All option "
    And Clear All Forms & Passwords. Then your IE can't record any user ID and Passwords

    Why BiPAC 711 GE cannot do remote control?
    The PORT 80 is filtered. Therefore, you are not able to configure it in LAN through WEB GUI. There are two ways to reset to default.

    1. Press three times of reset button in one second
    2. Hope the TELNET is still alive. You may access it with TELNET and enter "reboot default"
  • BiPAC 740 GE and BiPAC 743 GE issues
  • What can I do for the reset button in back panel?
    The firmware specification for 'Reset Button' as below:
    In 4.21c or before, when the router already startup
    - push Reset Button > 1 seconds and un-push before 3 seconds --> router will restart
    - push Reset Button > 3 seconds and < 6 seconds --> no action
    - push Reset Button > 6 seconds --> will restore factory setting immediately
    In 4.21d or later, add one function for Reset Button
    - power off router, pushing Reset Button and power on router --> will force router to read factory setting instead of previous saved setting

    Why can CPE not sync with ADSL DSLAM (CO site)?

    There are few things needed to check,
    1. Make sure the connector and cable are well pluged
    2. Check the ADSL LED of CPE, it should be blinking (meaning it does try to establish a connection.)
    3. Check the ADSL line code setting. The default is AUTO, it will detect the ADSL line code, G.dmt, G.lite, and T1.413 automatically. But in some area, it can not detect the ADSL line code well. At this time, please adjust the ADSL line code to G.dmt or G.dmt_auto first.
      If it still fails, please try the other values such as Alcatel...
    4. If you have done above methods, please contact our support department for help.

    What is Auto-Scan-PVC?
    The firmware V4.21 can support the Aauto-Scan-PVC.
    To build up an easy-to-configuration environment, we provide the feature.
    With this feature, user just click this button the router will search the active PVCs
    and list them. User can select the right one from the list and then continually configure the other parameters such as username and password.
    In version 4.21, we can detect following PVCs
    0/32-40
    8/32-35
    8/48
    8/67
    1/32
    0/100
    There are three encapsulations can not be detected,
    IPoA
    1483 routed, LLC
    1483 routed, VC-Mux

    Can I use UPnP?
    The BiPAC 740 GE and BiPAC 743 GE are supporting UPnP now. If your PC has installed UPnP components, Windows will inform you automatically when the router is startup. The default icon named as 'DSL IGD'. If you double click the icon, you can enter the Web GUI directly.
    By default, Windows ME did not installed UPnP. User has to installed (or enabled) it. It seems no UPnP for Windows 2000 while Windows XP need to enable.
    The one advantage of UPnP is 'UPnP NAT Transversal'. If some applications is UPnP-aware, it can negotiate with router to open 'Virtual Server' ports implicitly, i.e. User did not need to configure the Virtual Server by himself.

    Can the ADSL routers supports multiple WAN and LAN?
    Yes, the ADSL routers support multiple WAN and LAN interfaces.
    Originally, the web GUI is designed for normal end-users. Some of functions need to
    configure via CLI command set.
    - Multiple WAN interface: you can create via web GUI or CLI
    - Multiple LAN interface: only can create via CLI
    - Multiple NAT: only created via CLI

    How to configure the router as pure ADSL bridged modem?

    1.1 Using CLI command

    1. Restore to Factory setting via
      - 'system config restore factory' CLI command; or
      - push Reset Button more than 6 seconds
    2. Clear existing, unused transports
      'pppoe clear transports'
      'pppoa clear transports'
      'rfc1483 clear transports'
      ipoa clear transport
    3. Setup a new WAN transport as
      pppoe add transports p1 dialout pvc 1 a1 0 32
      pppoa add transports p1 dialout pvc 1 a1 0 32
      'rfc1483 add transport r1483 a1 0 32 llc bridged'
      ipoa add transports i1 pvc a1 0 32
      (note: the parameters are depending on your ADSL line configuration)
    4. Create an new bridge interface
      - 'bridge add interface br1483'
    5. Attach the WAN transport to new bridge interface
      - 'bridge attach br1483 r1483'
    6. If everything configured well, you can start the PPPoE client running in PC
    7. You can check packet flow by 'transports list' to find out the packets counts
      1.2 Using Web GUI
    How to configure the router as ZIPB ADSL modem?
    ZIPB (Zero Installation PPP Bridge) mode is a mixture of bridge and relay functions in the device.
    1.1 Using CLI command
    1. Restore to Factory setting via
      - 'system config restore factory' CLI command; or
      - push Reset Button more than 6 seconds
    2. Clear existing, unused transports
      'pppoe clear transports'
      'pppoa clear transports'
      'rfc1483 clear transports'
      ipoa clear transport
    3. Setup a new WAN transport as
      pppoe add transports p1 dialout pvc 1 a1 0 32
      pppoa add transports p1 dialout pvc 1 a1 0 32
      'rfc1483 add transport r1483 a1 0 32 llc bridged'
      ipoa add transports i1 pvc a1 0 32
      (note: the parameters are depending on your ADSL line configuration)
    1.2 Using Web GUI

    How to configure the router as PPTP-to-PPPoA Relay?
    1.1 Using CLI command
    1. Restore to Factory setting via
      - 'system config restore factory' CLI command; or
      - push Reset Button more than 6 seconds
    2. Clear existing, unused transports
      'pppoe clear transports'
      'pppoa clear transports'
      'rfc1483 clear transports'
      ipoa clear transport
    3. Setup a new WAN transport as
      pppoe add transports p1 dialout pvc 1 a1 0 32
      pppoa add transports p1 dialout pvc 1 a1 0 32
      'rfc1483 add transport r1483 a1 0 32 llc bridged'
      ipoa add transports i1 pvc a1 0 32
      (note: the parameters are depending on your ADSL line configuration)
    4. Create an new bridge interface
      - 'bridge add interface br1483'
    5. Attach the WAN transport to new bridge interface
      - 'bridge attach br1483 r1483'
    6. If everything configured well, you can start the PPPoE client running in PC
    7. You can check packet flow by 'transports list' to find out the packets counts
    1.2 Using Web GUI

    How to change the ADSL Line code with WEB GUI?
    Access the router, page please click
    STATUS -> Port Status -> A1 -> Connect Mode:
    Then you can select the right ADSL Line code here.
    After the selection, please click (in the same page as Connect Mode)
    ActiveLine: false -> [Apply]
    This will disconnect the ADSL line.
    ActiveLine: true -> [Apply]
    This will make the ADSL line again.
    If you want to use the new ADSL line code, please do not forget to
    save the configration.

    How to use one-to-one NAT?
    One-to-one NAT: translate between a public IP address and a specific private IP address
    Note: There is only be configured by CLI. No web configuration provided.
    Environmetn Example:
    - ISP provide you a public (or global) pool, e.g. 61. 210.39.1 to 61.210.39.4
    - Your private IP address is ranged as 192.168.1.0/255.255.255.0
    Procedure:
    - After the basic configuration, there will be one 'external' interface and one 'internal' interface. You can check by "security list interfaces" CLI command. Assume the 'external' interface named as 'ipwan'
    - Adding the global IP pool into 'external' interface as "nat add globalpool gp1 ipwan internal 61.210.39.1 endaddress 61.210.39.4"
    - Adding one-to-one mapping for redirect PING packet as example "nat add resvmap rm1 globalip ipwan 61.210.39.2 192.168.1.100 icmp"
    - You can change 'icmp' above to all for mapping all protocols
    - Delete mapping by using "nat delete resvmap" CLI command.

    Dose router supports Multiple VPN tunnel passthrough?
    In such environment, router supports multiple VPN tunnels passthrough.
    PC1 (VPN-IPsec) <--> router <--> Internet <--> VPN servers
    PC can create multiple tunnels with different servers.
    But if two PCs in LAN environment, the second PC can not initial to establish a tunnel if PC1 has established a tunnel already. Because the returned packet from VPN server can not be forwarded correctly to the initial PC, returned packet from WAN site carries the same port and same destination IP address.

    How to enable the IPCP subnet function of PPPoE or PPPoA?

    In the quick start, please make sure those fields are set
    1. PPPoE or PPPoA in the encapsulation
    2. Leave IP address field as blank, 0.0.0.0
    3. Leave mask field as blank, 0.0.0.0
    4. Leave gateway field as blank, 0.0.0.0
    5. Set ture for another two fields at
      WAN -> ISP-> edit -> advanced option -> PPPoE (PPPoA) ->
      Give Subnet Mask To DHCPServer ==> true
      Discover Subnet Mask ==> true
    Then a group of IP addresses (subnet) from the server will be forwarded to the DHCP server and assigned to PCs in LAN when PC tries to get IP address from DHCP server in router.

    How to enable syslog feature?
    This feature should be enabled by CLI command. Major commands are listed,
    "system log list" to see process names
    "system log enable ppp to console", "system log enable ppp to syslog"
    The ppp is the process name which you can get it from above commands.
    "system syslog set daemon 192.168.1.100" The 192.168.1.100 is an example, this field is for IP address to receive this syslog.

    How to enable remote configuration permarently?
    Basically, "Remote Access" has a timer to disable access automatically for security consideration. If want permanent remote access, please set up virtual servers (tcp/80 for web, tcp/23 for telnet) to 192.168.1.254 (device's IP address). It will be permanent.

    How to enable SNMP Trap?
    You can click "Configuration/Advanced/Device Management/SNMP Access Control, Trap Community" to set IP Address of your local PC to receive the Trap message.

    What is the secondary IP address in the LAN configuration WEB page?

    It is used for
    1. To create virtual IP subnet attaching to the same physical LAN interface, therefore, there are two IP addresses assigned to the LAN interface of router and there are two subnets available in the LAN. Those secondary IP addresses can access the WAN too, but they can not be assigned by DHCP server from router. DHCP server support the main IP subnet only.
    2. Create a secondary IP address which is located at the same IP subnet as LAN IP interface. Sometimes, it is used for management.

    SNMP functions support

    Please note:
    1. After upgrading to 4.20e or later, the SNMP communities have been moved to another database.Users have to manually add back the communities via CLI commands below:
      - 'snmp add access read public'
      - 'snmp add access write password'
    2. When added successfully, the new settings can be saved into flash via 'Sav Config to FLASH', and then activated in each rebooting hereafter.
    3. The max. access communities is up to 5.
    4. You can also add trap receiver by using CLI commands, 'snmp add trap'
    SNMP version:SNMPv2c
    (SNMPv2c is the combination of the enhanced protocol features of SNMPv2 without the SNMPv2 security. The "c" comes from the fact that SNMPv2c uses the SNMPv1 community string paradigm for "security", but is widely accepted as the SNMPv2 standard.)
    Trap supported: Cold Start, Authentification Failure.

    The following MIBs are supported:

    From RFC 1213 (MIB-II):
    - System group
    - Interfaces group
    - Address Translation group
    - IP group
    - ICMP group
    - TCP group
    - UDP group
    - EGP (not applicable)
    - Transmission
    - SNMP group

    From RFC1650 (EtherLike-MIB):
    - dot3Stats

    From RFC 1493 (Bridge MIB):
    - dot1dBase group
    - dot1dTp group
    - dot1dStp group (if configured as spanning tree)

    From RFC 1471 (PPP/LCP MIB):
    - pppLink group
    - pppLqr group

    From RFC 1472 (PPP/Security MIB):
    - PPP Security Group)

    From RFC 1473 (PPP/IP MIB):
    - PPP IP Group

    From RFC 1474 (PPP/Bridge MIB):
    - PPP Bridge Group

    From RFC1573 (IfMIB):
    - ifMIBObjects Group

    From RFC1695 (atmMIB):
    - atmMIBObjects

    From RFC 1907 (SNMPv2):
    - only snmpSetSerialNo OID

    VPN Specification:
    Remote Administarion : HTTP
    IPSec mode : Tunnel mode
    Palys both roles of Initiator (client) & Responder (server) (depending on who first initials request)
    Authentication method: Pre-shared Secret
    IPSec protocol: AH, ESP
    Encryption: DES, 3DES, AES
    Hash function: MD5, SHA1
    PFS-group: MODP 768 (group 1), MODP 1024 (group 2), MODP 1536 (group 5)

    What is the VPN-IPSec performance?
    In the situation of 3DES and MD5, it is around 400Kbps in RFC1483 routed mode.

    What is the performance of VPN-PPTP with MPPE (128bits) encryption?

    In the situation of PPTP and MPPE (128 bits), it is around 760Kbps in RFC1483 routed mode.
    Please provide an example of URL blocking feature, e.g. to block http://ww.example.com/banner.gif. How can I add a rule to block the entire www.example.com domain or else block the image banner.gif from every single website in existence.
    1. If you want to block http://www.example.com request, you can add a rule to block "example" in the domain-name rule or keyword rule. Then the URL Filtering will block all the links containing "example" string, including http://www.example.com/banner.gif.
    2. If you only want to block a file coming from http://www.example.com/banner.gif web site, you can add a rule to block "example.com/banner.gif" in the domain-name rule. Then URL Filtering will block the file.
    3. If you want to block a file, "banner.gif" from all websites. You can add a rule to block "banner.gif" in the keyword rule. Then the file will be blocked, you will never see it.

    Can BiPAC 743 GE support 802.11g by firmware upgrade?
    BiPAC 743 GE cannot upgrade to 802.11g because the embedded wireless H/W is totally different.

    Why the CPE can not stay SYNC with ADSL DSLAM (CO site)?
    Please check two points first. Pleasecheck the ADSL line code setting. The default is AUTO, it will detect the ADSL line code, G.dmt, G.lite, and T1.413 automatically. But in some area, it can not detect the ADSL line code well. At this time, please adjust the ADSL line code to G.dmt or G.dmt_auto first. If it still fails, please try the other values such as Alcatel.......
    (refer below figure, you can get this figure by click the “a1” in the status web page.)
    You may use the console command to adjust the TX_Attenuation to try it again.
    - 'port a1 set ActivateLine false'
    - 'port a1 set TxAttenuation 2'
    - 'port a1 set ActivateLine true'
    It can be done in WEB GUI too, please click the a1 in the STATUS web page and get the below picture.
    - set the ActiveLine to false and click Apply
    - set the TxAttenuation 2, ActiveLine to ture and click Apply

    Why does the DC++ application be blocked when enable the firewall feature?
    Please add port (411) into the port filter and set ALLOW for inbond and outbond traffic. This port is used for DC++ application to communicate with server.
    Without this port ALLOWED, it is not possible to exchange information with server.

    To provide an example of URL blocking feature, e.g. to block www.example.com/banner.gif. How can I add a rule to block the entire www.example.com domain or else block the image banner.gif from every single website in existence.

    1. If you want to block http://www.example.com request, you can add a rule to block "example" in the domain-name rule or keyword rule. Then the URL Filtering will block all the links containing "example" string, including http://www.example.com/banner.gif
    2. If you only want to block a file coming from http://www.example.com/banner.gif web site, you can add a rule to block "example.com/banner.gif" in the domain-name rule. Then URL Filtering will block the file.
    3. If you want to block a file, "banner.gif" from all websites. You can add a rule to block "banner.gif" in the keyword rule. Then the file will be blocked, you will never see it.

    What is the ToS?
    It is Type of Service and implemented as IPv4 TOS priority control.
    It is a fully decoded to determine the priority from the 6 bit TOS field in the IP header.
    The most significant 6 bits of the TOS field are fully decoded into 64 possibilities, and the singular code that results is compared against the corresponding bit in the IPv4 TOS priority control bit(0~63).

    If the bit is set, the priority is high; Otherwise, the priority is low.
    three bits: IP priority (0 to 7)
    one bit: No delay
    one bit: high throughput
    one bit: hgh reliability
    two bits: resevered

    How to establish a VPN tunnel between two remote offices, 1 with a BiPAC 743GE and the other with a FSV318 (Netgear)?
    Thanks to Mr. Nic Baxter to give us this example.
    My case - Billion with V4.23 firmware on dynamic ip adsl & Netgear with V1.4 firmware on fixed ip adsl. 2 different subnets (to allow routing)
    First - on the Billion set up a new vpn connection with any name you like. Then add the local Subnet & Netmask - I used 192.168.0.0 & 255.255.255.0
    Remote - Secure Gateway Address - add the IP address of the Netgear.
    Remote Network add the subnet & netmask of the remote network (Netgear). I used 192.168.1.0 & 255.255.255.0
    The Proposal was ESP with MD5 authentication, 3DES encryption, MODP 768 (Group 1) Perfect Forward Secrecy & Pre-shared Key at least 16 characters long.
    Next - on Netgear set up a new vpn connection with any name - it does not have to match the Billion one.
    Put 0.0.0.0 for both the local & Remote IPSec Identifier
    Tunnel can be accessed from - select 'a subnet of local address' from the drop down
    Local LAN start IP Address - put 192.168.1.0
    Local LAN IP Subnetmask - put 255.255.255.0
    Tunnel can access - select 'a subnet of remote address' from the drop down
    Remote LAN start IP - put 192.168.0.0
    Remote LAN IP Subnetmask - put 255.255.255.0
    Remote WAN IP or FQDN - leave blank
    Secure Association - select 'Main Mode' from drop down
    Perfect Forward Secrecy - click on Enabled
    PreShared key - put the same one as the Billion
    Leave Key Life & IKE Life Time at the defaults
    NETBIOS Enable - tick
    There it is now just ping the Netgear from the Billion and the VPN negoitiation process will start. It may take a minute to make the connection. If it doesn't then look at the logs on the Netgear but it works for me.

    How to increase the tx power?
    After the version 4.22c1, you can adjust the WLAN tx power with following command.
    The commands as (case-sensitive):
    - 'console enable'
    - 'bun set port wireless/SpecialTest=p<x>' where x is -44 to 20dB;
    e.g. 'bun set port wireless/SpecialTest=p20'
    With our test, we use Site Survey to check the signal level.
    p10 (default) ----> 73%
    p20 ----> 86% or up to 93%
    p-30 ----> 66%
    p-44 ----> 40%