BEC MX-200 User Manual

Download

Page 1

Last revised: October, 2015

Version release: v1.10

User Manual

BEC MX-200

Advanced Industrial 4G/LTE Wireless Router

Page 2

TABLE OF CONTENTS

CHAPTER 1: INTRODUCTION ......................... 1

INTRODUCTION TO YOUR ROUTER .............................................................. 1

FEATURES & SPECIFICATIONS .................................................................... 3

HARDWARE SPECIFICATIONS ..................................................................... 5

APPLICATION DIAGRAMS ......................................................................... 6

CHAPTER 2: PRODUCT OVERVIEW ............... 7

IMPORTANT NOTE FOR USING THIS ROUTER ................................................ 7

DEVICE DESCRIPTION .............................................................................. 8

SYSTEM RECOVERY PROCEDURES ............................................................. 11

CABLING ............................................................................................ 11

CHAPTER 3: BASIC INSTALLATION ............ 12

NETWORK CONFIGURATION – IPV4 ......................................................... 13

Configuring PC in Windows 10 (IPv4) .............................................................. 13

Configuring PC in Windows 7/8 (IPv4) ............................................................. 15

Configuring PC in Windows Vista (IPv4) .......................................................... 17

Configuring PC in Windows XP (IPv4) .............................................................. 19

NETWORK CONFIGURATION – IPV6 ......................................................... 21

Configuring PC in Windows 10 (IPv6) .............................................................. 21

Configuring PC in Windows 7/8 (IPv6) ............................................................. 23

Configuring PC in Windows Vista (IPv6) .......................................................... 25

Configuring PC in Windows XP (IPv6) .............................................................. 27

DEFAULT SETTINGS ............................................................................... 28

CHAPTER 4: DEVICE CONFIGURATION ...... 29

STATUS .............................................................................................. 31

Device Info ...................................................................................................... 31

Page 3

System Log ...................................................................................................... 33

3G/4G-LTE Status............................................................................................. 34

Statistics .......................................................................................................... 36

DHCP Table ...................................................................................................... 39

IPSec Status ..................................................................................................... 40

PPTP Status ..................................................................................................... 41

L2TP Status ...................................................................................................... 42

GRE Status ....................................................................................................... 42

ARP Table ........................................................................................................ 43

QUICK START ...................................................................................... 44

CONFIGURATION .................................................................................. 46

Interface Setup ................................................................................................ 46

Internet ........................................................................................................................ 46

LAN ............................................................................................................................... 54

Dual WAN ........................................................................................................ 58

General Setting ............................................................................................................. 58

Outbound Load Balance ............................................................................................... 61

Protocol Binding ........................................................................................................... 62

Advanced Setup .............................................................................................. 63

Firewall ......................................................................................................................... 63

Routing ......................................................................................................................... 64

Dynamic Routing .......................................................................................................... 65

NAT ............................................................................................................................... 67

Static DNS ..................................................................................................................... 72

Time Schedule .............................................................................................................. 73

Mail Alert ..................................................................................................................... 74

Remote System Log ...................................................................................................... 75

Serial (RS-232 Port) ....................................................................................................... 76

VPN ................................................................................................................. 78

IPSec ............................................................................................................................. 79

PPTP Server .................................................................................................................. 89

PPTP Client ................................................................................................................... 90

L2TP ............................................................................................................................. 94

GRE Tunnel ................................................................................................................. 101

Access Management ..................................................................................... 103

Device Management .................................................................................................. 103

SNMP ......................................................................................................................... 104

Universal Plug & Play ................................................................................................. 105

Dynamic DNS (DDNS) ................................................................................................. 106

Page 4

Access Control ............................................................................................................ 108

Packet Filter ................................................................................................................ 110

CWMP (TR-069) .......................................................................................................... 114

Parental Control ......................................................................................................... 116

Maintenance ................................................................................................. 117

User Management ..................................................................................................... 117

Time Zone ................................................................................................................... 119

License ........................................................................................................................ 120

Firmware & Configuration .......................................................................................... 121

System Restart ............................................................................................................ 122

Auto Reboot ............................................................................................................... 123

Diagnostics Tool .......................................................................................................... 124

CHAPTER 5: TROUBLESHOOTING ............ 125

Problems with the Router ............................................................................. 125

Problem with LAN Interface .......................................................................... 125

Recovery Procedures ..................................................................................... 126

APPENDIX: PRODUCT SUPPORT & CONTACT

................................ ................................ ....... 127

Page 5

Introduction

BEC MX-200 User Manual

CHAPTER 1: INTRODUCTION

Introduction to your Router

The BEC MX-200 Advanced Industrial 4G/LTE Router is a high performance fixed wireless platform enabling real-time 4G Cellular data connectivity for your existing serial devices and Ethernet network. The MX-200 provides a reliable and cost-effective alternative solution for business continuity. The platform can serve as the primary connection or backup connection when wired connections fail are unavailable or non-existent.

The MX-200 features two Gigabit Ethernet interfaces and a RS-232 Serial interface enabling wireless data connectivity for a broad range of applications and vertical machine-to-machine (M2M) market segments. Intelligent software supports configurable LAN/WAN options, embedded LTE module and enterprise level functionality such as: advanced security mechanisms, Quality of Service (QoS), SPI firewall, integrated VPN, auto failover for unparalleled uptime and network redundancy, and cloud-based management to extend visibility and control of devices remotely.

4G/LTE Mobility

To offer an advanced network solution that meets the growing demands of M2M services, MX-200 exclusively features dual WAN - load balance or auto-failover/failback to provide extraordinary, always-on internet connectivity.

Ultra-Compact and Lightweight Design

Designed for continuous operation in harsh environments, the MX-200 supports an extended operating temperature range from -4 to 140º F (–20 to 60º C) and a flexible input voltage range of 8-56V DC making it suitable for diverse environments and applications. To enable simple, reliable and efficient integration the ultra-compact, lightweight and low profile design incorporates highly flexible mounting options to ensure that the device and can be easily mounted discretely anywhere.

Secure VPN Connections

The MX-200 supports comprehensive and robust IPSec VPN (Virtual Private Network) protocols for business users to establish private encrypted tunnels over the public Internet to secure data transmission between headquarters and branch offices. It also supports VPN dial in from smart phones for secure remote Internet connection via your home broadband. With a built-in DES/3DES VPN accelerator, the router enhances IPSec VPN performance significantly.

IPv6 Supported

Internet Protocol version 6 (IPv6) is a version of the Internet Protocol that is designed to succeed IPv4. IPv6 has a vastly larger address space than IPv4. The router is already supporting IPv6, you can use it in IPv6 environment no need to change device. The dual-stack protocol implementation in an operating system is a fundamental IPv4-to-IPv6 transition technology. It implements IPv4 and IPv6

Page 6

Introduction

BEC MX-200 User Manual

protocol stacks either independently or in a hybrid form. The hybrid form is commonly implemented in modern operating systems supporting IPv6.

Quick Start Wizard

Support a WEB GUI page to install this device quickly. With this wizard, simple steps will get you connected to the Internet immediately.

Firmware Upgradeable

Device can be upgraded to the latest firmware through the WEB based GUI.

Page 7

Introduction

Features & Specifications

BEC MX-200 User Manual

Features & Specifications

• 4G/LTE and/or Ethernet IP broadband connectivity (3G Fallback optional)

• High performance SX antenna for increased coverage, signal reception and efficiency

• Gigabit Ethernet WAN (GbE WAN) for Cable/Fiber/xDSL high WAN throughput

•

Gigabit Ethernet LAN

• IPv6 ready (IPv4/IPv6 dual stack)

• Secured IPSec VPN with powerful DES/ 3DES/ AES

• Secured PPTP VPN with Pap/ Chap/ MPPE authentication

• Secured L2TP VPN with Pap/Chap authentication

• Secured GRE VPN tunnel

•

Firewall Security with DoS Preventing and Packet Filtering

•

Quality of Service Control for traffic prioritization management

•

Universal Plug and Play (UPnP) Compliance

• Ease of Use with Quick Installation Wizard

•

Small form factor with multiple mounting options, easily installed by a single person

•

Hardened enclosure with Industrial-graded components

•

Designed to withstand hypothermia, heat and protect from shock, vibration, etc.

Availability and Resilience

• Dual-WAN Interfaces

• Auto fail-over and failback

• High performance external antennas

Network Protocols and Features

• IPv4, IPv6, IPv4 / IPv6 dual stack*

• IP Tunnel IPv6 in IPv4 (6RD)*

• IP Tunnel IPv4 in IPv6 (DS-Lite)*

• NAT, static routing and RIP-1/2

• Universal Plug and Play (UPnP) compliant

• Dynamic Domain Name System (DDNS)

• Virtual server and DMZ

• SNTP, DNS relay

• IGMP proxy and IGMP snooping

Page 8

Introduction

Features & Specifications

BEC MX-200 User Manual

• MLD proxy and MLD snooping

• Supports port-based Virtual LAN (VLAN)

Firewall

•

Built-in NAT Firewall

•

Stateful Packet Inspection (SPI)

• DoS attack prevention including Land Attack, Ping of Death, etc

• Access control

• IP&MAC filter, URL Content Filter

• Password protection for system management

• VPN pass-through

Quality of Service Control

•

Traffic prioritization management based-on Protocol, Port Number and IP Address (IPv4/ IPv6)

Virtual Private Network (VPN) (Optional)

• 8 IPSec VPN Tunnels

• 8 PPTP VPN Tunnels (Dial-in:4, Dial-out:4)

• 8 L2TP VPN Tunnels (Dial-in:4, Dial-out:4)

• GRE (up to 8 tunnels)

• Embedded PPTP / L2TP / IPSec Client and Server

• IKE Key Management

• MPPE Encryption for PPTP

• IPSec DES, 3DES and AES encryption

Management

• Quick Installation wizard

•

Web-based GUI for remote and local management (IPv4/IPv6)

•

Firmware upgrades and configuration data upload and download via web-based GUI

•

Supports DHCP server / client / relay

• Supports

SNMP

•

TR-069 supports remote management

Page 9

Introduction

Hardware Specifications

BEC MX-200 User Manual

Hardware Specifications

Physical interface

• 3G/4G LTE: Two(2) detachable antennas

• WAN: 3G/4G LTE (and/or ETH WAN Optional)

• RS-232 (DCE, DB-9): one (1) port

• Ethernet LAN: 2-port 10/100/1000Mbps, auto-crossover (MDI/ MDI-X) switch

• SIM Card: One (1) slot

• Reset Button

• Power Connector: 4-pin connectors

• LED Indicators

• Power

• Internet

• LTE

• Ethernet

Physical Specifications

• Dimensions (W*H*D): 4.29" x 1.17" x 3.43" (109mm x 29.7mm x 87mm)

Page 10

Introduction

Application Diagrams

BEC MX-200 User Manual

Application Diagrams

The MX-200 Advanced Industrial 4G/LTE Wireless VPN Router is ideal the ideal solution for Digital signage, Remote surveillance, Vending Machines, Retail Point-of-Sales (PoS), Remote patient care/maintenance services, SCADA, Metering applications and much more.

Industrial Industry:

Power / Energy Industry:

Page 11

Product Overview

BEC MX-200 User Manual

CHAPTER 2: PRODUCT OVERVIEW

Important Note for Using This Router

 Do not use the router in high humidity or high temperature.  Do not use the same power source for the MX-200 on other

equipment.

 Do not open or repair the case yourself. If the device becomes

too hot, turn off the power immediately and have it repaired at a qualified service center.

 Avoid using this product and all accessories outdoors.

Warning

 Place the router on a stable surface.  Only use the power adapter that comes with the package. Using

a different voltage rating power adaptor may damage the router.

Attention

Page 12

Product Overview

Device Description

BEC MX-200 User Manual

Device Description

INTERFACE

MEANING

Gigabit Ethernet (LAN 1 ~ 2)

ETH1 is a LAN / WAN configurable port for broadband connectivity

Connect PCs, Laptops or any other office/home LAN devices with the supplied RJ-45 Ethernet cable (Cat-5 or Cat-5e) to any of those two LAN ports.

SERIAL

RS-232 serial port for machine connection and data collection Connect the male end of RS-232 serial data cable to the MX-200 and the other end to a

machine or PC.

Page 13

Product Overview

Device Description

BEC MX-200 User Manual

INTERFACE

MEANING

WAN (MAIN/AUX) 4G/LTE Antenna

Connectors

SMA female connectors. Manually screw the 3G/4G antennas tight to the female connectors for the Cellular Module

GPS Antenna Connector

SMA female connectors. Manually screw the GPS antenna tight to the connector

RESET

After the device is powered on, press it 6 seconds or above: to restore to factory default settings (this is used when you cannot login to the router, e.g. forgot your password)

POWER

Connect the supplied screw terminal block, 2-pin 3.5mm, to this jack port

123

Page 14

Product Overview

Device Description

BEC MX-200 User Manual

LEDS / INTERFACE

MEANING

Gb ETH (1 & 2) (Gigabit Ethernet)

ETH #1 Can be configured to be WAN port for broadband connectivity

Green

Ethernet LAN: Connected to an Gigabit (1000Mbps) Ethernet device

Ethernet WAN (ETH1 Only): Successfully connected with a broadband connection device

Red

Transmission speed is at 10/100Mbps

Blinking

Data being transmitted/received

Off

No device is connected to the Ethernet port

LTE (Received Signal Strength Indicator)

Green

RSSI greater than -69 dBm. Excellent signal condition

Green / Fast Flashing

RSSI from -81 to -69 dBm. Good signal condition

Red / Fast Flashing

RSSI from -99 to -81 dBm. Fair signal condition

Red / Slow Flashing

RSSI less than -99 dBm. Poor signal condition

Red

No signal and the 4G LTE module is in service

Off

No LTE module or LTE module fails

Internet

Green

IP connected and traffic is passing through the device

Red

IP request failed

Off

Either in bridged mode or WAN connection is not present

Power

Green

System ready

Red

Boot failure

SIM Card Slot

N/A

Insert mini SIM card (2FF) with the gold contact facing down. Push mini SIM card (2FF) inwards to eject it

* Power off the MX-200 before inserting or removing the SIM card

Page 15

Product Overview

System Recovery Procedure & Cabling

BEC MX-200 User Manual

System Recovery Procedures

The purpose is to allow users to restore the MX-200 to its initial stage when the device is outage, upgraded to a wrong / broken firmware, cannot access to the GUI with wrong username and/or password, etc.

Step 1 – Configure your PC Network IP Address

Before performing the system recovery, assign this IP address and Netmask to your PC,

192.168.1.100 and 255.255.255.0 respectively.

Step 2 – Reset your MX-200 Device

2.1 Power off your MX-200

2.2 Power on the MX-200 while pushing the RESET button with a small pointed object (such as paper clip, needle, toothpick, and etc.).

2.3 When the POWER LED turns RED, keep holding and pushing the RESET button until the INTERNET LED flashes in GREEN

Step 3 – Restore your MX-200 Device

With INTERNET light flashes green, MX-200 is in recovery mode and ready for a new Firmware.

3.1 Open a web browser and type the IP address, 192.168.1.1, to access to the recovery page.

NOTE: In the recovery mode, MX-200 will not respond to any PING or other requests.

3.2 Browse to the new Firmware image file then click Upload to start the upgrade process.

3.3 INTERNET LED turns red means the Firmware upgrade is in process. DO NOT power off or reboot the device, it would permanently damage your MX-200.

3.4 INTERNET LED turns green after the Firmware upgrade completed

3.5 Power cycle on & off to regain access to the MX-200.

Cabling

One of the most common causes of problems is bad cabling. Make sure that all connected devices are turned on. On the front panel of the product is a bank of LEDs. Verify that the LAN Link and LEDs are lit. If they are not, verify that you are using the proper cables.

Page 16

Basic Installation

BEC MX-200 User Manual

CHAPTER 3: BASIC INSTALLATION

The router can be configured with your web browser. A web browser is included as a standard application in the following operating systems: Windows XP / Vista / 7 / 8, Linux, Mac OS, etc. The product provides an easy and user-friendly interface for configuration.

PCs must have an Ethernet interface installed properly and be connected to the router either directly or through an external repeater hub, and have TCP/IP installed or configured to obtain an IP address through a DHCP server or a fixed IP address that must be in the same subnet as the router. The default IP address of the router is 192.168.1.254 and the subnet mask is 255.255.255.0 (i.e. any attached PC must be in the same subnet, and have an IP address in the range of 192.168.1.1 to

192.168.1.253). The best and easiest way is to configure the PC to get an IP address automatically

from the router using DHCP. If you encounter any problems accessing the router’s web interface it may also be advisable to uninstall any kind of software firewall on your PCs, as they can cause problems accessing the 192.168.1.254 IP address of the router. Users should make their own decisions on how to best protect their network.

Please follow the steps below for your PC’s network environment installation. First of all, please check your PC’s network components. The TCP/IP protocol stack and Ethernet network adapter must be

installed. If not, please refer to your Windows-related or other operating system manuals.

Any TCP/IP capable workstation can be used to communicate with or through the MX-200. To configure other types of workstations, please consult the manufacturer’s documentation.

Attention

Page 17

Basic Installation

Network Configuration – Windows 10 (IPv4)

BEC MX-200 User Manual

Network Configuration – IPv4

Configuring PC in Windows 10 (IPv4)

1. Click .

2. Click

3. Then click on Network and Internet.

4. Under Related settings, select Network and Sharing Center

5. When the Network and Sharing Center window pops up, select and

click on Change adapter settings on the left window panel.

6. Select the Local Area Connection, and right click the icon to select Properties.

Page 18

Basic Installation

Network Configuration – Windows 10 (IPv4)

BEC MX-200 User Manual

7. Select Internet Protocol Version 4 (TCP/IPv4) then click Properties.

8. In the TCP/IPv4 properties window, select the Obtain an IP address automatically and Obtain DNS Server address automatically radio

buttons. Then click OK to exit the setting.

9. Click OK again in the Local Area Connection Properties window to

apply the new configuration.

Page 19

Basic Installation

Windows 7/8 (IPv4)

BEC MX-200 User Manual

Configuring PC in Windows 7/8 (IPv4)

10. Go to Start. Click on Control Panel.

11. Then click on Network and Internet.

12. When the Network and Sharing Center window pops up, select and

click on Change adapter settings on the left window panel.

13. Select the Local Area Connection, and right click the icon to select Properties.

Page 20

Basic Installation

Windows 7/8 (IPv4)

BEC MX-200 User Manual

14. Select Internet Protocol Version 4 (TCP/IPv4) then click Properties.

15. In the TCP/IPv4 properties window, select the Obtain an IP address automatically and Obtain DNS Server address automatically radio

buttons. Then click OK to exit the setting.

16. Click OK again in the Local Area Connection Properties window to

apply the new configuration.

Page 21

Basic Installation

Windows Vista (IPv4)

BEC MX-200 User Manual

Configuring PC in Windows Vista (IPv4)

1. Go to Start. Click on Network.

2. Then click on Network and Sharing Center at the top bar.

3. When the Network and Sharing Center window pops up, select and click

on Manage network connections on the left window pane.

4. Select the Local Area Connection, and right click the icon to select Properties.

Page 22

Basic Installation

Windows Vista (IPv4)

BEC MX-200 User Manual

5. Select Internet Protocol Version 4 (TCP/IPv4) then click Properties.

6. In the TCP/IPv4 properties window, select the Obtain an IP address automatically and Obtain DNS Server address automatically radio buttons. Then click OK to exit the setting.

7. Click OK again in the Local Area Connection Properties window to

apply the new configuration.

Page 23

Basic Installation

Windows XP (IPv4)

BEC MX-200 User Manual

Configuring PC in Windows XP (IPv4)

1. Go to Start. Click on Control Panel.

2. Then click on Network and Internet.

3. In the Local Area Connection Status window,

click Properties.

4. Select Internet Protocol (TCP/IP) and click

Properties.

Page 24

Basic Installation

Windows XP (IPv4)

BEC MX-200 User Manual

5. Select the Obtain an IP address

automatically and the Obtain DNS server address automatically radio buttons.

6. Click OK to finish the configuration.

Page 25

Basic Installation

Windows 10 (IPv6)

BEC MX-200 User Manual

Network Configuration – IPv6

Configuring PC in Windows 10 (IPv6)

1. Click .

2. Click

3. Then click on Network and Internet.

4. Under Related settings, select Network and Sharing Center

5. When the Network and Sharing Center window pops up, select and

click on Change adapter settings on the left window panel.

6. Select the Local Area Connection, and right click the icon to select Properties.

Page 26

Basic Installation

Windows 10 (IPv6)

BEC MX-200 User Manual

7. Select Internet Protocol Version 6 (TCP/IPv6) then click Properties.

8. In the TCP/IPv6 properties window, select the Obtain an IPv6 address automatically and Obtain DNS Server address automatically radio

buttons. Then click OK to exit the setting.

9. Click OK again in the Local Area Connection Properties window to

apply the new configuration.

Page 27

Basic Installation

Windows 7/8 (IPv6)

BEC MX-200 User Manual

Configuring PC in Windows 7/8 (IPv6)

1. Go to Start. Click on Control Panel.

2. Then click on Network and Internet.

3. When the Network and Sharing Center window pops up, select and

click on Change adapter settings on the left window panel.

4. Select the Local Area Connection, and right click the icon to select Properties.

Page 28

Basic Installation

Windows 7/8 (IPv6)

BEC MX-200 User Manual

5. Select Internet Protocol Version 6 (TCP/IPv6) then click Properties.

6. In the TCP/IPv6 properties window, select the Obtain an IPv6 address automatically and Obtain DNS Server address automatically radio

buttons. Then click OK to exit the setting.

7. Click OK again in the Local Area Connection Properties window to

apply the new configuration.

Page 29

Basic Installation

Windows Vista (IPv6)

BEC MX-200 User Manual

Configuring PC in Windows Vista (IPv6)

1. Go to Start. Click on Network.

2. Then click on Network and Sharing Center at the top bar.

3. When the Network and Sharing Center window pops up, select and click on Manage network connections on the left window

pane.

4. Select the Local Area Connection, and right click the icon to select Properties.

Page 30

Basic Installation

Windows Vista (IPv6)

BEC MX-200 User Manual

5. Select Internet Protocol Version 6 (TCP/IPv6) then click Properties.

6. In the TCP/IPv6 properties window, select the Obtain an IP address automatically and Obtain DNS Server address automatically radio buttons. Then click OK to exit the setting.

7. Click OK again in the Local Area Connection Properties window to

apply the new configuration.

Page 31

Basic Installation

Windows XP (IPv6)

BEC MX-200 User Manual

Configuring PC in Windows XP (IPv6)

IPv6 is supported by Windows XP, but you need to install it first.

Please follow the steps to install IPv6:

1. On the Desktop, Click Start > Run, type cmd, then press Enter key in the keyboard, the following screen appears.

2. Key in command ipv6 install

Installation of IPv6 is now completed. Please test it to see if it works or not. .

Page 32

Basic Installation

Default Settings

BEC MX-200 User Manual

Default Settings

Before configuring the router, you need to know the following default settings.

Web Interface: (Username and Password)

Administrator

Username: admin Password: admin

User

Username: user Password: user

Device LAN IP Settings

IP Address: 192.168.1.254 Subnet Mask: 255.255.255.0

DHCP Server:

DHCP server is enabled. Start IP Address: 192.168.1.100 IP pool counts: 100

If you ever forget the username/password to login to the router, you may

press the RESET button up to 6 seconds then release it to restore the factory default settings.

Caution: After pressing the RESET button for more than 6 seconds then

Page 33

Device Configuration

BEC MX-200 User Manual

CHAPTER 4: DEVICE CONFIGURATION

Open your web browser, enter the IP address of your router, which by default is 192.168.1.254, and

click “Go”, a user name and password window prompt appears.

The default username and password is “admin” and “admin” respectively for the Administrator. For the User account, default username and password is “user” and “user”.

NOTE: This username / password may vary by different Internet Service Providers.

Congratulations! You have successfully logged on to your MX-200

Page 34

Device Configuration

BEC MX-200 User Manual

Once you have logged on to your MX-200 via your web browser, you can begin to set it up according to your requirements. On the configuration homepage, the left navigation pane links you directly to the setup pages, which includes:

Section

Status

Quick Start (Wizard Setup)

Configuration

Sub-Items

Device Info

Interface Setup

- Internet

- LAN

System Log

Dual WAN

- General Setting

- Outbound Load Balance

- Protocol Binding

3G/4G-LTE Status

Advanced Setup

- Firewall

- Routing

- Dynamic Routing

- NAT

- Static DNS

- Time Schedule

- Mail Alert

- Remote System Log

- Serial

Statistics

VPN

- IPSec

- PPTP Server

- PPTP Client

- L2TP

- GRE

DHCP Table

Access Management

- Device Management

- SNMP

- Universal Plug & Play

- Dynamic DNS

- Access Control

- Packet Filter

- CWMP (TR-069)

- Parental Control

IPSec Status

Maintenance

- User Management

- Time Zone

- License

- Firmware & Configuration

- System Restart

- Auto Reboot

- Diagnostic Tool

PPTP Status

L2TP Status

GRE Status

ARP Table

Please see the relevant sections of this manual for detailed instructions on how to configure your MX-200 device.

Page 35

Device Configuration

Status – Device Info

BEC MX-200 User Manual

Status

In this section, you can check the router working status, including Device Info, System Log, 3G/4GLTE Status, Statistics, DHCP Table, IPSec Status, PPTP Satus, L2TP Status, GRE Status, and ARP Table.

Device Info

It provides brief status summary of the device.

Device Information

Model Name: Name of the router for identification purpose. Firmware Version: Software version currently loaded in the router MAC Address: A unique number that identifies the router Data Time: Setup correct time on the MX-200 with your PC. Check on Time Zone section for more

configuration information. System Uptime: Display how long the MX-200 has been powered on.

Physical Port Status

Physical Port Status：Display available connection interfaces, WAN (3G/4G-LTE, EWAN) and LAN

(Ethernet) are supported in the MX-200.

WAN

Interface: List current available WAN connections. Protocol: Display selected WAN connection protocol Connection: The current connection status. IP Address: WAN port IP address. Default Gateway: The IP address of the default gateway.

LAN

Page 36

Device Configuration

Status – Device Info

BEC MX-200 User Manual

IP Address: LAN port IPv4 address. Subnet Mask/Prefix Length: Display LAN port IP subnet mask of IPv4 and/or Prefix length of IPv6. DHCP Server: Display LAN DHCP status of IPv4 and IPv6.

 Enable / 192.168.1.100~199: DHCPv4 server status on or off / DHCP IP range  Enable / Stateless: DHCPv6 server status on or off / DHCPv6 server Type

Page 37

Device Configuration

Status – System Log

BEC MX-200 User Manual

System Log

In system log, you can check the operations status and any glitches to the router.

Refresh: Press this button to refresh the statistics.

Page 38

Device Configuration

Status – 3G/4G-LTE

BEC MX-200 User Manual

3G/4G-LTE Status

It contains 3G/4G-LTE connection information.

Status: The current status of the 3G/4G-LTE connection. Signal Strength: The signal strength bar and dBm value indicates the current 3G/4G-LTE signal

strength. The front panel 3G/4G-LTE Signal Strength LED indicates the signal strength as well. Signal Information: Shows important LTE signal parameters such as RSRP (Reference Signal

Receiving Power), RSRQ (Reference Signal Receiving Quality), SINR (Signal to Interference plus Noise Ratio).

 RSRP (Reference Signal Receiving Power): is the average power of all resource elements

which carry cell-specified reference signals over the entire bandwidth.

 RSRQ (Reference Signal Receiving Quality): measures the signal strength and is calculated

based on both RSRP and RSSI.

 RSSI (Received Signal Strength Indicator): parameter which provides information about total

received wide-band power (measure in all symbols) including all interference and thermal noise. Please refer to the Device Description for details.

 SINR (Signal to Interference plus Noise Ratio): is also a measure of signal quality as well. It is

widely used by the operators as it provides a clear relationship between RF conditions and throughput.

NOTE: Some LTE modules do not provide this information.

Network Name: The name of the LTE network the router is connecting to. Cell ID: The ID of base station that the device is connected to. Card IMEI: The unique identification number that is used to identify the 3G/4G-LTE module. Card IMSI: The international mobile subscriber identity used to uniquely identify the 3G/4G-LTE

module.

Network Mode / Band: Show the using network mode and LTE band.

Usage Allowance

To enable this feature, please go to Configuration >> Interface Setup >> Internet >> click “Usage Allowance” >> enable “Save the statistics to ROM”

Page 39

Device Configuration

Status – 3G/4G-LTE

BEC MX-200 User Manual

Amount Used: Display the amount of mobile data used and remaining in current billing cycle. Billing Cycle: Display the start date and number of days remaining in current billing cycle Clean: Reset current saved mobile usage Save: Click to save current mobile status to ROM

Refresh: Click to refresh this page.

Page 40

Device Configuration

Status – Statistics (3G/4G-LTE)

BEC MX-200 User Manual

Statistics

 3G/4G-LTE

Take 3G/4G-LTE as an example to describe the following connection transmission information.

Traffic Statistics

Interface: List all available network interfaces in the router. You are currently checking on the physical status of 3G/4G-LTE interface.

Transmit Statistics

Transmit Frames of Current Connection: Display the total number of 3G/4G-LTE frames transmitted until the latest second for the current connection.

Transmit Bytes of Current Connection: Display the total bytes transmitted till the latest second for the current connection for the current connection.

Transmit Total Frames: Display the total number of frames transmitted till the latest second since system is up.

Transmit Total Bytes: Display the total number of bytes transmitted until the latest second since system is up.

Receive Statistics

Receive Frames of Current Connection: Display the number of frames received until the latest

second for the current connection. Receive Bytes of Current Connection: Display the total bytes received till the latest second for the

current connection. Receive Total Frames: Display the total number of frames received until the latest second since

system is up.

Receive Total Bytes: Display the total frames received till the latest second since system is up. Refresh: Click to refresh this page.

Page 41

Device Configuration

Status – Statistics (EWAN/LAN #1)

BEC MX-200 User Manual

 EWAN (LAN1)

Traffic Statistics

Interface: List all available network interfaces in the router. You are currently checking on the physical status of the EWAN(Ethernet #1) port.

Transmit Statistics

Transmit Frames: Display the number of frames transmitted until the latest second. Transmit Multicast Frames: Display the number of multicast frames transmitted until the latest

second. Transmit Total Bytes: Display the number of bytes transmitted until the latest second. Transmit Collision: Numbers of collisions have occurred on this port. Transmit Error Frames: Display the number of error packets on this port.

Receive Statistics

Receive Frames: Display the number of frames received until the latest second. Receive Multicast Frames: Display the number of multicast frames received until the latest second. Receive Total Bytes: Display s the number of bytes received until the latest second. Receive CRC Errors: Display the number of error packets on this port. Receive Under-size Frames: Display the number of under-size frames received until the latest

second.

Refresh: Click to refresh this page.

Page 42

Device Configuration

Status – Statistics (Ethernet)

BEC MX-200 User Manual

 Ethernet

Traffic Statistics

Interface: List all available network interfaces in the router. You are currently checking on the physical status of the Ethernet port.

Transmit Statistics

Transmit Frames: Display the number of frames transmitted until the latest second. Transmit Multicast Frames: Display the number of multicast frames transmitted until the latest

Receive Statistics

second.

Refresh: Click to refresh this page.

Page 43

Device Configuration

Status – DHCP Table

BEC MX-200 User Manual

DHCP Table

DHCP table displays the devices connected to the router with clear information.

Index #: The numeric indicator for devices using dynamic IP addresses. Host Name: Show the hostname of the PC. IP Address: The IP allocated to the device. MAC Address: The MAC of the connected device. Expire Time: The total remaining interval since the IP assignment to the PC.

Page 44

Device Configuration

Status – IPSec Status

BEC MX-200 User Manual

IPSec Status

Index #: The numeric IPSec tunnel indicator. Action: Connect or Drop the connection. Connection Name: User-defined IPSec VPN connection name. Active: Show if the tunnel is active for connection. Connection State: Show the IPSec phase 1 and phase 2 connecting status. Statistics: Display the upstream/downstream traffic per session in KB. The value clears when session

disconnects.

Remote Gateway: The IP of the remote IPSec gateway. Remote Network: The IP and Netmask of remote access range. Local Network: The IP and Netmask of local access range.

Page 45

Device Configuration Status – PPTP Status

BEC MX-200 User Manual

PPTP Status

 PPTP Server

Index #: The numeric PPTP connection indicator. Connection Name: Show user-defined PPTP VPN connection name. Active: Show if the tunnel is active for connection. Connection State: Show the connecting status. Connection Type: Remote Access or LAN to LAN. Assigned IP Address: Show the IP assigned to the client by PPTP Server. Remote Network: Display the remote network and subnet mask in LAN to LAN PPTP connection. Refresh: Click this button to refresh the connection status.

 PPTP Client

Index #: The numeric PPTP connection indicator. Connection Name: Show user-defined PPTP VPN connection name. Active: Show if the tunnel is active for connection. Connection State: Show the connecting status. Connection Type: Remote Access or LAN to LAN. Server IP Address: Show the IP of remote PPTP Server. Remote Network: Display the remote network and subnet mask in LAN to LAN PPTP connection. Refresh: Click this button to refresh the connection status.

Page 46

Device Configuration

Status – L2TP & GRE Status

BEC MX-200 User Manual

L2TP Status

Index #: The numeric L2TP tunnel indicator. Connection Name: Display the user-defined L2TP connection name. Active: Show if the tunnel is active for connection. Connection State: Show the connecting status. Connection Mode: The L2TP mode is dial-in or dial-out. Connection Type: Remote Access or LAN to LAN. Tunnel Remote IP Address: Display the remote tunnel IP address. Refresh: Click this button to refresh the connection status.

GRE Status

Index #: The numerical GRE tunnel indication. Connection Name: Display the user-defined GRE connection name. Active: Show if the tunnel is active for connection. Connection State: Show the connecting status. Remote Gateway IP: The IP of the remote GRE gateway. Remote Network: Display the remote network.

Page 47

Device Configuration

Status – L2TP & GRE Status

BEC MX-200 User Manual

ARP Table

This section displays the router’s ARP (Address Resolution Protocol) Table, which shows the mapping

of Internet (IP) addresses to Ethernet (MAC) addresses. This is useful as a quick way of determining the MAC address of the network interface of your PCs to use with the router’s Firewall / MAC

Address Filter function. See the Firewall section of this manual for more information on this feature.

#: The numeric table list indicator. IP Address: It is IP Address of internal host that join this network. MAC Address: The MAC address of internal host.

Page 48

Device Configuration

Quick Start

BEC MX-200 User Manual

Quick Start

This is a useful and easy utility to help you to setup the router quickly and to connect to your ISP (Internet Service Provider) with only a few steps. It will guide you step by step to setup password, time zone, wireless, and WAN settings of your device. The Quick Start Wizard is a helpful guide for the first-time users to the device.

For detailed instructions on configuring WAN settings, see refer to the Interface Setup section.

Click NEXT to move on to Step 1.

Step 1 – Password

Set new password of the “admin” account to access for router management. The default is “admin”. Once changed, please use this new password next time when accessing to the router. Click NEXT to continue.

Step 2 – Time Zone

Choose your time zone. Click NEXT to continue.

Step 3 – ISP Connection Type

Set up your 3G/4G-LTE Internet connection.

Page 49

Device Configuration

Quick Start

BEC MX-200 User Manual

3.1 Select an appropriate WAN connection protocol then click NEXT to continue.

3.2(1) If selected 4G LTE

Input all relevant 3G/4G-LTE parameters from your ISP. Click Next to continue.

3.2(2) If selected EWAN(LAN1) / PPPoE, please enter PPPoE account information provided by your ISP.

Click NEXT to continue.

Step 4 – Quick Start Completed

The Setup Wizard has completed. Click on BACK to make changes or correct mistakes. Click NEXT to save the current settings and complete the Quick Start setups.

Go back to the Status > Device Info to view the status.

Page 50

Device Configuration

Interface Setup – Internet (3G/4G-LTE)

BEC MX-200 User Manual

Configuration

Click to access and configure the available features in the following: Interface Setup, Dual WAN, Advanced Setup, VPN, Access Management, and Maintenance.

These functions are described in the following sections.

Interface Setup

Here are the features under Interface Setup: Internet and LAN

Internet

 3G/4G-LTE

WAN Interface: List all available WAN interfaces. (In this section, you have selected to use 3G/4G-LTE)

Status: Choose Activated to enable the 3G/4G-LTE connection. Usage Allowance: Enable and click “Usage Allowance” for further setting configuration of your

3G/4G-LTE data usage.

Page 51

Device Configuration

Interface Setup – Internet (3G/4G-LTE)

BEC MX-200 User Manual

Usage Allowance

Mode: Include Volume-based and Time-based control.

 Volume-based include “only Download”, ”only Upload”, and “Download and Upload” to limit

the flow.

 Time-based control the flow by providing specific hours per month. The billing period begins on: the beginning day of billing each month. Over usage allowance action: Here are actions to perform when mobile data usage, defined in

Mode, reached to its maximum.

 None: No action taken

 Disconnect: Disconnect mobile connection

 Email Alert: Send an e-mail alert and keep the mobile connection alive.

 Email Alert and Disconnect: Disconnect mobile connection after an alert e-mail is being

sent.

Save the statistics to ROM:

 Every one hour: Activate the 3G/4G-LTE statistics on data usage and this info will get

updated and saved to the internal memory (ROM) in every hour. Once the feature is turned on, you can see the amount of data used and how many days left

before next billing cycle starts. Go to Status >> 3G/4G-LTE Status page for details.

NOTE: This statistic information will get deleted after a factory reset.

 Disable: No action taken

LTE Mode*: Display current selected LTE frequency band. To change the band, please click “LTE Mode” link to access to the band selection page.

LTE Band

LTE Band: A list of available LTE bands to choose from.

Page 52

Device Configuration

Interface Setup – Internet (3G/4G-LTE)

BEC MX-200 User Manual

LTE Antenna Diversity *: When enabled, the auxiliary antenna will be activated. With disabled, only the primary antenna is receiving and transmitting data. To change it, please click “LTE Antenna Diversity” link to access to the selection page.

LTE Antenna Diversity

To enable or disable the LTE antenna diversity feature.

* Feature is available with specific cellular module

IP Pass-through Mode: When enabled, MX-200 is in bridge mode that it does not obtain a WAN IP

address; features such as routing capabilities, NAT, firewall, etc., are being disabled. The client router that is behind the MX-200now obtains a WAN IP address. When disabled, MX-200 is in router mode that it handles a WAN IP address and all features become available.

Network Mode: There are 8 options of service standards: “Automatic”, “UMTS 3G only”, “GSM 2G

Only”, “UMTS 3G Preferred”, “GSM 2G Preferred”, “GSM and UMTS Only”, “LTE Only”, “GSM, UMTS,

LTE”. If you are not sure which mode to use, you may select Automatic to auto detect the best mode for you.

TEL No.: The dial string to make a GPRS / 3G/4G-LTE user internetworking call. It may provide by your mobile service provider.

Dual APN: Default is with Single APN. To support Dual/multiple APNs, a license key is required. Please consult with Billion/BEC for more information.

APN: An APN is similar to a URL on the WWW, it is what the unit makes a GPRS / UMTS call. The service provider is able to attach anything to an APN to create a data connection, requirements for APNs varies between different service providers. Most service providers have an internet portal which they use to connect to a DHCP Server, thus giving you access to the internet i.e. some 3G operators use the APN ‘internet’ for their portal. The default value is “internet”.

Authentication Protocol: Manually specify CHAP (Challenge Handshake Authentication Protocol) or PAP (Password Authentication Protocol) if you know which authentication type the server is using (when acting as a client), or the authentication type you want the clients to use when they are connecting to you (when acting as a server). When using PAP, the password is sent unencrypted, while CHAP encrypts the password before sending, and also allows for challenges at different periods to ensure that an intruder has not replaced the client.

Username/Password: Enter the username and password provided by your service provider. The username and password are case sensitive.

PIN: PIN stands for Personal Identification Number. A PIN code is a numeric value used in certain systems as a password to gain access, and authenticate. In mobile phones a PIN code locks the SIM card until you enter the correct code. If you enter the PIN code incorrectly into the phone 3 times in a row, then the SIM card will be blocked and you will require a PUK code from your network/service

Page 53

Device Configuration

Interface Setup – Internet (3G/4G-LTE)

BEC MX-200 User Manual

provider. Connection: Default set to Always on to keep an always-on 3G/4G-LTE connection. Keep Alive / IP: Select Yes to keep the 3G/4G-LTE connection always on. Manually enter the Keep

Alive IP Address to be used for ping operation to check if the connection is still on.

Default Route: Select Yes to use this interface as default route interface. NAT: Select this option to Disabled/Enable the NAT (Network Address Translation) function. Enable

NAT to grant multiples devices in LAN to access to the Internet through a single WAN IP. When router’s Internet configuration is finished successfully, you can go to the Status to check

connection information. MTU: aximum Transmission Unit. The size of the largest datagram (excluding media-specific headers)

an IP attempts to send through the interface. 0 means to use default MTU size, 1500byte.

Click Save to apply the settings.

Page 54

Device Configuration

Interface Setup – Internet (EWAN)

BEC MX-200 User Manual

 EWAN (LAN 1)

Status: Select to enable/activate or disable/deactivated the service.

IPv4/IPv6

IP Version: Choose IPv4, IPv4/IPv6, IPv6 based on your environment. If you don’t know which one to

choose from, please choose IPv4/IPv6 instead.

ISP Connection Type:

Page 55

Device Configuration

Interface Setup – Internet (EWAN)

BEC MX-200 User Manual

ISP: Select the encapsulation type your ISP uses.

 Dynamic IP: Select this option if your ISP provides you an IP address automatically.  Static IP: Select this option to set static IP information. You will need to enter in the Connection

type, IP address, subnet mask, and gateway address, provided to you by your ISP. Each IP address entered in the fields must be in the appropriate IP form. IP address from by four IP octets separated by a dot (xx.xx.xx.xx). The Router will not accept the IP address if it is not in this format.

 PPPoE: Select this option if your ISP requires you to use a PPPoE connection.  Bridge: Select this mode if you want to use this device as an OSI Layer 2 device like a switch.

802.1q Options

802.1q: When activated, please enter a VLAN ID. VLAN ID: It is a parameter to specify the VLAN which the frame belongs. Enter the VLAN ID

identification, tagged: 0-4095.

PPPoE (If selected PPPoE as WAN Connection Type; otherwise, skip this part)

Username: Enter the user name provided by your ISP. Password: Enter the password provided by your ISP. Bridge Interface for PPPoE: When “Activated”, the device will gain WAN IP from your ISP with the

PPPoE account. But if your PC is connected to the router working as a DHCP client, in this mode, the device acts as a NAT router; while if you dial up with the account within your PC, the device will then work as a bridge forwarding the PPPoE information to the PPPoE server and send the response to your PC, thus your PC gets a WAN IP working in the internet.

Connection Setting

Connection:

 Always On: Click on Always On to establish a PPPoE session during start up and to

automatically re-establish the PPPoE session when disconnected by the ISP.

 Connect Manually: Select Connect Manually when you don't want the connection up all the

time.

TCP MSS Option: Enter the maximum size of the data that TCP can send in a segment. Maximum Segment Size (MSS).

Page 56

Device Configuration

Interface Setup – Internet (EWAN)

BEC MX-200 User Manual

IP Options

IP Common Options

Default Route: Select Yes to use this interface as default route interface. TCP MTU Option: Enter the maximum packet that can be transmitted. Default MTU 0 means it is set

to 1492 bytes.

IPv4 Options

Get IP Address: Choose Static or Dynamic Static IP Address: If Static is selected in the above field, please enter the specific IP address you get

from ISP and the following IP subnet mask and gateway address. IP Subnet Mask: The default is 0.0.0.0. User can change it to other such as 255.255.255.0.Type the

subnet mask assigned to you by your ISP (if given).

Gateway: Enter the specific gateway IP address you get from ISP. NAT: Enable to allow MX-1000 to assign private network IPs to all devices in the network for get

Internet access.

Dynamic Route:

 RIP Version: (Routing Information protocol) Select this option to specify the RIP version,

including RIP-1, RIP-2.

 RIP Direction: Select this option to specify the RIP direction.

- None is for disabling the RIP function.

- Both means the router will periodically send routing information and accept routing information then incorporate into routing table.

- IN only means the router will only accept but will not send RIP packet.

Page 57

Device Configuration

Interface Setup – Internet (EWAN)

BEC MX-200 User Manual

- OUT only means the router will only send but will not accept RIP packet.

IGMP Proxy: IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish

membership in a Multicast group. Choose whether enable IGMP proxy.

IPv6 options (only when choose IPv4/IPv6 or just IPv6 in IP version field above):

IPv6 Address: Type the WAN IPv6 address from your ISP. Obtain IPv6 DNS: Choose if you want to obtain DNS automatically. Primary/Secondary: if you choose Disable in the Obtain IPv6 DNS field, please type the exactly

primary and secondary DNS.

MLD Proxy: MLD (Multicast Listener Discovery Protocol) is to IPv6 just as IGMP to IPv4. It is a Multicast Management protocol for IPv6 multicast packets.

When router’s Internet configuration is finished successfully, you can go to status to get the connection

information.

Click Save to apply the settings.

Page 58

Device Configuration

Interface Setup – LAN

BEC MX-200 User Manual

LAN

A Local Area Network (LAN) is a shared communication system to which many computers are attached and is limited to the immediate area, usually the same building or floor of a building.

IPv4 Parameters

IP Address: Enter the IP address of Router in dotted decimal notation, for example, 192.168.1.254 (factory default).

IP Subnet Mask: The default is 255.255.255.0. User can change it to other such as 255.255.255.128. Alias IP Address: This is for local networks virtual IP interface. Specify an IP address on this virtual

interface.

Alias IP Subnet Mask: Specify a subnet mask on this virtual interface. IGMP Snooping: Select Activated to enable IGMP Snooping function, Without IGMP snooping,

Page 59

Device Configuration

Interface Setup – LAN

BEC MX-200 User Manual

multicast traffic is treated in the same manner as broadcast traffic - that is, it is forwarded to all ports. With IGMP snooping, multicast traffic of a group is only forwarded to ports that have members of that group.

Dynamic Route: Select the RIP version from RIP1 or RIP2.

DHCPv4 Server

DHCP (Dynamic Host Configuration Protocol) allows individual clients to obtain TCP/IP configuration at start-up from a server.

DHCPv4 Server: If set to Enabled, your MX-200 can assign IP addresses, default gateway and DNS servers to the DHCP client.

 If set to Disabled, the DHCP server will be disabled.  If set to Relay, the MX-200 acts as a surrogate DHCP server and relays DHCP requests and

responses between the remote server and the clients. Enter the IP address of the actual, remote DHCP server in the Remote DHCP Server field in this case.

 When DHCP is used, the following items need to be set.

Start IP: This field specifies the first of the contiguous addresses in the IP address pool. IP Pool Count: This field specifies the count of the IP address pool. Lease Time: The current lease time of client. Physical Ports: DNS Relay:

 Select Automatic detection or  Manually specific Primary and Secondary DNS IP addresses

Primary / Secondary DNS Server: Enter the IP addresses of the DNS servers. The DNS servers are passed to the DHCP clients along with the IP address and the subnet mask.

Fixed Host

In this field, users can map the specific IP (must in the DHCP IP pool) for some specific MAC, and this information can be listed in the following table.

Page 60

Device Configuration

Interface Setup – LAN

BEC MX-200 User Manual

IP Address: Enter the specific IP. For example: 192.168.1.110. MAC Address: Enter the responding MAC. For example: 00:0A:F7:45:6D:ED

When added, you can see the ones listed as showed below:

IPv6 Parameters

The IPv6 address composes of two parts, thus, the prefix and the interface ID.

Interface Address / Prefix Length: Enter a static LAN IPv6 address. If you are not sure what to do with this field, please leave it empty as if contains false information it could result in LAN devices not being able to access other IPv6 device. Router will take the same WAN’s prefix to LAN side if the field is empty.

DHCPv6 Server

There are two methods to dynamically configure IPv6 address on hosts, Stateless and Stateful. Stateless auto-configuration requires no manual configuration of hosts, minimal (if any)

configuration of routers, and no additional servers. The stateless mechanism allows a host to generate its own addresses using a combination of locally available information (MAC address) and information (prefix) advertised by routers. Routers advertise prefixes that identify the subnet(s) associated with a link, while hosts generate an "interface identifier" that uniquely identifies an interface on a subnet. An address is formed by combining the two. When using stateless configuration, you needn’t configure anything on the client.

Stateful configuration, for example using DHCPv6 (which resembles its counterpart DHCP in IPv4.) In the stateful auto configuration model, hosts obtain interface addresses and/or configuration information and parameters from a DHCPv6 server. The Server maintains a database that keeps track of which addresses have been assigned to which hosts.

DHCPv6 Server: Check whether to enable DHCPv6 server. DHCPv6 Server Type: Select Stateless or Stateful. When DHCPv6 is enabled, this parameter is

Page 61

Device Configuration

Interface Setup – LAN

BEC MX-200 User Manual

available.

 Stateless: If selected, the PCs in LAN are configured through RA mode, thus, the PCs in LAN

are configured through RA mode, to obtain the prefix message and generate an address using a combination of locally available information (MAC address) and information (prefix) advertised by routers, but they can obtain such information like DNS from DHCPv6 Server.

 Stateful: If selected, the PCs in LAN will be configured like in IPv4 mode, thus obtain addresses

and DNS information from DHCPv6 server.

Start interface ID: enter the start interface ID. The IPv6 address composed of two parts, thus, the prefix and the interface ID. Interface is like the Host ID compared to IPv4.

End interface ID: enter the end interface ID. Leased Time (seconds): the leased time, similar to leased time in DHCPv4, is a time limit assigned to

clients, when expires, the assigned ID will be recycled and reassigned. Router Advertisement: Check to Enable or Disable the Issue Router Advertisement feature. This

feature is to send Router Advertisement messages periodically which would multicast the IPv6 Prefix information (similar to v4 network number 192.168.1.0) to all LAN devices if the field is enabled. We suggest enabling this field.

Click Save to apply the settings.

Page 62

Device Configuration

Dual WAN – General Setting

BEC MX-200 User Manual

Dual WAN

Dual WAN, is a feature to have two independent Internet connection connected concurrently, offers a reliable Internet connectivity and maximize bandwidth utilization for critical applications delivery.

General Setting

Mode: Select a mode then click Save to proceed.

Page 63

Device Configuration

Dual WAN – General Setting (Failover & Failback)

BEC MX-200 User Manual

 Failover & Failback

Auto failover/failback ensures always-online network connectivity. When primary WAN link (WAN1) fails, all traffic will switch over to the backup WAN (WAN2) seamlessly.

Again, when the primary link is restored, traffic will be handled over from WAN2 to WAN1.

WAN Port Service Detection Policy

WAN1 (Primary): Choose a desired WAN as the primary WAN Link from the list. WAN2 (Backup): Choose a desired WAN as the backup WAN Link from the list. Keep Backup Interface Connected: Enable if want to keep the backup WAN (WAN2) interface

always connected to the Internet. Connectivity Decision & Probe Cycle: Set a number of times and time in seconds to determine

when to switch to the backup link (WAN2) when primary link (WAN1) fails and vise versa. Example, Auto failover takes place after straight 3 consecutive failures in every 30 seconds meaning

all traffic will hand over to backup link (WAN2) after primary link fails to response in total of 90 seconds, 30 seconds for 3 consecutive failures.

Note: Failover and Failback follow the same Connectivity Decision & Probe Cycle rule to failover from WAN1 to WAN2 or fallback from WAN2 to WAN1.

Failover/Fallback Rule Decisions:

1. Probe by Ping: Enable Ping to the gateway or an IP address

 Gateway: Internal system will wait for responses to the pings from the gateway of the WAN.  Host: Internal system will wait for responses to the pings from a fixed IP address.

2. Probe by Signal Strength: Enable to measure the LTE signal strength  Minimum RSRP / RSSI: Set a minimum requirement for RSRP and RSSI for initiating

automatic WAN failback or failover procedures.

Click Save to apply the settings.

Page 64

Device Configuration

Dual WAN – General Setting (Load Balance)

BEC MX-200 User Manual

 Load Balance

Load balance aggregates the bandwidth of the two WAN links to optimize traffic distribution. When the primary Internet (WAN1) goes down, all traffic will be redireced to the backup (WAN2) to

ensure service continuity.

WAN Port Service Detection Policy

WAN1 (Primary): Choose a desired WAN as the primary WAN Link from the list. WAN2 (Backup): Choose a desired WAN as the backup WAN Link from the list. Service Detection: Enable to detect WAN connectivity automatically. Connectivity Decision & Probe Cycle: Set a number of times and time in seconds to determine

when to turn-off the Load Balancing service. Example, Disable Load Balance after straight 3 consecutive failures in every 30 seconds meaning all

traffic will hand over to backup link (WAN2) after primary link fails to response in total of 90 seconds, 30 seconds for 3 consecutive failures.

Deactivate Load Balance Decision:

Probe Ping on WAN 1 / WAN2: Enable Ping to the gateway or an IP address

 Gateway: Internal system will wait for responses to the pings from the gateway of the WAN.  Host: Internal system will wait for responses to the pings from a fixed IP address.

Click Save to apply the settings

Page 65

Device Configuration

Dual WAN – Outbound Load Balance

BEC MX-200 User Manual

Outbound Load Balance

The connections are distributed over WAN1 and WAN2 so that it can utilize bandwidth of both WAN ports. With Outbound load balance, traffic may be routed to a faster link when one of the WAN links is slower or congested so that user gains better throughput and less delay.

User can distribute outbound traffic based on Session Mechanism or IP Hash Mechanism.

Base on Session Mechanism:

Balance by Session (Round Robin): Automatically assign requests/traffics to each WAN interface

based on real-time WAN traffic-handling capacity. OR Balance by Session weight: Manually Balance session traffic based on a weight ratio. Example: Session weight by 3:1 meaning forward 3 requests to WAN1 and 1 request to WAN2.

Base on IP Hash Mechanism:

Balance by weight: Use an IP hash to balance traffic based on a ratio. It is to guarantee requests from

the same IP address get forward to the same WAN interface.

Click Save to apply the settings

Page 66

Device Configuration

Dual WAN – Protocol Binding

BEC MX-200 User Manual

Protocol Binding

Protocol Binding lets you direct specific traffic to go out from a specific WAN port. Policies determine how specific types of internet traffic are routed, for example, traffic from a particular IP address(es) granted access to only one WAN port rather than using both of the WAN ports as with load balancing.

Rule Index: The numeric rule indicator. The maximum entry is up to 16. Active: Click YES to activate the rule Bind Interface: The dedicated WAN interface that guarantees to handle this traffic request. Source IP Address: Enter the source IP address featuring the traffic origin. Subnet Mask: Enter the subnet of the source network. Port Number: Enter the port number which defines the application. Destination IP Address: Enter the destination IP address featuring the traffic destination. Subnet Mask: Enter the subnet of the designation network. Port Number: Enter the port number which defines the application. DSCP: The DSCP value. Value Range from 0~64; 64 means Don't care Protocol: Select a protocol, TCP, UDP, ICMP, to use for this traffic. Click Save to apply the settings

Example:

All traffics from IP 192.168.1.100/255.255.255.0 with port 8080 will go through WAN1 interface. The only time it would go through WAN2 interface is when WAN1 has no Internet connection.

Page 67

Device Configuration

Advanced Setup – Firewall

BEC MX-200 User Manual

Advanced Setup

Advanced Setup provides advanced features including Firewall, Routing, Dynamic Routing, NAT, Static DNS, Time Schedule, Mail Alert, Remote System Log, and Serial for advanced users.

Firewall

Your router includes a firewall for helping to prevent attacks from hackers. In addition to this, when

using NAT (Network Address Translation) the router acts as a “natural” Internet firewall, since all PCs

on your LAN use private IP addresses that cannot be directly accessed from the Internet.

Firewall: To automatically detect and block Denial of Service (DoS) attacks, such as Ping of Death, SYN Flood, Port Scan and Land Attack.

 Enabled: Activate your firewall function.  Disabled: Deactivate the firewall function.

SPI: If you enabled SPI, all traffics initiated from WAN would be blocked, including DMZ, Virtual Server, and ACL WAN side.

 Enabled: Activate your SPI function.  Disabled: Deactivate the SPI function.

Click Save to apply the settings

Page 68

Device Configuration

Advanced Setup – Routing

BEC MX-200 User Manual

Routing

This is static route feature. You are equipped with the capability to control the routing of all the traffic across your network. With each routing rule created, user can specifically assign the destination where the traffic will be routed to.

Index #: The numeric route indicator. Destination IP Address: IP address of the destination network Subnet Mask: The subnet mask of destination network. Gateway IP Address: IP address of the gateway or existing interface that this route uses. Metric: It represents the cost of transmission for routing purposes. The number need not be precise,

but it must be between 1 and 15.

Interface: Media/channel selected to append the route. Edit: Edit the route; this icon is not shown for system default route. Drop: Drop the route; this icon is not shown for system default route.

Add Route

Destination IP Address: This is the destination subnet IP address. Destination Subnet Mask: The subnet mask of destination network. Gateway IP Address or Interface: This is the gateway IP address or existing interface to which

packets are to be forwarded. Metric: It represents the cost of transmission for routing purposes. The number need not be precise,

but it must be between 1 and 15. Click Save to add this route

Page 69

Device Configuration

Advanced Setup – Routing

BEC MX-200 User Manual

Dynamic Routing

The NAT (Network Address Translation) feature transforms a private IP into a public IP, allowing multiple users to access the internet through a single IP account, sharing the single IP address. NAT break the originally envisioned model of IP end-to-end connectivity across the internet so NAT can cause problems where IPSec/ PPTP encryption is applied or some application layer protocols such as SIP phones are located behind a NAT. And NAT makes it difficult for systems behind a NAT to accept incoming communications.

 OSPF

Page 70

Device Configuration

Advanced Setup – Routing

BEC MX-200 User Manual

 BGP

Page 71

Device Configuration

Advanced Setup – NAT

BEC MX-200 User Manual

NAT

NAT Status: Enabled. (Disabled if WAN connection is in BRIDGE mode) VPN Passthrough: VPN pass-through is a feature of routers which allows VPN client on a private

network to establish outbound VPNs unhindered. SIP ALG: Enable the SIP ALG when SIP phone needs ALG to pass through the NAT. Disable the SIP

ALG when SIP phone includes NAT-Traversal algorithm.

Interface: Select a WAN interface connection to allow external access to your internal network. Service Index: Associated to EWAN interface marking each EWAN service (0-7), to select which

EWAN service the DMZ and Virtual server are applied to. Click DMZ or Virtual Server to move on to set the DMZ or Virtual Server

parameters, which are represented in the following scenario.

Page 72

Device Configuration

Advanced Setup – NAT (DMZ)

BEC MX-200 User Manual

DMZ

NOTE: This feature disables automatically if WAN connection is in BRIDGE mode or NAT is being turned OFF.

The DMZ Host is a local computer exposed to the Internet. When setting a particular internal IP address as the DMZ Host, all incoming packets will be checked by the Firewall and NAT algorithms then passed to the DMZ host, when a packet received does not use a port number used by any other Virtual Server entries.

DMZ for (via a WAN Interface): Allows outside network to connect in and communicate with internal LAN devices via this WAN interface

DMZ:

 Enabled: Activate the DMZ function.  Disabled: Deactivate the DMZ function.

DMZ Host IP Address: Give a static IP address to the DMZ Host when Enabled radio button is checked. Be aware that this IP will be exposed to the WAN/Internet.

Click Save to apply the settings

Page 73

Device Configuration

Advanced Setup – NAT (Virtual Server)

BEC MX-200 User Manual

Virtual Server

NOTE: This feature disables automatically if WAN connection is in BRIDGE mode or NAT is being turned OFF.

Virtual Server is also known as Port Forwarding that allows MX-200 to direct all incoming traffic to the servers on the LAN.

Configure a virtual rule in MX-200 for remote users accessing services such as Web or FTP services via the public (WAN) IP address that can be automatically redirected to local servers in the LAN network. Depending on the requested service (TCP/UDP port number), the device redirects the external service request to the appropriate server within the LAN network.

Virtual Server for: Indicate the related WAN interface to allow outside network to connect in and communicate with internal LAN devices.

Protocol: Choose the application protocol. Start / End Port Number: Enter a port or port range you want to forward.

(Example: Start / End: 1000 or Start: 1000, End: 2000). The starting port must be greater than zero (0). The end port must be greater than or equal to the start

port.

Local IP Address: Enter your server IP address in this field. Start / End Port Number (Local): Enter the start / end port number of the local application (service).

Page 74

Device Configuration

Advanced Setup – NAT (Virtual Server)

BEC MX-200 User Manual

Examples of well-known and registered port numbers are shown below. For further information, please

see IANA’s website at http://www.iana.org/assignments/port-numbers

Well-known and Registered Ports

Port Number

Protocol

Description

TCP

FTP Control

TCP & UDP

SSH Remote Login Protocol

TCP

Telnet

TCP

SMTP (Simple Mail Transfer Protocol)

TCP & UDP

DNS (Domain Name Server)

UDP

TFTP (Trivial File Transfer Protocol)

TCP

World Wide Web HTTP

110

TCP

POP3 (Post Office Protocol Version 3)

443

TCP & UDP

HTTPS

1503

TCP

T.120

1720

TCP

H.323

7070

UDP

RealAudio

Using port forwarding does have security implications, as outside users will be able to connect to PCs on your network. For this reason you are advised to use specific Virtual Server entries just for the ports your application requires, instead of using DMZ. As doing so will result in all connections from the WAN attempt to access to your public IP of the DMZ PC specified.

If you have disabled the NAT option in the WAN-ISP section, the Virtual Server function will hence be invalid.

If the DHCP server option is enabled, you have to be very careful in assigning the IP addresses of the virtual servers in order to avoid conflicts. The easiest way of configuring Virtual Servers is to manually assign static IP address to each virtual server PC, with an address that does not fall into the range of IP addresses that are to be issued by the DHCP server. You can configure the virtual server IP address manually, but it must still be in the

Attention

Page 75

Device Configuration

Advanced Setup – NAT (Example)

BEC MX-200 User Manual

Example: How to setup Port Forwarding for port 21 (FTP server)

If you have a FTP server in your LAN network and want others to access it through WAN.

Step 1: Assign a static IP to your local computer that is hosting the FTP server. Step 2: Login to the Gateway and go to Configuration / Advanced Setup / NAT / Virtual Server.

FTP server uses TCP protocol with port 21. Enter ”21” to Start and End Port Number. The MX-200 will accept port 21 requests from WAN side. Enter the static IP assigned to the local PC that is hosting the FTP server. Ex: 192.168.1.102 Enter ”21” to Local Start and End Port number. The MX-200 will forward port 21 request from WAN to

the specific LAN PC (Example: 192.168.1.102) in the network. Step 3: Click Save to save settings.

Page 76

Device Configuration

Advanced Setup – Static DNS

BEC MX-200 User Manual

Static DNS

The Domain Name System (DNS) is a hierarchical naming system built on a distributed database for computers, services, or any resource connected to the Internet or a private network associates various information with domain names assigned to each of the participating entities. Most importantly, it translates domain names meaningful to humans into the numerical identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide.

An often-used analogy to explain the Domain Name System is that it serves as the phone book for the Internet by translating human-friendly computer hostnames into IP addresses. For example, the domain name www.example.com can be translated into the addresses 192.0.32.10 (IPv4).

IP Address: The IP address you are going to give a specific domain name. Domain Name: The friendly domain name for the IP address. Click Save to apply your settings.

Page 77

Device Configuration

Advanced Setup – Time Schedule

BEC MX-200 User Manual

Time Schedule

The Time Schedule supports up to 16 timeslots which helps you to manage your Internet connection. In each time profile, you may schedule specific day(s) i.e. Monday through Sunday to restrict or allowing the usage of the Internet by users or applications.

This Time Schedule correlates closely with router’s time, since router does not have a real time clock on board; it uses the Simple Network Time Protocol (SNTP) to get the current time from an SNTP server from the Internet.

Time Index: The rule indicator (0-15) for identifying each timeslot. Name: User-defined identification for each time period. Day of Week: Mon. to Sun. Specify the time interval for each timeslot from “Day of Week”. Start Time: The starting point of the interval for the timeslot, anytime in 00:00 – 24:00. End Time: The ending point of the interval for the timeslot, anytime in 00:00 – 24:00.

Click Save to apply your settings. Example, you can add a timeslot named “TimeSlot1” which features a period from 9:00 of Monday to

18:00 of Tuesday.

Another TimeSlot2 spanning from 09:00 to 18:00 of Wednesday

Page 78

Device Configuration

Advanced Setup – Mail Alert

BEC MX-200 User Manual

Mail Alert

Mail alert is designed to keep system administrator or other relevant personnel alerted of any unexpected events that might have occurred to the network computers or server for monitoring efficiency. With this alert system, appropriate solutions may be tackled to fix problems that may have arisen so that the server can be properly maintained.

SMTP Server: Enter the SMTP server that you would like to use for sending emails. Username: Enter the username of your email account to be used by the SMTP server. Password: Enter the password of your email account.

Sender’s Email: Enter your email address.

SSL/TLS: Check to whether to enable SSL encryption feature. Port: the port, default is 25. Account Test: Click the button to test the connectivity and feasibility to your sender’s e-mail.

Recipient’s Email (WAN IP Change Alert): Enter a valid e-mail address to receive an alert message when WAN IP change has been detected.

Recipient’s Email (3G/4G-LTE Usage Allowance): E Enter a valid e-mail address to receive an alert message when the 3G over Usage Allowance occurs.

Click Apply button to save your settings

Page 79

Device Configuration

Advanced Setup – Remote System Log

BEC MX-200 User Manual

Remote System Log

Remote System Log: Select Activated to enable this feature Server IP Address: Assign the remote log server IP address. Server UDP Port: Assign the remote log server port, 514 is commonly used. Click Save to apply the settings

Page 80

Device Configuration

Advanced Setup – Serial_RS232 Port

BEC MX-200 User Manual

Serial (RS-232 Port)

Here is the Serial RS-232 port configuration to connect with any existing industrial machine.

General Settings

Baud Rate: Specify the desire baud rate (speed) run on this serial port Data Bits: Specify the number of data bits contained in a frame Parity: A simple form of error detection in a frame Stop Bits: Specify the stop bits of a frame

Application

Mode: Select a mode among Disable, Modbus/TCP, and Serial TCP

 Disable: Disable the serial port, RS-232.  Modbus/TCP: Modbus is a master/slave communication uses IP over Ethernet to carry data

between devices/machines

 Port: Generally uses port 502, master and slave must use the same port. Specify port

other than port 502.

 Response Timeout (ms): Specify a response time-out in milliseconds. After the

response timeout expires, default is in 3000ms (3 seconds), data transactions will get aborted.

Here are the possible causes for a timeout to occur:

 Serial connection errors between the MX-200 and the serial device  Hardware issue with the Serial device  Serial device response time is longer than the specified Response Timeout value.

Increase the time-out value to see if it helps.

Page 81

Device Configuration

Advanced Setup – Serial_RS232 Port

BEC MX-200 User Manual

 TCP:

 Port: Generally uses port 782(tcp/udp). Specify tcp/udp port other than port 782.  Empty Serial Buffer When TCP Connection is Established: When TCP link

connection is established, serial buffer will get deleted. Enable to empty the buffer after TCP connection is up.

 Data packet Delimiter: A way to keep packets in tract.

 Time Delimiter: Default time is in 1000ms. After time has reached, serial data will

be transmitted. Time range from 1 – 30000ms.

 Character Delimiter: Default characters are 0x0d0a. Serial data will get

transmitted when seeing the specified character(s), in this case, 0x0d0a. Valid

characters “0x” + Hex code

 TCP Idle Timeout (Seconds): Default time is in 60 seconds. Specify an idle time-out in

seconds. After the timeout expires, meaning no data transmission within the definded time, serial connection will get aborted.

Page 82

Device Configuration

VPN

BEC MX-200 User Manual

VPN

A Virtual Private Network (VPN) is a private network that interconnects remote (and often geographically separate) networks through primarily public communication infrastructures such as the Internet. VPNs provide security through tunneling protocols and security procedures such as encryption. For example, a VPN could be used to securely connect the branch offices of an organization to a head office network through the public Internet.

MX-200 supports IPSec, PPTP, L2TP, and GRE for enterprise users.

Page 83

Device Configuration

VPN – IPSec

BEC MX-200 User Manual

IPSec

Internet Protocol Security (IPSec) is a protocol suite for securing Internet Protocol (IP)

communications by authenticating and encrypting each IP packet of a communication session. IPSec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session.

IPSec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite. It can be used in protecting data flows between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host).

A total of 8 IPSec tunnels can be added.

Click Add New Connection to create an IPSec connection .

Page 84

Device Configuration

VPN – IPSec

BEC MX-200 User Manual

IPSec Connection Setting

Connection Name: Assign a name for this connection. Example: connection to office. Active: Yes to activate the connection. Interface: Select the set used interface for the IPSec connection, when you select 3G/4G-LTE

interface, the IPSec tunnel would via this interface to connect to the remote peer. Remote Gateway IP: The WAN IP address of the remote VPN gateway that is to be connected,

establishing a VPN tunnel. Local Access Range: Set the IP address or subnet of the local network.

 Single IP: The IP address of the local host, for establishing an IPSec connection between a

security gateway and a host (network-to-host).



Subnet: The subnet of the local network, for establishing an IPSec tunnel between

a pair of

security gateways (network-to-network)

Remote Access Range: Set the IP address or subnet of the remote network.



Single IP: The IP address of the local host, for establishing an IPSec connection between a security gateway and a host (network-to-host). If the remote peer is a host, select Single Address.



Subnet: The subnet of the local network, for establishing an IPSec tunnel between a pair of security gateways (network-to-network), If the remote peer is a network, select Subnet.

Page 85

Device Configuration

VPN – IPSec

BEC MX-200 User Manual

IPSec Phase 1(IKE)

IKE Mode: IKE, Internet Key Exchange, is the mechanism to negotiate and exchange parameters

and keys between IPSec peers to establish security associations(SA). Select Main or Aggressive mode.

Pre-Shared Key: This is for the Internet Key Exchange (IKE) protocol, a string from 4 to 128 characters. Both sides should use the same key. IKE is used to establish a shared security policy and authenticated keys for services (such as IPSec) that require a key. Before any IPSec traffic can be passed, each router must be able to verify the identity of its peer. This can be done by manually entering the pre-shared key into both sides (router or hosts).

Local ID Type and Remote ID Type: When the mode of IKE is aggressive, Local and Remote peers can be identified by other IDs.

IDContent: Enter IDContent the name you want to identify when the Local and Remote Type are Domain Name; Enter IDContent IP address you want to identify when the Local and Remote Type are IP addresses (IPv4 and IPv6 supported).

Encryption Algorithm: Select the encryption algorithm from the drop-down menu. There are several options: DES and AES (128, 192 and 256). 3DES and AES are more powerful but increase latency.

 DES: Stands for Data Encryption Standard, it uses 56 bits as an encryption method.  3DES: Stands for Triple Data Encryption Standard, it uses 168 (56*3) bits as an encryption

method.

 AES: Stands for Advanced Encryption Standards, you can use 128, 192 or 256 bits as

encryption method.

Authentication Algorithm: Authentication establishes the integrity of the datagram and ensures it is not tampered with in transmission. There are 3 options: Message Digest 5 (MD5) and Secure Hash Algorithm (SHA1, SHA256). SHA1 is more resistant to brute-force attacks than MD5. However, it is slower.

 MD5: A one-way hashing algorithm that produces a 128−bit hash.  SHA1: A one-way hashing algorithm that produces a 160−bit hash.

Diffle-Hellman Group: It is a public-key cryptography protocol that allows two parties to establish a shared secret over an unsecured communication channel (i.e. over the Internet). MODP stands for Modular Exponentiation Groups.

IPSec Phase 2(IPSec)

IPSec Proposal: Select the IPSec security method. There are two methods of verifying the

authentication information, AH(Authentication Header) and ESP(Encapsulating Security Payload). Use ESP for greater security so that data will be encrypted and the data origin be authenticated but using AH data origin will only be authenticated but not encrypted.

Page 86

Device Configuration

VPN – IPSec

BEC MX-200 User Manual

Authentication Algorithm: Authentication establishes the integrity of the datagram and ensures it is

not tampered with in transmission. There are 3 options: Message Digest 5 (MD5) and Secure Hash Algorithm (SHA1, SHA256). SHA1 is more resistant to brute-force attacks than MD5. However, it is slower.

 MD5: A one-way hashing algorithm that produces a 128−bit hash.  SHA1: A one-way hashing algorithm that produces a 160−bit hash.

Encryption Algorithm: Select the encryption algorithm from the drop-down menu. There are several options: DES and AES (128, 192 and 256). 3DES and AES are more powerful but increase latency.

 DES: Stands for Data Encryption Standard, it uses 56 bits as an encryption method.  3DES: Stands for Triple Data Encryption Standard, it uses 168 (56*3) bits as an encryption

method.

 AES: Stands for Advanced Encryption Standards, you can use 128, 192 or 256 bits as

encryption method.

Perfect Forward Secrecy: It is a public-key cryptography protocol that allows two parties to establish a shared secret over an unsecured communication channel (i.e. over the Internet). MODP stands for Modular Exponentiation Groups.

IPSec SA Lifetime

SA Lifetime: Specify the number of minutes that a Security Association (SA) will stay active before

new encryption and authentication key will be exchanged. There are two kinds of SAs, IKE and IPSec. IKE negotiates and establishes SA on behalf of IPSec, an IKE SA is used by IKE.

 Phase 1 (IKE): To issue an initial connection request for a new VPN tunnel. The range can be

from 5 to 15,000 minutes, and the default is 480 minutes.

 Phase 2 (IPSec): To negotiate and establish secure authentication. The range can be from 5 to

15,000 minutes, and the default is 60 minutes. A short SA time increases security by forcing the two parties to update the keys. However, every time the VPN tunnel re-negotiates, access through the tunnel will be temporarily disconnected.

IPSec Connection Keep Alive

Keep Alive:

 None: Disable. The system will not detect remote IPSec peer is still alive or lost. The remote

peer will get disconnected after the interval, in seconds, is up.

 PING: This mode will detect the remote IPSec peer has lost or not by pinging specify IP

address.

 DPD: Dead peer detection (DPD) is a keeping alive mechanism that enables the router to be

detected lively when the connection between the router and a remote IPSec peer has lost. Please be noted, it must be enabled on the both sites.

PING to the IP: It is able to IP Ping the remote PC with the specified IP address and alert when the

Page 87

Device Configuration

VPN – IPSec

BEC MX-200 User Manual

connection fails. Once alter message is received, Router will drop this tunnel connection. Reestablish of this connection is required. Default setting is 0.0.0.0 which disables the function

Interval: This sets the time interval between Pings to the IP function to monitor the connection status. Default interval setting is 10 seconds. Time interval can be set from 0 to 3600 second, 0 second disables the function.

Ping to the IP

Interval (sec)

Ping to the IP Action

0.0.0.0

2000

xxx.xxx.xxx.xxx (A valid IP Address)

xxx.xxx.xxx.xxx(A valid IP Address)

2000

Yes, activate it in every 2000 second.

Disconnection Time after No Traffic: It is the NO Response time clock. When no traffic stage time is beyond the Disconnection time set, Router will automatically halt the tunnel connection and re-establish it base on the Reconnection Time set. 180 seconds is minimum time interval for this function.

Reconnection Time: It is the reconnecting time interval after NO TRAFFIC is initiated. 3 minutes is minimum time interval for this function.

Click Save to apply the settings.

Page 88

Device Configuration

VPN – IPSec (Example on LAN-to-LAN)

BEC MX-200 User Manual

Examples: IPSec – Network (LAN) to Network (LAN)

Two of the MX-1000 devices want to setup a secure IPSec VPN tunnel

NOTE: The IPSec Settings shall be consistent between the two routers.

Page 89

Device Configuration

VPN – IPSec (Example on LAN-to-LAN)

BEC MX-200 User Manual

Head Office Side:

Configuration Settings

Description

Connection Name

H-to-B

Name for IPSec tunnel

Remote Secure Gateway

69.121.1.30

IP address of the Branch office gateway

Access Network

Local Access Range

Subnet

Head Office network

Local Network IP Address

192.168.1.0

Local Network Netmask

255.255.255.0

Remote Access Range

Subnet

Branch office network

Remote Network IP Address

192.168.0.0

Remote Network Netmask

255.255.255.0

IPSec Proposal

IKE Mode

Main

Security Plan

Pre-Shared Key

1234567890

Phase 1 Encryption

AES-128

Phase 1 Authentication

SHA1

Phase 1 Diffie-Hellman Group

MODP 1024(group2)

Phase 2 Proposal

ESP

Phase 2 Authentication

SHA1

Phase 2 Encryption

3DES

Prefer Forward Security

MODP 1024(group2)

Page 90

Device Configuration

VPN – IPSec (Example on LAN-to-LAN)

BEC MX-200 User Manual

Branch Office Side:

Configuration Settings

Description

Connection Name

B-to-H

Name for IPSec tunnel

Remote Secure Gateway

69.121.1.3

IP address of the Branch office gateway

Access Network

Local Access Range

Subnet

Head Office network

Local Network IP Address

192.168.0.0

Local Network Netmask

255.255.255.0

Remote Access Range

Subnet

Branch office network

Remote Network IP Address

192.168.1.0

Remote Network Netmask

255.255.255.0

IPSec Proposal

IKE Mode

Main

Security Plan

Pre-Shared Key

1234567890

Phase 1 Encryption

AES-128

Phase 1 Authentication

SHA1

Phase 1 Diffie-Hellman Group

MODP 1024(group2)

Phase 2 Proposal

ESP

Phase 2 Authentication

SHA1

Phase 2 Encryption

3DES

Prefer Forward Security

MODP 1024(group2)

Page 91

Device Configuration

VPN – IPSec (Example on Remote Access)

BEC MX-200 User Manual

Examples: IPSec – Remote Employee to MX-200 Connection

Router servers as VPN server, and host should install the IPSec client to connect to head office through IPSec VPN.

Page 92

Device Configuration

VPN – IPSec (Example on Remote Access)

BEC MX-200 User Manual

Head Office Side:

Configuration Settings

Description

Connection Name

H-to-H

Name for IPSec tunnel

Remote Secure Gateway

69.121.1.30

IP address of the Branch office gateway

Access Network

Local Access Range

Subnet

Head Office network

Local Network IP Address

192.168.1.0

Local Network Netmask

255.255.255.0

Remote Access Range

Signal IP

Host

Remote Network IP Address

69.121.1.30

Remote Network Netmask

255.255.255.255

IPSec Proposal

IKE Mode

Main

Security Plan

Pre-Shared Key

1234567890

Phase 1 Encryption

AES-128

Phase 1 Authentication

SHA1

Phase 1 Diffie-Hellman Group

MODP 1024(group2)

Phase 2 Proposal

ESP

Phase 2 Authentication

SHA1

Phase 2 Encryption

3DES

Prefer Forward Security

MODP 1024(group2)

Page 93

Device Configuration

VPN – PPTP Server

BEC MX-200 User Manual

PPTP Server

The Point-to-Point Tunneling Protocol (PPTP) is a Layer2 tunneling protocol for implementing virtual private networks through IP network.

In the Microsoft implementation, the tunneled PPP traffic can be authenticated with PAP, CHAP, and Microsoft CHAP V1/V2 . The PPP payload is encrypted using Microsoft Point-to-Point Encryption (MPPE) when using MSCHAPv1/v2.

NOTE: 4 sessions for Client and 4 sessions for Server respectively.

PPTP Server: Select Activate to enable PPTP Server. Deactivate to disable the PPTP Server. Authentication Type: The authentication type, Pap or Chap, and MPPE 128bit Encryption. When

using PAP, the password is sent unencrypted, whilst CHAP encrypts the password before sending, and also allows for challenges at different periods to ensure that an intruder has not replaced the client. When passed the authentication with MS-CHAPv2, the MPPE encryption is supported.

MS-DNS: Assign a DNS server or use router default IP address to be the MS-DNS server IP address. Rule Index: The numeric rule indicator for PPTP server. The maximum entry is up to 4. Connection Name: User-defined name for the PPTP connection. Active: Yes to activate the account. PPTP server is waiting for the client to connect to this account. Username: Please input the username for this account. Password: Please input the password for this account. Connection Type: Select Remote Access for single user, Select LAN to LAN for remote gateway. Private IP Address Assigned to Dial-in User: Specify the private IP address to be assigned to

dial-in clients, and the IP should be in the same subnet as local LAN, but not occupied.

Remote Network IP Address: Please input the subnet IP for remote network. Remote Network Netmask: Please input the Netmask for remote network. Click Save to apply your settings.

Page 94

Device Configuration

VPN – PPTP Client

BEC MX-200 User Manual

PPTP Client

PPTP client can help you dial the PPTP server to establish PPTP tunnel over Internet. A total of 4 sessions can be created for PPTP client.

Rule Index: The numeric rule indicator for PPTP client. The maximum entry is up to 4. Connection Name: User-defined name for the PPTP connection. Active: Yes to activate the account. PPTP server is waiting for the client to connect to this account. Authentication Type: The authentication type, Pap or Chap, and MPPE 128bit Encryption. When

Username: Please input the username for this account. Password: Please input the password for this account. Connection Type: Select Remote Access for single user, Select LAN to LAN for remote gateway. Server Address: Enter the WAN IP address of the PPTP server. Remote Network IP Address: Please input the subnet IP for remote network. Remote Network Netmask: Please input the Netmask for remote network. Click Save to apply the settings.

Page 95

Device Configuration

VPN – PPTP (Example on Remote Dial-in)

BEC MX-200 User Manual

Example: PPTP – Remote Employee Dial-in to MX-200

The input IP address 192.168.1.2 will be assigned to the remote worker. Please make sure this IP is not used in the Office LAN.

Configuration Settings

Description

Connection Name

HS-RA

Give a name of L2TP connection

Authentication Type

MPPE 128bit

Authentication type

Username

test

Dial in authenticate user name

Password

test

Dial in authenticate user password

Connection Type

Remote Access

Remote access for dial in

Assigned IP

192.168.1.2

An IP assigned to the dial in client

Page 96

Device Configuration

VPN – PPTP (Example on LAN-to-LAN)

BEC MX-200 User Manual

Example: PPTP – Network (LAN) to Network (LAN) Connection

The branch office establishes a PPTP VPN tunnel with head office to connect two private networks over the Internet. The routers are installed in the head office and branch offices accordingly.

NOTE: Both office LAN networks must be in different subnets with the LAN-LAN application.

Configuring PPTP Server in the Head office

The IP address 192.168.1.2 will be assigned to the router located in the branch office. Please make sure this IP is not used in the head office LAN.

Configuration Settings

Description

Connection Name

HS-LL

Give a name of PPTP connection

Authentication Type

MPPE 128bit

Authentication type

Username

test

Dial in authenticate user name

Password

test

Dial in authenticate user password

Connection Type

LAN to LAN

LAN to LAN for dial in

Assigned IP

192.168.1.2

An IP assigned to the dial in client

Remote Network IP

129.168.0.0

Remote access network Remote Network Netmask

255.255.255.0

Page 97

Device Configuration

VPN – PPTP (Example on LAN-to-LAN)

BEC MX-200 User Manual

Configuring PPTP Client in the Branch office

The IP address 69.1.121.33 is the Public IP address of the router located in head office.

Configuration Settings

Description

Connection Name

BC-LL

Give a name of PPTP connection

Authentication Type

MPPE 128bit

Authentication type

Username

test

Dial in authenticate user name

Password

test

Dial in authenticate user password

Connection Type

LAN to LAN

LAN to LAN for dial in

Server IP

69.121.1.33

Dialed server IP

Remote Network IP

129.168.1.0

Remote access network Remote Network Netmask

255.255.255.0

Page 98

Device Configuration

VPN – L2TP

BEC MX-200 User Manual

L2TP

L2TP, Layer 2 Tunneling Protocol is a tunneling protocol used to support virtual private networks

(VPNs). It does not provide any encryption or confidentiality by itself; it relies on an encryption protocol that it passes within the tunnel to provide.

NOTE: 4 sessions for dial-in connections and 4 sessions for dial-out connections

Rule Index: The numeric rule indicator for L2TP. The maximum entry is up to 8. Connection Name: User-defined name for the connection. Active: To enable or disable the tunnel.

Connection Mode (Dial in)

Connection Mode: Select Dial In to operate as a L2TP server. Authentication Type: Default is Chap/Pap(CHAP, Challenge Handshake Authentication Protocol.

PAP, Password Authentication Protocol.) if you want the router to determine the authentication type to use, or else manually specify PAP if you know which type the server is using (when acting as a client), or else the authentication type you want clients connecting to you to use (when acting as a server).

Username: Please input the username for this account. Password: Please input the password for this account. Private IP Address Assigned to Dial-in User: The private IP to be assigned to dial-in user by L2TP

Page 99

Device Configuration

VPN – L2TP

BEC MX-200 User Manual

server. The IP should be in the same subnet as local LAN, and should not be occupied.

Connection Mode (Dial out)

Connection Mode: Choose Dial Out if you want your router to operate as a client (connecting to a

remote L2TP Server, e.g., your office server).

Server IP Address: Enter the IP address of your VPN Server. Authentication Type: Default is Chap/Pap(CHAP, Challenge Handshake Authentication Protocol.

Username: Please input the username for this account. Password: Please input the password for this account.

Connection Type

 Remote Access: From a single user.  LAN to LAN: Enter the peer network information, such as network address and Netmask.

Tunnel Authentication and Active

Tunnel Authentication: This enables router to authenticate both the L2TP remote and L2TP host.

This is only valid when L2TP remote supports this feature. Secret Password: The secure password length should be 16 characters which may include numbers

and characters.

Local Host Name: Enter hostname of Local VPN device that is connected / establishes a VPN tunnel. Remote Host Name: Enter hostname of remote VPN device. It is a tunnel identifier from the Remote

VPN device matches with the Remote hostname provided. If remote hostname matches, tunnel will be connected; otherwise, it will be dropped.

Active as Default Route: Enabled to let the tunnel to be the default route for traffic, under this circumstance, all packets will be forwarded to this tunnel and routed to the next hop.

Click Save to apply the settings.

Page 100

Device Configuration

VPN – L2TP (Example on Remote Dial-in)

BEC MX-200 User Manual

Example: L2TP VPN – Remote Employee Dial-in to MX-200

A remote worker establishes a L2TP VPN connection with the head office using Microsoft's VPN Adapter (included with Windows XP/2000/ME, etc.). The router is installed in the head office, connected to a couple of PCs and Servers.

The input IP address 192.168.1.200 will be assigned to the remote worker. Please make sure this IP is not used in the Office LAN.

Configuration Settings

Description

Connection Name

HS-RA

Give a name of L2TP connection

Connection Mode

Dial in

Operate as L2TP server

Authentication Type

Chap/Pap

Authentication type

Username

test

Dial in authenticate user name

Password

test

Dial in authenticate user password

Assigned IP

192.168.1.200

An IP assigned to the dial in client

Connection Type

Remote Access

Remote access for dial in

BEC MX-200 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual