Billion BiPAC 7800, BiPAC 7800NEXL User Manual

Security

Packet Filter

Packet filtering enables you to configure your router to block specified internal/external users (IP
address) from Internet access, or you can disable specific service requests (Port number) to /from

Internet. The relationship among all filters is “or” operation, which means that the router checks
these different filter rules one by one, starting from the first rule. As long as one of the rules is
satisfied, the specified action will be taken.

Above is the listing table. Click Add to add new configurations.

Filter name: a user-defined filter name or you can select from the drop-down menu the application,
and leave the automatically generated name as the Filter name.

IP Version: Select the IP Version， IPv4 or IPv6.
Internal IP Address / External IP Address: This is the Address-Filter used to allow or block traffic

to/from particular IP address (es). Input the range you want to filter out. If you leave empty, it means
any IP address.

Protocol: Specify the packet type (TCP/UDP，TCP, UDP, ICMP, RAW and Any) that the rule applies

83

to. Only when RAW is selected, then you can type the protocol number (0-254) to identify the
protocol that you want the filter applies to. When Any is selected, it means the filter will applies to
any protocol.

Internal Port: This Port or Port Range defines the ports allowed to be used by the Remote/WAN to
connect to the application. Default is set from range 1 ~ 65535. It is recommended that this option be
configured by an advanced user.

External Port: This is the Port or Port Range that defines the application. Default is set from range 1
~ 65535.

Action: If a packet matches this filter rule, forward (allows the packets to pass) or drop (disallow
the packets to pass) this packet.

Direction: Determine whether the rule is for outgoing packets or for incoming packets.

Set up

Select the application you want to filter, input the information or leave it as default according to
yourself.

Press Apply to confirm and the item will be listed in the following table.

84

Remove

Check the checkbox, press Remove, the item will be removed.

Reorder

When there are more than one Filter application, you can reorder them to the priority you want. The
former is prior to the latter one.

Click or to change the priority of the filter, then press to confirm.

85

Parental Control

Time Restriction

A MAC (Media Access Control) address is the unique network hardware identifier for each PC on
your network’s interface (i.e. its Network Interface Card or Ethernet card). Using your router’s MAC
Address Filter function, you can configure the network to block specific machines from accessing
your LAN during the specified time.

Action:

L Disable: disable the Time Restriction function.
L Allow: allow the members in the following table to access the router.
L Block: block the members listed in the following table from accessing the router.

Note: here users should add the rules first, then select the wanted action.
Click Add to add the rules.

Username: user-defined name.
MAC Address: enter the MAC address(es) you want to allow or block to access the router and LAN.

The format of MAC address could be: xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx.
Days of the week: select the days of a week this rule takes efforts.

86

Start Time: enter the start time of each day in hh:mm format. Leaving it empty means 00:00.
End Time: enter the end time of each day in hh:mm format. Leaving it empty means 23:59.

Click Apply to confirm your settings. The following prompt window will appear to remind you of the
attention.

If you needn’t this rule, you can check the box, press Remove, it will be OK.

URL Filter
URL (Uniform Resource Locator – e.g. an address in the form of http://www.abcde.com or

http://www.example.com) filter rules allow you to prevent users on your network from accessing
particular websites by their URL. There are no pre-defined URL filter rules; you can add filter rules to
meet your requirements.

URL Filtering: select to enable or disable URL Filtering feature.

87

Keywords Filtering: Allow blocking against specific keywords within a particular URL rather than
having to specify a complete URL (e.g.to block any image called “advertisement.gif”). When enabled,
your specified keywords list will be checked to see if any keywords are present in URLs accessed to
determine if the connection attempt should be blocked. Please note that the URL filter blocks web
browser (HTTP) connection attempts using port 80 only.

Domains Filtering: This function checks the whole URL address but not the IP address against
your list of domains to block or allow. If it is matched, the URL request will either be sent (Trusted) or
dropped (Forbidden).

Restrict URL Features: Click Block Java Applet to filter web access with Java Applet components.
Click Block ActiveX to filter web access with ActiveX components. Click Block Cookie to filter web
access with Cookie components. Click Block Proxy to filter web proxy access.

Exception IP Address: You can input a list of IP addresses as the exception list for URL filtering.
Log: Select Enable for this option if you will like to capture the logs for this URL filter policy.

Keywords Filtering

Click

to add the keywords.

Enter the Keyword, for example image, then click Add.

You can add other keyword like this. The keywords you add will be listed as above. If you want to
reedit the keyword, press the Edit radio button left beside the item, and the word will listed in the
Keyword field, edit, then press Edit/Delete to confirm. If you want to delete certain keyword, check
Delete checkbox right beside the item, and press Edit/Delete. Click Return to be back to the
previous page.

88

Domain Filtering

Click to add Domains.

Domains Filtering: enter the domain you want this filter applies to.
Type: select the action this filter deals with the Domain.

L Forbidden Domain: the domain is the forbidden to access.
L Trusted Domain: the domain is trusted and allowed access.

Enter a domain and select whether this domain is trusted or forbidden with the pull-down menu. Next,
click Add. Your new domain will be added to either the Trusted Domain or Forbidden Domain listing,
depending on which you selected previously. For specific process, please refer to Keywords

filtering.

Exception IP Address

Click to add the IP Addresses.

Enter the except IP address. Click Add to save your changes. The IP address will be entered into
the Exception List, and excluded from the URL filtering rules in effect. For specific process, please
refer to Keywords filtering.

At the URL Filter page, press Apply to confirm your settings.

89

QoS - Quality of Service

QoS helps you to control the data upload traffic of each application from LAN (Ethernet) to WAN
(Internet). It facilitates you the features to control the quality and speed of throughput for each
application when the system is running with full upstream load.

Quality of Service: Check to activate this function and the following field will be available.
If Enable QoS checkbox is selected, choose a default DSCP mark to automatically mark incoming

traffic without reference to a particular classifier.
If Enable Qos checkbox is not selected, all QoS will be disabled for all interfaces.

Select Default DSCP Mark: Select the default DSCP mark from the list-box. Differentiated Services
Code Point (DSCP) is the first 6 bits in the ToS byte. DSCP Mark allows users to classify the traffic
of the application to be executed according to the DSCP value. The default DSCP mark is used to
mark all egress packets that do not match any classification rules.

Note: Before configuring Queue config and QoS Classification section, you must enable QoS
function, for the reason that the queues’ activation will depend on this, the classification will also
depend on this.

The corresponding IP precedence and DSCP mapping table is listed below.

90

IP Precedence and DSCP Mapping Table

Mapping Table

Default (000000) Best Effort

EF(101110)

AF11 (001010)
AF12 (001100)

AF13 (001110)

AF21 (010010)
AF22 (010100)

AF23 (010110)
AF31 (011010)

AF32 (011100)

AF33 (011110)
AF41 (100010)
AF42 (100100)
AF43 (100110)

CS1(001000)
CS2(010000)
CS3(011000)
CS4(100000)
CS5(101000)
CS6(110000)
CS7(111000)

Expedited Forwarding
Assured Forwarding Class1(L)

Assured Forwarding Class1(M)
Assured Forwarding Class1(H)

Assured Forwarding Class1(L)
Assured Forwarding Class1(M)

Assured Forwarding Class1(H)
Assured Forwarding Class1(L)

Assured Forwarding Class1(M)
Assured Forwarding Class1(H)

Assured Forwarding Class1(L)
Assured Forwarding Class1(M)
Assured Forwarding Class1(H)
Class Selector(IP precedence)1
Class Selector(IP precedence) 2
Class Selector(IP precedence)3
Class Selector(IP precedence) 4
Class Selector(IP precedence) 5
Class Selector(IP precedence) 6
Class Selector(IP precedence) 7

DSCP indicates three kinds of service, Class Selector (CS), Assured Forwarding (AF) and Expedited
Forwarding (EF). AF1, AF2, AF3 and AF4 are four kinds of assured forwarding services. Each AF
has three different packet loss priorities from high, medium, to low. Also, CS1-CS7 indicates the IP
precedence.

Click Apply to confirm the settings.

91

Queue Config

Queue is a technology of managing congestion providing precautions with the packets storing and
scheduling. Queue Config allows you to configure a QoS queue entry and assign it to a specific
network interface. Each queue entry set here will be used by the classfier to place ingress packets
appropriately.

Note:

parameters listed above can be configured there. For detail, please turn to WAN > WAN Interface
section for help. You can also add other queues to the ATM and PTM interfaces despite of the
default queue.

And Wireless Service queue will be enabled by default if you enable wireless. Also if you enable
virtual APs, the corresponding WMM service queues will be enabled as well.

Name: the queue name.
Key: the item number.
Interface: the queue interface.
Scheduler Algorithm: the QoS Scheduler Algorithm, SP(Strict Priority) or WFQ(Weight Fair

Queuing)

Precedence: the priority identification.
Weight: the weight value, 1-63. the highest is 63.
PTM Priority: the PTM priority, normal or high.
Enable: check the enable check-box, then press Enable to activate the queue. If you want to

disable this queue, you can uncheck the corresponding check-box and press Enable, the queue will
be disabled.

the interface set in the WAN> WAN Interface will be list as Default Queue here, and the

If the queue is enabled, you will see a tick, like . Otherwise, the queue is disabled.

92

Click Add to create a queue.

Name: Type the name of the queue.
Enable: Select whether to enable the queue.
Interface: Select which interface this queue applies to.

Select interface, the following corresponding parameters will appear to let you configure, Enter the
information, Click Apply to conform. Then the item will be listed in the table.

Precedence: the precedence of the queue, interface P1-P4, 4 levels from high to low are 1-4. ATM
or PTM interfaces, 7 levels from high to low are 1-7, for the precedence of the default queue with the
interface of SP Scheduler Algorithm is 8. Here if the interface is of WFQ Scheduler Algorithm, you
should enter the weight of the queue.

93

Click Apply to save and the added queue will be listed as below.

Enable: check the enable check-box, then press Enable to activate the queue. If you want to
disable this queue, you can uncheck the corresponding check-box and press Enable, the queue will
be disabled.

Remove: To delete the QoS rule from the table, check Remove checkbox then click Remove
button to delete the selected item.

Note: only the queue added via the above mode can be directly removed here, the default queue

can’t be removed here, if you want to remove them, remove the interface in WAN > WAN Interface
section.

Note: In ATM mode, maximum queues can be configured: 16

In PTM mode, maximum queues can be configured: 8
For each Ethernet interface, maximum queues can be configured: 4
If you disable WMM function in Wireless Page, queues related to wireless will not take effects.

94

QoS Classification

This screen displays a packet QoS summary table and allows user to add or remove a QoS
classification class. This is the main place to configure the classification, marking and queuing rules.

Click Add to add Network Traffic Class Rule.

95

The classification rule is a ‘AND’ mode, that is a rule takes effect only when all of the specified
conditions must be satisfied.

Parameters

Traffic Class Name: Assign a name for this class to uniquely identify the others among multiple

classes.

Rule Order: Select the priority for this class rule.
Rule Status: Select Enable to activate this class rule.

Specify Classification Criteria

The following parameters are to be classification rule. Enter or select appropriate parameters on the
following fields. A blank criterion indicates it is not used for classification.

Class Interface: select the interface you want to be the one aspect of the classification criteria.
Here ”LAN->WAN” and ”WAN->LAN” can be viewed as IP QoS, the others can be viewed as ported­based QoS, which means that control the QoS of certain port such. For example, if you select P1
port, then criteria applies to this port, that is ported-based QoS.

Entry Type: select the application type.
Source/destination MAC Address: enter the source and destination MAC address as the QoS

Classification Criteria. The format should be xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx.
Source/destination MAC Mask: MAC mask is similar to IP mask, and the format also should be

xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx. It is used to hide some information of the MAC address. ‘1’,
means needed and ‘0’ means ignored. For example, MAC address e0:3b:4a:c2:ca:e2 and MAC
mask ff:ff:ff:00:00:00, that is whatever MAC address while matches e0:3b:4a:XX:XX:XX, will be
accepted.

Specify Classification Results

Enter or select appropriate parameters you want for the packets matched the above classification
criteria in the following fields. You have to choose a classification queue. A blank mark or tag value
means no change.

Assign Classification Queue: assign classification queue from the drop-down box. If you want to
select the queue, you should make sure the specific queue is enabled in Queue Config section.

Mark Differentiated Service Code Point (DSCP): select the DSCP you want to be the new DSCP
for the packets which matched the above classification criteria.

Mark 802.1p priority: it is a LAN Layer 2 QoS/CoS Protocol for Traffic Prioritization. It is
interoperable with IEEE 802.1Q. 802.1p has 8 kinds of priority.

Tag VLAN ID: enter the tag VLAN ID, 0-4094, used to determine the VLAN the frame belongs to.
Rate Type: You can choose Limited or Guaranteed.
Ratio: The rate percent in contrast to that on WAN interface.

Note: 802.1p/vlan tag feature be supported only when in bridge mode, DSL WAN interface.

Click Apply to confirm the settings and you will be returned to the QoS Classification page.

Enable: To disable the item, please uncheck Enable check box then click Enable button.
Remove: To delete the QoS class from the table, check Remove checkbox then click Remove

button to delete the selected item.

96

Set up a QoS Classification

IP QoS

LAN to WAN IP QoS

1. It is a QoS controlling the traffic from LAN to WAN. So first make sure there is at least one WAN
queue. If you have configured WAN interface and it will appeared as a default queue, you can also
add other queues of the specific interface. See Queue Config.

Here we have a atm0 (WAN interface), the interface has a default queue and an added queue. Make
sure to enable the queue.

97

2. In QoS Classification Setup page, Click Add to add a Qos Classification.

Then in the appeared Add Network Traffic Class Rule page, enter the information to set up a rule.

1) Specify the rule name, rule order, and rule status.

2) Specify the classification criteria. Here you can set every parameter to strictly control the specific
traffic or you can set several parameters to let them be the key elements to control the traffic. A
blank criterion indicates it is not used for classification.

98

3) Specify the classification results. Here you must Assign Classification Queue. Whether the
following parameters are needed is according to your needs. If you do not want to change the
original information, please leave it empty. The queues listed here in the Assign Classification
Queue are WAN interface queues set in Queue Config section. Select the needed queue. If you find
none queues here, turn back to check whether you have configured a queue and enable it.

3. Click Apply to save your settings. The added rule will listed as below.

Enable: check the enable check-box, then press Enable to activate the rule. If you want to disable
this rule, you can uncheck the corresponding check-box and press Enable button, the rule will be
disabled.

Remove: To delete the QoS class from the table, check Remove checkbox then click Remove
button to delete the selected item.

99

WAN to LAN IP QoS

1. Here we take WAN to LAN (P1) QoS for example. Make sure there are enabled port P1 based
queues here. LAN queues need your configuration. You can enable wireless to enable WMM queues
by default or add P1-P4 ported based queues manually.

2. In QoS Classification Setup page, Click Add to add a Qos Classification.

100

Then in the Add Network Traffic Class Rule page, enter the information to set up a rule.

3. Click Apply to save your settings. The added rule will be listed as below.

101

Port-based QoS

Take port P1 to WAN QoS for example.

1. First make sure there is at least a WAN queue and it is enabled.

2. In QoS Classification Setup page, Click Add to add a QoS Classification.

102

Then in the Add Network Traffic Class Rule page, enter the information to set up a rule to your
needs. To Assign Classification queue, select the needed WAN queue.

3. Click Apply to save your settings and the added rule will be listed as below.

103

Routing

Default Gateway

To set default gateway and Available Routed WAN Interface. This interfaces are the ones you have
set in WAN section, here select the one you want to be the default gateway by moving the interface

via or . And select a Default IPv6 Gateway from the drop-down menu.

Note: Only one default gateway interface will be used according to the priority with the first being the
highest and the last one the lowest priority if the WAN interface is connected.

104

Static Route

With static route feature, you are equipped with the capability to control the routing of the all the
traffic across your network. With each routing rule created, you can specifically assign the
destination where the traffic will be routed to.

Above is the static route listing table, click Add to create static routing.

IP Version: select the IP version, IPv4 or IPv6.
Destination IP Address / Prefix Length: enter the destination IP address and the prefix length. For

IPv4, the prefix length means the number of ‘1’ in the submask, it is another mode of presenting
submask. One IPv4 address,192.168.1.0/24, submask is 255.255.255.0. While in IPv6, IPv6
address composes of two parts, thus, the prefix and the interface ID, the prefix is like the net ID in
IPv4, and the interface ID is like the host ID in IPv4. The prefix length is to identify the net ID in the
address. One IPv6 address, 3FFE:FFFF:0:CD30:0:0:0:0 / 64, the prefix is 3FFE:FFFF:0:CD3.

Interface: select an interface this route associated.
Gateway IP Address: enter the gateway IP address.
Metric: Metric is a policy for router to commit router, to determine the optimal route. Enter one

number greater than or equal to 0.
Click Apply to apply this route and it will be listed in the route listing table.

105

In listing table you can remove the one you don’t want by checking the checking box and press
Remove button.

106

Policy Routing

Here users can set a route for the host (source IP) in a LAN interface to access outside through a
specified Default Gateway or a WAN interface.

The following is the policy Routing listing table.

Click Add to create a policy route.

Policy Name: user-defined name.
Physical LAN Port: select the LAN port.
Source IP: enter the Host Source IP.
Interface: select the WAN interface which you want the Source IP to access outside through.
Default Gateway: enter the default gateway which you want the Source IP to access outside

through.

Click Apply to apply your settings. And the item will be listed in the policy Routing listing table. Here
if you want to remove the route, check the remove checkbox and press Remove to delete it.

107

RIP

RIP, Router Information Protocol, is a simple Interior Gateway Protocol (IGP). RIP has two versions,
RIP-1 and RIP-2.

Interface: the interface the rule applies to.
Version: select the RIP version, there are two versions, RIP-1 and RIP-2.
Operation: RIP has two operation mode.

L Passive: only receive the routing information broadcasted by other routers and modifies its

routing table according to the received information.

L Active: working in this mode, the router sends and receives RIP routing information and

modifies routing table according to the received information.

Enable: check the checkbox to enable RIP rule for the interface.

Note: RIP can not be configured on the WAN interface which has NAT enabled (such as PPPoE).

Click Apply to apply your settings.

108