User Manual BEC MX-200 Advanced Industrial 4G/LTE Router Last revised: February, 2017 Version release: v2.
Copyright Notice Copyright@ 2017 BEC Technologies Inc. All rights reserved. BEC Technologies reserves the right to change and make improvement to this manual at any time without prior notice. No part of this document may be reproduced, copied, transmitted in any form or by any means without prior written permission from BEC Technologies, Inc. Support Contact Information Contact Support: http://bectechnologies.net/support/.
TABLE OF CONTENTS CHAPTER 1: INTRODUCTION ......................... 1 INTRODUCTION TO YOUR ROUTER .............................................................. 1 FEATURES & SPECIFICATIONS .................................................................... 3 HARDWARE SPECIFICATIONS ..................................................................... 5 APPROVES ............................................................................................ 5 APPLICATION DIAGRAMS ...............................
STATUS.............................................................................................. 28 Device Info ........................................................................................................ 28 System Log ........................................................................................................ 29 4G-LTE Status .................................................................................................... 30 Statistics.........................................
OpenVPN Client ............................................................................................................ 112 Access Management ...................................................................................... 117 Device Management..................................................................................................... 117 SNMP ............................................................................................................................ 118 Syslog...........
Introduction 1 CHAPTER 1: INTRODUCTION Introduction to your Router The BEC MX-200 Advanced Industrial 4G/LTE Router is a high performance fixed wireless platform enabling real-time 4G Cellular data connectivity for your existing serial devices and Ethernet network. The MX-200 provides a reliable and cost-effective alternative solution for business continuity. The platform can serve as the primary connection or backup connection when wired connections fail are unavailable or non-existent.
Introduction 2 protocol stacks either independently or in a hybrid form. The hybrid form is commonly implemented in modern operating systems supporting IPv6. Quick Start Wizard Support a WEB GUI page to install this device quickly. With this wizard, simple steps will get you connected to the Internet immediately. Firmware Upgradeable Device can be upgraded to the latest firmware through the WEB based GUI.
Introduction Features & Specifications Features & Specifications • 4G/LTE and/or Ethernet IP broadband connectivity (3G Fallback optional) • High performance SX antenna for increased coverage, signal reception and efficiency • Gigabit Ethernet WAN (GbE WAN) for Cable/Fiber/xDSL high WAN throughput • Gigabit Ethernet LAN • IPv6 ready (IPv4/IPv6 dual stack) • Secured IPSec VPN with powerful DES/ 3DES/ AES • Secured PPTP VPN with Pap/ Chap/ MPPE authentication • Secured L2TP VPN with Pap/Chap authentication •
Introduction Features & Specifications 4 • MLD proxy and MLD snooping • Supports port-based Virtual LAN (VLAN) Firewall • Built-in NAT Firewall • Stateful Packet Inspection (SPI) • DoS attack prevention including Land Attack, Ping of Death, etc.
Introduction Hardware Specifications & Approves 5 Hardware Specifications Physical interface • 4G/LTE: Two(2) detachable antennas • GPS: 1 detachable GPS antenna (optional) • WAN: Cellular 4G/LTE (and/or ETH WAN Optional) • RS-232 (DCE, DB-9): one (1) port • Ethernet LAN: 2-port 10/100/1000Mbps, auto-crossover (MDI/ MDI-X) switch • SIM Card: One (1) slot • Reset Button • Power Connector: 4-pin connectors • LED Indicators: Power / Internet / LTE / Ethernet Physical Specifications • Dimensions (W*H*D): 4.
Introduction Application Diagrams 6 Application Diagrams The MX-200 Advanced Industrial 4G/LTE VPN Router is ideal the ideal solution for Digital signage, Remote surveillance, Vending Machines, Retail Point-of-Sales (PoS), Remote patient care/maintenance services, SCADA, Metering applications and much more.
Product Overview CHAPTER 2: PRODUCT OVERVIEW Important Note for Using This Router Do not use the router in high humidity or high temperature. Do not use the same power source for the MX-200 on other equipment. Do not open or repair the case yourself. If the device becomes too hot, turn off the power immediately and have it repaired at a qualified service center. Avoid using this product and all accessories outdoors. Warning Place the router on a stable surface.
Product Overview Device Description 8 Device Description 2 1 INTERFACE MEANING ETH1 is a LAN / WAN configurable port for broadband connectivity 1 Gigabit Ethernet (LAN 1 ~ 2) Connect PCs, Laptops or any other office/home LAN devices with the supplied RJ-45 Ethernet cable (Cat-5 or Cat-5e) to any of those two LAN ports. RS-232 serial port for machine connection and data collection 2 SERIAL Connect the male end of RS-232 serial data cable to the MX-200 and the other end to a machine or PC.
Product Overview Device Description 1 2 9 1 3 4 INTERFACE MEANING WAN (MAIN/AUX) SMA female connectors. 4G/LTE Antenna Connectors Manually screw the 3G/4G antennas tight to the female connectors for the Cellular Module 2 GPS Antenna Connector SMA female connectors. 3 RESET 1 Manually screw the GPS antenna tight to the connector After the device is powered on, press it 6 seconds or above: to restore to factory default settings (this is used when you cannot login to the router, e.g.
Product Overview Device Description 4 1 2 1 10 5 1 3 1 LEDS / INTERFACE MEANING ETH #1 Can be configured to be WAN port for broadband connectivity Green 1 Gb ETH (1 & 2) 4 5 Red Transmission speed is at 10/100Mbps Blinking Data being transmitted/received Off No device is connected to the Ethernet port Green RSSI greater than -69 dBm. Excellent signal condition Green / Fast Flashing RSSI from -81 to -69 dBm. Good signal condition Red / Fast Flashing RSSI from -99 to -81 dBm.
Product Overview System Recovery Procedure & Cabling 11 System Recovery Procedures The purpose is to allow users to restore the MX-200 to its initial stage when the device is outage, upgraded to a wrong / broken firmware, cannot access to the GUI with wrong username and/or password, etc. Step 1 – Configure your PC Network IP Address Before performing the system recovery, assign this IP address and Netmask to your PC, 192.168.1.100 and 255.255.255.0 respectively. Step 2 – Reset your MX-200 Device 2.
Basic Installation 12 CHAPTER 3: BASIC INSTALLATION The router can be configured with your web browser. A web browser is included as a standard application in the following operating systems: Windows Vista / 7 / 8, Linux, Mac OS, etc. The product provides an easy and user-friendly interface for configuration.
Basic Installation Network Configuration – Windows 10 (IPv4) Network Configuration – IPv4 Configuring PC in Windows 10 (IPv4) 1. Click . 2. Click 3. Then click on Network and Internet. 4. Under Related settings, Network and Sharing Center 5. When the Network and Sharing Center window pops up, select and click on Change adapter settings on the left window panel. 6. Select the Local Area Connection, and right click the icon to select Properties.
Basic Installation Network Configuration – Windows 10 (IPv4) 7. Select Internet Protocol Version 4 (TCP/IPv4) then click Properties. 8. In the TCP/IPv4 properties window, select the Obtain an IP address automatically and Obtain DNS Server address automatically radio buttons. Then click OK to exit the setting. 9. Click OK again in the Local Area Connection Properties window to apply the new configuration.
Basic Installation Windows 7/8 (IPv4) Configuring PC in Windows 7/8 (IPv4) 1. Go to Start. Click on Control Panel. 2. Then click on Network and Internet. 3. When the Network and Sharing Center window pops up, select and click on Change adapter settings on the left window panel. 4. Select the Local Area Connection, and right click the icon to select Properties.
Basic Installation Windows 7/8 (IPv4) 5. Select Internet Protocol Version 4 (TCP/IPv4) then click Properties. 6. In the TCP/IPv4 properties window, select the Obtain an IP address automatically and Obtain DNS Server address automatically radio buttons. Then click OK to exit the setting. 7. Click OK again in the Local Area Connection Properties window to apply the new configuration.
Basic Installation Windows Vista (IPv4) Configuring PC in Windows Vista (IPv4) 1. Go to Start. Click on Network. 2. Then click on Network and Sharing Center at the top bar. 3. When the Network and Sharing Center window pops up, select and click on Manage network connections on the left window pane. 4. Select the Local Area Connection, and right click the icon to select Properties.
Basic Installation Windows Vista (IPv4) 5. Select Internet Protocol Version 4 (TCP/IPv4) then click Properties. 6. In the TCP/IPv4 properties window, select the Obtain an IP address automatically and Obtain DNS Server address automatically radio buttons. Then click OK to exit the setting. 7. Click OK again in the Local Area Connection Properties window to apply the new configuration.
Basic Installation Windows 10 (IPv6) Network Configuration – IPv6 Configuring PC in Windows 10 (IPv6) 1. Click . 2. Click 3. Then click on Network and Internet. 4. Under Related settings, Network and Sharing Center 5. When the Network and Sharing Center window pops up, select and click on Change adapter settings on the left window panel. 6. Select the Local Area Connection, and right click the icon to select Properties.
Basic Installation Windows 10 (IPv6) 7. Select Internet Protocol Version 6 (TCP/IPv6) then click Properties. 8. In the TCP/IPv6 properties window, select the Obtain an IPv6 address automatically and Obtain DNS Server address automatically radio buttons. Then click OK to exit the setting. 9. Click OK again in the Local Area Connection Properties window to apply the new configuration.
Basic Installation Windows 7/8 (IPv6) Configuring PC in Windows 7/8 (IPv6) 1. Go to Start. Click on Control Panel. 2. Then click on Network and Internet. 3. When the Network and Sharing Center window pops up, select and click on Change adapter settings on the left window panel. 4. Select the Local Area Connection, and right click the icon to select Properties.
Basic Installation Windows 7/8 (IPv6) 5. Select Internet Protocol Version 6 (TCP/IPv6) then click Properties. 6. In the TCP/IPv6 properties window, select the Obtain an IPv6 address automatically and Obtain DNS Server address automatically radio buttons. Then click OK to exit the setting. 7. Click OK again in the Local Area Connection Properties window to apply the new configuration.
Basic Installation Windows Vista (IPv6) Configuring PC in Windows Vista (IPv6) 1. Go to Start. Click on Network. 2. Then click on Network and Sharing Center at the top bar. 3. When the Network and Sharing Center window pops up, select and click on Manage network connections on the left window pane. 4. Select the Local Area Connection, and right click the icon to select Properties.
Basic Installation Windows Vista (IPv6) 5. Select Internet Protocol Version 6 (TCP/IPv6) then click Properties. 6. In the TCP/IPv6 properties window, select the Obtain an IP address automatically and Obtain DNS Server address automatically radio buttons. Then click OK to exit the setting. 7. Click OK again in the Local Area Connection Properties window to apply the new configuration.
Basic Installation Default Settings 25 Default Settings Before configuring the router, you need to know the following default settings. Web Interface: (Username and Password) Administrator Username: admin Password: admin User Username: user Password: user If you ever forget the username/password to login to the router, you may press the RESET button up to 6 seconds then release it to restore the factory default settings.
Device Configuration Login to Your Device 26 CHAPTER 4: DEVICE CONFIGURATION Login to your Device Open your web browser, enter the IP address of your router, which by default is 192.168.1.254, and click “Go”, a user name and password window prompt appears. The default username and password is “admin” and “admin” respectively for the Administrator. For the User account, default username and password is “user” and “user”. NOTE: This username / password may vary by different Internet Service Providers.
Device Configuration Login to Your Device 27 Once you have logged on to your MX-200 via your web browser, you can begin to set it up according to your requirements.
Device Configuration Status – Device Info 28 Status Device Info It provides brief status summary of the device. Device Information Model Name: Name of the router for identification purpose. Firmware Version: Software version currently loaded in the router MAC Address: A unique number that identifies the router Data Time: Setup correct time on the MX-200 with your PC. Check on Time Zone section for more configuration information. System Uptime: Display how long the MX-200 has been powered on.
Device Configuration Status – System Log System Log In system log, you can check the operations status and any glitches to the router. Refresh: Press this button to refresh the statistics. Backup: Press to save the System log, log.cfg, to your computer / notebook.
Device Configuration Status – 4G/LTE 30 4G-LTE Status It contains 3G/4G-LTE connection information. Status: The current status of the 3G/4G-LTE connection. Signal Strength: The signal strength bar and dBm value indicates the current 3G/4G-LTE signal strength. The front panel 3G/4G-LTE Signal Strength LED indicates the signal strength as well.
Device Configuration Status – 4G/LTE Usage Allowance Amount Used: Display the amount of mobile data used and remaining in current billing cycle. Billing Cycle: Display the start date and number of days remaining in current billing cycle Clean: Reset current saved mobile usage Save: Click to save current mobile status to ROM Refresh: Click to refresh the page.
Device Configuration Status – Statistics (4G/LTE) 32 Statistics 4G/LTE Take 4G/LTE as an example to describe the following connection transmission information. Traffic Statistics Interface: List all available network interfaces in the router. You are currently checking on the physical status of 3G or 4G/LTE interface. Transmit Statistics Transmit Frames of Current Connection: Display the total number of 3G/4G/LTE frames transmitted until the latest second for the current connection.
Device Configuration Status – Statistics (EWAN/LAN #1) 33 EWAN (LAN1) Traffic Statistics Interface: List all available network interfaces in the router. You are currently checking on the physical status of the EWAN(Ethernet #1) port. Transmit Statistics Transmit Frames: Display the number of frames transmitted until the latest second. Transmit Multicast Frames: Display the number of multicast frames transmitted until the latest second.
Device Configuration Status – Statistics (Ethernet) 34 Ethernet Traffic Statistics Interface: List all available network interfaces in the router. You are currently checking on the physical status of the Ethernet port. Transmit Statistics Transmit Frames: Display the number of frames transmitted until the latest second. Transmit Multicast Frames: Display the number of multicast frames transmitted until the latest second.
Device Configuration Status – DHCP Table DHCP Table DHCP table displays the devices connected to the router with clear information. Index #: The numeric indicator for devices using dynamic IP addresses. Host Name: Display the hostname of the PC. IP Address: The IP allocated to the device. MAC Address: The MAC of the connected device. Expire Time: The total remaining interval since the IP assignment to the PC.
Device Configuration Status – IPSec Status 36 IPSec Status Index #: The numeric IPSec VPN tunnel/ rule. Action: Display Connect or Drop the connection. Connection Name: The profile name of the VPN connection/tunnel. Active: Display Yes or No to indicate the profile is enabled or disabled. Connection State: Display statuses of IPSec phase 1 and phase 2 connections. Statistics: Display upstream/downstream traffic per session in KB. The value clears when session disconnects.
Device Configuration Status – PPTP Status 37 PPTP Status PPTP Server Index #: The numeric PPTP VPN tunnel/ rule. Connection Name: The profile name of the VPN connection/tunnel. Active: Display Yes or No to indicate the profile is enabled or disabled. Connection State: Display the VPN connection status. Connection Type: Display if VPN connection is for single PC use (Remote Access) or multi-user use (LAN to LAN). Assigned IP Address: Display the IP address assigned to the client by the PPTP Server.
Device Configuration Status – L2TP & GRE Status 38 L2TP Status Index #: The numeric L2TP VPN tunnel/rule indicator. Connection Name: The profile name of the VPN connection/tunnel. Active: Display Yes or No to indicate the profile is enabled or disabled. Connection State: Display Yes/No to indicate the VPN connection status. Connection Mode: Display if L2TP mode is a dial-in or dial-out. Connection Type: Display if VPN connection is for single PC use (Remote Access) or multi-user use (LAN to LAN).
Device Configuration Status – OpenVPN Status 39 OpenVPN Status OpenVPN Server Index #: The numeric OpenVPN tunnel/ rule. Connection Name: The profile name of the VPN connection/tunnel. Active: Display Yes or No to indicate the profile is enabled or disabled. Service Port: Display the port/protocol (1194/udp) used for OpenVPN connection. Tunnel Network: Display the virtual tunnel IP address and Netmask of the OpenVPN server.
Device Configuration Status – ARP Table 40 ARP Table ARP (Address Resolution Protocol) table displays a mapping IP address with a PC’s MAC address. #: The numeric table list indicator. IP Address: It is the internal/local IP address to access to the network. MAC Address: The MAC address of a device, e.g. PC, notebook, printer, etc., that is corresponded with the IP address.
Device Configuration Quick Start 41 Quick Start This is a useful and easy utility to help you to setup the router quickly and to connect to your ISP (Internet Service Provider) with only a few steps. It will guide you step by step to setup password, time zone, and WAN settings of your device. The Quick Start Wizard is a helpful guide for the first-time users to the device. For detailed instructions on configuring WAN settings, see refer to the Interface Setup section. Click NEXT to move on to Step 1.
Device Configuration Quick Start 42 3.1 Select an appropriate WAN connection protocol then click NEXT to continue. 3.2(1) If selected 4G/LTE Input all relevant 3G/4G/LTE parameters from your cellular provider. Click Next to continue. 3.2(2) If selected EWAN(LAN1) / Static IP or PPPoE, static IP address or PPPoE account information provided by your ISP. Click NEXT to continue. Step 4 – Quick Start Completed The Setup Wizard has completed. Click on BACK to make changes or correct mistakes.
Device Configuration Interface Setup – Internet (4G/LTE) 43 Device Configuration Interface Setup Here are the features under Interface Setup: Internet and LAN Internet 4G/LTE WAN Interface: List all available WAN interfaces. (In this section, you have selected to use 4G/LTE) Status: Choose Activated to enable the 4G/LTE connection. Usage Allowance: Enable and click “Usage Allowance” for further setting configuration of your 4G/LTE data usage.
Device Configuration Interface Setup – Internet (4G/LTE) 44 Usage Allowance (Cont.) Mode: Include Volume-based and Time-based control. Volume-based include “only Download”, ”only Upload”, and “Download and Upload” to limit the flow. Time-based control the flow by providing specific hours per month. The billing period begins on: the beginning day of billing each month. Over usage allowance action: Here are actions to perform when mobile data usage, defined in Mode, reached to its maximum.
Device Configuration Interface Setup – Internet (4G/LTE) 45 LTE Antenna Diversity *: When enabled, the auxiliary antenna will be activated. With disabled, only the primary antenna is receiving and transmitting data. To change it, please click “LTE Antenna Diversity” link to access to the selection page. LTE Antenna Diversity To enable or disable the LTE antenna diversity feature.
Device Configuration Interface Setup – Internet (4G/LTE) 46 provider. Connection: Default set to Always on to keep an always-on 3G/4G-LTE connection. Keep Alive / IP: Select Yes to keep the 3G/4G-LTE connection always on. Manually enter the Keep Alive IP Address to be used for ping operation to check if the connection is still on. Default Route: Select Yes to use this interface as default route interface. NAT: Select this option to Disabled/Enable the NAT (Network Address Translation) function.
Device Configuration Interface Setup – Internet (EWAN) 47 EWAN (LAN 1) Status: Select to enable/activate or disable/deactivated the service. IPv4/IPv6 IP Version: Choose IPv4, IPv4/IPv6, IPv6 based on your environment. If you don’t know which one to choose from, please choose IPv4/IPv6 instead.
Device Configuration Interface Setup – Internet (EWAN) 48 ISP Connection Type: ISP: Select the encapsulation type your ISP uses. Dynamic IP: Select this option if your ISP provides you an IP address automatically. Static IP: Select this option to set static IP information. You will need to enter in the Connection type, IP address, subnet mask, and gateway address, provided to you by your ISP. Each IP address entered in the fields must be in the appropriate IP form.
Device Configuration Interface Setup – Internet (EWAN) 49 IP Options IP Common Options Default Route: Select Yes to use this interface as default route interface. TCP MTU Option: Enter the maximum packet that can be transmitted. Default MTU 0 means it is set to 1492 bytes. IPv4 Options Get IP Address: Choose Static or Dynamic Static IP Address: If Static is selected in the above field, please enter the specific IP address you get from ISP and the following IP subnet mask and gateway address.
Device Configuration Interface Setup – Internet (EWAN) - 50 OUT only means the router will only send but will not accept RIP packet. IGMP Proxy: IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a Multicast group. Choose whether enable IGMP proxy. IPv6 options (only when choose IPv4/IPv6 or just IPv6 in IP version field above): IPv6 Address: Type the WAN IPv6 address from your ISP. Obtain IPv6 DNS: Choose if you want to obtain DNS automatically.
Device Configuration Interface Setup – LAN 51 LAN A Local Area Network (LAN) is a shared communication system to which many computers are attached and is limited to the immediate area, usually the same building or floor of a building. IPv4 Parameters IP Address: Enter the IP address of Router in dotted decimal notation, for example, 192.168.1.254 (factory default). IP Subnet Mask: The default is 255.255.255.0. User can change it to other such as 255.255.255.128.
Device Configuration Interface Setup – LAN 52 multicast traffic is treated in the same manner as broadcast traffic to be forwarded to all ports. With IGMP snooping, multicast traffic of a group is only forwarded to ports that have members of that group. Dynamic Route: Select the RIP version from RIP1 or RIP2. DHCPv4 Server DHCP (Dynamic Host Configuration Protocol) allows individual clients to obtain TCP/IP configuration at start-up from a server.
Device Configuration Interface Setup – LAN 53 IP Address: Enter the specific IP. For example: 192.168.1.110. MAC Address: Enter the responding MAC. For example: 00:0A:F7:45:6D:ED When added, you can see the ones listed as showed below: IPv6 Parameters The IPv6 address composes of two parts, thus, the prefix and the interface ID. Interface Address / Prefix Length: Enter a static LAN IPv6 address.
Device Configuration Interface Setup – LAN 54 available. Stateless: If selected, the PCs in LAN are configured through RA mode, thus, the PCs in LAN are configured through RA mode, to obtain the prefix message and generate an address using a combination of locally available information (MAC address) and information (prefix) advertised by routers, but they can obtain such information like DNS from DHCPv6 Server.
Device Configuration Dual WAN – General Setting 55 Dual WAN Dual WAN, is a feature to have two independent Internet connection connected concurrently, offers a reliable Internet connectivity and maximize bandwidth utilization for critical applications delivery. General Setting Mode: Select a mode then click Save to proceed.
Device Configuration Dual WAN – General Setting (Failover & Failback) 56 Failover & Failback Auto failover/failback ensures always-online network connectivity. When primary WAN link (WAN1) fails, all traffic will switch over to the backup WAN (WAN2) seamlessly. Again, when the primary link is restored, traffic will be handled over from WAN2 to WAN1. WAN Port Service Detection Policy WAN1 (Primary): Choose a desired WAN as the primary WAN Link from the list.
Device Configuration Dual WAN – General Setting (Failover & Failback) 57 Failover/Fallback Rule Decisions: 1. Probe by Ping: Enable Ping to the gateway or an IP address Gateway: Internal system will wait for responses to the pings from the gateway of the WAN. Host: Internal system will wait for responses to the pings from a fixed IP address. 2.
Device Configuration Dual WAN – General Setting (Load Balance) 58 Load Balance Load balance aggregates the bandwidth of the two WAN links to optimize traffic distribution. When primary link, WAN1, goes down, all traffic will be redirected to the backup, WAN2, to ensure service continuity. WAN Port Service Detection Policy WAN1 (Primary): Choose a desired WAN as the primary WAN Link from the list. WAN2 (Backup): Choose a desired WAN as the backup WAN Link from the list.
Device Configuration Dual WAN – Outbound Load Balance 59 Outbound Load Balance The connections are distributed over WAN1 and WAN2 so that it can utilize bandwidth of both WAN ports. With Outbound load balance, traffic may be routed to a faster link when one of the WAN links is slower or congested so that user gains better throughput and less delay. User can distribute outbound traffic based on Session Mechanism or IP Hash Mechanism.
Device Configuration Dual WAN – Protocol Binding 60 Protocol Binding Protocol Binding lets you direct specific traffic to go out from a specific WAN port. Policies determine how specific types of internet traffic are routed, for example, traffic from a specific IP address is granted access to only one WAN port rather than using both of the WAN ports as with load balancing. Rule Index: The numeric rule indicator. The maximum entry is up to 16.
Device Configuration Dual WAN – Protocol Binding The only time it would go through WAN2 interface is when WAN1 has no Internet connection.
Device Configuration Advanced Setup – Firewall 62 Advanced Setup Advanced configuration features provides advanced features, including Firewall, Routing, Dynamic Routing, NAT, Static DNS, Time Schedule, Mail Alert, and Serial, for advanced users. Firewall Your router includes a firewall for helping to prevent attacks from hackers.
Device Configuration Advanced Setup – Routing 63 Routing This is static route feature. You are equipped with the capability to control the routing of all the traffic across your network. With each routing rule created, user can specifically assign the destination where the traffic will be routed to. Index #: The numeric route indicator. Destination IP Address: IP address of the destination network Subnet Mask: The subnet mask of destination network.
Device Configuration Advanced Setup – Dynamic Routing (OSPF) 64 Dynamic Routing The NAT (Network Address Translation) feature transforms a private IP into a public IP, allowing multiple users to access the internet through a single IP account, sharing the single IP address.
Device Configuration Advanced Setup – Dynamic Routing (BGP) 65 Border Gateway Protocol (BGP) A standardized exterior gateway protocol (an uniquely TCP based inter-Autonomous System routing protocol) designed to allow setting up an inter-domain dynamic routing system that automatically updates routing tables of devices running BGP in case of network topology changes. BGP: Enable to activate BGP routing. AS Number: Designate the AS number of local router.
Device Configuration Advanced Setup – NAT 66 NAT The NAT (Network Address Translation) feature transforms a private IP into a public IP, allowing multiple users to access the internet through a single IP account, sharing the single IP address. NAT break the originally envisioned model of IP end-to-end connectivity across the internet so NAT can cause problems where IPSec/ PPTP encryption is applied or some application layer protocols such as SIP phones are located behind a NAT.
Device Configuration Advanced Setup – NAT (DMZ) 67 DMZ NOTE: This feature disables automatically if WAN connection is in BRIDGE mode or NAT is being turned OFF. The DMZ Host is a local computer which has all UDP and TCP ports exposed to the Internet. When setting an internal IP address as the DMZ Host, all incoming packets will be forwarded to this local host device. Packet filter or virtual server entries will take priority over forwarding internet packets to the DMZ host.
Device Configuration Advanced Setup – NAT (Virtual Server) 68 Virtual Server NOTE: This feature disables automatically if WAN connection is in BRIDGE mode or NAT is being turned OFF. Virtual Server is also known as Port Forwarding that allows MX-200 to direct incoming traffic to a specific device in the network.
Device Configuration Advanced Setup – NAT (Virtual Server) 69 Examples of well-known and registered port numbers are shown below. For further information, please see IANA’s website at http://www.iana.
Device Configuration Advanced Setup – NAT (Example) 70 Example: How to setup Port Forwarding for port 21 (FTP server) If you have a FTP server in your LAN network and want others to access it through WAN. Step 1: Assign a static IP to your local computer that is hosting the FTP server. Step 2: Login to the Gateway and go to Configuration / Advanced Setup / NAT / Virtual Server. FTP server uses TCP protocol with port 21. Enter ”21” to Start and End Port Number.
Device Configuration Advanced Setup – Static DNS 71 Static DNS The Domain Name System (DNS) is a hierarchical naming system built on a distributed database for computers, services, or any resource connected to the Internet or a private network associates various information with domain names assigned to each of the participating entities.
Device Configuration Advanced Setup – Time Schedule 72 Time Schedule The Time Schedule supports up to 16 timeslots which helps you to manage your Internet connection. In each time profile, you may schedule specific day(s) i.e. Monday through Sunday to restrict or allowing the usage of the Internet by users or applications.
Device Configuration Advanced Setup – Mail Alert 73 Mail Alert Mail alert is designed to keep system administrator or other relevant personnel alerted of any unexpected events that might have occurred to the network computers or server for monitoring efficiency. With this alert system, appropriate solutions may be tackled to fix problems that may have arisen so that the server can be properly maintained. Server Information SMTP Server: Enter the SMTP server that you would like to use for sending emails.
Device Configuration Advanced Setup – Remote System Log Remote System Log Remote System Log: Select Activated to enable this feature Server IP Address: Assign the remote log server IP address. Server UDP Port: Assign the remote log server port, 514 is commonly used.
Device Configuration Advanced Setup – Serial (RS232 Console Port) 75 Serial (RS-232 Console Port) Here is the Serial RS-232 console configuration to connect with any existing industrial machine.
Device Configuration Advanced Setup – Serial (RS232 Console Port) 76 TCP Server: Port: Use 782(tcp/udp), an unassigned port, for the TCP Server. Specify a tcp/udp port other than port 782. Empty Serial Buffer When TCP Connection is Established: When TCP link connection is established, serial buffer will get deleted. Enable to empty the buffer after TCP connection is up. Data packet Delimiter: A way to keep packets in tract. Inter-character Time Gap: Default time is in 1000ms.
Device Configuration Advanced Setup – Serial (RS232 Console Port) 77 data will be transmitted. Time range from 1 – 30000ms. Character Delimiter: Default characters are 0x0d0a. Serial data will get transmitted when seeing the specified character(s), in this case, 0x0d0a. Valid characters “0x” + Hex code. TCP Idle Timeout (Seconds): Default time is in 60 seconds. Specify an idle time-out in seconds.
Device Configuration VPN – IPSec 78 VPN A Virtual Private Network (VPN) is a private network that interconnects remote (and often geographically separate) networks through primarily public communication infrastructures such as the Internet. VPNs provide security through tunneling protocols and security procedures such as encryption. For example, a VPN could be used to securely connect the branch offices of an organization to a Headquarter office network through the public Internet.
Device Configuration VPN – IPSec 79 IPSec Connection Setting Connection Name: Enter a description for this connection/profile. Active: Yes to activate the connection. Interface: Select a WAN interface to establish a tunnel with the remote VPN device. Auto allows system to automatically initiate a connection via current connected WAN interface. Remote Gateway IP: The WAN IP address of the remote VPN device. Enter 0.0.0.0 for unknown remote WAN IP address – only the peer can initiate the tunnel connection.
Device Configuration VPN – IPSec 80 IPSec Phase 1(IKE) IKE Mode: IKE, Internet Key Exchange, is the mechanism to negotiate and exchange parameters and keys between IPSec peers to establish security associations(SA). Select Main or Aggressive mode. Pre-Shared Key: This is for the Internet Key Exchange (IKE) protocol, a string from 4 to 128 characters. Both sides should use the same key.
Device Configuration VPN – IPSec 81 Use ESP for greater security so that data will be encrypted and the data origin be authenticated but using AH data origin will only be authenticated but not encrypted. Encryption Algorithm: Select the encryption algorithm from the drop-down menu. There are several options: DES and AES (128, 192 and 256). 3DES and AES are more powerful but increase latency. DES: Stands for Data Encryption Standard, it uses 56 bits as an encryption method.
Device Configuration VPN – IPSec 82 detected lively when the connection between the router and a remote IPSec peer has lost. Please be noted, it must be enabled on the both sites. PING to the IP: It is able to IP Ping the remote PC with the specified IP address and alert when the connection fails. Once alter message is received, Router will drop this tunnel connection. Reestablish of this connection is required. Default setting is 0.0.0.
Device Configuration VPN – IPSec (Example on LAN-to-LAN) Examples: IPSec – Network (LAN) to Network (LAN) Two of the MX-1000 devices want to setup a secure IPSec VPN tunnel NOTE: The IPSec Settings shall be consistent between the two routers.
Device Configuration VPN – IPSec (Example on LAN-to-LAN) 84 Headquarter office Side: Configuration Settings Connection Name Remote Secure Gateway Access Network Local Access Range Local Network IP Address Local Network Netmask Remote Access Range Remote Network IP Address Remote Network Netmask IPSec Proposal IKE Mode Pre-Shared Key Phase 1 Encryption Phase 1 Authentication Phase 1 Diffie-Hellman Group Phase 2 Proposal Phase 2 Authentication Phase 2 Encryption Prefer Forward Security BEC MX-200 User Manu
Device Configuration VPN – IPSec (Example on LAN-to-LAN) 85 Branch Office Side: Configuration Settings Connection Name Remote Secure Gateway Access Network Local Access Range Local Network IP Address Local Network Netmask Remote Access Range Remote Network IP Address Remote Network Netmask IPSec Proposal IKE Mode Pre-Shared Key Phase 1 Encryption Phase 1 Authentication Phase 1 Diffie-Hellman Group Phase 2 Proposal Phase 2 Authentication Phase 2 Encryption Prefer Forward Security BEC MX-200 User Manual B
Device Configuration VPN – IPSec (Example on Remote Access) 86 Examples: IPSec – Remote Employee to MX-200 Connection Router servers as VPN server, and host should install the IPSec client to connect to Headquarter office through IPSec VPN.
Device Configuration VPN – IPSec (Example on Remote Access) 87 Headquarter office Side: Configuration Settings Connection Name Remote Secure Gateway Access Network Local Access Range Local Network IP Address Local Network Netmask Remote Access Range Remote Network IP Address Remote Network Netmask IPSec Proposal IKE Mode Pre-Shared Key Phase 1 Encryption Phase 1 Authentication Phase 1 Diffie-Hellman Group Phase 2 Proposal Phase 2 Authentication Phase 2 Encryption Prefer Forward Security BEC MX-200 User M
Device Configuration VPN – PPTP Server 88 PPTP Server The Point-to-Point Tunneling Protocol (PPTP) is a Layer2 tunneling protocol for implementing virtual private networks through IP network. In the Microsoft implementation, the tunneled PPP traffic can be authenticated with PAP, CHAP, and Microsoft CHAP V1/V2 . The PPP payload is encrypted using Microsoft Point-to-Point Encryption (MPPE) when using MSCHAPv1/v2. NOTE: 4 sessions for Client and 4 sessions for Server respectively.
Device Configuration VPN – PPTP Server 89 Connection Type: Select Remote Access for single user, Select LAN to LAN for remote gateway. Private IP Address Assigned to Dial-in User: Specify the private IP address to be assigned to dial-in clients, and the IP should be in the same subnet as local LAN, but not occupied. Remote Network IP Address: Enter the subnet IP of the remote LAN network. Remote Network Netmask: Enter the Netmask of the remote LAN network. Click Save to apply settings.
Device Configuration VPN – PPTP Client 90 PPTP Client Establish a PPTP tunnel over Internet to connect with a PPTP server. A total of 4 sessions can be created for PPTP client. Rule Index: The numeric rule indicator for PPTP client. The maximum entry is up to 4. Connection Name: Enter a description for this connection/profile. Active: Yes to activate the account. PPTP server is waiting for the client to connect to this account. Authentication Type: Pick an authentication type from the drop-down list.
Device Configuration VPN – PPTP (Example on Remote Dial-In) 91 Example: PPTP – Remote Employee Dial-in to MX-200 The input IP address 192.168.1.2 will be assigned to the remote worker. Please make sure this IP is not used in the Office LAN. Configuration Settings Connection Name Authentication Type Username Password Connection Type Assigned IP BEC MX-200 User Manual HS-RA MS-CHAPv2 test test Remote Access 192.168.1.
Device Configuration VPN – PPTP (Example on Remote Dial-In) BEC MX-200 User Manual 92
Device Configuration VPN – PPTP (Example on Remote Dial-Out) 93 Example: PPTP – Remote Employee Dial-out to MX-200 A company’s office establishes a PPTP VPN connection with a file server located at a separate location. The router is installed in the office, connected to a couple of PCs and Servers. PPTP Server WAN IP address is 61.121.1.33 of the Headquarter office.
Device Configuration VPN – PPTP (Example on Remote Dial-Out) BEC MX-200 User Manual 94
Device Configuration VPN – PPTP (Example on LAN-to-LAN) 95 Example: PPTP – Network (LAN) to Network (LAN) Connection The branch office establishes a PPTP VPN tunnel with Headquarter office to connect two private networks over the Internet. The routers are installed in the Headquarter office and branch offices accordingly. NOTE: Both office LAN networks must be in different subnets with the LAN-LAN application.
Device Configuration VPN – PPTP (Example on LAN-to-LAN) 96 Configuring PPTP Server in the Headquarter office The IP address 192.168.1.2 will be assigned to the router located in the branch office. Please make sure this IP is not used in the Headquarter office LAN. Configuration Settings Connection Name Authentication Type Username Password Connection Type Assigned IP Remote Network IP Remote Network Netmask BEC MX-200 User Manual HS-LL MS-CHAPv2 test test LAN to LAN 192.168.1.2 129.168.0.0 255.255.255.
Device Configuration VPN – PPTP (Example on LAN-to-LAN) 97 Configuring PPTP Client in the Branch office The IP address 69.1.121.33 is the Public IP address of the router located in Headquarter office. Configuration Settings Connection Name Authentication Type Username Password Connection Type Server IP Remote Network IP Remote Network Netmask BEC MX-200 User Manual BC-LL MS-CHAPv2 test test LAN to LAN 69.121.1.33 129.168.1.0 255.255.255.
Device Configuration VPN – L2TP 98 L2TP L2TP, Layer 2 Tunneling Protocol is a tunneling protocol used to support virtual private networks (VPNs). It does not provide any encryption or confidentiality by itself; it relies on an encryption protocol that it passes within the tunnel to provide. NOTE: 4 sessions for dial-in connections and 4 sessions for dial-out connections Rule Index: The numeric rule indicator for L2TP. The maximum entry is up to 8 (4 dial-in and 4 dial-out profiles).
Device Configuration VPN – L2TP 99 server. The IP should be in the same subnet as local LAN, and should not be occupied. Connection Mode (Dial out) Connection Mode: Choose Dial Out if you want your router to operate as a client (connecting to a remote L2TP Server, e.g., your office server). Server IP Address: Enter the IP address of your VPN Server. Authentication Type: Default is Chap/Pap (CHAP, Challenge Handshake Authentication Protocol. PAP, Password Authentication Protocol).
Device Configuration 100 VPN – L2TP (Example on Remote Dial-in) Example: L2TP VPN – Remote Employee Dial-in to MX-200 A remote worker establishes a L2TP VPN connection with the Headquarter office using Microsoft's VPN Adapter The router is installed in the Headquarter office, connected to a couple of PCs and Servers. The input IP address 192.168.1.200 will be assigned to the remote worker. Please make sure this IP is not used in the Office LAN.
Device Configuration 101 VPN – L2TP (Example on Remote Dial-out) Example: L2TP VPN – MX-200 Dial-out to a Server A company’s office establishes a L2TP VPN connection with a file server located at a separate location. The router is installed in the office, connected to a couple of PCs and Servers. Item Connection Name Connection Mode Server IP Authentication Type Username Password Connection Type BEC MX-200 User Manual HC-RA Dial out 69.121.1.
Device Configuration 102 VPN – L2TP (Example on LAN-to-LAN) Example: L2TP VPN – Network (LAN) to Network (LAN) Connection The branch office establishes a L2TP VPN tunnel with Headquarter office to connect two private networks over the Internet. The routers are installed in the Headquarter office and branch office accordingly. NOTE: Both office LAN networks must be in different subnets with the LAN-LAN application.
Device Configuration 103 VPN – L2TP (Example on LAN-to-LAN) Configuring L2TP VPN Dial-in in the Headquarter office The IP address 192.168.1.200 will be assigned to the router located in the branch office. Item Connection Name Connection Mode Authentication Type Username Password Assigned IP Connection Type Remote Network IP Remote Network Netmask BEC MX-200 User Manual HS-LL Dial in Chap/Pap Test Test 192.168.1.200 LAN to LAN 129.168.0.0 255.255.255.
Device Configuration 104 VPN – L2TP (Example on LAN-to-LAN) Configuring L2TP VPN Dial-out in the Branch office The IP address 69.1.121.33 is the Public IP address of the router located in Headquarter office. Item Connection Name Connection Mode Server IP Authentication Type Username Password Connection Type Remote Network IP Remote Network Netmask BEC MX-200 User Manual BC-LL Dial out 69.121.1.33 Chap/Pap test test LAN to LAN 129.168.1.0 255.255.255.
Device Configuration 105 VPN – GRE GRE Tunnel Generic Routing Encapsulation (GRE) is a tunneling protocol that can encapsulate a wide variety of network layer protocol packets inside virtual point-to-point links over an IP network. NOTE: Up to 8 GRE tunnels supported. Rule Index: The numeric rule indicator for GRE. The maximum entry is up to 8. Connection Name: Enter a description for this connection/profile. Active: Yes to activate this GRE profile.
Device Configuration 106 VPN – GRE seconds, GRE connection will get aborted. MTU: Maximum Transmission Unit in byte. The size of the largest datagram (excluding media-specific headers) an IP attempts to send through the interface. Active as Default Route: Select if to set the GRE tunnel as the default route. IPSec: Click the checkbox to enable GRE tunnel over IPSec.
Device Configuration 107 VPN – GRE (Example) Example: GRE VPN – Network (LAN) to Network (LAN) Connection The branch office establishes a GRE VPN tunnel with Headquarter office to connect two private networks over the Internet. The routers are installed in the Headquarter office and branch office accordingly. NOTE: Both office LAN networks must be in different subnets with the GRE VPN connection.
Device Configuration 108 VPN – GRE (Example) Configuring GRE connection in the Headquarter office The IP address 69.1.121.30 is the Public IP address of the router located in branch office. Item Connection Name Remote Gateway IP Tunnel Local IP Address (Virtual Interface) Tunnel Remote IP Address (Virtual Interface) Tunnel Network Netmask (Virtual Interface) Remote Network IP/ Netmask BEC MX-200 User Manual HS-LL 69.121.1.30 192.168.100.11 192.168.100.
Device Configuration 109 VPN – GRE (Example) Configuring GRE connection in the Branch office The IP address 69.1.121.3 is the Public IP address of the router located in Headquarter office. Item Connection Name Remote Gateway IP Tunnel Local IP Address (Virtual Interface) Tunnel Remote IP Address (Virtual Interface) Tunnel Network Netmask (Virtual Interface) Remote Network IP/ Netmask BEC MX-200 User Manual BC-LL 69.121.1.3 192.168.100.10 192.168.100.
Device Configuration VPN – OpenVPN (OpenVPN Server) 110 OpenVPN OpenVPN is an open source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange.
Device Configuration VPN – OpenVPN (OpenVPN Server) 111 Local Access Range IP Address / Netmask: Enter local LAN network IP address and Netmask. Protocol: OpenVPN can run over either UDP or TCP transports. Select the protocol. Local Certificate / Trusted CA Index: OpenVPN mutually authenticate the server and client based on certificates and CA. Select a certificate and CA. To import certificates and CAs, go to Maintenance >> Certificate Management to upload files.
Device Configuration 112 VPN – OpenVPN (OpenVPN Client) OpenVPN Client OpenVPN client must match the VPN information / settings with the OpenVPN Server. NOTE: Up to 4 tunnels supported. Rule Index: The numeric rule indicator for OpenVPN. Maximum up to 4 profile/tunnels Connection Name: Enter a description for this connection/profile. Active: Yes to activate this profile. Server IP Address or Domain Name: Enter OpenVPN Server’s WAN IP address or Domain name.
Device Configuration 113 VPN – OpenVPN (OpenVPN Client) Hash: To establish the integrity of the datagram and ensures it is not tampered with in transmission. There are options: Message Digest 5 (MD5) and Secure Hash Algorithm (SHA1, SHA256). SHA1 is more resistant to brute-force attacks than MD5. However, it is slower. Compression: Choose adaptive to use the LZO compression library to compress the data stream. Keepalive: Check the box to enable the keep-alive.
Device Configuration VPN – OpenVPN (Example) 114 Example: OpenVPN – Network (LAN) to Network (LAN) Connection The Branch office establishes a tunnel with Headquarter office to connect two private networks over the OpenVPN. NOTE: Both office LAN networks must be in different subnets with the GRE VPN connection.
Device Configuration VPN – OpenVPN (Example) 115 Configuring OpenVPN server in Headquarter office The IP address 69.1.121.30 is the WAN IP address of the router located in the Branch office. The OpenVPN tunnel network virtual interface is set to 192.168.100.0/24. Item Connection Name Tunnel Network (Virtual Interface) Local Access Range BEC MX-200 User Manual HS-LL 192.168.100.0/ 255.255.255.0 192.168.0.0/ 255.255.255.
Device Configuration VPN – OpenVPN (Example) 116 Configuring OpenVPN client in Branch office The IP address 69.1.121.3 is the WAN IP address of the router located in Headquarter office. Item Connection Name Server IP Address Remote Subnet BEC MX-200 User Manual BC-LL 69.121.1.3 192.168.0.0/ 255.255.255.0 Description Assigned name to this tunnel/profile The WAN IP address of OpenVPN server.
Device Configuration 117 Access Management – Device Management Access Management Device Management Device Host Name Host Name: Enter the host name of the router. Default is home.gateway Embedded Web Server HTTP Port: It is the embedded web server (Web GUI) accessing port, default is 80. It can be changed other port other than port 80, e.g. port 8080. HTTPS Server Certificate Index: HTTPS known as HTTP-over-SSL tunnel protocol. Select a certificate to identify the system web server.
Device Configuration 118 Access Management – SNMP SNMP Simple Network Management Protocol (SNMP) is a protocol used for exchanging management information between network devices. The MX-200 serves as a SNMP agent that allows a manager station to manage and monitor the router through the network. SNMP: Activate to enable SNMP. Get Community: Type the Get Community, which is the password for the incoming Get-and-GetNext requests from the management station.
Device Configuration Access Management – Syslog Syslog Use the Syslog to collect system event information to a remote log server. Remote System Log: Select Activated to enable this feature Server IP Address: Assign the remote log server IP address. Server UDP Port: Assign the remote log server port, 514 is commonly used. Click Save to apply settings.
Device Configuration 120 Access Management – UPnP Universal Plug & Play UPnP offers peer-to-peer network connectivity for PCs and other network devices, along with control and data transfer between devices. UPnP offers many advantages for users running NAT routers through UPnP NAT Traversal, and on supported systems makes tasks such as port forwarding much easier by letting the application control the required settings, removing the need for the user to control advanced configuration of their device.
Device Configuration 121 Access Management – DDNS Dynamic DNS (DDNS) The Dynamic DNS function allows you to alias a dynamic IP address to a static hostname, allowing users whose ISP does not assign them a static IP address to use a domain name. This is especially useful for hosting servers via your internet connection, so that anyone wishing to connect to you may use your domain name, rather than having to use your dynamic IP address, which changes from time to time.
Device Configuration 122 Access Management – DDNS (Example) Example: How to register a DDNS account If you do not have an account with Dynamic DNS, please go to www.dyndns.org to register an account first. User test1 register a Dynamic Domain Names in DDNS provider http://www.dyndns.org/ . DDNS: www.hometest.
Device Configuration 123 Access Management – Access Control Access Control Access Control Listing allows you to determine which services/protocols can access the MX-200 interface from which computers. It is a management tool aimed to allow IPs (set in secure IP address) to access specified embedded applications (Web, etc., user can set) through some specified interface (LAN, WAN or both). User can have an elaborate understanding in the examples below. The maximum number of entry is 16.
Device Configuration 124 Access Management – Access Control Default Rule 2: (Index 2), an ACL rule to open Ping to WAN side.
Device Configuration 125 Access Management – Packet Filter (IP & MAC Filter) Packet Filter You can filter the packages by MAC address, IP address, Protocol, Port number and Application or URL. Filter Type - IP & MAC Filter IP & MAC Filter Editing Rule Index: The numeric rule indicator. Individual Active: Yes to enable the rule. Action: This is how to deal with the packets matching the rule. Allow please select White List or block selecting Black List.
Device Configuration 126 Access Management – Packet Filter (IP & MAC Filter) IPv4 (Cont.) Source IP Address: The source IP address of packets to be monitored. 0.0.0.0 means “Don’t care”. Source Subnet Mask: Enter the subnet mask of the source network. Source Port Number: The source port number of packets to be monitored. 0 means “Don’t care”. Destination IP Address: The destination IP address of packets to be monitored. 0.0.0.0 means “Don’t care”.
Device Configuration 127 Access Management – Packet Filter (IP & MAC Filter) ICMP or ICMPv6 MAC Source MAC Address: show the MAC address of the rule applied. Click Save to apply settings.
Device Configuration 128 Access Management – Packet Filter (URL Filter) Filter Type- URL Filter URL Filter: Select Activated to enable URL Filter. URL Filter Rule Index: The numeric rule indicator. Individual Active: To give control to the specific URL access individually, for example, you want to prohibit access to www.yahoo.
Device Configuration 129 Access Management – CWMP (TR-069) CWMP (TR-069) CWMP, short for CPE WAN Management Protocol, also called TR069 is a Broadband Forum technical specification entitled CPE WAN Management Protocol (CWMP). It defines an application layer protocol for remote management of end-user devices. It defines an application layer protocol for remote management of end-user devices.
Device Configuration 130 Access Management – CWMP (TR-069) Password: Password used to authenticate an ACS making a Connection Request to the CPE. Periodic Inform Config Periodic Inform: Select Activated to authorize the router to send an Inform message to the ACS automatically. Interval(s): Specify the inform interval time (sec) which CPE used to periodically send inform message to automatically connect to ACS.
Device Configuration 131 Access Management – Parental Control Parental Control This feature provides Web content filtering offering safer and more reliable web surfing for users especially for parents to protect network security and control the contents for children at home. To activate this feature, please log on to www.opendns.com to get an OpenDNS account first. Parent Control Provider: Hosted by www.opendns.
Device Configuration 132 Access Management – BECentral Management BECentral Management BECentral is a cloud based device management platform that provides operators with a comprehensive suite of services to manage devices in real-time. BECentral Management: Activate to enable the feature. BECentral Management URL: Access path to the BECentral. BECentral Management Port: Port listened by the BECentral.
Device Configuration 133 Maintenance – User Management (Administrator Account) Maintenance User Management User Management provides the Administrator with the ability to grant access control and manage GUI login credentials for each user. There are two access management levels, Administrator and User. The default root account, Administrator (admin), has full access to all the features listed and ability to create other accounts with features to allow other users to access to.
Device Configuration 134 Maintenance – User Management (User Account) User Account user/user is the default user account username and password NOTE: This username / password may vary by different Internet Service Providers. User Account Setup Index #: The numeric account indicator. The maximum entry is up to 8. Username: Create account(s) user name for GUI management. New Password: Password for the user account. Confirm Password: Re-enter the password.
Device Configuration 135 Maintenance – Certificate Management Certificate Management This feature is used for OpenVPN and HTTS Server authentication of the device using certificate. If the imported certificate doesn't match the authorized certificate with the Server then no access is allowed. Edit: Click Delete: Click (Edit) to import a certificate. (Delete) to remove the certificate from the list. Local Certificate Listing Index #: The numeric account indicator. The maximum entry is up to 2.
Device Configuration 136 Maintenance – Certificate Management Trusted CA Listing Index #: The numeric account indicator. The maximum entry is up to 2. CA Name: Description of the CA. CA Certificate File: Browse to locate the target certificate file on PC before uploading it. Click Apply to save settings.
Device Configuration 137 Maintenance – Time Zone Time Zone With default, MX-200 does not contain the correct local time and date. There are several options to setup, maintain, and configure current local time/date on the MX-200. If you plan to use Time Schedule feature, it is extremely important you set up the Time Zone correctly. Synchronize time with: Select the methods to synchronize the time.
Device Configuration 138 Maintenance – License License Some of the advanced features are required for a license. For more information, please contact with Billion/BEC for more information. Input your license key here and click “Upgrade” to enable the features. NOTE: Device will reboot after the upgrade.
Device Configuration 139 Maintenance – Firmware & Configuration Firmware & Configuration Firmware is the software that controls the hardware and provides all functionalities which are available in the GUI. This software may be improved and/or modified; your MX-200 provides an easy way to update the code to take advantage of the changes. . To upgrade the firmware of the MX-200, you should download or copy the firmware to your local environment first.
Device Configuration 140 Maintenance – System Restart System Restart Click System Restart with option Current Settings to reboot your router. If you wish to restart the router using the factory default settings (for example, after a firmware upgrade or if you have saved an incorrect configuration), select Factory Default Settings to restore to factory default settings.
Device Configuration 141 Maintenance – Auto Reboot Auto Reboot Schedule an automatic reboot for your MX-200 to ensure proper operation and best performance. This reboot will only reboot with current configuration settings and not overwrite any existing settings. Click Save to apply settings Example: Schedule MX-200 to reboot at 10:00pm (22:00) every weekday (Monday thru Friday) and reboot at 9:00am on Saturday and Sunday.
Device Configuration 142 Maintenance – Diagnostic Test Diagnostics Tool The Diagnostic Test page shows the test results for the connectivity of the physical layer and protocol layer for both LAN and WAN sides. 3G/4G-LTE / EWAN (LAN1) Ping other IP Address: Click Yes if you wish to ping other IP address rather than google.com Click START to begin to diagnose the connection.
Troubleshooting 143 Chapter 5: Troubleshooting If your MX-200 is not functioning properly, you can refer to this chapter for simple troubleshooting before contacting your service provider support. This can save you time and effort but if symptoms persist, consult your service provider. Problems with the Router Problem Suggested Action None of the LEDs is on when you turn on the router Check the connection between the router and the adapter.
Troubleshooting 144 Recovery Procedures Problem Suggested Action 1. The front LEDs display incorrectly upgrade 2. Still cannot access to the router management interface after pressing the RESET button. 3. Software / Firmware upgrade failure Before starting recovery process, please configure the IP address of the PC as 192.168.1.100 and proceed with the following step-by-step guide. 1. Power the router off. 2.
Appendix 145 APPENDIX: PRODUCT SUPPORT & CONTACT If you come across any problems please contact the dealer from where you have purchased the product. Contact BEC @ http://www.bectechnologies.net MAC OS is a registered Trademark of Apple Computer, Inc.
Appendix 146 Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
