background image

 

 

 

ICR-1601 

 

106 

 

2.7.2

 

Dynamic Routing  

 
 
 
 
 
 
 
Dynamic  Routing,  also  called  adaptive  routing, describes  the  capability of  a  system,  through  which 

routes are characterized by their destination, to alter the path that the route takes through the system in 
response to a change in network conditions. 

This router supports dynamic routing protocols, including RIPv1/RIPv2 (Routing Information Protocol), 

and  OSPF  (Open  Shortest  Path  First),  for  you  to  establish  routing  table  automatically.  The  feature  of 
dynamic routing will be very useful when there are lots of subnets in your network. Generally speaking, RIP 
is suitable for small network. OSPF is more suitable for medium network. 
 

 

Summary of Contents for ICR-1601

Page 1: ...LTE Industrial Router ICR 1601 CONFIGURATION MANUAL ...

Page 2: ...s that can arise in specific situations Information notice Useful tips or information of special interest Example Example of function command or script Advantech B B SmartWorx s r o Sokolska 71 562 04 Usti nad Orlici Czech Republic Document No MAN 0040 EN revision from February 12 2019 Released in the Czech Republic ...

Page 3: ...er 51 2 3 WiFi 58 2 3 1 WiFi Configuration 59 2 3 2 Wireless Client List 71 2 3 3 Advanced Configuration 72 2 3 4 Uplink Profile 74 2 4 GNSS 79 2 5 IPv6 84 2 5 1 IPv6 Configuration 84 2 6 Port Forwarding 89 2 6 1 Configuration 90 2 6 2 Virtual Server Virtual Computer 91 2 6 3 Special AP ALG 96 2 6 4 DMZ Pass Through 100 2 7 Routing 102 2 7 1 Static Routing 103 2 7 2 Dynamic Routing 106 2 7 3 Routi...

Page 4: ...istration 184 5 1 Configure Manage 184 5 1 1 Command Script 185 5 1 2 TR 069 189 5 1 3 SNMP 194 5 1 4 Telnet SSH 205 5 2 System Operation 208 5 2 1 Password MMI 208 5 2 2 System Information 211 5 2 3 System Time 212 5 2 4 System Log 213 5 2 5 Backup Restore 217 5 2 6 Reboot Reset 220 5 3 Diagnostic 221 5 3 1 Diagnostic Tools 221 5 3 2 Packet Analyzer 222 6 Service 225 6 1 Cellular Toolkit 225 6 1 ...

Page 5: ...ity 256 7 2 1 VPN Status 256 7 2 2 Firewall Status 259 7 3 Administration 262 7 3 1 Configure Manage Status 262 7 4 Statistics Report 264 7 4 1 Connection Session 264 7 4 2 Device Administration 265 7 4 3 Cellular Usage 266 8 GPL Written Offer 267 9 Recommended literature 272 10 Customers Support 273 10 1 Customer Support for NAM 273 10 2 Customer Support for Europe 273 10 3 Customer Support for A...

Page 6: ...plify uplink setting toolkit function of data usage can control budget configurable SMS command is useful and efficient for remote administration Complete Network Built in NAT Port Forward Routing IPv6 are compatible to existing IP network Highly Security Various VPN protocol scenario can setup secure intranet built in Firewall prevents malicious attacks ACL Authentication by MAC User enhances sec...

Page 7: ... Warnings Only use the power adapter that comes with the package Using a different voltage rating power adaptor is dangerous and may damage the product Do not open or repair the case yourself If the product is too hot turn off the power immediately and have it repaired at a qualified service center Place the product on a stable surface and avoid using this product and all accessories outdoors 1 2 ...

Page 8: ...ess in your browser The default address is http 192 168 1 11 Please note that the DHCP server is enabled by default When you see the login page enter the user name and password and then click Login button The default username is admin The default password is admin Change the default password as soon as possible For increased security of the network connected to the router change the default router...

Page 9: ... or user s devices dial in ISPs and then link to the Internet via different kinds of transmit media 2 1 1 Physical Interface ICR 1601 routers are usually equipped with various WAN interfacess to support different WAN connection scenario for requirement You can configure the WAN interface one by one to get proper internet connection setup Refer to the product specification for the available WAN int...

Page 10: ... SIM card The SIM card can be damaged if you insert or remove SIM card while the router is in operation WiFi Uplink WAN For the product with WiFi Uplink function one WiFi module can be configured to be WAN connections For the WiFi module with Uplink function activated you can further create some uplink profiles for ease of connecting to an uplink network Operation Mode There are three option items...

Page 11: ...eckbox is activated it can allow the Failover interface to be connected continuously from system booting up Failover WAN interface just keeps connecting without data traffic The purpose is to shorten the switch time during failover process So when primary connection is disconnected failover interface will take over the data transfer mission instantly by only changing routing path to the failover i...

Page 12: ...net or WiFi Module Depending on the router model Disable and Failover options will be available only to multiple WAN routers WAN 2 WAN 4 interfaces are only available to multiple WAN router Operation Mode A Must fill setting Define the operation mode of the interface Select Always on to make this WAN always active Select Disable to disable this WAN interface Select Failover to make this WAN a Fail...

Page 13: ...iguration and related configuration windows for each WAN type For the Internet setup of each WAN interface you must specify its WAN type of physical interface first and then its related parameter configuration for that WAN type After clicking on the Edit button of a physical interface in Internet Setup List window the Internet Connection Configuration window will appear to let you specify which ki...

Page 14: ...on if ISP provides a fixed IP to you when you subscribe the service Usually is more expensive but very important for cooperate requirement Dynamic IP The assigned IP address for the WAN by a DHCP server is different every time It is cheaper and usually for consumer use PPP over Ethernet As known as PPPoE This WAN type is widely used for ADSL connection IP is usually different for every dial up PPT...

Page 15: ...figuration Item Value setting Description Host Name An optional setting Enter the host name provided by your Service Provider ISP Registered MAC Address An optional setting Enter the MAC address that you have registered with your service provider Or Click the Clone button to clone your PC s MAC to this field Usually this is the PC s MAC address assigned to allow you to connect to Internet WAN Type...

Page 16: ...by your Service Provider WAN Gateway A Must filled setting Enter the WAN gateway IP address given by your Service Provider Primary DNS A Must filled setting Enter the primary WAN DNS IP address given by your Service Provider Secondary DNS An optional setting Enter the secondary WAN DNS IP address given by your Service Provider WAN Type PPPoE When you select it PPPoE WAN Type Configuration will app...

Page 17: ...PPTP WAN Type Configuration Item Value setting Description IP Mode A Must filled setting Select either Static or Dynamic IP address for PPTP Internet connection When Static IP Address is selected you will need to enter the WAN IP Address WAN Subnet Mask and WAN Gateway WAN IP Address A Must filled setting Enter the WAN IP address given by your Service Provider WAN Subnet Mask A Must filled setting...

Page 18: ...cted you will need to enter the WAN IP Address WAN Subnet Mask and WAN Gateway WAN IP Address A Must filled setting Enter the WAN IP address given by your Service Provider WAN Subnet Mask A Must filled setting Enter the WAN subnet mask given by your Service Provider WAN Gateway A Must filled setting Enter the WAN gateway IP address given by your Service Provider When Dynamic IP is selected there a...

Page 19: ...nable to enable MPPE Microsoft Point to Point Encryption security for PPTP connection Ethernet Connection Common Configuration There are some important parameters to be set up no matter which Ethernet WAN type is selected You should follow up the rule to configure Connection Control Auto reconnect This gateway will establish Internet connection automatically once it has been booted up and try to r...

Page 20: ... Manually This gateway won t start to establish WAN connection until you press Connect button on web UI After normal data transferring between LAN and WAN sides this gateway will disconnect WAN connection if idle time reaches value of Maximum Idle Time Please be noted if the WAN interface serves as the primary one for another WAN interface in Failover role the Connection Control parameter will not...

Page 21: ... will be start again Set up Ethernet Common Configuration Ethernet WAN Common Configuration Item Value setting Description Connection Control A Must filled setting There are three connection modes Auto reconnect enables the router to always keep the Internet connection on Connect on demand enables the router to automatically re establish Internet connection as soon as user attempts to access the I...

Page 22: ...ing Check allows the router to ignore unreturned DNS Queries or ICMP requests when WAN bandwidth is fully occupied This is to prevent false link down status Check Interval defines the transmitting interval between two DNS Query or ICMP checking packets Check Timeout defines the timeout of each DNS query ICMP Latency Threshold defines the tolerance threshold of responding time Fail Threshold specif...

Page 23: ... Fail Over For 3G 4G embedded device one embedded cellular module can create only one WAN interface This device has featured by using dual SIM cards for one module with special fail over mechanism It is called Dual SIM Failover This feature is useful for ISP switch over when location is changed Within Dual SIM Failover there are various usage scenarios including SIM A First SIM B First with Failba...

Page 24: ...ck to use original SIM card except current SIM connection is also broken That is SIM A and SIM B are used iteratively but either one will keep being used for data transfer when current connection is still alive SIM A SIM B first with Failback enable With Failback option enabled SIM A First scenario is used to connect when the connection is broken gateway system will switch to use SIM B And when SI...

Page 25: ...n periodically Note_1 For the product with single SIM design only SIM A Only option is available Note_2 Failback is available only when SIM A First or SIM B First is selected Auto Flight Mode The box is unchecked by default Check the Enable box to activate the function By default if you disabled the Auto Flight Mode the cellular module will always occupy a physical channel with cellular tower It c...

Page 26: ...ted otherwise it only pops out one of them Connection with SIM A B Card Item Value setting Description Network Type 1 A Must filled setting 2 By default Auto is selected Select Auto to register a network automatically regardless of the network type Select 2G Only to register the 2G network only Select 2G Prefer to register the 2G network first if it is available Select 3G only to register the 3G n...

Page 27: ...ification Number code if it needs to unlock your SIM card Dial Number Account Password 1 An Optional setting 2 String format any text Enter the optional Dial Number Account and Password settings if your ISP provided such settings to you Note These settings are only displayed when Manual configuration is selected Authentication 1 A Must filled setting 2 By default Auto is selected Select PAP Passwo...

Page 28: ... Profile as APN Profile List When Add button is applied an APN Profile Configuration screen will appear SIM A B APN Profile Configuration Item Value setting Description Profile Name 1 By default Profile x is listed 2 String format any text Enter the profile name you want to describe for this profile APN String format any text Enter the APN you want to use to establish the connection IP Type 1 A Mu...

Page 29: ...ge common configurations for 3G 4G WAN 3G 4G Connection Common Configuration Item Value setting Description Connection Control By default Auto reconnect is selected When Auto reconnect is selected it means it will try to keep the Internet connection on all the time whenever the physical link is connected When Connect on demand is selected it means the Internet connection will be established only w...

Page 30: ...ission Value Range 1200 1500 IP Pass through Cellular Bridge 1 The box is unchecked by default 2 String format for Fixed MAC MAC address e g 00 50 18 aa bb cc When Enable box is checked it means the device will directly assign the WAN IP to the first connected local LAN client However when an optional Fixed MAC is filled in a non zero value it means only the client with this MAC address can get th...

Page 31: ...al between two DNS Query or ICMP checking packets Latency Threshold 1 A Must filled setting 2 By default 3000 ms is filled in Latency Threshold defines the tolerance threshold of responding time Fail Threshold 1 A Must filled setting 2 By default 10 times is filled in Fail Threshold specifies the detected disconnection before the router recognize the WAN link down status Enter a number of detectin...

Page 32: ...eless network you can setup a WiFi Uplink connection by using the router device This router can support 802 11n g b data connection and it can connect to a wireless network access point under the regular infrastructure mode Configure WiFi Uplink Setting When Edit button is applied Internet Connection Configuration screen will appear WAN 2 interface is used in this example Internet Connection Confi...

Page 33: ...reyed out from selection When NAT Disable is selected the NAT function is deactivated on the Wireless Uplink connection and it can function as a router with manually configured routing setting IP Mode 1 A Must filled setting 2 Dynamic IP is selected by default Specify the IP mode for the wireless uplink Interface It can be Dynamic IP or Static IP When Dynamic IP is selected the device will request...

Page 34: ...ctivate the function Enable Loading Check allows the gateway to ignore unreturned DNS Queries or ICMP requests when WAN bandwidth is fully occupied This is to prevent false link down status Latency Threshold defines the tolerance threshold of responding time Fail Threshold specifies the detected disconnection before the router recognize the WAN link down status Enter a number of detecting disconne...

Page 35: ...e disconnection is acknowledged Fail Threshold specifies the detected disconnection before the router recognize the WAN link down status Value Range 1 10 Target 1 1 An Optional setting 2 DNS1 is selected by default Target1 DNS1 set by default specifies the first target of sending DNS query ICMP request DNS1 set the primary DNS to be the target DNS2 set the secondary DNS to be the target Gateway se...

Page 36: ... setting Description IP Mode N A It shows the LAN IP mode for the router according the related configuration Static IP If there is at least one WAN interface activated the LAN IP mode is fixed in Static IP mode Dynamic IP If all the available WAN interfaces are disabled the LAN IP mode can be Dynamic IP mode LAN IP Address 1 A Must filled setting 2 192 168 1 1 is set by default Enter the local IP ...

Page 37: ... save the configuration Undo N A Click the Undo button to restore what you just configured back to the previous setting Create Edit Additional IP This router provides the LAN IP alias function for some special management consideration You can add additional LAN IP for this router and access to this router with the additional IP When Add button is applied Additional IP Configuration screen will app...

Page 38: ...nt for some application scenario For example there are various departments within SMB All client hosts in the same department should own common access privilege and QoS property You can assign departments either by port based VLAN or tag based VLAN as a group and then configure it by your plan In some cases ISP may need router to support VLAN tag for certain kinds of services e g IPTV You can grou...

Page 39: ...Wireless Gateway administrator can configure Lobby Meeting Room segment with VLAN ID 3 The VLAN group includes Port 3 and VAP 8 SSID Guest with NAT mode and DHCP 3 server equipped He also configure Office segment with VLAN ID 2 The VLAN group includes Port 2 and VAP 1 SSID Staff with NAT mode and DHCP 2 server equipped At last administrator also configure Data Center segment with VLAN ID 1 The VLA...

Page 40: ...d a VLAN Trunk The VLAN Trunk collects all packet flows with different VLAN IDs from Router device and delivers them in the Intranet VLAN membership in a tagged VLAN is determined by VLAN ID information within the packet frames that are received on a port Administrator can further use a VLAN switch to separate the VLAN trunk to different groups based on VLAN ID Following is an example For example ...

Page 41: ...ify members of one VLAN group to be able to access Internet or not Following is an example that VLAN groups of VID is 2 and 3 can access Internet but the one with VID is 1 cannot access Internet That is visitors in meeting room and staffs in office network can access Internet But the computers servers in data center cannot access Internet since security consideration Servers in data center only fo...

Page 42: ...unication pair and one VLAN group can join many communication pairs But communication pair doesn t have the transitive property That is A can communicate with B and B can communicate with C it doesn t imply that A can communicate with C An example is shown at following diagram VLAN groups of VID is 1 and 2 can access each other but the ones between VID 1 and VID 3 and between VID 2 and VID 3 can t...

Page 43: ...onfiguration Item Value setting Description VLAN Type Port based is selected by default Select the VLAN type that you want to adopt for organizing your local subnets Port based Port based VLAN allows you to add rule for each LAN port and you can do advanced control with its VLAN ID Tag based Tag based VLAN allows you to add VLAN ID and select member and DHCP Server for this VLAN ID Go to Tag based...

Page 44: ...les The port based VLAN allows you to custom each LAN port There is a default rule shows the configuration of all LAN ports Also if your device has a DMZ port you will see DMZ configuration too The maxima rule numbers is based on LAN port numbers When Add button is applied Port based VLAN Configuration screen will appear which is including 3 sections Port based VLAN Configuration IP Fixed Mapping ...

Page 45: ...ICR 1601 45 Port based VLAN Configuration ...

Page 46: ...y default Define the DHCP Server type There are three types you can select Server Relay and Disable Relay Select Relay to enable DHCP Relay function for the VLAN group and you only need to fill the DHCP Server IP Address field Server Select Server to enable DHCP Server function for the VLAN group and you need to specify the DHCP Server settings Disable Select Disable to disable the DHCP Server fun...

Page 47: ...ration Item Value setting Description MAC Address A Must filled setting Define the MAC Address target that the DHCP Server wants to match IP Address A Must filled setting Define the IP Address that the DHCP Server will assign If there is a request from the MAC Address filled in the above field the DHCP Server will assign this IP Address to the client whose MAC Address matched the rule Enable The b...

Page 48: ...sed VLAN Inter VLAN Group Routing Click VLAN Group Routing button the VLAN Group Internet Access Definition and Inter VLAN Group Routing screen will appear When Edit button is applied a screen similar to this will appear ...

Page 49: ... enable the Inter VLAN access function By default members in different VLAN IDs can t access each other The gateway supports up to 4 rules for Inter VLAN Group Routing For example if ID_1 and ID_2 are checked it means members in VLAN ID_1 can access members of VLAN ID_2 and vice versa Save N A Click the Save button to save the configuration Tag based VLAN Create Edit VLAN Rules The Tag based VLAN ...

Page 50: ...fault Check the LAN port box es to join the VLAN group VAP The box is unchecked by default Check the VAP box es to join the VLAN group Note Only the wireless gateway has the VAP list DHCP Server DHCP 1 is selected by default Select a DHCP Server to these members of this VLAN group To create or edit DHCP server for VLAN refer to Basic Network LAN VLAN DHCP Server Save N A Click Save button to save ...

Page 51: ...r LAN interface with its default Subnet Mask setting as 255 255 255 0 and its default IP Pool ranges is from 100 to 200 as shown at the DHCP Server List page on router s WEB UI User can add more DHCP server configurations by clicking on the Add button behind DHCP Server List or clicking on the Edit button at the end of each DHCP Server on list to edit its current settings Besides user can select a...

Page 52: ...rver Setting Go to Basic Network LAN VLAN DHCP Server Tab The DHCP Server setting allows user to create and customize DHCP Server policies to assign IP Addresses to the devices on the local area network LAN Create Edit DHCP Server Policy The router allows you to custom your DHCP Server Policy If multiple LAN ports are available you can define one policy for each LAN or VLAN group and it supports u...

Page 53: ... DHCP Server IP Pool 1 IPv4 format 2 A Must filled setting The IP Pool of this DHCP Server It composed of Starting Address entered in this field and Ending Address entered in this field Lease Time 1 Numeric string format 2 A Must filled setting The Lease Time of this DHCP Server Value Range 300 604800 seconds Domain Name String format can be any text The Domain Name of this DHCP Server Primary DNS...

Page 54: ...CP Server It supports up to a maximum of 64 rule sets When Fix Mapping button is applied the Mapping Rule List screen will appear When Add button is applied Mapping Rule Configuration screen will appear Mapping Rule Configuration Item Value setting Description MAC Address 1 MAC Address string format 2 A Must filled setting The MAC Address of this mapping rule IP Address 1 IPv4 format 2 A Must fill...

Page 55: ...rver Options The DHCP Server Options setting allows user to set DHCP OPTIONS 66 72 or 114 Click the Enable button to activate the DHCP option function and the DHCP Server will add the expected options in its sending out DHCPOFFER DHCPACK packages Option Meaning RFC 66 TFTP server name RFC 2132 72 Default World Wide Web Server RFC 2132 114 URL RFC 3679 Create Edit DHCP Server Options The router sup...

Page 56: ... for www Option 144 for url Type Dropdown list of DHCP server option value s type Each different options has different value types 66 Single IP Address Single FQDN 72 IP Addresses List separated by 114 Single URL 42 IP Addresses List separated by 150 IP Addresses List separated by 160 Single IP Address Single FQDN Value 1 IPv4 format 2 FQDN format 3 IP list 4 URL format 5 A Must filled setting Sho...

Page 57: ...terface for the dropdown list to apply with the DHCP Relay function WAN Interface 1 A Must filled setting 2 WAN 1 is selected by default Choose a WAN Interface for the dropdown list to apply with the DHCP Relay function It can be the available WAN interface s and L2TP connection Server IP 1 A Must filled setting 2 null by default Assign a DHCP Server IP Address that the gateway will relay the DHCP...

Page 58: ...veral wireless operation modes provided by this device They are AP Router Mode WDS Only Mode and WDS Hybrid Mode You can choose the expected mode from the wireless operation mode list There are some sub sections for you to configure the WiFi function including Basic Configuration and Advanced Configuration In Basic Configuration section you have to finish almost all the settings for using the WiFi...

Page 59: ...fy the operation mode and then setup the virtual APs for wireless access Hereunder are the scenarios for each wireless operation mode you can get how it works and what is the difference among them To connect your wireless devices with the wireless gateway make sure your application scenario for WiFi network and choose the most adequate operation mode ...

Page 60: ...gateways as a WiFi repeater chain with all gateways setup as WDS Only mode All gateways can communicate with each other through WiFi All wired client hosts within each gateway can also communicate each other in the scenario Only one gateway within repeater chain can be DHCP server to provide IP for all wired client hosts of every gateway which being disabled DHCP server This router can be NAT rout...

Page 61: ...ateways and AP are under WDS hybrid mode To setup WDS hybrid mode it need to fill all configuration items similar to that of AP router and WDS modes Multiple VAPs VAP Virtual Access Point is function to partition wireless network into multiple broadcast domains It can simulate multiple APs in one physical AP This wireless gateway supports up to 2 VAPs For each VAP you need to setup SSID authentica...

Page 62: ...s established WiFi Configuration Setting The WiFi configuration allows user to configure 2 4GHz WiFi settings Go to Basic Network WiFi WiFi Module One Tab If the gateway is equipped with two WiFi modules there will be another WiFi Module Two You can do the similar configurations on both WiFi modules Basic Configuration Basic Configuration Item Value setting Description Operation Band A Must filled...

Page 63: ... be selected according to interference The lower the better WiFi System A Must filled setting Specify the preferred WiFi System The dropdown list of WiFi system is based on IEEE 802 11 standard 2 4G WiFi can select b g and n only or mixed with each other WiFi Operation Mode Specify the WiFi Operation Mode according to your application Go to the following table for AP Router Mode WDS Only Mode and ...

Page 64: ...hedule is pre configured Refer to Object Definition Scheduling Configuration tab By default VAP 1 is enabled and security key is required to connect to the gateway wirelessly to enhance the security level and prevent unexpected access of un authorized devices The default WiFi key is printed on both the device label and the Security Card It is created randomly and differs from devices So you can co...

Page 65: ...upported Client stations should provide the key when associate with this device When Open is selected The check box named 802 1x shows up next to the dropdown list 802 1x The box is unchecked by default When 802 1x is enabled it means the client stations will be authenticated by RADIUS server RADIUS Server IP The default IP is 0 0 0 0 RADIUS Server Port The default value is 1812 RADIUS Shared Key ...

Page 66: ...t and you have to select one as current key The key type can set to HEX or ASCII If HEX is selected the key should consist of 0 to 9 and A to F If ASCII is selected the key should consist of ASCII table TKIP TKIP was proposed instead of WEP without upgrading hardware Enter a Pre shared Key for it The length of key is from 8 to 63 characters AES The newest encryption system in WiFi it also designed...

Page 67: ... Green AP function Time Schedule A Must filled setting Apply a specific Time Schedule to this rule otherwise leave it as 0 Always If the dropdown list is empty ensure Time Schedule is pre configured Refer to Object Definition Scheduling Configuration tab Scan Remote AP s MAC List N A Press the Scan button to scan the spatial AP information and then select one from the AP list the MAC of selected A...

Page 68: ...at you have to change the security key to an easy to remember one by clicking the Edit button Under WDS Only mode only VAP1 is available for further specifying the required authentication and Encryption settings Click Edit button in the VAP List screen and a VAP Configuration screen will appear for you to configure the required settings For the detail description about VAP configuration please ref...

Page 69: ...that stations which associated to different VAPs cannot communicate with each other Time Schedule A Must filled setting Apply a specific Time Schedule to this rule otherwise leave it as 0 Always If the dropdown list is empty ensure Time Schedule is pre configured Refer to Object Definition Scheduling Configuration tab Scan Remote AP s MAC List Available when Lazy Mode disabled Press the Scan butto...

Page 70: ...ever it is strongly recommended that you have to change the security key to an easy to remember one by clicking the Edit button Under WDS Hybrid mode the VAP function is available and you can further specifying the required VAP settings for connecting with wireless client devices Click Add Edit button in the VAP List screen to create or edit the settings for a VAP A VAP Configuration screen will a...

Page 71: ... WiFi Wireless Client List Tab Select Target WiFi Target Configuration Item Value setting Description Operation Band A Must filled setting Specify the intended operation band for the WiFi module Basically this setting is fixed and cannot be changed once the module is integrated into the product However there is some module with selectable band for user to choose according to his network environmen...

Page 72: ... of client Mode N A It shows what kind of Wi Fi system the client used to associate with this device Rate N A It shows the data rate between client and this device RSSI0 RSSI1 N A It shows the RX sensitivity RSSI value for each radio path Signal N A The signal strength between client and this device Interface N A It shows the VAP ID that the client associated with Refresh N A Click the Refresh but...

Page 73: ...the Regulatory Domain Beacon Interval 100 It shows the time interval between each beacon packet broadcasted The beacon packet contains SSID Channel ID and Security setting DTIM Interval 3 A DTIM Delivery Traffic Indication Message is a countdown informing clients of the next window for listening to broadcast message When the device has buffered broadcast message for associated client it sends the ...

Page 74: ...o button to restore configuration to previous setting before saving 2 3 4 Uplink Profile This device provides WiFi Uplink function for connecting to a wireless access point just like connected to a wired WAN or cellular WAN connection It can operate as a NAT gateway and link the devices wirelessly to the uplink network or hosts To connect to the wireless access point user has to enable the wireles...

Page 75: ...al Strength is selected the router will try to connect to the available uplink network whose wireless signal strength is the strongest When By User defined is selected the router will try to connect to the available uplink network whose priority is the highest 1 is the highest priority and 16 is the lowest priority Note to apply the defined Uplink profile s for the router to find a best fit profil...

Page 76: ... 1 A Must filled setting 2 Auto is selected by default Select a radio channel for the VAP Each channel is corresponding to different radio band The permissible channels depend on the Regulatory Domain There are two available options when Auto is selected By AP Numbers The channel will be selected according to AP numbers The less the better By Less Interference The channel will be selected accordin...

Page 77: ...mmended to use AES encryption instead of any others for security MAC Address 1 MAC Address string Format 2 A Must fill setting Specify the MAC Address of the access point with the Network ID to be connected to Priority 1 An Optional filled setting 2 16 is set by default Specify a priority setting for the uplink profile when the By User defined methodology is selected The priority value can be 1 16...

Page 78: ... Once you selected an AP from the AP list the channel SSID Authentication Encryption and MAC address will be automatically filled into the profile you just have to enter a key for the uplink connection if required ...

Page 79: ...formation GPGGA 123519 4807 038 N 01131 000 E 1 08 0 9 545 4 M 46 9 M 47 GLL Lat Lon Data GPGLL 4916 45 N 12311 12 W 225444 A 1D GSA Overall Satellite Data GPGSA A 3 04 05 09 12 24 2 5 1 3 2 1 39 GSV Detailed Satellite Data GPGSV 2 1 08 01 40 083 46 02 17 308 41 12 07 344 39 14 22 228 45 75 RMC Recommended Minimum Data GPRMC 123519 A 4807 038 N 01131 000 E 022 4 084 4 230394 003 1 W 6A VTG Vector ...

Page 80: ...his trucks in real time He also likes to know where his trucks have been passed through with time information In his operation office there is a server IP 100 100 100 1 which can interpret NMEA RMC data format and shows truck s location and track on map This server is listening on TCP port 888 to receive NMEA RMC packet from trucks IMEI number will be added before NMEA RMC data for identification ...

Page 81: ...cification You may not see all of these four options if your product doesn t support all of them GNSS Message Types These box is unchecked by default Select one or more GNSS Message Types that you want to use for transmitting or recording GPS data There are many sentences in the NMEA standard for selecting GGA GLL GSA GSV RMC and VTG ALL Other includes DTM GNS GRS GST ZDA and GBS sentences Only se...

Page 82: ...to store Split Enable Check Enable box to activate file splitting function Split Size Unit Define file size and unit for log file By default 200 KB is defined Value Range 10KB Minimum file size is 10 KB Download log file Select a log file and Click Download log file to download through Web GUI If the log format which is specified to download is GPX we will convert standard GPX format for used Save...

Page 83: ...Range 1 65535 Interval s A Must filled setting Specify the time interval seconds between two NMEA packets Value Range 1 255 seconds Prefix Message String format any text Specify optional prefix string with specific information if your backend server can recognize For example you can input the IMEI code of this device here and then your backend server can recognize this GPS data is sent from this d...

Page 84: ...It simplifies aspects of address assignment stateless address auto configuration network renumbering and router announcements when changing Internet connectivity providers 2 5 1 IPv6 Configuration The IPv6 Configuration setting allows user to set the IPv6 connection type to access the IPv6 network This router supports various types of IPv6 connection including Static IPv6 DHCPv6 and PPPoEv6 Note F...

Page 85: ...HCP in IPv6 does the same function as DHCP in IPv4 The DHCP server sends IP address DNS server addresses and other possible data to the DHCP client to configure automatically The server also sends a lease time of the address and time to re contact the server for IPv6 address renewal The client has then to resend a request to renew the IPv6 address Above diagram depicts DHCP IPv6 IP addressing the ...

Page 86: ...IP address DNS server addresses and other required parameters to automatically configure the client The diagram above depicts the IPv6 addressing through PPPoE PPPoEv6 server DSLAM on the ISP side provides IPv6 configuration upon receiving PPPoEv6 client request When PPPoEv6 server gets client request and successfully authenticates it the server sends IP address DNS server addresses and other requ...

Page 87: ...ed setting Define the selected IPv6 WAN Connection Type to establish the IPv6 connectivity For this product only IPv6 is supported DHCPv6 WAN Type Configuration DHCPv6 WAN Type Configuration Item Value setting Description DNS The option From Server is selected by default Select the Specific DNS option to active Primary DNS and Secondary DNS Then fill the DNS information Primary DNS Cannot modified...

Page 88: ...t button to reboot the router Address Auto configuration Address Auto configuration Item Value setting Description Auto configuration The box is unchecked by default Check to enable the Auto configuration feature Auto configuration Type 1 Only can be selected when Auto configuration enabled 2 Stateless is selected by default Define the selected IPv6 WAN Connection Type to establish the IPv6 connec...

Page 89: ...Configuration page Usually all local hosts or servers behind corporate router are protected by NAT firewall NAT firewall will filter out unrecognized packets to protect your Intranet So all local hosts are invisible to the outside world Port forwarding or port mapping is function that redirects a communication request from one address and port number combination to assigned one This technique is m...

Page 90: ...r side are you in accessing the email server at the LAN side or at the WAN side you don t need to change the IP address of the mail server Configuration Setting Go to Basic Network Port Forwarding Configuration tab The NAT Loopback allows user to access the WAN IP address from inside your local network Enable NAT Loopback Configuration Item Value setting Description NAT Loopback The box is checked...

Page 91: ...hind office router You can set up those servers by using Virtual Server feature After trip if want to access those servers from LAN side by global IP without change original setting NAT Loopback can achieve it Virtual computer is a host behind NAT router whose IP address is a global one and is visible to the outside world Since it is behind NAT it is protected by router firewall To configure Virtu...

Page 92: ... to access the WAN global IP address from your inside NAT local network It is useful when you run a server inside your network For example if you set a mail server at LAN side your local devices can access this mail server through gateway s global IP address when enable NAT loopback feature On either side are you in accessing the email server at the LAN side or at the WAN side you don t need to ch...

Page 93: ...activate this port forwarding function Virtual Computer The box is checked by default Check the Enable box to activate this port forwarding function Save N A Click the Save button to save the settings Undo N A Click the Undo button to cancel the settings Create Edit Virtual Server The router allows you to custom your Virtual Server rules It supports up to a maximum of 20 rule based Virtual Server ...

Page 94: ... in the WAN Interface setting above Protocol Public Port Private Port A Must filled setting When ICMPv4 is selected It means the option Protocol of packet filter rule is ICMPv4 Apply Time Schedule to this rule otherwise leave it as Always refer to Scheduling setting under Object Definition Then check Enable box to enable this rule When TCP is selected It means the option Protocol of packet filter ...

Page 95: ... selected Port Range and specify a port range and Private Port can be selected Single Port or Port Range Value Range 1 65535 for Public Port Private Port When GRE is selected It means the option Protocol of packet filter rule is GRE When ESP is selected It means the option Protocol of packet filter rule is ESP When SCTP is selected It means the option Protocol of packet filter rule is SCTP When Us...

Page 96: ...re service ports to be allowed for passing through the NAT gateway The Special AP application feature in the gateway can solve this problem That is some applications require multiple connections like Internet games Video conferencing Internet telephony etc Because of the firewall function these applications cannot work with a pure NAT gateway The Special AP feature allows some of these application...

Page 97: ...er Port and then incoming data packet from remote application server will pass through incoming port 6970 6999 SIP ALG This gateway supports the SIP ALG feature to allow one SIP phone behind the NAT gateway can call another SIP phone in the Internet even the gateway executes its NAT mechanism between the Intranet and the Internet The NAT gateway monitors the control traffic and open up port mappin...

Page 98: ...ecognized the traffic from SIP Phone 2 is part of the connection sessions with SIP Phone 1 Special AP ALG Setting Go to Basic Network Port Forwarding Special AP ALG tab The Special AP setting allows some applications require multiple connections The ALG setting allows user to Support some SIP ALG like STUN Enable Special AP ALG Configuration Item Value setting Description Special AP The box is che...

Page 99: ...e dropdown list the corresponding trigger port s and incoming ports will be defined automatically Value Range 1 65535 Incoming Ports 1 A Must filled setting Enter the expected Incoming ports if User defined is selected in the Trigger Port dropdown list If you select other popular application from the dropdown list the corresponding incoming ports will be defined automatically Value Range 1 65535 I...

Page 100: ...t expected to receive by applications in the router or by other client hosts in the Intranet Certainly the DMZ host is also protected by the router firewall Activate the feature and specify the DMZ host with a host in the Intranet when needed DMZ Scenario When the network administrator wants to set up some service daemons in a host behind NAT gateway to allow remote users request for services from...

Page 101: ...Pass Through tab The DMZ host is a host that is exposed to the Internet cyberspace but still within the protection of firewall by router device Enable DMZ and Pass Through Configuration Item Value setting Description DMZ 1 A Must filled setting 2 Default is ALL Check the Enable box to activate the DMZ function Define the selected interface to be the packet entering interface of the router and fill...

Page 102: ...uch as the Internet by using packet switching technology The routing process usually directs forwarding on the basis of routing tables which maintain a record of the routes to various network destinations Thus constructing routing tables which are held in the router s memory is very important for efficient routing Most routing algorithms use only one network path at a time The routing tables recor...

Page 103: ...ckets to be transferred via which gateway interface and which peer gateway to their destination It can be carried out by the Static Routing feature Dedicated packet flows from the Intranet will be routed to their destination via the pre defined peer gateway and corresponding gateway interface that are defined in the system routing table by manual As shown in the diagram when the destination is Goo...

Page 104: ...w will appear to let you define a static routing rule Enable Static Routing Just check the Enable box to activate the Static Routing feature Static Routing Item Value setting Description Static Routing The box is unchecked by default Check the Enable box to activate this function Create Edit Static Routing Rules The Static Routing Rule List shows the setup parameters of all static routing rule ent...

Page 105: ...nterface Auto is set by default Select the Interface of this static routing rule It can be Auto or the available WAN LAN interfaces Metric 1 Numeric String Format 2 A Must filled setting The Metric of this static routing rule Value Range 0 255 Rule The box is unchecked by default Click Enable box to activate this rule Save NA Click the Save button to save the configuration Undo NA Click the Undo b...

Page 106: ...e system in response to a change in network conditions This router supports dynamic routing protocols including RIPv1 RIPv2 Routing Information Protocol and OSPF Open Shortest Path First for you to establish routing table automatically The feature of dynamic routing will be very useful when there are lots of subnets in your network Generally speaking RIP is suitable for small network OSPF is more ...

Page 107: ...ortest Path First OSPF is a routing protocol that uses link state routing algorithm It is the most widely used interior gateway protocol IGP in large enterprise networks It gathers link state information from available routers and constructs a topology map of the network The topology is presented as a routing table which routes datagrams based solely on the destination IP address Network administr...

Page 108: ...ed individually The RIP Configuration window lets you choose which version of RIP protocol to be activated or disable it The OSPF Configuration window can let you activate the OSPF dynamic routing protocol and specify its backbone subnet Moreover the OSPF Area List window lists all defined areas in the OSPF network RIP Configuration The RIP configuration setting allows user to customize RIP protoc...

Page 109: ...is router on OSPF protocol Authentication None is set by default The Authentication method of this router on OSPF protocol Select None will disable Authentication on OSPF protocol Select Text will enable Text Authentication with entered the Key in this field on OSPF protocol Select MD5 will enable MD5 Authentication with entered the ID and Key in these fields on OSPF protocol Backbone Subnet 1 Cla...

Page 110: ...Configuration Item Value setting Description Area Subnet 1 Classless Inter Domain Routing CIDR Subnet Mask Notation Ex 192 168 1 0 24 2 A Must filled setting The Area Subnet of this router on OSPF Area List Area ID 1 IPv4 Format 2 A Must filled setting The Area ID of this router on OSPF Area List Area The box is unchecked by default Click Enable box to activate this rule Save N A Click the Save bu...

Page 111: ...uting Information Tab Routing Table Item Value setting Description Destination IP N A Routing record of Destination IP IPv4 Format Subnet Mask N A Routing record of Subnet Mask IPv4 Format Gateway IP N A Routing record of Gateway IP IPv4 Format Metric N A Routing record of Metric Numeric String Format Interface N A Routing record of Interface Type String Format ...

Page 112: ...current IP address which changes each time you connect your Internet service provider The Dynamic DNS service allows the gateway to alias a public dynamic IP address to a static domain name allowing the gateway to be more easily accessed from various locations on the Internet As shown in the diagram user registered a domain name to a third party DDNS service provider NO IP to use DDNS function Onc...

Page 113: ...Interface IP Address of the router Provider DynDNS org Dynamic is set by default Select your DDNS provider of Dynamic DNS It can be DynDNS org Dynamic DynDNS org Custom NO IP com etc Host Name 1 String format can be any text 2 A Must filled setting Your registered host name of Dynamic DNS Value Range 0 63 characters User Name E Mail 1 String format can be any text 2 A Must filled setting Enter you...

Page 114: ...ct Configuration Item Value setting Description DNS Redirect The box is unchecked by default Check the Enable box to activate this function Save N A Click Save to save the settings Undo N A Click Undo to cancel the settings If you enabled the DNS Redirect function you have to further specify the redirect rules According to the rules the router can redirect the traffic that matched the DNS to corre...

Page 115: ...tting 2 Always is selected by default Specify when the DNS redirect action can be applied It can be Always or WAN Block Always The DNS redirect function can be applied to the matched DNS all the time WAN Block The DNS redirect function can be applied to the matched DNS only when the WAN connection is disconnected or un reachable Description 1 String format can be any text 2 A Must filled setting E...

Page 116: ...on Item Value setting Description Add N A Click the Add button to configure time schedule rule Delete N A Click the Delete button to delete selected rule s When Add button is applied Time Schedule Configuration and Time Period Definition screens will appear Time Schedule Configuration Item Value Setting Description Rule Name String any text Set rule name Rule Policy Default Inactivate Inactivate a...

Page 117: ...t everyday or one of weekday Start Time Time format hh mm Start time in selected weekday End Time Time format hh mm End time in selected weekday Save N A Click Save to save the settings Undo N A Click Undo to cancel the settings Refresh N A Click the Refresh button to refresh the time schedule list ...

Page 118: ...2 External Server Go to Object Definition External Server External Server tab The External Server setting allows user to add external server When Add button is applied External Server Configuration screen will appear ...

Page 119: ...ween 1 and 15 Secondary Shared Key String format any text Authentication Protocol By default CHAP is selected Session Timeout By default 1 The values must be between 1 and 60 Idle Timeout By default 1 The values must be between 1 and 15 Server IP FQDN A Must filled setting Specify the IP address or FQDN used for the external server Server Port A Must filled setting Specify the Port used for the ex...

Page 120: ...ole Certificates are an important component of Transport Layer Security TLS sometimes called by its older name SSL where they prevent an attacker from impersonating a secure website or other server They are also used in other important applications such as email encryption and code signing Here it can be used in IPSec tunneling for user authentication 3 3 1 My Certificate My Certificate includes a...

Page 121: ...l client hosts in these both subnets can communicate with each other Parameter Setup Example For Network A at HQ Following tables list the parameter configuration as an example for the My Certificate function used in the user authentication of IPSec VPN tunnel establishing as shown in above diagram The configuration example must be combined with the ones in following two sections to complete the w...

Page 122: ...Sec IKE Phase Negotiation Mode Main Mode X Auth None For Network B at Branch Office Following tables list the parameter configuration as an example for the My Certificate function used in the user authentication of IPSec VPN tunnel establishing as shown in above diagram The configuration example must be combined with the ones in following two sections to complete the whole user scenario Use defaul...

Page 123: ...B in branch office and the subnet of its Intranet is 10 0 75 0 24 It has the IP address of 10 0 75 2 for LAN interface and 118 18 81 33 for WAN 1 interface They both serve as the NAT security gateways Gateway 1 generates the root CA and a local certificate HQCRT that is signed by itself Import the certificates of the root CA and HQCRT into the Trusted CA Certificate List and Trusted Client Certifi...

Page 124: ... or CSRs for representing the gateway The Local Certificate Configuration window can let you fill required information necessary for corresponding certificate to be generated by itself or corresponding CSR to be signed by other CAs Create Local Certificate When Add button is applied Local Certificate Configuration screen will appear The required information to be filled for the certificate or CSR ...

Page 125: ...ntry C is the two letter ISO code for the country where your organization is located State ST is the state where your organization is located Location L is the location where your organization is located Organization O is the name of your organization Organization Unit OU is the name of your organization unit Common Name CN is the name of your organization Email is the email of your organization I...

Page 126: ...e Apply button to import the specified certificate to the router Apply N A Click the Apply button to import the certificate Cancel N A Click the Cancel button to discard the import operation and the screen will return to the My Certificates page 3 3 2 Trusted Certificate Trusted Certificate includes Trusted CA Certificate List Trusted Client Certificate List and Trusted Client Key List The Trusted...

Page 127: ...tificate into the Gateway 2 as a local certificate In addition also imports the certificates of the root CA of Gateway 1 into the Gateway 2 as the trusted ones Please also refer to My Certificate and Issue Certificate sections Establish an IPSec VPN tunnel with IKE and X 509 protocols by starting from either peer so that all client hosts in these both subnets can communicate with each other Parame...

Page 128: ...headquarters and the subnet of its Intranet is 10 0 76 0 24 It has the IP address of 10 0 76 2 for LAN interface and 203 95 80 22 for WAN 1 interface The Gateway 2 is the gateway of Network B in branch office and the subnet of its Intranet is 10 0 75 0 24 It has the IP address of 10 0 75 2 for LAN interface and 118 18 81 33 for WAN 1 interface They both serve as the NAT security gateways In Gatewa...

Page 129: ...Description Import from a File A Must filled setting Select a CA certificate file from user s computer and click the Apply button to import the specified CA certificate file to the router Import from a PEM 1 String format can be any text 2 A Must filled setting This is an alternative approach to import a CA certificate You can directly fill in Copy and Paste the PEM encoded CA certificate string a...

Page 130: ...ertificate file from user s computer and click the Apply button to import the specified certificate file to the router Import from a PEM 1 String format can be any text 2 A Must filled setting This is an alternative approach to import a certificate You can directly fill in Copy and Paste the PEM encoded certificate string and click the Apply button to import the specified certificate to the router...

Page 131: ...mputer and click the Apply button to import the specified key file to the router Import from a PEM 1 String format can be any text 2 A Must filled setting This is an alternative approach to import a certificate key You can directly fill in Copy and Paste the PEM encoded certificate key string and click the Apply button to import the specified certificate key to the router Apply N A Click the Apply...

Page 132: ...int to point connection through the use of dedicated connections encryption or a combination of the two The tunnel technology supports data confidentiality data origin authentication and data integrity of network information by utilizing encapsulation protocols encryption algorithms and hashing algorithms The product series supports different tunneling technologies to establish secure tunnels betw...

Page 133: ...ent as the initiator and the IPSec VPN server as the responder This router can be configured as different roles and establish number of tunnels with various remote devices Before going to setup the VPN connections you may need to decide the scenario type for the tunneling IPSec Tunnel Scenarios To build IPSec tunnel you need to fill in remote gateway global IP and optional subnet if the hosts behi...

Page 134: ...outed via this IPSec tunnel including HQ server access and Internet access you can just enable the Full Tunnel setting As a result every time users surfs web or searching data on Internet checking personal emails or HQ server access all traffics will go through the secure IPSec tunnel and route by the Security Gateway in control center Site to Site with Hub and Spoke mechanism For a control center...

Page 135: ...roduct specification The specified value will limit the maximum number of simultaneous IPSec tunnel connection The default value can be different for the purchased model Save N A Click Save to save the settings Undo N A Click Undo to cancel the settings Create Edit IPSec tunnel Ensure that the IPSec enable box is checked to enable before further configuring the IPSec tunnel settings When Add Edit ...

Page 136: ...ed only Host to Host scenario is available With Site to Site or Site to Host or Host to Site IPSec operates in tunnel mode The difference among them is the number of subnets With Host to Host IPSec operates in transport mode Tunnel TCP MSS 1 An optional setting 2 Auto is set by default Select from the dropdown box to define the size of Tunnel TCP MSS Select Auto and all devices will adjust this pa...

Page 137: ...Local Subnet List A Must fill setting Specify the Local Subnet IP address and Subnet Mask Click the Add or Delete button to add or delete a Local Subnet Note_1 When Host to Site or Host to Host option in Tunnel Scenario is selected Local Subnet will not be available Note_2 When Hub and Spoke option in Hub and Spoke is selected there will be only one subnet available Redirect Traffic Unchecked by d...

Page 138: ...een configured properly Refer to Certificate section of this manual and also Object Definition Certificate in web based utility Manually user needs to enter key ID to authenticate Manual key configuration will be explained in the following Manual Key Management section Local ID An optional setting Specify the Local ID for this IPSec tunnel to authenticate Select User Name for Local ID and enter th...

Page 139: ...unnel Select Server Client or None Selected None no X Auth authentication is required Selected Server this gateway will be an X Auth server Click on the X Auth Account button to create remote X Auth client account Selected Client this gateway will be an X Auth client Enter User name and Password to be authenticated by the X Auth server gateway Dead Peer Detection DPD 1 Checked by default 2 Default...

Page 140: ... 256 Specify the Authentication method It can be None MD5 SHA1 SHA2 256 Specify the DH Group It can be None Group1 Group2 Group5 Group14 Group15 Group16 Group17 Group18 Check Enable box to enable this setting IPSec Phase Window Item Value setting Description Phase2 Key Life Time 1 A Must fill setting 2 28800s is set by default 3 Max 86400s Specify the Phase2 Key Life Time in second Value Range 30 ...

Page 141: ...rotocol is set as ESP they are not available for AH Encapsulation Specify the PFS Group It can be None Group1 Group2 Group5 Group14 Group15 Group16 Group17 Group18 Click Enable to enable this setting Save N A Click Save to save the settings Undo N A Click Undo to cancel the settings Back N A Click Back to return to the previous page Manual Key Management When the Manually option is selected for Ke...

Page 142: ... Select Key ID for Remote ID and enter the Key ID English alphabet or number Local Remote Configuration Window Item Value setting Description Local Subnet A Must fill setting Specify the Local Subnet IP address and Subnet Mask Local Netmask A Must fill setting Specify the Local Subnet Mask Remote Subnet A Must fill setting Specify the Remote Subnet IP address Remote Netmask A Must fill setting Spe...

Page 143: ...e key length for DES is 16 3DES is 48 AES 128 is 32 AES 192 is 48 and AES 256 is 64 Note When AH option in Encapsulation is selected encryption will not be available Authentication 1 A Must fill setting 2 Hexadecimal format Specify the Authentication Method and Authentication key Available encryptions are None MD5 SHA1 SHA2 256 The key length for MD5 is 32 SHA1 is 40 and SHA2 256 is 64 Note When A...

Page 144: ...arry any type of Ethernet traffic In addition to configuring the device as a Server or Client you have to specify which type of OpenVPN connection scenario is to be adopted OpenVPN TUN Scenario The term TUN mode is referred to routing mode and operates with layer 3 packets In routing mode the VPN client is given an IP address on a different subnet than the local LAN under the OpenVPN server This v...

Page 145: ...access to the entire remote LAN for VPN client s you have to setup OpenVPN in TAP bridge mode As shown in the diagram the M2M IoT Gateway is configured as an OpenVPN TAP Client and connects to an OpenVPN TAP Server Once the OpenVPN TAP connection is established the connected TAP client will be assigned a virtual IP 192 168 100 210 which is the same subnet as that of local subnet in Control Center ...

Page 146: ...nly Client is available you can specify the client settings in another client configuration window As an OpenVPN Client If Client is selected an OpenVPN Client List screen will appear When Add button is applied OpenVPN Client Configuration screen will appear OpenVPN Client Configuration window let you specify the required parameters for an OpenVPN VPN client such as OpenVPN Client Name Interface P...

Page 147: ...selected Define the physical interface to be used for this OpenVPN Client tunnel Protocol 1 A Must filled setting 2 By default TCP is selected Define the Protocol for the OpenVPN Client Select TCP The OpenVPN will use TCP protocol and Port will be set as 443 automatically Select UDP The OpenVPN will use UDP protocol and Port will be set as 1194 automatically Port 1 A Must filled setting 2 By defau...

Page 148: ...CA Cert could be selected in Trusted CA Certificate List Refer to Object Definition Certificate Trusted Certificate Client Cert could be selected in Local Certificate List Refer to Object Definition Certificate My Certificate Client Key could be selected in Trusted Client key List Refer to Object Definition Certificate Trusted Certificate Static Key The OpenVPN will use static key authorization mo...

Page 149: ... the Persis Key function Persis Tun 1 An Optional setting 2 The box is checked by default Check the Enable box to activate the Persis Tun function Advanced Configuration N A Click the Edit button to specify the Advanced Configuration setting for the OpenVPN server If the button is clicked Advanced Configuration will be displayed below Tunnel The box is unchecked by default Check the Enable box to ...

Page 150: ...VLAN Note Bridge TAP to will be available only when TAP is chosen in Tunnel Scenario and NAT is unchecked Firewall Protection The box is unchecked by default Check the box to activate the Firewall Protection function Note Firewall Protection will be available only when NAT is enabled Client IP Address By default Dynamic IP is selected Specify the virtual IP Address for the OpenVPN Client It can be...

Page 151: ...tomatically Manually Additional Configuration An Optional setting Enter optional configuration string here Up to 256 characters is allowable Value Range 0 256characters Save N A Click Save to save the settings Undo N A Click Undo to cancel the changes Back N A Click Back to return to last page ...

Page 152: ...ly behave as a L2TP client for a L2TP VPN tunnel L2TP Client It can be mobile users or gateways in remote offices with dynamic IP To setup tunnel it should get user name password and server s global IP In addition it is required to identify the operation mode for each tunnel as main connection failover for another tunnel to increase overall bandwidth It needs to decide Default Gateway or Remote Su...

Page 153: ...ing the Internet accessing of L2TP client peer will go through the established L2TP tunnel That means the remote L2TP server peer controls the flow of any packets from the L2TP client peer Certainly those packets come through the L2TP tunnel L2TP Setting Go to Security VPN L2TP tab The L2TP setting allows user to create and configure L2TP tunnels Enable L2TP Enable L2TP Window Item Value setting D...

Page 154: ...s unchecked by default Check the Enable box to enable L2TP client role of the gateway Save N A Click Save button to save the settings Undo N A Click Undo button to cancel the settings Create Edit L2TP Client When Add Edit button is applied a series of configuration screen will appear You can add up to 8 L2TP Clients ...

Page 155: ...erfaces e g WAN 2 Operation Mode 1 A Must filled setting 2 Always on is selected by default Define operation mode for the L2TP Tunnel It can be Always On or Failover If this tunnel is set as a failover tunnel you need to further select a primary tunnel from which to failover to Note Failover mode is not available for the router with single WAN L2TP over IPSec The box is unchecked by default Check ...

Page 156: ...h the established L2TP VPN tunnel That means the remote L2TP VPN server controls the flow of any packets from the L2TP client peer Certainly those packets come through the L2TP VPN tunnel Authentication Protocol 1 A Must filled setting 2 Unchecked by default Specify one ore multiple Authentication Protocol for this L2TP tunnel Available authentication methods are PAP CHAP MS CHAP MS CHAP v2 MPPE E...

Page 157: ...eling usually natively as standard features of the Windows PPTP stack The security gateway can only play PPTP Client role for a PPTP VPN tunnel PPTP tunnel process is nearly the same as L2TP PPTP Client It can be mobile users or gateways in remote offices with dynamic IP To setup tunnel it should get user name password and server s global IP In addition it is required to identify the operation mod...

Page 158: ...uding the Internet accessing of PPTP client peer will go through the established PPTP tunnel That means the remote PPTP server peer controls the flow of any packets from the PPTP client peer Certainly those packets come through the PPTP tunnel PPTP Setting Go to Security VPN PPTP tab The PPTP setting allows user to create and configure PPTP tunnels Enable PPTP Enable PPTP Window Item Value setting...

Page 159: ...P Client Unchecked by default Check the Enable box to enable PPTP client role of the router Save N A Click Save button to save the settings Undo N A Click Undo button to cancel the settings Create Edit PPTP Client When Add Edit button is applied a series PPTP Client Configuration will appear ...

Page 160: ... 0 2 24 It is for the Intranet of PPTP VPN server So at PPTP client peer the packets whose destination is in the dedicated subnet will be transferred via the PPTP VPN tunnel Others will be transferred based on current routing policy of the security gateway at PPTP client peer If you entered 0 0 0 0 0 in the Remote Subnet field it will be treated as a default gateway setting for the PPTP client pee...

Page 161: ...ocols inside virtual point to point links over an Internet Protocol internetwork Deploy an ICR 1601 router for remote site and establish a virtual private network with control center by using GRE tunneling So all client hosts behind ICR 1601 router can make data communication with server hosts behind control center router GRE Tunneling is similar to IPSec Tunneling client requesting the tunnel est...

Page 162: ...GRE client peer will go through the established GRE tunnel That means the remote GRE server peer controls the flow of any packets from the GRE client peer Certainly those packets come through the GRE tunnel If the GRE server supports DMVPN Hub function like Cisco router as the VPN concentrator the GRE client can active the DMVPN spoke function here since it is implemented by GRE over IPSec tunneli...

Page 163: ...1601 163 Save N A Click Save button to save the settings Undo N A Click Undo button to cancel the settings Create Edit GRE tunnel When Add Edit button is applied a GRE Rule Configuration screen will appear ...

Page 164: ...Specify TTL hop count value for this GRE tunnel Value Range 1 255 Keep alive 1 Unchecked by default 2 5s is set by default Check the Enable box to enable Keep alive function Select Ping IP to keep live and enter the IP address to ping Enter the ping time interval in seconds Value Range 5 999 seconds Remote Subnet A Must fill setting Specify the remote subnet for this GRE tunnel The Remote Subnet f...

Page 165: ...mode and Tunnel mode supported Note IPSec Encapsulation Mode will not be available when DMVPN is not enabled Tunnel Unchecked by default Check Enable box to enable this GRE tunnel Save N A Click Save button to save the settings Undo N A Click Undo button to cancel the settings Back N A Click Back button to return to the previous page ...

Page 166: ...ilter Packet Filter function can let you define some filtering rules for incoming and outgoing packets So the router can control what packets are allowed or blocked to pass through it A packet filter rule should indicate from and to which interface the packet enters and leaves the router the source and destination IP addresses and destination service port type and port number In addition the time ...

Page 167: ...cies to allow or reject specific inbound outbound packets through the router based on their office setting Enable Packet Filter Configuration Window Item Name Value setting Description Packet Filter The box is unchecked by default Check the Enable box to activate Packet Filter function Black List White List Deny those match the following rules is set by default When Deny those match the following ...

Page 168: ...lter rule name Enter a name that is easy for you to remember Value Range 1 30 characters From Interface 1 A Must filled setting 2 By default Any is selected Define the selected interface to be the packet entering interface of the router If the packets to be filtered are coming from LAN to WAN then select LAN for this field Or VLAN 1 to WAN then select VLAN 1 for this field Other examples are VLAN ...

Page 169: ... MAC addresses Select Specific MAC Address to filter packets coming from a MAC address Protocol 1 A Must filled setting 2 By default Any 0 is selected For Protocol select Any to filter any protocol packets Then for Source Port select a predefined port dropdown box when Well known Service is selected otherwise select User defined Service and specify a port range Then for Destination Port select a p...

Page 170: ...e Web requests based on domain input suffixes like com or org or keywords like bct or mpe An URL blocking rule should specify the URL partial domain name or included keywords in the Web requests from and to the router and also the destination service port Besides a certain time schedule can be applied to activate the URL Blocking rules during pre defined time interval s The router will logs and di...

Page 171: ...s to allow only the Web requests with some dedicated patterns to go through the gateway he can also use the URL Blocking function by defining the white list to meet the requirement As shown in the diagram enable the URL blocking function and create the first rule to deny the Web requests with sex or sexygirl patterns and the other to deny the Web requests with playboy pattern to go through the gat...

Page 172: ... rules The parameters in a rule include the rule name the Source IP or MAC the URL Domain Name Keyword the destination service ports the integrated time schedule rule and the rule activation Enable URL Blocking Configuration Item Value setting Description URL Blocking The box is unchecked by default Check the Enable box to activate URL Blocking function Black List White List Deny those match the f...

Page 173: ...elect Specific IP Address to filter packets coming from an IP address entered in this field Select IP Range to filter packets coming from a specified range of IP address entered in this field Source MAC 1 A Must filled setting 2 Any is set by default This field is to specify the Source MAC address Select Any to filter packets coming from any MAC addresses Select Specific MAC Address to filter pack...

Page 174: ... list is empty ensure Time Schedule is pre configured Refer to Object Definition Scheduling Configuration tab Rule The box is unchecked by default Click the Enable box to activate this rule Save NA Click the Save button to save the settings Undo NA Click the Undo button to cancel the changes Back NA Click the Back button to return to the URL Blocking Configuration page 4 2 3 MAC Control MAC Contro...

Page 175: ...to create and customize MAC address policies to allow or reject packets with specific source MAC address Enable MAC Control Configuration Window Item Value setting Description MAC Control The box is unchecked by default Check the Enable box to activate the MAC filter function Black List White List Deny MAC Address Below is set by default When Deny MAC Address Below is selected as the name suggest ...

Page 176: ...le Name 1 String format can be any text 2 A Must fill setting Enter a MAC Control rule name Enter a name that is easy for you to remember MAC Address Use to Compose 1 MAC Address string Format 2 A Must fill setting Specify the Source MAC Address to filter rule Time Schedule A Must fill setting Apply Time Schedule to this rule otherwise leave it as 0 Always If the dropdown list is empty ensure Time...

Page 177: ...ut this activity attempt to block stop it and report it You can enable the IPS function and check the listed intrusion activities when needed You can also enable the log alerting so that system will record Intrusion events when corresponding intrusions are detected IPS Scenario As shown in the diagram the gateway serves as an E mail server Web Server and also provides TCP port 8080 for remote admi...

Page 178: ...revent malicious packets Enable IPS Firewall Configuration Window Item Value setting Description IPS The box is unchecked by default Check the Enable box to activate IPS function Log Alert The box is unchecked by default Check the Enable box to activate to activate Event Log Save N A Click Save to save the settings Undo N A Click Undo to cancel the settings ...

Page 179: ... to activate this intrusion prevention rule and enter the traffic threshold in this field UDP Flood Defense Click Enable box to activate this intrusion prevention rule and enter the traffic threshold in this field ICMP Flood Defense Click Enable box to activate this intrusion prevention rule and enter the traffic threshold in this field Value Range 10 10000 Port Scan Defection 1 A Must filled sett...

Page 180: ...Block Fraggle Attack ARP Spoofing Defence 1 A Must filled setting 2 The box is unchecked by default 3 Traffic threshold is set to 300 by default 4 The value range can be from 10 to 10000 Click Enable box to activate this intrusion prevention rule and enter the traffic threshold in this field Value Range 10 10000 Save NA Click Save to save the settings Undo NA Click Undo to cancel the settings 4 2 ...

Page 181: ...specified IP address es can perform remote administration Enable SPI Scenario As shown in the diagram Gateway has the IP address of 118 18 81 200 for WAN interface and 192 168 1 253 for LAN interface It serves as a NAT gateway Users in Network A initiate to access cloud server through the gateway Sometimes unknown users will simulate the packets but use different source IP to masquerade With the S...

Page 182: ... The box is unchecked by default Check the Enable box to activate the Stealth Mode function SPI The box is checked by default Check the Enable box to activate the SPI function Discard Ping from WAN The box is unchecked by default Check the Enable box to activate the Discard Ping from WAN function Define Remote Administrator Host The router allows network administrator to manage router remotely The...

Page 183: ...ect Specific IP to allow the remote host coming from a specific subnet An IP address entered in this field and a selected Subnet Mask to compose the subnet Service Port 1 80 for HTTP by default 2 443 for HTTPS by default This field is to specify a Service Port to HTTP or HTTPS connection Value Range 1 65535 Enabling the rule The box is unchecked by default Click Enable box to activate this rule Sa...

Page 184: ...ice computer systems Centralized management has a time and effort trade off that is related to the size of the company the expertise of the IT staff and the amount of technology being used This device supports many system management protocols such as Command Script TR 069 SNMP and Telnet with CLI You can setup those configurations in the Configure Manage section ...

Page 185: ... file name in Script Name below Upload Script N A Click the Via Web UI button to Upload the existed command script from a specified txt file Script Name 1 An Optional setting 2 Any valid file name Specify a script file name for script backup or display the selected upload script file name Value Range 0 32 characters Version 1 An Optional setting 2 Any string Specify the version number for the appl...

Page 186: ...tion Content Key Value setting Description OPENVPN_ENABLED 1 enable 0 disable Enable or disable OpenVPN Client function OPENVPN_DESCRIPTION A Must filled Setting Specify the tunnel name for the OpenVPN Client connection OPENVPN_PROTO udp tcp Define the Protocol for the OpenVPN Client Select TCP or TCP UDP The OpenVPN will use TCP protocol and Port will be set as 443 automatically Select UDP The Op...

Page 187: ...the extra options setting for the OpenVPN client IP_ADDR1 IP Ethernet LAN IP IP_NETM1 Net mask Ethernet LAN MASK PPP_MONITORING 1 enable 0 disable When the Network Monitoring feature is enabled the router will use DNS Query or ICMP to periodically check Internet connection connected or disconnected PPP_PING 0 DNS Query 1 ICMP Query With DNS Query the system checks the connection by sending DNS Que...

Page 188: ... configuration file ex txtConfig clone tmp config The contents in the configuration file are the same as the plain text commands mentioned above This action is exactly the same as performing the Backup plain text configuration commit an existing file Commit the configuration content to database ex txtConfig commit tmp config enable NA Enable plain text system config ex txtConfig enable disable NA ...

Page 189: ...ner of TR 069 Setting screen one Help command let you see the same message about that Scenario Managing deployed gateways through an ACS Server Scenario Application Timing When the enterprise data center wants to use an ACS server to manage remote gateways geographically distributed elsewhere in the world the gateways in all branch offices must have an embedded TR 069 agent to communicate with the...

Page 190: ...tiple gateways in the Internet The Gateway 1 is one of them and has 118 18 81 33 IP address for its WAN 1 interface When all remote gateways have booted up they will try to connect to the ACS server Once the connections are established successfully the ACS server can configure upgrade with latest FW and monitor these gateways Remote gateways inquire the ACS server for jobs to do in each time perio...

Page 191: ...the account information to login the ACS server the service port and the account information for connection requesting from the ACS server and the time interval for job inquiry Except the inquiry time there are no activities between the ACS server and the routers until the next inquiry cycle But if the ACS server has new jobs that are expected to do by the routers urgently it will ask these router...

Page 192: ...efault 8099 is set You can ask ACS manager provide ACS ConnectionRequest Port and manually set Value Range 0 65535 ConnectionRequest UserName A Must filled setting You can ask ACS manager provide ACS ConnectionRequest Username and manually set ConnectionRequest Password A Must filled setting You can ask ACS manager provide ACS ConnectionRequest Password and manually set Inform 1 The box is checked...

Page 193: ...ional item Specify the IP address for the expected STUN Server Server Port 1 An optional setting 2 3478 is set by default Specify the port number for the expected STUN Server Value Range 1 65535 Keep Alive Period 1 An optional setting 2 0 is set by default Specify the keep alive time period for the connection with STUN Server Value Range 0 65535 Save N A Click Save to save the settings Undo N A Cl...

Page 194: ...uch as modifying and applying a new configuration through remote modification of these variables The variables accessible via SNMP are organized in hierarchies These hierarchies and other metadata such as type and description of the variable are described by Management Information Bases MIBs The device supports several public MIBs and one private MIB for the SNMP agent The supported MIBs are as fo...

Page 195: ...Path SNMP Configuration SNMP Enable LAN WAN Supported Versions v1 v2c v3 Get Set Community ReadCommunity WriteCommunity Trap Event Receiver 1 118 18 81 11 WAN Access IP Address 118 18 81 11 Configuration Path SNMP User Privacy Definition ID 1 2 3 User Name UserName1 UserName2 UserName3 Password Password1 Password2 Disable Authentication MD5 SHA 1 Disable Encryption DES Disable Disable Privacy Mode...

Page 196: ...ess can manage it via its WAN interface SNMP Setting Go to Administration Configure Manage SNMP tab The SNMP allows user to configure SNMP relevant setting which includes interface version access control and trap receiver Enable SNMP SNMP Item Value setting Description SNMP Enable 1 The boxes are unchecked by default Select the interface for the SNMP and enable SNMP functions When Check the LAN bo...

Page 197: ...s within specified range can access SNMP from LAN WAN side If you left it as blank it means any IP address can access SNMP from WAN side SNMP Port 1 String format any port number 2 The default SNMP port is 161 3 A Must filled setting Specify the SNMP Port You can fill in any port number But you must ensure the port number is not to be used Value Range 1 65535 Trap Period 1 A Must filled setting 2 ...

Page 198: ...ble to enable this version 1 or version v2c user Save N A Click the Save button to save the configuration But it does not apply to SNMP functions When you return to the SNMP main page It will show Click on save button to apply your changes remind user to click main page Save button Undo N A Click the Undo button to cancel the settings Back N A Click the Back button to return to last page Create Ed...

Page 199: ...n your Privacy Mode is authPriv you must specify the Encryption protocols for this version 3 user Selected the encryption protocols DES AES to use Privacy Mode 1 noAuthNoPriv is selected by default Specify the Privacy Mode for this version 3 user Selected the noAuthNoPriv You do not use any authentication types and encryption protocols Selected the authNoPriv You must specify the Authentication an...

Page 200: ... changes remind user to click main page Save button Undo N A Click the Undo button to cancel the settings Back N A Click the Back button to return the last page Create Edit Trap Event Receiver The SNMP allows you to custom your trap event receiver The router supports up to a maximum of 4 Trap Event Receiver sets When Add button is applied Trap Event Receiver Rule Configuration screen will appear T...

Page 201: ...ny port number But you must ensure the port number is not to be used Value Range 1 65535 SNMP Version 1 v1 is selected by default Select the version for the trap Selected the v1 The configuration screen will provide the version 1 must filled items Selected the v2c The configuration screen will provide the version 2c must filled items Selected the v3 The configuration screen will provide the versio...

Page 202: ...y default When your Privacy Mode is authNoPriv or authPriv you must specify the Authentication types for this version 3 trap Selected the authentication types MD5 SHA 1 to use Encryption 1 A v3 Must filled setting 2 None is selected by default When your Privacy Mode is authPriv you must specify the Encryption protocols for this version 3 trap Selected the encryption protocols DES AES to use Privac...

Page 203: ...ntact 1 An Optional filled setting 2 String format any text Specify the contact information forMIB 2 system Value Range 0 64 characters sysLocation 1 An Optional filled setting 2 String format any text Specify the location information forMIB 2 system Value Range 0 64 characters Edit SNMP Options If you use some particular private MIB you must fill the enterprise name number and OID ...

Page 204: ...er Specify the Enterprise Number for the particular private MIB Value Range 1 2080768 Enterprise OID 1 The default value is 1 3 6 1 4 1 12823 4 4 9 Default Enterprise OID 2 A Must filled setting 3 String format any legal OID Specify the Enterprise OID for the particular private MIB The range of the each OID number is 1 2080768 The maximum length of the enterprise OID is 31 The seventh number must ...

Page 205: ...supports both Telnet and SSH Secure Shell CLI with default service port 23 and 22 respectively Telnet SSH Scenario Scenario Application Timing When the administrator of the gateway wants to manage it from remote site in the Intranet or Internet he may use Telnet with CLI function to do that by using Telnet or SSH utility Scenario Description The Local Admin or the Remote Admin can manage the Gatew...

Page 206: ... 0 75 0 24 It has the IP address of 10 0 75 2 for LAN interface and 118 18 81 33 for WAN 1 interface It serves as a NAT gateway The Local Admin in the Intranet uses Telnet utility with privileged account to login the Gateway Or the Remote Admin in the Internet uses SSH utility with privileged account to login the Gateway The administrator of the gateway can control the device as like he is in fron...

Page 207: ... set which number of Service Port you want to provide for the corresponding service Value Range 1 65535 Save N A Click Save to save the settings Undo N A Click Undo to cancel the settings Configuration Item Value setting Description root 1 String any text but no blank character 2 The default password for telnet is wirelessm2m Type old password and specify new password to change root password Note_...

Page 208: ...ss router Change UserName Change Username screen allows network administrator to change the web based MMI login account to access router Click the Modify button and provide the new username setting Username Configuration Item Value setting Description Username 1 The default Username for web based MMI is admin Display the current MMI login account Username New Username String any text Enter new Use...

Page 209: ... Description Old Password 1 String any text 2 The default password for web based MMI is admin Enter the current password to enable you unlock to change password New Password String any text Enter new password New Password Confirmation String any text Enter new password again to confirm Save N A Click Save button to save the settings Undo N A Click Undo button to cancel the settings ...

Page 210: ...ng times please wait a few seconds will be displayed and ignore the following login trials Login Timeout The Enable box is checked and 300 is set by default Check the Enable box to activate the auto logout function and specify the maximum idle time as well Value Range 30 65535 GUI Access Protocol http https is selected by default Select the protocol that will be used for GUI access It can be http ...

Page 211: ...tions Note Use Quick Mode with care once selected the User Group Captive Portal function will become non functional Save N A Click Save button to save the settings Undo N A Click Undo button to cancel the settings 5 2 2 System Information System Information screen gives network administrator a quick look up on the device information for the purchased router Go to Administration System Operation Sy...

Page 212: ...It is an optional item 2 GMT 00 00 is selected by default Select a time zone where this device locates Auto synchronization 1 Checked by default 2 Auto is selected by default Check the Enable button to activate the time auto synchronization function with a certain NTP server You can enter the IP or FQDN for the NTP server you expected or leave it as auto mode so that the available server will be u...

Page 213: ...d time server in above time information configuration window system will communicate with time server by NTP Protocol to get system date and time after you click on the Sync with Timer Server button Note Remember to select a correct time zone for the device otherwise you will just get the UTC Coordinated Universal Time time not the local time for the device The second one is Sync with my PC Click ...

Page 214: ...List Window Item Value Setting Description Time column N A It displays event time stamps Log column N A It displays Log messages Web Log List Button Description Item Value setting Description Previous N A Click the Previous button to move to the previous page Next N A Click the Next button to move to the next page First N A Click the First button to jump to the first page Last N A Click the Last b...

Page 215: ...il Alert screen allows network administrator to select the type of event to log and be sent to the destined Email account Email Alert Setting Window Item Value Setting Description Enable Un checked by default Check Enable box to enable sending event log messages to destined Email account defined in the E mail Addresses blank space Server N A Select one email server from the Server dropdown box to ...

Page 216: ...ebug Log to Storage Log to Storage screen allows network administrator to select the type of events to log and be stored at an internal or an external storage Log to Storage Setting Window Item Value Setting Description Enable Un checked by default Check to enable sending log to storage Select Device Internal is selected by default Select internal or external storage Log file name Un checked by de...

Page 217: ...firmware which is from GPL policy please check Accept unofficial firmware Backup Configuration Settings Download is selected by default You can backup or restore the device configuration settings by clicking the Via Web UI button Download for backup the device configuration to a config bin file Upload for restore a designated configuration file to the device Via Web UI to retrieve the configuratio...

Page 218: ...lected by default Select the location of the upgrade files HTTP S FTP S Updates are downloaded from the Base URL address below Used protocol is specified by the address HTTP HTTPS FTP or FTPS Base URL Blank is set by default IP address from which the configuration file will be downloaded This option also specifies the communication protocol Example http example com Unit ID 1 An optional setting 2 ...

Page 219: ...y the config ver example button in the Enable row in the router Auto Upgrade configuration Both config bin and ver files has to be uploaded in the same folder The name of ver file and config bin has to be the same It can be the chosen Unit ID or MAC note that when the parameter Unit ID is filled the configuration filename is defined and the hardware MAC address name will not be used Edit the time ...

Page 220: ...his device by clicking the Reboot button and reset this device to default settings by clicking the Reset button System Operation Window Item Value Setting Description Reboot Now is selected by default Chick the Reboot button to reboot the router immediately or on a pre defined time schedule Now Reboot immediately Time Schedule Select a pre defined auto reboot time schedule rule to reboot the auto ...

Page 221: ...o test whether it is alive after clicking on the Ping button A test result window will appear beneath it Tracert Test Optional setting Trace route tracert command is a network diagnostic tool for displaying the route path and measuring transit delays of packets across an IP network Trace route proceeds until all three sent packets are lost for more than twice then the connection is lost and the ro...

Page 222: ...e name will be appended with an index code _ index The extension file name is pcap Split Files 1 An optional setting 2 The default value of File Size is 200 KB Check enable box to split file whenever log file reaching the specified limit If the Split Files option is enabled you can further specify the File Size and Unit for the split files Value Range 10 99999 NOTE File Size cannot be less than 10...

Page 223: ...ICR 1601 223 ...

Page 224: ... packets will be captured when match any port in the rule Up to 10 ports are supported but they must be separated with e g 80 53 Value Range 1 65535 Destination MACs Optional setting Define the filter rule with Destination MACs which means the destination MAC address of packets Packets which match the rule will be captured Up to 10 MACs are supported but they must be separated with e g AA BB CC DD...

Page 225: ... of SIM card or doing a cellular network scan for diagnostic purpose In Cellular Toolkit section it includes several useful features that are related to cellular configuration or application You can configure settings of Data Usage SMS SIM PIN and Network Scan here Please note at least a valid SIM card is required to be inserted to device before you continue settings in this section ...

Page 226: ... to secondary SIM and establish another cellular data connection with secondary SIM automatically If Data Usage feature is enabled all history of cellular data usage can be viewed at Status Statistics Reports Cellular Usage tab 3G 4G Data Usage Data Usage feature enabling router device to continuously monitor cellular data usage and take actions In the diagram quota limit of SIM A is 1Gb per month...

Page 227: ...nd SIM A by default Choose a cellular interface 3G 4G 1 or 3G 4G 2 and a SIM card bound to the selected cellular interface to configure its data usage profile Carrier Name It is an optional item Fill in the Carrier Name for the selected SIM card for identification Cycle Period Days by default The first box has three types for cycle period They are Days Weekly and Monthly Days For per Days cycle pe...

Page 228: ...Toolkit SMS tab With this router device you can send SMS text messages or browse received SMS messages as you usually do on a cellular phone Setup SMS Configuration Configuration Item Value setting Description Physical Interface The box is 3G 4G 1 by default Choose a cellular interface 3G 4G 1 or 3G 4G 2 for the following SMS function configuration SMS The box is checked by default This is the SMS...

Page 229: ... value record the sent SMS numbers from SIM card When sent the new SMS this value plus one Remaining SMS N A This value is SMS capacity minus received SMS When received the new SMS this value minus one New SMS N A Click New SMS button a New SMS screen appears User can set the SMS setting from this screen Refer to New SMS in the next page SMS Inbox N A Click SMS Inbox button a SMS Inbox List screen...

Page 230: ...t to send SMS The router supports up to a maximum of 1023 character for SMS context length Send N A Click the Send button above text message will be sent as a SMS Result N A If SMS has been sent successfully it will show Send OK otherwise Send Failed will be displayed SMS Inbox List You can read or delete SMS reply SMS or forward SMS from this screen SMS Inbox List Item Value setting Description I...

Page 231: ...lled ICCID for network owners or service providers to identify each subscriber As SIM card plays an important role between service providers and subscribers some security mechanisms are required on SIM card to prevent any unauthorized access Enabling a PIN code in SIM card is an easy and effective way of protecting cellular devices from unauthorized access This router device allows you to activate...

Page 232: ...nfiguration Window Item Value setting Description Physical Interface The box is 3G 4G 1 by default Choose a cellular interface 3G 4G 1 or 3G 4G 2 to change the SIM PIN setting for the selected SIM Card The number of physical modems depends on the gateway model you purchased SIM Status N A Indication for the selected SIM card and the SIM card status The status could be Ready Not Insert or SIM PIN R...

Page 233: ...If the SIM Lock function is not enabled the Change PIN code button is disabled In the case if you still want to change the PIN code you have to enable the SIM Lock function first fill in the PIN code and then click the Save button to enable After that You can click the Change PIN code button to change the PIN code When Change PIN Code button is clicked the following screen will appear Change PIN W...

Page 234: ...tatus The status could be PUK Lock or PUK Unlock As mentioned earlier the SIM card will be locked by PUK code after too many trials of failure PIN code In this case the PUK Status will turns to PUK Lock In a normal situation it will display PUK Unlock Remaining times Depend on SIM card Represent the remaining trial times for the PUK unlocking Note DO NOT make the remaining times down to zero it wi...

Page 235: ...u can also specify the connection sequence of the targeted generation of mobile system 2G 3G LTE Network Scan Configuration Configuration Item Value setting Description Physical Interface The box is 3G 4G 1 by default Choose a cellular interface 3G 4G 1 or 3G 4G 2 for the network scan function Note 3G 4G 2 is only available for the product with dual cellular module SIM Status N A Show the connecte...

Page 236: ...an Approach is selected in the Configuration window By clicking on the Scan button and wait for 1 to 3 minutes the found mobile operator system will be displayed for you to choose Click again on the Apply button to drive system to connect to that mobile operator system for the dedicated 3G 4G interface ...

Page 237: ...s for some advanced useful purposes For example sending receiving remote managing SMS for the router s routine maintaining and so on All of such management and notification function can be realized effectively via the Event Handling feature The following is the summary lists for the provided profiles and events Profiles Rules o SMS Configuration and Accounts o Email Accounts Managing Events o Trig...

Page 238: ...unchecked by default Click the Enable box to enable the SMS prefix for validating the received SMS Once the function is enabled you have to enter the prefix behind the checkbox The received managing events SMS must have the designated prefix as an initial identifier then corresponding handlers will become effective for further processing Physical Interface The box is 3G 4G 1 by default Choose a ce...

Page 239: ...dentifier Value Range 1 32 digits Phone Description 1 Any text 2 An Optional setting Specify a brief description for the SMS account Application A Must filled setting Specify the application type It could be Event Trigger Notify Handle or both If the Phone Number policy is Allow Any the Notify Handle will be unavailable Send confirmed SMS 1 An Optional setting 2 The box is unchecked by default Cli...

Page 240: ...l Service Configuration Item Value setting Description Email Server Option Select an Email Server profile from External Server setting for the email account setting Email Addresses 1 Internet E mail address format 2 A Must filled setting Specify the Destination Email Addresses Enable The box is unchecked by default Click Enable box to activate this account Save NA Click the Save button to save the...

Page 241: ...tting Specify the name of the host Host IP 1 IP address 2 A Must filled setting Specify the host IP address Protocol Type 1 TCP UDP 2 A Must filled setting Select type of protocol TCP or UDP Port Number 1 Port number 2 A Must filled setting Specify TCP UDP port number Prefix Message String format any text Enter message prefix Suffix Message String format any text Enter message suffix Enable The bo...

Page 242: ...relationship rule among event trigger handlers and response Go to Service Event Handling Managing Events Tab Enable Managing Events Configuration Item Value setting Description Managing Events The box is unchecked by default Check the Enable box to activate the Managing Events function ...

Page 243: ...CR 1601 243 Create Edit Managing Event Rules Setup the Managing Event rules It supports up to a maximum of 128 rules When Add or Edit button is applied the Managing Event Configuration screen will appear ...

Page 244: ... Select WiFi Checkbox and the interested sub items WiFi radio On Off the router will change the settings as the action for the event NAT Select NAT Checkbox and the interested sub items Virtual Server Rule On Off DMZ On Off the router will change the settings as the action for the event Firewall Select Firewall Checkbox and the interested sub items Remote Administrator Host ID On Off the router wi...

Page 245: ...nd handlers Enable Notifying Events Configuration Item Value setting Description Notifying Events The box is unchecked by default Check the Enable box to activate the Notifying Events function Create Edit Notifying Event Rules Setup your Notifying Event rules It supports up to a maximum of 128 rules When Add or Edit button is applied the Notifying Event Configuration screen will appear ...

Page 246: ...sage Select Data Usage the SIM Card Cellular Service and a trigger condition to specify a certain Data Usage Event Note The available Event Type could be different for the purchased product Trigger Type Period or Once by default Specify the Trigger Type Period Once Period Event will be executed in a period set by Interval below Once Event will be executed just once Interval Number in seconds Time ...

Page 247: ...s as the action for the event Remote Host Select Remote Host checkbox and one of defined remote hosts Note The available Event Type could be different for the purchased product Time Schedule 0 Always is selected by default Select a time scheduling rule for the Notifying Event Notifying Events The box is unchecked by default Click Enable box to activate this Notifying Event setting Save NA Click th...

Page 248: ...d from your ISP Depending on the model purchased it can be Static IP Dynamic IP PPPoE PPTP L2TP 3G 4G Network Type N A It displays the network type for the WAN interface s Depending on the model purchased it can be NAT Routing Bridge or IP Pass through IP Addr N A It displays the public IP address obtained from your ISP for Internet connection Default value is 0 0 0 0 if left unconfigured Subnet M...

Page 249: ...nection status is disconnected Disconnect button allows user to manually disconnect the device from the Internet Note Connect button is available when Connection Control in WAN Type setting is set to Connect Manually Refer to Edit button in Basic Network WAN Uplink Internet Setup and WAN connection status is connected WAN interface IPv6 Network Status WAN interface IPv6 Network Status screen shows...

Page 250: ...user use to access Router s Web based Utility IPv4 Subnet Mask N A It displays the current mask of the subnet IPv6 Link local Address N A It displays the current LAN IPv6 Link Local address This is also the IPv6 IP Address user use to access Router s Web based Utility IPv6 Global Address N A It displays the current IPv6 global IP address assigned by your ISP for your Internet connection MAC Addres...

Page 251: ...ecting and Disconnected Signal Strength N A It displays the 3G 4G wireless signal level Network Name N A It displays the name of the service network carrier Refresh N A Click the Refresh button to renew the information Action N A This area provides functional buttons Detail Button when press windows of detail information will appear They are the Modem Information SIM Status and Service Information...

Page 252: ...ted 7 1 2 LAN VLAN Status Go to Status Basic Network LAN VLAN tab Client List The Client List shows you the LAN Interface IP address Host Name MAC Address and Remaining Lease Time of each device that is connected to this router LAN Client List Item Value setting Description LAN Interface N A Client record of LAN Interface String Format IP Address N A Client record of IP Address Type and the IP Add...

Page 253: ...e VAP wireless signal is enabled or disabled Op Mode N A The Wi Fi Operation Mode of VAP Depends of device model modes are AP Router WDS Only and WDS Hybrid Universal Repeater and Client SSID N A It displays the network ID of VAP Channel N A It displays the wireless channel used WiFi System N A The WiFi System of VAP Auth Security N A It displays the authentication and encryption type used MAC Add...

Page 254: ...displays the receiving Probe Request Frame count Disassociation Frame N A It displays the receiving Disassociation Frame count Deauthentication Frame N A It displays the receiving Deauthentication Frame count EAP Request Frame N A It displays the receiving EAP Request Frame count Malicious Data Frame N A It displays the number of receiving unauthorized wireless packets Action N A Click the Reset b...

Page 255: ...s the current DDNS service in use the last update status and the last update time to the DDNS service server DDNS Status DDNS Status Item Value Setting Description Host Name N A It displays the name you entered to identify DDNS service provider Provider N A It displays the DDNS server of DDNS service provider Effective IP N A It displays the public IP address of the device updated to the DDNS serv...

Page 256: ...you have entered to identify Tunnel Scenario N A It displays the Tunnel Scenario specified Local Subnets N A It displays the Local Subnets specified Remote IP FQDN N A It displays the Remote IP FQDN specified Remote Subnets N A It displays the Remote Subnets specified Conn Time N A It displays the connection time for the IPSec tunnel Status N A It displays the Status of the VPN connection The stat...

Page 257: ...cted L2TP Client Status LT2TP Client Status shows the configuration for establishing LT2TP tunnel and current connection status L2TP Client Status Item Value setting Description Client Name N A It displays Name for the L2TP Client specified Interface N A It displays the WAN interface with which the router will use to request PPTP tunneling connection to the PPTP server Virtual IP N A It displays t...

Page 258: ... A It displays the PPTP Server s Public IP address the WAN IP address or FQDN Default Gateway Remote Subnet N A It displays the specified IP address of the gateway device used to connect to the internet to connect to the PPTP server the default gateway Or other specified subnet if the default gateway is not used to connect to the PPTP server the remote subnet Conn Time N A It displays the connecti...

Page 259: ...ng the source IP destination IP protocol and destination port the TCP or UDP String format Source IP to Destination IP Destination Protocol TCP or UDP IP N A The Source IP IPv4 of the logged packet Time N A The Date and Time stamp of the logged packet Date time format Month Day Hours Minutes Seconds Note Ensure Packet Filter Log Alert is enabled Refer to Security Firewall Packet Filter tab Check L...

Page 260: ...ours Minutes Seconds Note Ensure MAC Control Log Alert is enabled Refer to Security Firewall MAC Control tab Check Log Alert and save the setting IPS Status IPS Firewall Status Item Value setting Description Detected Intrusion N A This is the intrusion type of the packets being blocked IP N A The Source IP IPv4 of the logged packet Time N A The Date and Time stamp of the logged packet Date time fo...

Page 261: ...tatus of Discard Ping from WAN on Firewall Options String Format Disable or Enable Remote Administrator Management N A Enable or Disable setting status of Remote Administrator If Remote Administrator is enabled it shows the currently logged in administrator s source IP address and login user name and the login time Format IP Source IP User Name Login User Name Time Date time Example IP 192 168 127...

Page 262: ... of current active SNMP connections SNMP Link Status Item Value setting Description User Name N A It displays the user name for authentication This is only available for SNMP version 3 IP Address N A It displays the IP address of SNMP manager Port N A It displays the port number used to maintain connection with the SNMP manager Community N A It displays the community for SNMP version 1 or version ...

Page 263: ... timestamp of trap event Trap Event N A It displays the IP address of the trap sender and event type TR 069 Status TR 069 Status screen shows the current connection status with the TR 068 server TR 069 Status Item Value setting Description Link Status N A It displays the current connection status with the TR 068 server The connection status is either On when the device is connected with the TR 068...

Page 264: ... button you will see the previous page of track list Next N A Click the Next button you will see the next page of track list First N A Click the First button you will see the first page of track list Last N A Click the Last button you will see the last page of track list Export xml N A Click the Export xml button to export the list to xml file Export csv N A Click the Export csv button to export t...

Page 265: ...tistics Next N A Click the Next button you will see the next page of login statistics First N A Click the First button you will see the first page of login statistics Last N A Click the Last button you will see the last page of login statistics Export xml N A Click the Export xml button to export the login statistics to xml file Export csv N A Click the Export csv button to export the login statis...

Page 266: ... 3 Cellular Usage Go to Status Statistics Reports Cellular Usage tab Cellular Usage screen shows data usage statistics for the selected cellular interface The cellular data usage can be accumulated per hour or per day ...

Page 267: ... https www openssl org brctl ethernet bridge administration Stephen Hemminger shemminger osdl org Lennert Buytenhek buytenh gnu org version 1 1 GNU GENERAL PUBLIC LICENSE Version 2 June 1991 tc show manipulate traffic control settings Stephen Hemminger shemminger osdl org Alexey Kuznetsov kuznet ms2 inr ac ru version iproute2 ss050330 GNU GENERAL PUBLIC LICENSE Version 2 June 1991 dhcp fwd starts ...

Page 268: ...ation Inc 59 Temple Place Suite 330 Boston MA 02111 1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed https www openswan org Opennhrp Version v0 14 1 OpenNHRP is an NHRP implementation for Linux It has most of the RFC2332 and Cisco IOS extensions Project homepage http sourceforge net projects opennhrp Git repository git op...

Page 269: ...g it is not allowed http poptop sourceforge net L2TP Version 0 4 Copying All software included in this package is Copyright 2002 Roaring Penguin Software Inc You may distribute it under the terms of the GNU General Public License the GPL Version 2 or at your option any later version http www roaringpenguin com L2TPServ Version v 1 3 1 GNU GENERAL PUBLIC LICENSEVersion 2 June 1991 Copyright C 1989 ...

Page 270: ... support coova com Krb5 Kerberos is a network authentication protocol It is designed to provide strong authentication for client server applications by using secret key cryptography Version 1 11 3 Copyright C 1985 2013 by the Massachusetts Institute of Technology and its contributors OpenLDAP a suite of the Lightweight Directory Access Protocol v3 servers clients utilities and development tools Ve...

Page 271: ...opyright c 2000 2013 Oracle and or its affiliates FreeRadius a high performance and highly configurable RADIUS server Version 2 1 12 Copyright C 1999 2011 The FreeRADIUS server project and contributors Linux IPv6 Router Advertisement Daemon radvd Version V 1 15 Copyright c 1996 1997 by Lars Fenneberg lf elemental net BSD License http www litech org radvd WIDE DHCPv6 Dynamic Host Configuration Prot...

Page 272: ...d literature 1 Advantech B B SmartWorx Start Guide for ICR 1601 2 Advantech B B SmartWorx ICR 1601 User Manual Product related documents and applications can be obtained on Engineering Portal at https ep advantech bb cz address ...

Page 273: ...ntech com Upkeep Advices The SIM card must be handled carefully as with a credit card Don t bend don t scratch on this and do not expose to static electricity During cleaning of the router do not use aggressive chemicals solvents and abrasive cleaners Hereby Advantech Co Ltd company declares that the radio equipment type ICR 1601 is in compliance with EU Directive 2014 53 EU The full text of the E...

Reviews: