1
User's Manual For InHand IR720 Series Router
(Version: V2)
Beijing InHand Network Technology Co., Ltd.
http://www.inhandnetworks.com
Page 1: ...1 User s Manual For InHand IR720 Series Router Version V2 Beijing InHand Network Technology Co Ltd http www inhandnetworks com...
Page 2: ...r companies product logos and trade names in the manual are possessed by their respective owners The contents of this manual may be changed due to product version upgrade or other reasons InHand reser...
Page 3: ...Significance Bold Keywords of command line the part that should be remained unchanged in command and be entered as it is are expressed with bold font Italic The parameters of command line the part tha...
Page 4: ...uisition The latest product information is available on the website of InHand www InHand com cn The main columns related to product information on the website of InHand are described as follows Servic...
Page 5: ...ing Page of Router 15 4 Get Familiar with the Web Setting Page 16 4 1 Introduction of Web Setting Page 16 4 2 Introduction of Controls of Common Page 16 4 3 Introduction of Operation of Page List 17 4...
Page 6: ...VLAN 42 7 2 Cellular Port 44 7 3 Loopback 46 7 4 DHCP Service 47 7 5 DNS service 48 7 6 DDNS 49 8 Link Backup 51 8 1 SLA 51 8 2 Track Module 52 8 3 VRRP 53 8 4 Interface Backup 56 9 Routing 58 9 1 Sta...
Page 7: ...ection 96 13 3 Internet Speed Testing 97 14 Typical Networking Configuration Examples 98 15 Appendix Setting of Command Line 101 15 1 Set up Configuration Environment through the Console Port 102 15 2...
Page 8: ...eb setting page e g VRRP interface backup etc Link backup Set device routing function through the Web setting page e g static routing dynamic routing etc Route Configure firewall function for the devi...
Page 9: ...trial grade design InRouter720 is able to work reliably in extreme environments Up to eight Ethernet ports can easily connect to 8 Ethernet devices and arrange them in different VLANs for orderly and...
Page 10: ...network backup links to support link self healing Dynamic routing It has its own routing algorithm and is able to automatically adapt to the changes in network topology DMVPN It adds new branch sites...
Page 11: ...ng page which has intuitive configuration and low use complexity and is easy to operate 2 2 3 Rich Statistical Diagnostic Function and Supervisor Mode It provides a wealth of display function of stati...
Page 12: ...card 3 1 2 Establish Network Connection 1 Set IP Address of Supervisory Computer Automatic acquisition of IP address recommended Please set the supervisory computer to automatic acquisition of IP addr...
Page 13: ...13 1 Open Control Panel double click Network Connections icon and enter Network Connections Screen 2 Click the button Properties to enter the window of Local Connection Properties...
Page 14: ...AN is checked if it is 3 Select Internet Protocol TCP IP and click button Properties to enter the window Internet Protocol TCP IP Properties Select the radio button Use the following IP address enter...
Page 15: ...ck button OK or directly press Enter to enter the Web setting page At the same time the router allows up to five users to manage through the Web setting page When multi user management is implemented...
Page 16: ...contents Introduction of Web Setting Page Introduction of Controls of Common Page Introduction of Operation of Page List Exit the Web Setting Page 4 1 Introduction of Web Setting Page Figure 4 1 Sche...
Page 17: ...e specified list item and click the button Delete to delete the list item 4 4 Exit the Web Setting Page Click at the upper right corner of the web interface and confirm to exit the Web setting page Ch...
Page 18: ...1 System 5 1 1 System Status Page Wizard Administration System System Status This page provides the following function Show the router s basic information and status The meanings of key items in the...
Page 19: ...stem Time Page Wizard Administrator System Time Set system time 5 2 2 SNTP Client Page Wizard Administrator System Time PC Time The time of PC which is accessing to the router via Web CPU Load 1 5 15...
Page 20: ...th SNTP server Server Address SNTP Server Address domain IP 10 servers at most Port SNTP service port of SNTP server Before setting a SNTP server should ensure SNTP server reachable Especially when th...
Page 21: ...5 3 Admin Access 5 3 1 Create a User Page Wizard Administrator Admin Access Create a user Create a user 5 3 2 Modify a User Page Wizard Administrator Admin Access Modify a user Modify user informatio...
Page 22: ...izard Administrator Admin Access Remove users Remove users 5 3 4 Management Service Page Wizard Administrator Admin Access Management Service Managem service For the super user adm can t modify the us...
Page 23: ...23 5 4 AAA 5 4 1 Radius Page Wizard Administrator AAA Radius 5 4 2 Tacacs Page Wizard Administrator AAA Tacacs 5 4 3 AAAAuthentication Page Wizard Administrator AAA AAA settings...
Page 24: ...nfig file to host Backup startup config Backup startup config file to host Automatically save modified configuration Decide whether to automatically save configuration after modify the configuration R...
Page 25: ...rmance find and solve network problems and plan network growth SNMP includes NMS and Agent NMS Network Management Station is a station which runs client procedure Agent is service software which is ru...
Page 26: ...p Setting Page Wizard Administrator SNMP SnmpTrap The meanings of key items in the page are shown in the table below Key Items Description SNMP Version Choose the SNMP version support v1 v2 v3 Contact...
Page 27: ...produces because of the network interface is up or down divided into LINK UP LINK DOWN Alarm status divided into raise confirm clear When alarm occurs it is in the state of raise if the user thinks t...
Page 28: ...28 5 7 1 Alarm Status Page Wizard Administrator Alarm Alarm Status Check and manage the alarm status 5 7 2 Alarm Input Page Wizard Administrator Alarm Alarm Input Set the alarm input...
Page 29: ...29 5 7 3 Alarm Output Page Wizard Administrator Alarm Alarm Output Set the alarm output 5 7 4 Alarm Map Page Wizard Administrator Alarm Alarm Map Set the alarm map...
Page 30: ...lose port LINK DOWN alarm Mail Server IP Set the Email Server s IP address Mail Server Port Set the Email Server s Port Account name An Email address which is used to send the alarm email Account pass...
Page 31: ...are shown in the table below Key Items Description Log to Remote System Open close remote log function IP Address Port UDP Set remote server s IP address Port 5 9 System Upgrading Page Wizard Adminis...
Page 32: ...32 3 At last reboot router Upgrade is successful 5 10 Reboot Page Wizard Administration Reboot Reboot the system...
Page 33: ...s Port RSTP Port Security 802 1x Mac Address 6 1 Port 6 1 1 Port Status Page Wizard Layer 2 Switch Port Port Status Port Status display 6 1 2 Ethernet Port Statistics Page Wizard Layer 2 Switch Port P...
Page 34: ...atistics 6 1 4 Port Basic Parameters Page Wizard Layer 2 Switch Port Port Basic Parameters Port basic parameters settings 6 1 5 Port Advanced Parameters Page Wizard Layer 2 Switch Port Port Advanced P...
Page 35: ...2 Switch Port Port Mirroring Port Mirroring settings 6 2 RSTP The main role of the RSTP rapid spanning tree protocol contains two aspects on the one hand it s used for preventing the broadcast stormi...
Page 36: ...e RSTP statistics 6 2 2 Port RSTP statistics Page Wizard Layer 2 Switch RSTP Port RSTP statistics Display port RSTP statistics 6 2 3 Configure RSTP Parameters Page Wizard Layer 2 Switch RSTP Configure...
Page 37: ...he property of edge port Yes means force to edge port NO means auto detection Point to Point Configure point to point property of port Yes means force to set point to point No means force to set share...
Page 38: ...onality Max Secure MAC set the maximum number of secure MAC addresses on a port VLAN ID The VLAN ID of MAC address Secure MAC Set the secure MAC address 6 4 802 1x 802 1X is based on the Extensible Au...
Page 39: ...Key Items Description Disable Disable 802 1x authentication Auto Enable 802 1x authentication 6 5 Mac Address MAC Address list features Check the learning MAC address Delete unicast MAC table items C...
Page 40: ...igure static MAC 6 5 2 Configure dynamic MAC address Page Wizard Layer2 Switch MAC Address Tables Configure dynamic MAC The meaning of key item is as shown in the following table Key Items Description...
Page 41: ...ut the MAC address corresponding port Priority Input the MAC address corresponding priority Clear MAC Address ON Choose the MAC address range which will be cleared Aging Time Input the aging time of M...
Page 42: ...N Frame Type Tagged Frame Carrying the VLAN tag TPID is 0x8100 the VID of TCI is 0 Priority Tagged Frame TPID is 0x8100 the VID of TCI is 0 Untagged Frame The frame except Tagged frame and priority ta...
Page 43: ...re the VLAN ID Primary IP etc After Apply Save the page shows current VLAN in router The meanings of key items in the page are shown in the table below Key Items Description VLAN ID The range is from...
Page 44: ...Native VLAN The default VLAN that port belong to VLAN Member Ports Choose the role of member it can be none isn t member tagged tagged member untagged untagged member 7 2 Cellular Port 7 2 1 Status Pa...
Page 45: ...he table Key Items Desription Enable Enable PPP dialup Profile Choose the dial up profile Roaming Enable disenable roaming PIN Code Cell phone pin code Network Type Choose mobile network type Static I...
Page 46: ...e as backup Access Number Dialup parameters provided by Local ISP Username Dialup parameters provided by Local ISP Password Dialup parameters provided by Local ISP Show Advanced Options Enable configu...
Page 47: ...nt for all computers DHCP Server It refers to a computer that manages DHCP standard in a specific network The duty of DHCP server is to assign an IP address when the workstation logs in and ensure tha...
Page 48: ...the IP string that can be directly read by the computer DNS forwarding DNS forwarding is open by default You can set the specified Domain Name IP Address to let IP address match with the domain name...
Page 49: ...ram is responsible for providing DNS service and realizing dynamic DNS It means that DDNS captures user s each change of IP address and matches it with the domain name so that other Internet users can...
Page 50: ...the table below Dynamic Domain Name Key Items Description Method Name Designate denominate a name User Name User name assigned in the application for domain name Password Password assigned in the appl...
Page 51: ...t destination If it is unreachable the static routing will be deleted The reachability test can be performed with InHand SLA to continuously check the reachability of ISP and be associated with static...
Page 52: ...rack Module 8 2 1 Status Page Wizard Link Backup Track Module Status SLA Status Display SLA setting Key Items Description SLA It is abbreviation of Service Level Agreement Type Detection type Identifi...
Page 53: ...unication between the host and external network In case of gateway failure all hosts with the gateway as the default route in the network segment are unable to communicate with external networks Figur...
Page 54: ...t link with high reliability can be provided relying on VRRP in case of fault with a router which can effectively avoid network interruption in case of fault with a single link without the need to mod...
Page 55: ...tworking As shown in Figure 8 3 2 Router A and Router C compose a virtual router This virtual router has its own IP address The host in LAN will set the virtual router as the default gateway Router A...
Page 56: ...face function of VRRP can better expand the backup function It not only provides the backup function in case of fault of a router s interface but also provides the backup function in case that other i...
Page 57: ...take effect Up Delay When the primary interface switches from failed detection to successful detection switching can be delayed based on the set time 0 represents immediate switching rather than imme...
Page 58: ...g to achieve network interworking Proper setting and use static routing can improve the performance of network and can guarantee bandwidth for important network applications Disadvantages of static ro...
Page 59: ...F and Routing Information Protocol RIP for Autonomous System AS interior gateway protocol The so called autonomous system refers to the collection of hosts routers and other network devices under the...
Page 60: ...r equal to 16 is defined as infinity which means that the destination network or host is unreachable Because of this limitation the RIP is not suitable for large scale networks To improve performance...
Page 61: ...neighboring routers through the routing learned from an interface by RIP which will not only reduce bandwidth consumption but also can prevent routing loops 9 2 2 2 Start up and running process of RI...
Page 62: ...ng updates Timeout timer It defines the routing aging time If no update package on a routing is received within the aging time the routing s RoutingCost in the routing table will be set to 16 Clear Ti...
Page 63: ...rotocol Regardless of zoning the routing calculation process of OSPF protocol can be briefly described as follows Each router that supports OSPF protocol maintains a Link State Database LSDB that desc...
Page 64: ...d then the laste configured IP address of Loopback interface will be used as the Router ID If no LoopBack interface address is configured choose the first configured IP address of other interfaces wil...
Page 65: ...and Neighboring In OSPF Neighbor and Adjacency are two different concepts After the start up of OSPF router it will send out Hello packets through the OSPF interface Upon receipt of Hello packet OSPF...
Page 66: ...time between two adjacent routers is different you can not establish a neighbor relationship Network Network type Protocol priority Since there may be multiple routing protocols simultaneously runnin...
Page 67: ...n receipt of message the port of switch will analyze the field of packet according to the ACL rule applied on the current port After identifying the specific packet it will permit or prohibit appropri...
Page 68: ...the above three ranges will not be allocated on the Internet Therefore they can be freely used in companies or enterprises without the need to make application to the operator or registration center P...
Page 69: ...Items Description SNAT Source address translation is to convert the source address of ip data package into another address DNAT Destination address translation is to map a set of local internal addres...
Page 70: ...ty data frame thus to ensure that critical business will not be affected by network congestion IR720 supports four service levels and the service level can be determined according to the reception por...
Page 71: ...e Optional wrr Weighted Round Robin policy sp strict priority policy Priority overload Change the Tag priority of data frame based on the following information Destination MAC source MAC VLAN ID Note...
Page 72: ...l bandwidth of network is limited If these applications excessively take up network bandwidth it is bound to affect the normal use of network by other users In order to ensure that all users within th...
Page 73: ...sender in order to ensure that the data is not tampered during transmission Data authentication IPSec receiver can authenticate whether the sender of IPSec packet is legitimate Anti replay Anti Replay...
Page 74: ...rections If two peers want to use AH and ESP for secure communication each peer will build an independent SA for each protocol SA uses a triple for unique identification The triple includes SPI Securi...
Page 75: ...ric key system It uses the same key to encrypt and decrypt data IPSec supports three encryption algorithms Encryption Algorithm Description DES Use a 64bit key to encrypt a 64bit plaintext block 3DES...
Page 76: ...nnel established between the home terminal and the opposite terminal for interworking and it is composed of one or more pairs of SA 12 1 2 Common Networking Mode of IPSec VPN Center branch model is us...
Page 77: ...12 1 3 1 IPsec Status Page Wizard VPN IPsec IPsec Status 12 1 3 2 IPsec Phase 1 Page Wizard VPN IPsec IPsec Phase 1 12 1 3 3 IPsec Phase 2 Page Wizard VPN IPsec IPsec Phase 2 IPsec status display IPse...
Page 78: ...exchange method the aggressive mode using less exchange packets can improve the speed of negotiation in the occasions with lower requirements on Identity Protection Connection Detection DPD It is used...
Page 79: ...d user data is placed behind the original IP header Typically the transmission mode is applied for the communication between two hosts or communication between a host and a security gateway Perfect fo...
Page 80: ...nsidered as the encapsulation structure as follows 12 2 3 Encapsulation Process The protocol number of IP header found by network layer is 47 The network layer strips the new IP header and submits the...
Page 81: ...zard VPN GRE GRE configuration 1 Click the Add button and the following setting interface will appear The meanings of key items in the page are shown in the table below GRE configuration 2 Key Items D...
Page 82: ...82 Key Set the key of tunnel NHRP Next Hop Resolution Protocol...
Page 83: ...mote via a public network through virtual tunnels and the corporate headquarters of the network connection 12 3 2 Brief Introduction of L2TP Protocol 12 3 2 1 Encapsulation Hierarchy of L2TP Packet Th...
Page 84: ...ader Similarly the packet to be sent to VPN user by LNS will be handed over to LAC after encapsulation by LNS Upon receipt of packet if LAC finds that it is L2TP packet it will remove L2TP encapsulati...
Page 85: ...ow 12 4 Certificate Management Page Wizard VPN Certificate Management Key Items Description User Name Set server user name Password Set server password Local IP address Set local IP address Remote IP...
Page 86: ...is a better structure which complies with the traditional way of frame relay internetworking Since hub and spoke uses less point to point links than the full mesh it can reduce line costs When the int...
Page 87: ...static IP address is very high For either ADSL or direct cable access ISP usually uses DHCP to provide dynamic IP address to save address resources The realization of dynamic routing protocols on IPSe...
Page 88: ...address of the opposite terminal of IPSec tunnel Therefore it is unnecessary to separately define matching ACL for IPSec Through binding GRE tunneling with IPSec once the GRE tunnel is established IP...
Page 89: ...encrypted by IPSec In encryption of GRE packet with IPSec IPSec can be configured to the transmission mode because GRE has encapsulated the original packet as the unicast IP packet and it is unnecess...
Page 90: ...ged and remains to be the original address When EIGRP sends the routing to the routing information source port its next hop address will change to the address of the port Therefore it is necessary to...
Page 91: ...y set policy and ISAKMP Profile 12 5 3 2 IPSec Phase 2 Page Wizard VPN IPSec IPSec Phase 2 Configuration of IPSec Phase 2 12 5 3 3 IPSec Configuration Page Wizard VPN IPSec IPSec Configuration IPSec c...
Page 92: ...92 Note When you use DMVPN it is not required to define encryption map Please keep the name of IPSec Profile in mind which will also be used in the GRE tunnel Next we will begin to set the GRE tunnel...
Page 93: ...93 12 5 3 4 GRE and NHRP Configuration Page Wizard VPN GRE GRE Configuration 12 5 3 5 NHRP Configuration Page Wizard VPN GRE NHRP Configuration...
Page 94: ...94 12 5 3 6 Configuring dynamic routing protocol Page Wizard Routing Dynamic Routing RIP RIP setting...
Page 95: ...G detection Page Wizard Tools PING detection The meanings of key items in the page are shown in the table below PING detection setting Key Items Description Host It requires the destination host addre...
Page 96: ...96 13 2 Routing detection Page Wizard Tools Routing Detection Routing detection setting...
Page 97: ...Speed Testing Internet Speed Testing Setting The meanings of key items in the page are shown in the table below Key Items Description Function It is used to detect the internet speed The internet spe...
Page 98: ...obtain the public network IP address SPOKE Requirements 1 R2 R3 R4 and HUB establish DMVPN making intranets can exchange visits Knowledge points involved Configuration IPSec VPN of GRE tunnel NHRP dy...
Page 99: ...ipsec profile POLICY HUB ipsec profile set transform set TS HUB ipsec profile exit HUB config int tunnel 0 HUB config if tunnel protection ipsec profile POLICY R2 R3 R4 Configuring crypto isakmp polic...
Page 100: ...uting protocol HUB config router rip HUB config router network 192 168 0 1 255 255 255 0 HUB config router network 192 168 77 1 255 255 255 0 HUB if tun 1 no ip rip split horizon Turn off split horizo...
Page 101: ...xxx xxx xxx xxx xxx is the IP address of the router s LAN port in the pop up Run dialog box Press Enter and enter the user name and password the user name is adm and password is 123456 by default acc...
Page 102: ...the supervisory computer to the router Connect the serial ports of supervisory computer through configuring the Console port between the cable and router 2 Configure parameters of supervisory compute...
Page 103: ...103...
Page 104: ...is a keyword at the location of this command line list all the keywords and their brief descriptions 3 Enter a string immediately followed by List all the commands that begin with this string 4 Enter...
Page 105: ...ace Enter the show interface vlan command and press Enter to display the IP address of router s VLAN interface 15 3 3 Restore the Router to Factory Settings Enter the erase startup config command and...
Page 106: ...ter the show version command and press Enter 15 3 6 Display the Router s Current Configuration Information Enter the show running config command and press Enter 15 3 7 Display MAC Address Table Enter...
Page 107: ...ction Ping 127 0 0 1 is used to check if the supervisory computer is installed with the TCP IP protocol Ping and the IP address of VLAN interface that directly connects to the router are used to check...
Page 108: ...eck if the router has conducted ARP binding for all hosts in the LAN 3 Log in the router s Web setting page check the access control list check whether an IP address segment that is not allowed to acc...
Page 109: ...twork cable is not connected while the indicator lights of Ethernet Ports are normally on Please contact InHand technical support service hotline 010 64391099 Getting Help Software fault For example T...
Page 110: ...1 interface IP address 192 168 2 1 Subnet Mask 255 255 255 0 User management User adm Password 123456 Layer 2 exchange RSTP Turn off Network DHCP service Enable DHCP forwarding Turn off Routing RIP Tu...
Page 111: ...figuration Protocol Server is a device running DHCP Dynamic Host Configuration Protocol and is mainly used to assign IP address to the clients of DHCP DNS Domain Name Service Domain Name Service resol...
Page 112: ...nterface or gateway that is able to reach the destination network or address through the effective routing based on the destination address of data and the current network conditions for data forwardi...
Page 113: ...113 LAN Local Area Network Local Area Network generally refers to the internal network e g home network internal network of small and medium sized enterprises etc...
