Huawei EA380-123 User Manual

eA380 Series LTE CPE V100R001C00

User Guide

Issue 01 Date 2017-08-31

HUAWEI TECHNOLOGIES CO., LTD.

Proprietary and Confidential

No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.

Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.

All other trademarks and trade names mentioned in this document are the property of their respective holders.

Notice

The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute a warranty of any kind, express or implied.

Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base

Bantian, Longgang Shenzhen 518129

People's Republic of China Website: http://www.huawei.com Email: support@huawei.com

Issue 01 (2017-08-31)

Huawei

eA380 Series LTE CPE

Proprietary and Confidential

User Guide About This Document

About This Document

Overview

This document describes the hardware, functions, installation, configuration, operation and maintenance (OM) of the eA380 series customer premises equipment (CPE).

Product Version

Product Name Product Version

eA380-123 V100R001 eA380-135 V100R001

Intended Audience

This document is intended for:



System engineers



Product engineers



Technical support engineers

Issue 01 (2017-08-31) Huawei

eA380 Series LTE CPE

Proprietary and Confidential

User Guide Contents

Contents

About This Document ............................................................................................................ ii

1 Overview ................................................................................................................................ 1

1.1 Product Introduction ................................................................................................................................................ 1

1.2 Application Scenarios .............................................................................................................................................. 2

1.3 Hardware Specifications ......................................................................................................................................... 5

1.4 Antenna Specifications ............................................................................................................................................ 7

1.5 Software specifications............................................................................................................................................ 8

1.6 Product Security..................................................................................................................................................... 10

1.6.1 Network Security ......................................................................................................................................... 10

1.6.2 Application Security..................................................................................................................................... 10

1.7 Device Ports ........................................................................................................................................................... 12

1.7.1 Web Port ....................................................................................................................................................... 12

1.7.2 USB Port ....................................................................................................................................................... 14

1.7.3 TR-069 Port .................................................................................................................................................. 15

2 Hardware .............................................................................................................................. 17

2.1 eA380 Hardware .................................................................................................................................................... 17

2.1.1 Appearance ................................................................................................................................................... 17

2.1.2 Panel.............................................................................................................................................................. 17

2.1.3 Indicator ........................................................................................................................................................ 18

2.2 eA380 Cables ......................................................................................................................................................... 20

2.2.1 PoE Network Cable...................................................................................................................................... 20

2.3 Mounting Parts ....................................................................................................................................................... 21

3 Installation ........................................................................................................................... 23

3.1 Site Preparations .................................................................................................................................................... 23

3.2 Installation Preparation.......................................................................................................................................... 24

3.3 Installation Procedure ............................................................................................................................................ 26

3.3.1 Mounting on a Utility Pole .......................................................................................................................... 26

3.3.2 Mounting on the Wall .................................................................................................................................. 29

3.3.3 Cable Connection ......................................................................................................................................... 33

3.4 Installation Check .................................................................................................................................................. 36

4 Configuration Introduction ................................................................................................ 39

Issue 01 (2017-08-31) Huawei

iii

eA380 Series LTE CPE

Proprietary and Confidential

User Guide Contents

4.1 Log in to the WebUI .............................................................................................................................................. 39

4.2 NAT /Routing Behind MS Settings ...................................................................................................................... 40

4.3 Profile Management .............................................................................................................................................. 40

4.4 TR-069 Setting ....................................................................................................................................................... 41

4.5 Security Settings .................................................................................................................................................... 43

4.5.1 Firewall Settings........................................................................................................................................... 43

4.5.2 LAN IP Address Filtering ............................................................................................................................ 43

4.5.3 MAC Address Filtering................................................................................................................................ 43

4.5.4 Domain Name Filtering ............................................................................................................................... 44

5 Update Introduction ............................................................................................................ 45

5.1 Local Update .......................................................................................................................................................... 45

5.2 Online Update ........................................................................................................................................................ 45

5.3 TR069 eSight Update ............................................................................................................................................ 46

5.3.1 Firmware Version ......................................................................................................................................... 46

5.3.2 Upgrade Management .................................................................................................................................. 46

6 Maintenance ......................................................................................................................... 48

6.1 Maintenance Preparation ....................................................................................................................................... 48

6.2 Fault Diagnosis ...................................................................................................................................................... 48

7 FAQ ....................................................................................................................................... 50

7.1 What Do I Do If the Web UI Fails to Be Opened? .............................................................................................. 50

7.2 What Do I Do When Power Indicator Is Not Working?...................................................................................... 50

7.3 What Do I Do When the Data Service Is not Provided? ..................................................................................... 51

8 Privacy and Security ............................................................................................................ 52

8.1 Privacy Policy ........................................................................................................................................................ 52

8.2 Security Maintenance ............................................................................................................................................ 52

8.3 Performing Default Security Configuration......................................................................................................... 52

9 Acronyms and Abbreviations............................................................................................. 54

Issue 01 (2017-08-31) Huawei

eA380 Series LTE CPE

Proprietary and Confidential

User Guide 1Overview

1 Overview

About This Chapter

This chapter describes the functions, applications, product security and specifications of the product.

1.1 Product Introduction

The Huawei eA380 Series CPEs are the Long Term Evolution (LTE) customer premises equipments (CPEs). As a wireless gateway, the eA380 can be deployed outdoors to provide services such as data collection and video surveillance.

The eA380 Series CPEs (eA380-135, eA380-123,eA380 for short) supports LTE R11/12. The eA380 provide the following functions:



Data services The eA380 series uses LTE broadband technologies to support high-speed broadband

network access, data backhaul, and video surveillance.



Small-scale local area network (LAN) The eA380 series can connect to external concentrators and Ethernet switches or routers

to set up a LAN with multiple computers. When terminal devices on the LAN connect to the eA380 using network cables, the terminal devices can provide data services.



Security services The eA380 series supports the firewall and PIN password, which protects your

computers when you access the Internet.



Firewall services The eA380 series supports the following firewall services:

− Firewall enabling or disabling: enables or disables firewalls.

− Media access control (MAC) address filtering: prevents certain MAC addresses from

accessing the computers on a LAN.

− IP address filtering: blocks certain IP addresses from accessing the local computers.

− URL filtering: prevents computers from accessing certain URLs.



Local and remote management and maintenance The eA380 support local configuration to manage devices , configure network

parameters, and help ensure that the device functions properly and stably.

Issue 01 (2017-08-31) Huawei

eA380 Series LTE CPE

Proprietary and Confidential

User Guide 1Overview



Remote Management and Maintenance The eA380 support remote configuration to manage devices , configure network

parameters, and query the status by TR069.

1.2 Application Scenarios

The eA380 provides wireless broadband and wired Ethernet data services. The eA380 is intended to be deployed in wISP(Wireless Internet Service Provider) network.

They can also be deployed in industrial, public security and enterprise network if the performance is acceptable to the network operator.

Figure 1-1 The eA380 deployed in wISP network

The eA380 provides a variety of data services, such as LTE-TDD wireless routing and converting LTE wireless data into wired Ethernet data, and vice versa. Figure 1-2 shows an application scenario in which the eA380 is used in private industrial networks.

Issue 01 (2017-08-31) Huawei

eA380 Series LTE CPE

Proprietary and Confidential

User Guide 1Overview

Figure 1-2 The eA380 deployed in industrial private networks

The following example describes how to use the eA380 for video monitoring.

1. Use a power adapter to supply power for the eA380 or video camera, as shown in Figure

1-3.

Issue 01 (2017-08-31) Huawei

eA380 Series LTE CPE

Proprietary and Confidential

User Guide 1Overview

Figure 1-3 The eA380 connected to a video camera.

2. Use a network cable to connect the eA380 to an external device. If the eA380 connects

to a single device, connect the power adapter directly to the eA380. If the eA380 connects to multiple devices, connect the power adapter to a Hub or switch and then to the eA380, as shown in Figure 1-4.

Figure 1-4 The eA380 connected to multiple devices

Issue 01 (2017-08-31) Huawei

eA380 Series LTE CPE

Proprietary and Confidential

User Guide 1Overview

1.3 Hardware Specifications

Table 1-1 describes the technical specifications of the eA380.

Table 1-1 Technical specifications of the eA380

Category Description

WAN: LTE 3GPP Release 11/12

Technical standards

Working

LTE

frequency band

WLAN 2400 MHz to 2483.5 MHz



External interface

LED indicator

Maximum transmit power



LTE WLAN

LAN: IEEE 802.3/802.3u WLAN: IEEE 802.11b/g/n eA380-123: LTE TDD (2570 MHz to 2620 MHz)

LTE TDD (2300 MHz to 2400 MHz) LTE TDD (2496 MHz to 2690 MHz) LTE FDD (2500 MHz to 2570 MHz(UL)/

2620 MHz to 2690 MHz(DL))

eA380-135: LTE TDD (3400 MHz to 3600 MHz)

LTE TDD (3600 MHz to 3800 MHz)

1 Ethernet and voice interface (RJ45): 10/100/1000Base-TX Ethernet, PoE combined

1 USB interface(for local maintenance only) 1 SIM card slot

One POWER indicator One LAN indicator Three LTE signal strength indicators



(23±2) dBm



(16±3) dBm

EIRP WiFi 2.4G < 20 dBm

Receiving sensitivity

LTE eA380-123

Issue 01 (2017-08-31) Huawei

B38/B40:



< -100 dBm/5 MHz



< -97 dBm/10 MHz



< -94 dBm/20 MHz

B7:



< -98 dBm/5 MHz



< -95 dBm/10 MHz



< -92 dBm/20 MHz

eA380 Series LTE CPE

Proprietary and Confidential

User Guide 1Overview

Category Description

B42/B43:



eA380-135



802.11b: -92 dBm@1 Mbps,

< -99 dBm/5 MHz



< -96 dBm/10 MHz



< -93 dBm/20 MHz

-85 dBm@11 Mbps



802.11g: -88 dBm@6 Mbps

-73 dBm@54 Mbps

WLAN



802.11n: HT20: -87 dBm@MCS0

-71 dBm@MCS7

HT40: -84 dBm@MCS0

-68 dBm@MCS7

Power consumption

Power supply

when heater works (<25W) when heater off (<9W)



PoE (should be powered by IEEE802.3at standard)



PoE adapter: AC 100V~240V,DC 54V/650mA Weight <1.5kg (The power supply adapter is not included) Water and dust

proof

Temperature

IP65



Working temperature: -40 ℃ to +55 ℃



Storage temperature: -40 ℃ to +70 ℃ Humidity 5% to 95% Installation Mounted on poles or walls

Please deploy the device to make it power on in three months after received or store it under following circumstance:



Temperature: -10°C to 35°C



Humidity: 30%RH to 85% RH

Thermometer and hygrometer should be used to monitor, adjust the temperature and humidity.

Issue 01 (2017-08-31) Huawei

eA380 Series LTE CPE

Proprietary and Confidential

User Guide 1Overview

eA380-123 WLAN CH1-CH10 is unavailable when LTE works at band 40

1.4 Antenna Specifications

Table 1-2 eA380s LTE antenna specifications

Item eA380-123 eA380–135

Band 2300 to 2400 MHz (Band 40)

2570 to 2620 MHz (Band 38)

3400 to 3600 MHz (Band 42)

3600 to 3800 MHz (Band 43) 2496 to 2690 MHz (Band 41) 2500 to 2570 MHz (Band 7 UL) 2620 to 2690 MHz (Band 7 DL)

Gain 12±1dBi 13±1dBi Input

50 ohm

impedance SWR < 2 Polarization Dual cross polarization Radiation

Directional antenna

pattern

For FCC frequency range:

Frequency Range



LTE-FDD Band 7:2500-2570MHz(Tx), 2620-2690MHz(Rx) LTE-TDD Band 40: 2305-2320MHz&2345-2360MHz(T x/Rx)

LTE-TDD Band 41: 2500-2690MHz(Tx/Rx)

Table 1-3 WLAN antenna specifications

Item Description

Frequency 2400 MHz ~ 2483 MHz Input

50 Ω

impedance Standing

< 3

wave ratio efficiency

>50% Gain 2dBi Polarization Linear polarization

Issue 01 (2017-08-31) Huawei

eA380 Series LTE CPE User Guide

1Overview

Issue 01 (2017-08-31)

Huawei Proprietary and Confidential

1.5 Software specifications

Item

Description

Gateway

Router: The default routing address is 0.0.0.0. The default routing table items can be generated accordingly.

Supports Address Resolution Protocol (ARP)

Supports domain name service (DNS)

Supports Internet Control Message Protocol (ICMP)



Supports Network Address Translation (NAT) and Network Address Port Translation (NAPT).



Supports fragment message identification for normal NAT



Supports NAT traverse

DHCP server



The default DHCP server address ranges from 192.168.1.2 to

192.168.1.254. The default gateway address is 192.168.1.1.



The default DHCP lease is 24 hours.



The DHCP server can be enabled or disabled.



The DHCP server's address pool can be configured.



The DHCP lease can be configured.



IP address status such as the hostname, Media Access Control (MAC) address, IP address, and remaining DHCP lease can be displayed.



Supports static IP address reservation



Supports DHCP relay

Routing behind MS UE direct connect

Firewall



Firewall switch



LAN MAC address filtering



IP address filtering



URL filtering



Security Parameter Index (SIP) ALG



Demilitarized Zone (DMZ)



Port forwarding



Service access control



NAT（Network Address Translation）



Static Route



Dynamic Route

LAN  Auto-negotiation between 10 /100 /1000 Mbit/s



MDI/MDIX auto-sensing

Table 1-4 Software specifications

eA380 Series LTE CPE User Guide

1Overview

Issue 01 (2017-08-31)

Huawei Proprietary and Confidential

Item

Description



Compatible with IEEE 802.3/802.3u



If you connect to multiple hosts via Hub or switch, the number of host

devices sold under LTE CPE should not exceed 32

frequency lock

Support frequency, cell lock two ways

WLAN

SSID broadcast and hiding is supported.

WLAN 2.4 GHz (802.11b/g/n) is supported.

WPS is supported.

Authentication:



Open System authentication



Shared Key authentication



64/128-digit WEP encryption



256-digit WPA-PSK/ WPA2-PSK encryption



AES ciphering algorithm

TKIP and AES ciphering algorithm synchronously

MAC address authentication:



Up to 10 MAC address items.



Support MAC address whitelist



Support MAC address blacklist

Ratio adjustment:



Automatically



Manually

STA management:



Supports limit of access users (up to 32 users)



Support STA status query

Upgrade

Supports TR-069 upgrade and local upgrade and online upgrade

SIM

Supports PIN management and SIM card authentication soft SIM

Dial-up connection

Supports automatic and manual connection

Importing and exporting configuration

Encrypt and back up the current configuration, and then restore from a backup configuration

eA380 Series LTE CPE User Guide

1Overview

Issue 01 (2017-08-31)

Huawei Proprietary and Confidential

1.6 Product Security

eA380 security includes network security and application security. Application security includes wireless security and OM security.

1.6.1 Network Security

eA380 network security uses Secure Sockets Layer (SSL) and Hypertext Transfer Protocol Secure (HTTPS).

SSL

The SSL protocol is a security connection technology for the server and client. It provides a confidential, trusted, and identity-authenticating connection to two application layers. SSL is regarded as a standard security measure and has been widely applied to web services.



Identity authentication Identity authentication checks whether a communication individual is the expected

object. SSL authenticates servers and clients based on digital certificates and user/password. Clients and servers have their own identifiers. The identifiers are numbered by the public key. To verify that a user is legitimate, SSL requires digital authentication during data exchange in the SSL handshake procedure.



Connection confidentiality Data is encrypted before transmission to prevent data from being hacked by malicious

users. SSL uses encryption algorithms to ensure the connection confidentiality.



Data integrity Any tampering on data during transmission can be detected. SSL establishes a secure

channel between the client and the server so that all the SSL data can reach the destination intact.

HTTPS

For the eA380, the OM TCP applications can use SSL. HTTP over SSL is generally called HTTPS. HTTPS is used for connections between the NMS/WebUI and eA380. SSL also uses the digital certificate mechanism.

HTTPS provides secure HTTP channels. HTTPS is HTTP to which SSL is added, and SSL ensures the security of HTTPS.

1.6.2 Application Security

eA380 application security includes wireless security and OM security.

Wireless Security

eA380 wireless security includes authentication, air-interface data encryption, and integrity protection.

OM Security

OM security includes user authentication, access control, OM system security, and software digital signature.

eA380 Series LTE CPE User Guide

1Overview

Issue 01 (2017-08-31)

Huawei Proprietary and Confidential

User Authentication and Access Control

User authentication and access control are implemented for users to be served by the eA380. The objective of authentication is to identify users and grant the users with proper permission. The objective of access control is to specify and restrict the operations to be performed and the resources to be accessed by the users.

OM System Security

OM system security includes software integrity check. In the original procedure for releasing and using the software, the software integrity is ensured

by using cyclic redundancy check (CRC). CRC can only prevent data loss during transmissions. If data is tampered with during transmissions, a forged CRC value will be regarded as valid by the CRC. Therefore, the receive end cannot rely on the CRC to ensure the consistency between the received data and the original data, adversely affecting the reliability and security for the software.

Software integrity protection implements the Hash algorithm or adds a digital signature to software (including mediation layers and configuration files) when releasing software, and then uploads software to the target server or device. When a target device downloads, loads, or runs software, the target device performs the Hash check or authenticates the digital signature. By doing so, software integrity protection ensures end-to-end software reliability and integrity.

Software integrity protection helps detect viruses or malicious tampering in a timely manner, preventing insecure or virus-infected software from running on the device.

Digital Signature of Software

A digital signature of software is used to identify the software source. It ensures the integrity and reliability of software.

When software is released, its digital signature is delivered with the software package. After the software package is downloaded to an NE, the NE verifies the digital signature of the software package before using it. If the digital signature passes the verification, the software is intact and reliable. If the verification fails, the software package is invalid and cannot be used. Figure 1-5 illustrates the principles of a software digital signature.

eA380 Series LTE CPE User Guide

1Overview

Issue 01 (2017-08-31)

Huawei Proprietary and Confidential

Figure 1-5 Digital signature of software

NOTE



Before a software package is released, all files in the software package are signed with digital signatures. That is, after a message digest is calculated for all files in the software package, the message digest is digitally signed using a private key.



After a software package with a digital signature is loaded to an NE through a media such as the software release platform, the NE first verifies the digital signature of the software package. That is, the NE uses a public key to decrypt the digital signature and obtain the original message digest. Then, the NE recalculates the message digest and compares the new message digest with the original one.

− If the two message digests are the same, the software package passes the

− If the two message digests are different, the software package fails the verification

The public key used to decrypt digital signatures is stored in the secure storage area of an NE and cannot be queried or exported.

1.7 Device Ports

1.7.1 Web Port

You can log in to the CPE WebUI over HTTPS to manage the LTE CPE, including configuring and querying settings, exporting running logs, querying device logs, importing and exporting the configuration, restarting and updating the LTE CPE, and restoring the LTE CPE to its default settings. For details, see the WebUI online help.

verification and can be used.

and cannot be used.



The default WebUI login user name and password are admin and admin, respectively.

eA380 Series LTE CPE User Guide

1Overview

Issue 01 (2017-08-31)

Huawei Proprietary and Confidential



You can change the login password on the WebUI.



Internet Explorer 9.0 and a later version is recommended, because Internet Explorer 6.0 uses the SSL 3.0 protocol that contains vulnerabilities.

To improve security, change the default password at your first login and regularly change the password. It is recommended that users do not set an empty password or a simple password.



A password must meet the following rules:

A password consists of 8 to 15 characters. A password contains at least two types of characters of the following:

− Lowercase letter

− Uppercase letter

− Digit

− Special characters, including the space character and the following: ! # $ ( )

* - . / = @ [ ] ^ _ ` { } ~ | A password cannot be the user name or the reverse order of the user name. A password cannot contain more than two consecutive characters that are the same

(for example, 111 is not allowed.)



By default, the function to remotely log in to the CPE WebUI over HTTPS is disabled.

The remote WebUI functions the same as the local WebUI.



The maximum number of WebUI login attempts is three. After three login failures, the

WebUI login page is locked and will be unlocked after one minutes. The lockingduration is incremented by one minute each time the WebUI login page is locked later.



When the WebUI login password is forgotten, contact the device agent or maintenance

center to restore factory defaults; refer to the AT command manual to restore factory defaults by yourself; or contact the device operator to reset the password through TR-069.



The WebUI supports remote (LTE wireless link) and local (Ethernet interface or Wi-Fi

link) login. Please configure ACL rights based on scenarios to control remote and local WebUI login. Opening unnecessary login interfaces may increase network attack risks or lead to unauthorized login. You can use the ACL service to enable or disable remote or local WebUI login. For details, see the section "Service Control List" in the online help of the device WebUI.



If you do not perform any operation within 5 minutes after logging in to the WebUI, the

system automatically logs you out.



You are advised to change the password timely after first login and regularly change the

password to improve network security.



Personnel in the central office may remotely log in to the LTE CPE WebUI for CPE

management and upgrade using HTTPS.



CPEs support HTTPS and are compatible with HTTP. HTTP is not a relatively secure

protocol.

eA380 Series LTE CPE User Guide

1Overview

Issue 01 (2017-08-31)

Huawei Proprietary and Confidential

1.7.2 USB Port

NOTE

Port Mapping Name on the Computer

Port Usage

Port Number

HUAWEI Mobile Connect PC UI Interface

Used to run AT commands.

18 (the actual computer port prevails)

In normal cases, the USB port works in slave mode. In slave mode, the USB port will be mapped to a computer UI after the Huawei-provided chip driver is installed on the computer. This UI is locked by default. You can run other AT commands and write data to the SoftSim card only after running the unlock command. After the serial port mapped by the USB is connected successfully, run the unlock command.

The commands for unlocking the computer UI port and changing the unlock password are as follows:



at^PCPORT=”pwd”,1: Enable the computer UI.

pwd indicates the unlock password.

at^PCPORT=”pwd”,0: Disable the computer UI.

pwd indicates the unlock password.

at^PORTPWD=”oldPwd”,”newPwd”, “newPwdConf”: Change the unlock password of the computer UI.

Here, oldPwd indicates the current password, and newPwd the new password, and newPwdConf the confirm password. newPwd must be the same as newPwdConf; otherwise, the password cannot be changed.



The default unlock password is $Zls123Q.



To improve security, change the default USB unlock password at your first login and regularly change the password. It is recommended that users do not set an empty password or a simple password.



A password must meet the following rules:

A password consists of at least eight characters. A password contains at least three types of characters of the following:

− Lowercase letter

− Uppercase letter

− Digit

− Special characters, including the space character and the following: ! # $ ( )

* - . / = @ [ ] ^ _ ` { } ~ | The password cannot be the user name or the reverse order of the user name. A password cannot contain more than two consecutive characters that are the same

(for example, 111 is not allowed.)

When the PC UI is unlocked, you can run commands to unlock other USB ports or AT commands to map the ports in the following table.

+ 42 hidden pages