Huawei EA380-123 User Manual
eA380 Series LTE CPE
V100R001C00
User Guide
Issue 01
Date 2017-08-31
HUAWEI TECHNOLOGIES CO., LTD.
Copyright © Huawei Technologies Co., Ltd. 2017. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute a warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.
Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website: http://www.huawei.com
Email: support@huawei.com
Issue 01 (2017-08-31) |
Huawei Proprietary and Confidential |
i |
|
Copyright © Huawei Technologies Co., Ltd. |
|||
|
|
eA380 Series LTE CPE |
|
User Guide |
About This Document |
About This Document
Overview
This document describes the hardware, functions, installation, configuration, operation and maintenance (OM) of the eA380 series customer premises equipment (CPE).
Product Version
Product Name |
|
Product Version |
|
||
|
|
|
eA380-123 |
|
V100R001 |
|
|
|
eA380-135 |
|
V100R001 |
|
|
|
Intended Audience
This document is intended for:
System engineers
Product engineers
Technical support engineers
.
Issue 01 (2017-08-31) |
Huawei Proprietary and Confidential |
ii |
|
Copyright © Huawei Technologies Co., Ltd. |
|
eA380 Series LTE CPE |
|
User Guide |
Contents |
|
|
|
Contents |
About This Document ............................................................................................................ |
|
ii |
|
1 Overview ................................................................................................................................ |
|
1 |
|
1.1 |
Product Introduction................................................................................................................................................ |
|
1 |
1.2 Application Scenarios .............................................................................................................................................. |
|
2 |
|
1.3 |
Hardware Specifications ......................................................................................................................................... |
|
5 |
1.4 Antenna Specifications ............................................................................................................................................ |
|
7 |
|
1.5 |
Software specifications............................................................................................................................................ |
|
8 |
1.6 |
Product Security..................................................................................................................................................... |
|
10 |
|
1.6.1 Network Security ......................................................................................................................................... |
|
10 |
|
1.6.2 Application Security..................................................................................................................................... |
|
10 |
1.7 |
Device Ports ........................................................................................................................................................... |
|
12 |
|
1.7.1 Web Port ....................................................................................................................................................... |
|
12 |
|
1.7.2 USB Port....................................................................................................................................................... |
|
14 |
|
1.7.3 TR-069 Port .................................................................................................................................................. |
|
15 |
2 Hardware.............................................................................................................................. |
|
17 |
|
2.1 eA380 Hardware .................................................................................................................................................... |
|
17 |
|
|
2.1.1 Appearance ................................................................................................................................................... |
|
17 |
|
2.1.2 Panel.............................................................................................................................................................. |
|
17 |
|
2.1.3 Indicator........................................................................................................................................................ |
|
18 |
2.2 eA380 Cables ......................................................................................................................................................... |
|
20 |
|
|
2.2.1 PoE Network Cable...................................................................................................................................... |
|
20 |
2.3 |
Mounting Parts....................................................................................................................................................... |
|
21 |
3 Installation ........................................................................................................................... |
|
23 |
|
3.1 |
Site Preparations .................................................................................................................................................... |
|
23 |
3.2 |
Installation Preparation.......................................................................................................................................... |
|
24 |
3.3 |
Installation Procedure............................................................................................................................................ |
|
26 |
|
3.3.1 Mounting on a Utility Pole .......................................................................................................................... |
26 |
|
|
3.3.2 Mounting on the Wall .................................................................................................................................. |
|
29 |
|
3.3.3 Cable Connection......................................................................................................................................... |
|
33 |
3.4 |
Installation Check .................................................................................................................................................. |
|
36 |
4 Configuration Introduction ................................................................................................ |
|
39 |
|
Issue 01 (2017-08-31) |
Huawei Proprietary and Confidential |
iii |
|
|
Copyright © Huawei Technologies Co., Ltd. |
|
|
eA380 Series LTE CPE |
|
|
User Guide |
Contents |
|
4.1 |
Log in to the WebUI .............................................................................................................................................. |
39 |
4.2 |
NAT /Routing Behind MS Settings ...................................................................................................................... |
40 |
4.3 |
Profile Management .............................................................................................................................................. |
40 |
4.4 |
TR-069 Setting....................................................................................................................................................... |
41 |
4.5 |
Security Settings .................................................................................................................................................... |
43 |
|
4.5.1 Firewall Settings........................................................................................................................................... |
43 |
|
4.5.2 LAN IP Address Filtering ............................................................................................................................ |
43 |
|
4.5.3 MAC Address Filtering................................................................................................................................ |
43 |
|
4.5.4 Domain Name Filtering ............................................................................................................................... |
44 |
5 Update Introduction............................................................................................................ |
45 |
|
5.1 |
Local Update.......................................................................................................................................................... |
45 |
5.2 |
Online Update ........................................................................................................................................................ |
45 |
5.3 |
TR069 eSight Update ............................................................................................................................................ |
46 |
|
5.3.1 Firmware Version ......................................................................................................................................... |
46 |
|
5.3.2 Upgrade Management.................................................................................................................................. |
46 |
6 Maintenance......................................................................................................................... |
48 |
|
6.1 |
Maintenance Preparation....................................................................................................................................... |
48 |
6.2 |
Fault Diagnosis ...................................................................................................................................................... |
48 |
7 FAQ....................................................................................................................................... |
|
50 |
7.1 What Do I Do If the Web UI Fails to Be Opened? .............................................................................................. |
50 |
|
7.2 What Do I Do When Power Indicator Is Not Working?...................................................................................... |
50 |
|
7.3 What Do I Do When the Data Service Is not Provided? ..................................................................................... |
51 |
|
8 Privacy and Security............................................................................................................ |
52 |
|
8.1 |
Privacy Policy ........................................................................................................................................................ |
52 |
8.2 |
Security Maintenance ............................................................................................................................................ |
52 |
8.3 |
Performing Default Security Configuration......................................................................................................... |
52 |
9 Acronyms and Abbreviations............................................................................................. |
54 |
|
Issue 01 (2017-08-31) |
Huawei Proprietary and Confidential |
iv |
|
Copyright © Huawei Technologies Co., Ltd. |
|
eA380 Series LTE CPE |
|
User Guide |
1Overview |
1 Overview
About This Chapter
This chapter describes the functions, applications, product security and specifications of the product.
1.1 Product Introduction
The Huawei eA380 Series CPEs are the Long Term Evolution (LTE) customer premises equipments (CPEs). As a wireless gateway, the eA380 can be deployed outdoors to provide services such as data collection and video surveillance.
The eA380 Series CPEs (eA380-135, eA380-123,eA380 for short) supports LTE R11/12. The eA380 provide the following functions:
Data services
The eA380 series uses LTE broadband technologies to support high-speed broadband network access, data backhaul, and video surveillance.
Small-scale local area network (LAN)
The eA380 series can connect to external concentrators and Ethernet switches or routers to set up a LAN with multiple computers. When terminal devices on the LAN connect to the eA380 using network cables, the terminal devices can provide data services.
Security services
The eA380 series supports the firewall and PIN password, which protects your computers when you access the Internet.
Firewall services
The eA380 series supports the following firewall services:
−Firewall enabling or disabling: enables or disables firewalls.
−Media access control (MAC) address filtering: prevents certain MAC addresses from accessing the computers on a LAN.
−IP address filtering: blocks certain IP addresses from accessing the local computers.
−URL filtering: prevents computers from accessing certain URLs.
Local and remote management and maintenance
The eA380 support local configuration to manage devices , configure network parameters, and help ensure that the device functions properly and stably.
Issue 01 (2017-08-31) |
Huawei Proprietary and Confidential |
1 |
|
Copyright © Huawei Technologies Co., Ltd. |
|
eA380 Series LTE CPE |
|
User Guide |
1Overview |
Remote Management and Maintenance
The eA380 support remote configuration to manage devices , configure network parameters, and query the status by TR069.
1.2Application Scenarios
The eA380 provides wireless broadband and wired Ethernet data services.
The eA380 is intended to be deployed in wISP(Wireless Internet Service Provider) network. They can also be deployed in industrial, public security and enterprise network if the performance is acceptable to the network operator.
Figure 1-1 The eA380 deployed in wISP network
The eA380 provides a variety of data services, such as LTE-TDD wireless routing and converting LTE wireless data into wired Ethernet data, and vice versa. Figure 1-2 shows an application scenario in which the eA380 is used in private industrial networks.
Issue 01 (2017-08-31) |
Huawei Proprietary and Confidential |
2 |
|
Copyright © Huawei Technologies Co., Ltd. |
|
eA380 Series LTE CPE |
|
User Guide |
1Overview |
Figure 1-2 The eA380 deployed in industrial private networks
The following example describes how to use the eA380 for video monitoring.
1.Use a power adapter to supply power for the eA380 or video camera, as shown in Figure 1-3.
Issue 01 (2017-08-31) |
Huawei Proprietary and Confidential |
3 |
|
Copyright © Huawei Technologies Co., Ltd. |
|
eA380 Series LTE CPE |
|
User Guide |
1Overview |
Figure 1-3 The eA380 connected to a video camera.
2.Use a network cable to connect the eA380 to an external device. If the eA380 connects to a single device, connect the power adapter directly to the eA380. If the eA380 connects to multiple devices, connect the power adapter to a Hub or switch and then to the eA380, as shown in Figure 1-4.
Figure 1-4 The eA380 connected to multiple devices
Issue 01 (2017-08-31) |
Huawei Proprietary and Confidential |
4 |
|
Copyright © Huawei Technologies Co., Ltd. |
|
eA380 Series LTE CPE |
|
User Guide |
1Overview |
1.3 Hardware Specifications
Table 1-1 describes the technical specifications of the eA380.
Table 1-1 Technical specifications of the eA380
Category |
|
Description |
|
|
|||
|
|
|
|
|
|
WAN: LTE 3GPP Release 11/12 |
|
|
|
|
|
Technical standards |
LAN: IEEE 802.3/802.3u |
||
|
|
|
|
|
|
WLAN: IEEE 802.11b/g/n |
|
|
|
|
|
|
|
eA380-123: LTE TDD (2570 MHz to 2620 MHz) |
|
|
|
LTE TDD (2300 MHz to 2400 MHz) |
|
|
|
LTE TDD (2496 MHz to 2690 MHz) |
|
Working |
LTE |
LTE FDD (2500 MHz to 2570 MHz(UL)/ |
|
|
|
|
|
frequency band |
|
|
2620 MHz to 2690 MHz(DL)) |
|
|
eA380-135: LTE TDD (3400 MHz to 3600 MHz) |
|
|
|
LTE TDD (3600 MHz to 3800 MHz) |
|
|
|
|
|
|
WLAN |
2400 MHz to 2483.5 MHz |
|
|
|
|
|
|
1 Ethernet and voice interface (RJ45): 10/100/1000Base-TX Ethernet, |
||
External |
PoE combined |
||
|
|
|
|
interface |
1 USB interface(for local maintenance only) |
||
|
1 SIM card slot |
||
|
One POWER indicator |
||
LED indicator |
One LAN indicator |
||
|
Three LTE signal strength indicators |
||
Maximum |
LTE |
(23±2) dBm |
|
|
|
|
|
transmit power |
|
|
|
WLAN |
(16±3) dBm |
||
|
|
|
|
EIRP |
WiFi 2.4G |
< 20 dBm |
|
|
|
|
|
|
|
|
B38/B40: |
|
|
|
< -100 dBm/5 MHz |
|
|
|
< -97 dBm/10 MHz |
|
|
|
< -94 dBm/20 MHz |
Receiving |
LTE |
eA380-123 |
|
sensitivity |
|
||
|
|
|
|
|
|
|
B7: |
|
|
|
< -98 dBm/5 MHz |
|
|
|
< -95 dBm/10 MHz |
|
|
|
< -92 dBm/20 MHz |
|
|
|
|
Issue 01 (2017-08-31) |
Huawei Proprietary and Confidential |
5 |
|
Copyright © Huawei Technologies Co., Ltd. |
|
eA380 Series LTE CPE |
|
|
|
|
|
|
User Guide |
|
|
|
|
1Overview |
|
|
|
|
|
|
|
|
|
Category |
|
Description |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
B42/B43: |
|
|
|
|
eA380-135 |
|
< -99 dBm/5 MHz |
|
|
|
|
|
< -96 dBm/10 MHz |
||
|
|
|
|
|
||
|
|
|
|
|
< -93 dBm/20 MHz |
|
|
|
|
|
|
||
|
|
|
802.11b: -92 dBm@1 Mbps, |
|||
|
|
|
-85 dBm@11 Mbps |
|||
|
|
|
802.11g: -88 dBm@6 Mbps |
|||
|
|
|
|
-73 dBm@54 Mbps |
||
|
|
WLAN |
802.11n: |
|
|
|
|
|
|
HT20: -87 dBm@MCS0 |
|||
|
|
|
|
-71 dBm@MCS7 |
||
|
|
|
HT40: -84 dBm@MCS0 |
|||
|
|
|
|
-68 dBm@MCS7 |
||
|
|
|
|
|
|
|
|
Power |
when heater works (<25W) |
|
|
||
|
consumption |
when heater off (<9W) |
|
|
||
|
|
|
||||
|
Power supply |
PoE (should be powered by IEEE802.3at standard) |
||||
|
PoE adapter: AC 100V~240V,DC 54V/650mA |
|||||
|
|
|||||
|
|
|
||||
|
Weight |
<1.5kg (The power supply adapter is not included) |
||||
|
|
|
|
|
|
|
|
Water and dust |
IP65 |
|
|
|
|
|
proof |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||
|
Temperature |
Working temperature: -40 |
to +55 |
|
||
|
Storage temperature: -40 |
to +70 |
|
|||
|
|
|||||
|
|
|
|
|
|
|
|
Humidity |
5% to 95% |
|
|
|
|
|
|
|
|
|
||
|
Installation |
Mounted on poles or walls |
|
|
||
|
|
|
|
|
|
|
Please deploy the device to make it power on in three months after received or store it under following circumstance:
Temperature: -10°C to 35°C
Humidity: 30%RH to 85% RH
Thermometer and hygrometer should be used to monitor, adjust the temperature and humidity.
Issue 01 (2017-08-31) |
Huawei Proprietary and Confidential |
6 |
|
Copyright © Huawei Technologies Co., Ltd. |
|
eA380 Series LTE CPE |
|
User Guide |
1Overview |
eA380-123 WLAN CH1-CH10 is unavailable when LTE works at band 40
1.4 Antenna Specifications
Table 1-2 eA380s LTE antenna specifications
|
Item |
|
|
eA380-123 |
eA380–135 |
|||||
|
|
|
||||||||
|
|
|
|
|
|
|
|
|
|
|
|
Band |
|
|
2300 to 2400 MHz (Band 40) |
3400 to 3600 MHz (Band 42) |
|||||
|
|
|
|
|
2570 to 2620 MHz (Band 38) |
3600 to 3800 MHz (Band 43) |
||||
|
|
|
|
|
2496 to 2690 MHz (Band 41) |
|
|
|||
|
|
|
|
|
2500 to 2570 MHz (Band 7 UL) |
|
|
|||
|
|
|
|
|
2620 to 2690 MHz (Band 7 DL) |
|
|
|||
|
|
|
|
|
|
|
|
|
|
|
|
Gain |
|
|
12±1dBi |
|
13±1dBi |
||||
|
|
|
|
|
|
|
|
|
|
|
|
Input |
|
|
50 ohm |
|
|
|
|||
|
impedance |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
SWR |
|
< 2 |
|
|
|
|
|
||
|
|
|
|
|
|
|
|
|
|
|
|
Polarization |
|
|
Dual cross polarization |
|
|
||||
|
|
|
|
|
|
|
|
|
|
|
|
Radiation |
|
|
Directional antenna |
|
|
||||
|
pattern |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
For FCC frequency range: |
|
|
|
||||||
|
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
LTE-FDD Band 7:2500-2570MHz(Tx), 2620-2690MHz(Rx) |
||
|
|
Frequency Range |
|
|
LTE-TDD Band 40: 2305-2320MHz&2345-2360MHz(Tx/Rx) |
|||||
|
|
|
||||||||
|
|
|
|
|
|
|
|
LTE-TDD Band 41: 2500-2690MHz(Tx/Rx) |
||
Table 1-3 WLAN antenna specifications |
|
|
||||||||
|
|
|
|
|
|
|
|
|
|
|
|
Item |
|
|
Description |
|
|
||||
|
|
|
|
|
|
|
|
|
|
|
|
Frequency |
|
|
2400 MHz ~ 2483 MHz |
|
|
||||
|
|
|
|
|
|
|
|
|
|
|
|
Input |
|
|
50 Ω |
|
|
|
|||
|
impedance |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Standing |
|
|
< 3 |
|
|
|
|
|
|
|
wave ratio |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
efficiency |
|
|
>50% |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Gain |
|
|
2dBi |
|
|
|
|||
|
|
|
|
|
|
|
|
|
|
|
|
Polarization |
|
|
Linear polarization |
|
|
||||
|
|
|
|
|
|
|
|
|
|
|
Issue 01 (2017-08-31) |
Huawei Proprietary and Confidential |
7 |
|
Copyright © Huawei Technologies Co., Ltd. |
|
eA380 Series LTE CPE |
|
|
|
|
|
||
User Guide |
|
|
|
1Overview |
|||
1.5 Software specifications |
|
||||||
Table 1-4 Software specifications |
|
||||||
|
|
|
|
|
|
|
|
|
|
Item |
|
|
Description |
|
|
|
|
|
|
|
|
|
|
|
|
Gateway |
|
|
Router: The default routing address is 0.0.0.0. The default routing table |
|
|
|
|
|
|
|
items can be generated accordingly. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Supports Address Resolution Protocol (ARP) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Supports domain name service (DNS) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Supports Internet Control Message Protocol (ICMP) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Supports Network Address Translation (NAT) and Network Address |
|
|
|
|
|
|
|
Port Translation (NAPT). |
|
|
|
|
|
|
|
Supports fragment message identification for normal NAT |
|
|
|
|
|
|
|
Supports NAT traverse |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
DHCP server |
|
|
|
|
|
|
|
|
The default DHCP server address ranges from 192.168.1.2 to |
|
|
|
|
|
|
|
192.168.1.254. The default gateway address is 192.168.1.1. |
|
|
|
|
|
|
|
The default DHCP lease is 24 hours. |
|
|
|
|
|
|
|
The DHCP server can be enabled or disabled. |
|
|
|
|
|
|
|
The DHCP server's address pool can be configured. |
|
|
|
|
|
|
|
The DHCP lease can be configured. |
|
|
|
|
|
|
|
IP address status such as the hostname, Media Access Control (MAC) |
|
|
|
|
|
|
|
address, IP address, and remaining DHCP lease can be displayed. |
|
|
|
|
|
|
|
Supports static IP address reservation |
|
|
|
|
|
|
|
Supports DHCP relay |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Routing behind MS |
|
|
|
|
|
|
|
UE direct connect |
|
|
|
|
|
|
|
|
|
|
|
|
Firewall |
|
|
|
Firewall switch |
|
|
|
|
|
|
|
LAN MAC address filtering |
|
|
|
|
|
|
|
IP address filtering |
|
|
|
|
|
|
|
URL filtering |
|
|
|
|
|
|
|
Security Parameter Index (SIP) ALG |
|
|
|
|
|
|
|
Demilitarized Zone (DMZ) |
|
|
|
|
|
|
|
Port forwarding |
|
|
|
|
|
|
|
Service access control |
|
|
|
|
|
|
|
NAT Network Address Translation |
|
|
|
|
|
|
|
Static Route |
|
|
|
|
|
|
|
Dynamic Route |
|
|
|
|
|
|
|
|
|
|
|
LAN |
|
|
|
Auto-negotiation between 10 /100 /1000 Mbit/s |
|
|
|
|
|
|
|
MDI/MDIX auto-sensing |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Issue 01 (2017-08-31) |
|
|
|
Huawei Proprietary and Confidential |
8 |
||
|
|
|
Copyright © Huawei Technologies Co., Ltd. |
|
|||
eA380 Series LTE CPE |
|
|
|
|
|
||
User Guide |
|
|
|
1Overview |
|||
|
|
|
|
|
|
|
|
|
|
Item |
|
|
Description |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Compatible with IEEE 802.3/802.3u |
|
|
|
|
|
|
|
If you connect to multiple hosts via Hub or switch, the number of host |
|
|
|
|
|
|
|
devices sold under LTE CPE should not exceed 32 |
|
|
|
|
|
|
|
||
|
|
frequency |
|
|
Support frequency, cell lock two ways |
||
|
|
lock |
|
|
|
|
|
|
|
|
|
|
|
||
|
|
WLAN |
|
|
SSID broadcast and hiding is supported. |
||
|
|
|
|
|
|
||
|
|
|
|
|
WLAN 2.4 GHz (802.11b/g/n) is supported. |
||
|
|
|
|
|
|
||
|
|
|
|
|
WPS is supported. |
||
|
|
|
|
|
|
||
|
|
|
|
|
Authentication: |
||
|
|
|
|
|
Open System authentication |
||
|
|
|
|
|
Shared Key authentication |
||
|
|
|
|
|
64/128-digit WEP encryption |
||
|
|
|
|
|
256-digit WPA-PSK/ WPA2-PSK encryption |
||
|
|
|
|
|
AES ciphering algorithm |
||
|
|
|
|
|
TKIP and AES ciphering algorithm synchronously |
||
|
|
|
|
|
|
||
|
|
|
|
|
MAC address authentication: |
||
|
|
|
|
|
Up to 10 MAC address items. |
||
|
|
|
|
|
Support MAC address whitelist |
||
|
|
|
|
|
Support MAC address blacklist |
||
|
|
|
|
|
Ratio adjustment: |
||
|
|
|
|
|
Automatically |
||
|
|
|
|
|
Manually |
||
|
|
|
|
|
STA management: |
||
|
|
|
|
|
Supports limit of access users (up to 32 users) |
||
|
|
|
|
|
Support STA status query |
||
|
|
|
|
|
|
||
|
|
Upgrade |
|
|
Supports TR-069 upgrade and local upgrade and online upgrade |
||
|
|
|
|
|
|
||
|
|
SIM |
|
|
Supports PIN management and SIM card authentication |
||
|
|
|
|
|
soft SIM |
||
|
|
|
|
|
|
||
|
|
Dial-up |
|
|
Supports automatic and manual connection |
||
|
|
connection |
|
|
|
|
|
|
|
|
|
|
|
||
|
|
Importing and |
|
|
Encrypt and back up the current configuration, and then restore from a |
||
|
|
exporting |
|
|
backup configuration |
||
|
|
configuration |
|
|
|
|
|
|
|
|
|
|
|
|
|
Issue 01 (2017-08-31) |
Huawei Proprietary and Confidential |
9 |
|
Copyright © Huawei Technologies Co., Ltd. |
|
eA380 Series LTE CPE |
|
User Guide |
1Overview |
1.6 Product Security
eA380 security includes network security and application security. Application security includes wireless security and OM security.
1.6.1 Network Security
eA380 network security uses Secure Sockets Layer (SSL) and Hypertext Transfer Protocol Secure (HTTPS).
SSL
The SSL protocol is a security connection technology for the server and client. It provides a confidential, trusted, and identity-authenticating connection to two application layers. SSL is regarded as a standard security measure and has been widely applied to web services.
Identity authentication
Identity authentication checks whether a communication individual is the expected object. SSL authenticates servers and clients based on digital certificates and user/password. Clients and servers have their own identifiers. The identifiers are numbered by the public key. To verify that a user is legitimate, SSL requires digital authentication during data exchange in the SSL handshake procedure.
Connection confidentiality
Data is encrypted before transmission to prevent data from being hacked by malicious users. SSL uses encryption algorithms to ensure the connection confidentiality.
Data integrity
Any tampering on data during transmission can be detected. SSL establishes a secure channel between the client and the server so that all the SSL data can reach the destination intact.
HTTPS
For the eA380, the OM TCP applications can use SSL. HTTP over SSL is generally called HTTPS. HTTPS is used for connections between the NMS/WebUI and eA380. SSL also uses the digital certificate mechanism.
HTTPS provides secure HTTP channels. HTTPS is HTTP to which SSL is added, and SSL ensures the security of HTTPS.
1.6.2 Application Security
eA380 application security includes wireless security and OM security.
Wireless Security
eA380 wireless security includes authentication, air-interface data encryption, and integrity protection.
OM Security
OM security includes user authentication, access control, OM system security, and software digital signature.
Issue 01 (2017-08-31) |
Huawei Proprietary and Confidential |
10 |
|
Copyright © Huawei Technologies Co., Ltd. |
|
eA380 Series LTE CPE |
|
User Guide |
1Overview |
User Authentication and Access Control
User authentication and access control are implemented for users to be served by the eA380. The objective of authentication is to identify users and grant the users with proper permission. The objective of access control is to specify and restrict the operations to be performed and the resources to be accessed by the users.
OM System Security
OM system security includes software integrity check.
In the original procedure for releasing and using the software, the software integrity is ensured by using cyclic redundancy check (CRC). CRC can only prevent data loss during transmissions. If data is tampered with during transmissions, a forged CRC value will be regarded as valid by the CRC. Therefore, the receive end cannot rely on the CRC to ensure the consistency between the received data and the original data, adversely affecting the reliability and security for the software.
Software integrity protection implements the Hash algorithm or adds a digital signature to software (including mediation layers and configuration files) when releasing software, and then uploads software to the target server or device. When a target device downloads, loads, or runs software, the target device performs the Hash check or authenticates the digital signature. By doing so, software integrity protection ensures end-to-end software reliability and integrity.
Software integrity protection helps detect viruses or malicious tampering in a timely manner, preventing insecure or virus-infected software from running on the device.
Digital Signature of Software
A digital signature of software is used to identify the software source. It ensures the integrity and reliability of software.
When software is released, its digital signature is delivered with the software package. After the software package is downloaded to an NE, the NE verifies the digital signature of the software package before using it. If the digital signature passes the verification, the software is intact and reliable. If the verification fails, the software package is invalid and cannot be used. Figure 1-5 illustrates the principles of a software digital signature.
Issue 01 (2017-08-31) |
Huawei Proprietary and Confidential |
11 |
|
Copyright © Huawei Technologies Co., Ltd. |
|
eA380 Series LTE CPE |
|
User Guide |
1Overview |
Figure 1-5 Digital signature of software
Before a software package is released, all files in the software package are signed with digital signatures. That is, after a message digest is calculated for all files in the software package, the message digest is digitally signed using a private key.
After a software package with a digital signature is loaded to an NE through a media such as the software release platform, the NE first verifies the digital signature of the software package. That is, the NE uses a public key to decrypt the digital signature and obtain the original message digest. Then, the NE recalculates the message digest and compares the new message digest with the original one.
−If the two message digests are the same, the software package passes the verification and can be used.
−If the two message digests are different, the software package fails the verification and cannot be used.
The public key used to decrypt digital signatures is stored in the secure storage area of an NE and cannot be queried or exported.
1.7 Device Ports
1.7.1 Web Port
You can log in to the CPE WebUI over HTTPS to manage the LTE CPE, including configuring and querying settings, exporting running logs, querying device logs, importing and exporting the configuration, restarting and updating the LTE CPE, and restoring the LTE CPE to its default settings. For details, see the WebUI online help.
The default WebUI login user name and password are admin and admin, respectively.
NOTE
Issue 01 (2017-08-31) |
Huawei Proprietary and Confidential |
12 |
|
Copyright © Huawei Technologies Co., Ltd. |
|
eA380 Series LTE CPE |
|
User Guide |
1Overview |
You can change the login password on the WebUI.
Internet Explorer 9.0 and a later version is recommended, because Internet Explorer 6.0 uses the SSL 3.0 protocol that contains vulnerabilities.
To improve security, change the default password at your first login and regularly change the password. It is recommended that users do not set an empty password or a simple password.
A password must meet the following rules:
A password consists of 8 to 15 characters.
A password contains at least two types of characters of the following:
−Lowercase letter
−Uppercase letter
−Digit
−Special characters, including the space character and the following: ! # $ ( ) * - . / = @ [ ] ^ _ ` { } ~ |
A password cannot be the user name or the reverse order of the user name.
A password cannot contain more than two consecutive characters that are the same (for example, 111 is not allowed.)
By default, the function to remotely log in to the CPE WebUI over HTTPS is disabled. The remote WebUI functions the same as the local WebUI.
The maximum number of WebUI login attempts is three. After three login failures, the WebUI login page is locked and will be unlocked after one minutes. The lockingduration is incremented by one minute each time the WebUI login page is locked later.
When the WebUI login password is forgotten, contact the device agent or maintenance center to restore factory defaults; refer to the AT command manual to restore factory defaults by yourself; or contact the device operator to reset the password through TR-069.
The WebUI supports remote (LTE wireless link) and local (Ethernet interface or Wi-Fi link) login. Please configure ACL rights based on scenarios to control remote and local WebUI login. Opening unnecessary login interfaces may increase network attack risks or lead to unauthorized login. You can use the ACL service to enable or disable remote or local WebUI login. For details, see the section "Service Control List" in the online help of the device WebUI.
If you do not perform any operation within 5 minutes after logging in to the WebUI, the system automatically logs you out.
You are advised to change the password timely after first login and regularly change the password to improve network security.
Personnel in the central office may remotely log in to the LTE CPE WebUI for CPE management and upgrade using HTTPS.
CPEs support HTTPS and are compatible with HTTP. HTTP is not a relatively secure protocol.
Issue 01 (2017-08-31) |
Huawei Proprietary and Confidential |
13 |
|
Copyright © Huawei Technologies Co., Ltd. |
|
eA380 Series LTE CPE |
|
User Guide |
1Overview |
1.7.2 USB Port
In normal cases, the USB port works in slave mode. In slave mode, the USB port will be mapped to a computer UI after the Huawei-provided chip driver is installed on the computer. This UI is locked by default. You can run other AT commands and write data to the SoftSim card only after running the unlock command. After the serial port mapped by the USB is connected successfully, run the unlock command.
The commands for unlocking the computer UI port and changing the unlock password are as follows:
at^PCPORT=”pwd”,1: Enable the computer UI. pwd indicates the unlock password.
at^PCPORT=”pwd”,0: Disable the computer UI. pwd indicates the unlock password.
at^PORTPWD=”oldPwd”,”newPwd”, “newPwdConf”: Change the unlock password of the computer UI.
Here, oldPwd indicates the current password, and newPwd the new password, and newPwdConf the confirm password. newPwd must be the same as newPwdConf; otherwise, the password cannot be changed.
NOTE
The default unlock password is $Zls123Q.
To improve security, change the default USB unlock password at your first login and regularly change the password. It is recommended that users do not set an empty password or a simple password.
A password must meet the following rules:
A password consists of at least eight characters.
A password contains at least three types of characters of the following:
−Lowercase letter
−Uppercase letter
−Digit
−Special characters, including the space character and the following: ! # $ ( )
*- . / = @ [ ] ^ _ ` { } ~ |
The password cannot be the user name or the reverse order of the user name.
A password cannot contain more than two consecutive characters that are the same (for example, 111 is not allowed.)
When the PC UI is unlocked, you can run commands to unlock other USB ports or AT commands to map the ports in the following table.
|
Port Mapping Name on |
|
Port Usage |
Port Number |
|
the Computer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
HUAWEI Mobile Connect - |
|
Used to run AT commands. |
18 (the actual computer port |
|
PC UI Interface |
|
|
prevails) |
|
|
|
|
|
Issue 01 (2017-08-31) |
Huawei Proprietary and Confidential |
14 |
|
Copyright © Huawei Technologies Co., Ltd. |
|
Loading...