Huawei EA680-950 User Manual

eA680-950 LTE DAU

User Guide

Issue

Date

2017-03-03

HUAWEI TECHNOLOGIES CO., LTD.

Issue 01 (2017-03-03)

Huawei Proprietary and Confidential

No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.

Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.

All other trademarks and trade names mentioned in this document are the property of their respective holders.

Notice

The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute a warranty of any kind, express or implied.

Huawei Technologies Co., Ltd.

Address:

Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China

Website:

http://www.huawei.com

Email:

support@huawei.com

eA680-950 LTE DAU User Guide

About This Document

Issue 01 (2017-03-03)

Huawei Proprietary and Confidential

Overview

Product Name

Product Version

eA680-950

V100R001C00

This document describes the hardware, functions, installation, configuration, operation and maintenance (OM) of the eA680-950 customer premises equipment (DAU).

Product Version

About This Document

Intended Audience

This document is intended for:



System engineers



Product engineers



Technical support engineers

eA680-950 LTE DAU User Guide

Contents

Issue 01 (2017-03-03)

Huawei Proprietary and Confidential

iii

Contents

About This Document ............................................................................................................ ii

1 Overview ................................................................................................................................ 1

1.1 Product Introduction ............................................................................................................................................................. 1

1.2 Application Scenarios ........................................................................................................................................................... 1

1.3 Hardware Specifications....................................................................................................................................................... 4

1.4 Antenna Specifications ......................................................................................................................................................... 5

1.5 Software................................................................................................................................................................................. 6

1.6 Product Security .................................................................................................................................................................... 7

1.6.1 Network Security ............................................................................................................................................................... 7

1.6.2 Application Security .......................................................................................................................................................... 8

1.7 Device Ports ........................................................................................................................................................................ 10

1.7.1 Web Port ........................................................................................................................................................................... 10

1.7.2 USB Port .......................................................................................................................................................................... 11

1.7.3 TR-069 Port ...................................................................................................................................................................... 12

2 Hardware .............................................................................................................................. 14

2.1 eA680-950 Hardware ......................................................................................................................................................... 14

2.2 eA680-950Cables................................................................................................................................................................ 17

2.2.1 PoE Network Cable ......................................................................................................................................................... 17

2.2.2 Ground Cable ................................................................................................................................................................... 18

3 Installation ........................................................................................................................... 19

3.1 Site Preparations ................................................................................................................................................................. 19

3.2 Installation Preparation ....................................................................................................................................................... 20

3.3 Installation Procedure ......................................................................................................................................................... 22

3.3.1 Mounting on a Utility Pole.............................................................................................................................................. 22

3.3.2 Mounting on the Wall ...................................................................................................................................................... 26

3.3.3 Cable Connection............................................................................................................................................................. 32

3.4 Installation Check ............................................................................................................................................................... 35

4 Configuration Introduction ................................................................................................ 38

4.1 Log in to the WebUI ........................................................................................................................................................... 38

5 Maintenance ......................................................................................................................... 39

5.1 Maintenance Preparation .................................................................................................................................................... 39

eA680-950 LTE DAU User Guide

Contents

Issue 01 (2017-03-03)

Huawei Proprietary and Confidential

5.2 Fault Diagnosis ................................................................................................................................................................... 39

6 FAQ ....................................................................................................................................... 41

6.1 What Do I Do If the Web UI Fails to Be Opened? ........................................................................................................... 41

6.2 What Do I Do When Power Indicator Is Not Working? ................................................................................................... 41

6.3 What Do I Do When the Data Service Is not Provided? .................................................................................................. 42

7 Privacy and Security ............................................................................................................ 43

7.1 Privacy Policy ..................................................................................................................................................................... 43

7.2 Security Maintenance ......................................................................................................................................................... 43

7.3 Performing Default Security Configuration ...................................................................................................................... 43

8 FCC warning ........................................................................................................................ 45

This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to

try to correct the interference by one or more of the following measures: ........................................................................... 45

9 Acronyms and Abbreviations............................................................................................. 46

eA680-950 LTE DAU User Guide

1 Overview

Issue 01 (2017-03-03)

Huawei Proprietary and Confidential

About This Chapter

This section describes the functions, applications, and specifications of the product.

1.1 Product Introduction

1 Overview

The Huawei eA680-950 V1R1 outdoor DAU are the Long Term Evolution (LTE) customer premises equipment (DAU). As a wireless gateway, it can be deployed outdoors to provide services such as data collection and video surveillance.

The eA680-950 provides the following functions:



Data service



Wi-Fi Service



Security service



Local and remote maintenance and management



Data routing.

1.2 Application Scenarios

The eA680-950 is specially designed for outdoor deployment to obtain better wireless access performance to the LTE network.

The eA680-950 can be deployed in wISP, industrial, public security and enterprise network if the performance is acceptable to the network operator.

eA680-950 LTE DAU User Guide

1 Overview

Issue 01 (2017-03-03)

Huawei Proprietary and Confidential

Figure 1-1 The eA680-950 deployed in wISP network

Figure 1-2 The eA680-950 deployed in industrial network

The following example describes how to use the eA680-950 for video monitoring.

1. Use a power adapter to supply power for the eA680-950 or video camera, as shown in

Figure 1-3.

eA680-950 LTE DAU User Guide

1 Overview

Issue 01 (2017-03-03)

Huawei Proprietary and Confidential

Figure 1-3 The eA680-950 connected to a video camera.

2. Use a network cable to connect the eA680-950 to an external device. If the eA680-950

connects to a single device, connect the power adapter directly to the eA680-950. If the eA680-950 connects to multiple devices, connect the power adapter to a Hub or switch and then to the eA680-950, as shown in Figure 1-4.

Figure 1-4 The eA680-950 connected to multiple devices

eA680-950 LTE DAU User Guide

1 Overview

Issue 01 (2017-03-03)

Huawei Proprietary and Confidential

1.3 Hardware Specifications

Category

Description

Power supply



POE comply with IEEE802.3at

Dimensions (W×D×H)

285 mm x 250 mm x 85 mm;

Weight

About 3kg (The power supply adapter is not included)

Water and dust proof

IP65

Temperature



Working temperature: -40℃~ +55℃



Storage temperature: -40℃ ~ +70℃

Humidity

5% ~ 95%

Installation

Mounted on poles or walls

Utility pole diameter

60 mm to 114 mm

Item

eA680-950

Band

5725 to 5850 MHz

Gain

11±1 dBi

Input impedance

50 ohm SWR

< 2

Polarization

Dual polarization

Radiation pattern

Directional antenna

Tip: Within three months after the arrival,it is recommended to use the equipment, or store in the following environment:



Temperature: -10 ℃ to 35 ℃



Relative humidity (RH): 30% RH to 85% RH



Storage environment should be equipped with temperature and humidity equipments and dehumidification equipment to monitor and adjust the temperature and humidity.

1.4 Antenna Specifications

Table 1-2 and lists the eA680-950 antenna's specifications.

Table 1-2 eA680-950 LTE antenna specifications

eA680-950 LTE DAU User Guide

1 Overview

Issue 01 (2017-03-03)

Huawei Proprietary and Confidential

Table 1-3 WLAN antenna specifications

Item

Description

Frequency

2.4 GHz ~ 2.483 GHz

Input impedance

50 Ω

Standing wave ratio

< 3

efficiency

≥50%

Gain

≥2dBi

Polarization

Linear polarization

Item

Description

Gateway

Router: The default routing address is 0.0.0.0. The default routing table items can be generated accordingly.

Supports Address Resolution Protocol (ARP)

Supports domain name service (DNS)

Supports Internet Control Message Protocol (ICMP)

NAT



Supports Network Address Translation (NAT) and Network Address Port Translation (NAPT).

DHCP server



The default DHCP server address ranges from 192.168.1.2 to

192.168.1.254. The default gateway address is 192.168.1.1.



The default DHCP lease is 24 hours.



The DHCP server can be enabled or disabled.



The DHCP server's address pool can be configured.



The DHCP lease can be configured.



IP address status such as the hostname, Media Access Control (MAC) address, IP address, and remaining DHCP lease can be displayed.



Supports static IP address reservation



Support DHCP relay.

Routing behind MS

Firewall

Firewall switch LAN MAC address filtering

1.5 Software

Table 1-4 Software specifications

eA680-950 LTE DAU User Guide

1 Overview

Issue 01 (2017-03-03)

Huawei Proprietary and Confidential

Item

Description

IP address filtering URL filtering Security Parameter Index (SPI) filtering Demilitarized Zone (DMZ) Port forwarding Service access control

LAN

Auto-negotiation between 10 Mbit/s /100 Mbit/s/1000 Mbit/s MDI/MDIX auto-sensing Compatible with IEEE 802.3/802.3u

Upgrade

Supports TR-069 upgrade and local upgrade.

SIM

Supports PIN management and SIM card authentication soft SIM

Dial-up connection

Supports automatic and manual connection

Importing and exporting configuration

Encrypt and back up the current configuration, and then restore from a backup configuration

1.6 Product Security

eA680-950 security includes network security and application security. Application security includes wireless security and OM security.

1.6.1 Network Security

eA680-950 network security uses Secure Sockets Layer (SSL) and Hypertext Transfer Protocol Secure (HTTPS).

SSL

The SSL protocol is a security connection technology for the server and client. It provides a confidential, trusted, and identity-authenticating connection to two application layers. SSL is regarded as a standard security measure and has been widely applied to web services.



Identity authentication Identity authentication checks whether a communication individual is the expected

object. SSL authenticates servers and clients based on digital certificates and user/password. Clients and servers have their own identifiers. The identifiers are numbered by the public key. To verify that a user is legitimate, SSL requires digital authentication during data exchange in the SSL handshake procedure.



Connection confidentiality Data is encrypted before transmission to prevent data from being hacked by malicious

users. SSL uses encryption algorithms to ensure the connection confidentiality.

eA680-950 LTE DAU User Guide

1 Overview

Issue 01 (2017-03-03)

Huawei Proprietary and Confidential



Data integrity Any tampering on data during transmission can be detected. SSL establishes a secure

channel between the client and the server so that all the SSL data can reach the destination intact.

HTTPS

For the eA680-950, the OM TCP applications can use SSL. HTTP over SSL is generally called HTTPS. HTTPS is used for connections between the NMS/WebUI and eA380. SSL also uses the digital certificate mechanism.

HTTPS provides secure HTTP channels. HTTPS is HTTP to which SSL is added, and SSL ensures the security of HTTPS.

1.6.2 Application Security

eA680-950 application security includes wireless security and OM security.

Wireless Security

eA680-950 wireless security includes authentication, air-interface data encryption, and integrity protection.

OM Security

OM security includes user authentication, access control, OM system security, and software digital signature.

User Authentication and Access Control

User authentication and access control are implemented for users to be served by the eA380. The objective of authentication is to identify users and grant the users with proper permission. The objective of access control is to specify and restrict the operations to be performed and the resources to be accessed by the users.

OM System Security

OM system security includes software integrity check. In the original procedure for releasing and using the software, the software integrity is ensured

by using cyclic redundancy check (CRC). CRC can only prevent data loss during transmissions. If data is tampered with during transmissions, a forged CRC value will be regarded as valid by the CRC. Therefore, the receive end cannot rely on the CRC to ensure the consistency between the received data and the original data, adversely affecting the reliability and security for the software.

Software integrity protection implements the Hash algorithm or adds a digital signature to software (including mediation layers and configuration files) when releasing software, and then uploads software to the target server or device. When a target device downloads, loads, or runs software, the target device performs the Hash check or authenticates the digital signature. By doing so, software integrity protection ensures end-to-end software reliability and integrity.

Software integrity protection helps detect viruses or malicious tampering in a timely manner, preventing insecure or virus-infected software from running on the device.

Digital Signature of Software

eA680-950 LTE DAU User Guide

1 Overview

Issue 01 (2017-03-03)

Huawei Proprietary and Confidential

A digital signature of software is used to identify the software source. It ensures the integrity and reliability of software.

When software is released, its digital signature is delivered with the software package. After the software package is downloaded to an NE, the NE verifies the digital signature of the software package before using it. If the digital signature passes the verification, the software is intact and reliable. If the verification fails, the software package is invalid and cannot be used. Figure 1-5 illustrates the principles of a software digital signature.

Figure 1-5 Digital signature of software



Before a software package is released, all files in the software package are signed with digital signatures. That is, after a message digest is calculated for all files in the software package, the message digest is digitally signed using a private key.



After a software package with a digital signature is loaded to an NE through a media such as the software release platform, the NE first verifies the digital signature of the software package. That is, the NE uses a public key to decrypt the digital signature and obtain the original message digest. Then, the NE recalculates the message digest and compares the new message digest with the original one.

− If the two message digests are the same, the software package passes the

verification and can be used.

− If the two message digests are different, the software package fails the verification

and cannot be used.

The public key used to decrypt digital signatures is stored in the secure storage area of an NE and cannot be queried or exported.

eA680-950 LTE DAU User Guide

1 Overview

Issue 01 (2017-03-03)

Huawei Proprietary and Confidential

1.7 Device Ports

1.7.1 Web Port

You can log in to the DAU web UI over HTTPS to manage the DAU, including configuring and querying settings, exporting running logs, querying device logs, importing and exporting the configuration, restarting and updating the DAU, and restoring the DAU to its default settings. For details, see the web UI online help.

The default web UI login user name and password are admin and admin, respectively.

You can change the login password on the web UI. Internet Explorer 7.0 and a later version is recommended, because Internet Explorer 6.0 uses the SSL 3.0

protocol that contains vulnerabilities. To improve security, change the default password at your first login and regularly change the password. A password must meet the following rules:



A password consists of 8 to 15 characters.



A password contains at least three types of characters of the following:

− Lowercase letter

− Uppercase letter

− Digit

− Special characters, including the space character and the following:



A password cannot be the user name or the reverse order of the user name.



A password cannot contain more than two consecutive characters that are the same (for example, 111 is not allowed.)

`~!@#$%^&*()-_=+\|[{}];:'",<.>/?

By default, the function to remotely log in to the DAU web UI over HTTPS is disabled. The remote web UI functions the same as the local web UI.



The maximum number of WebUI login attempts is three. After three login failures, the WebUI login page is locked and will be unlocked after one minutes. The lockingduration is incremented by one minute each time the WebUI login page is locked later.



When the WebUI login password is forgotten, contact the device agent or maintenance center to restore factory defaults; refer to the AT command manual to restore factory defaults by yourself; or contact the device operator to reset the password through TR-069.



The WebUI supports remote (LTE wireless link) and local (Ethernet interface or Wi-Fi link) login. Please configure ACL rights based on scenarios to control remote and local WebUI login. Opening unnecessary login interfaces may increase network attack risks or lead to unauthorized login. You can use the ACL service to enable or disable remote or local WebUI login. For details, see the section "Service Control List" in the online help of the device WebUI.



If you do not perform any operation within 5 minutes after logging in to the WebUI, the system automatically logs you out..



You are advised to change the password timely after first login and regularly change the password to improve network security.



Personnel in the central office may remotely log in to the LTE DAU WebUI for DAU management and upgrade using HTTPS.



DAUs support HTTPS and are compatible with HTTP. HTTP is not a relatively secure protocol.

eA680-950 LTE DAU User Guide

1 Overview

Issue 01 (2017-03-03)

Huawei Proprietary and Confidential

1.7.2 USB Port

Port Mapping Name on the Computer

Port Usage

Port Number

HUAWEI Mobile Connect PC UI Interface

Used to run AT commands.

0x12(the actual computer port prevails)

In normal cases, the USB port works in slave mode. In slave mode, the USB port will be mapped to a computer UI after the Huawei-provided chip driver is installed on the computer. This UI is locked by default. You can run other AT commands and write data to the SoftSim card only after running the unlock command. After the serial port mapped by the USB is connected successfully, run the unlock command.

The commands for unlocking the computer UI port and changing the unlock password are as follows

  

at^PCPORT=”pwd”,1: Enable the computer UI. pwd indicates the unlock password. at^PCPORT=”pwd”,0: Disable the computer UI. pwd indicates the unlock password. at^PORTPWD=”oldPwd”,”newPwd”, “newPwdConf”: Change the unlock password of

the computer UI. Here, oldPwd indicates the current password, and newPwd the new password, and newPwdConf the confirm password. newPwd must be the same as newPwdConf; otherwise, the password cannot be changed.

The default unlock password is $Zls123Q. To improve security, change the default USB unlock password at your first login and regularly change

the password. A password must meet the following rules:



A password consists of at least eight characters.



A password contains at least three types of characters of the following:

− Lowercase letter

− Uppercase letter

− Digit

− Special characters, including the space character and the following:

`~!@#$%^&*()-_=+|[{}];:,<.>?



The password cannot be the user name or the reverse order of the user name.



A password cannot contain more than two consecutive characters that are the same (for example, 111 is not allowed.)

When the PC UI is unlocked, you can run commands to unlock other USB ports or AT commands to map the ports in the following table.

To learn more about AT commands, contact your device vendor or the maintenance center. The chipset driver supporting the USB interface is the host driver that supports Huawei Balong V7R1. If you need it, contact Huawei.



The maximum number of unlock the USB port attempts is five. After five attempt failures, users cannot input any key. Users have to restart the device.



The maximum number of password change attempts is five. After five attempt failures, the USB ports will be locked.

+ 36 hidden pages