PLANET Technology does not warrant that the hardware will work properly in all environments and applications, and
makes no warranty and representation, either implied or expressed, with respect to the quality, performance,
merchantability, or fitness for a particular purpose. PLANET has made every effort to ensure that this User's Manual is
accurate; PLANET disclaims liability for any inaccuracies or omissions that may have occurred.
Information in this User's Manual is subject to change without notice and does not represent a commitment on the part
of PLANET. PLANET assumes no responsibility for any inaccuracies that may be contained in this User's Manual.
PLANET makes no commit me nt to upd ate or kee p curre nt th e information in this User's Manual, and re serv es t he right
to make improvements to this User's Manual and/or to the products described in this User's Manual, at any time
without notice.
If you find information in this manual that is incorrect, misleading, or incomplete, we would appreciate your comments
and suggestions.
FCC Radiation Exposure Statement
This equipment complies with FCC RF radiation exposure limits set forth for an uncontrolled environment. This
equipment should be installed and operated with a minimum distance of 20 centimeters between the radiator and your
body.
This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter.
The antennas used for this transmitter must be installed to provide a separation distance of at least 20 cm from all
persons and must not be co-located or operating in conjunction with any other antenna or transmitter.
FCC Caution:
To assure continued compliance, for example, use only shielded interface cables when connecting to computer or
peripheral devices. Any changes or modifications not expressly approved by the party responsible for compliance
could void the user’s authority to operate the equipment.
This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions:
(1) This device may not cause har mful int er fere nce
(2) This device must accept any interference received, including interference that may cause undesired operation.
CE Compliance Statement
This device meets the RED directive 2014/53/EU of EU requirements on the limitation of exposure of the general
public to electromagnetic fields by way of health protection.
The device complies with RF specifications when the device used at 20 cm from your body.
Safety
This equipment is designed with the utmost care for the safety of those who install and use it. However, special
attention must be paid to the dangers of electric shock and static electricity when working with electrical equipment. All
guidelines of this and of the computer manufacture must therefore be allowed at all times to ensure the safe use of the
equipment.
2
Manufacture: PLANET Technology Corp.
WEEE Warning
To avoid the potential effects on the environment and human health as a result of the presence of hazardous
substances in electrical and electronic equipment, end users of electrical and electronic equipment should
understand the meaning of the crossed-out wheeled bin symbol. Do not dispose of WEEE as unsorted
municipal waste and have to collect such WEEE separately.
Revision
PLANET ICG-2510W(G)-LTE Series User's Manual
Model: ICG-2510W-LTE and ICG-2510WG-LTE Series
Revision: 1.0 (October, 2019)
Part No: EM-ICG-2510W(G)-LTE Series_v1.0
Manufacture address: 10F., No.96, Minquan Rd., Xindian Dist., New Taipei City 231, Taiwan
1.3. How to Use This Manual ........................................................................................................................ 13
1.4. Product Features ................................................................................................................................... 14
2.1.1.Cellular Gateway Front Panel..................................................................................................................... 19
2.1.4.Wiring the Power Inputs ............................................................................................................................ 21
2.1.5.Wiring the Digital Input/Output and Relay ................................................................................................ 22
2.1.6.Console Line Definition .............................................................................................................................. 22
3.3. Web Management ................................................................................................................................. 29
4.3.1.3.Clone MAC Address ................................................................................................................................ 45
4.3.7.2.Port Range Forward ................................................................................................................................ 83
Thank you for purchasing P LANET Industrial 4G LTE Cellular Wireless Gateway . P lease re f er to th e table list below for
the models used in Europe and the U.S.:
4G LTE
GPS
Model Name
ICG-2510W-LTE-EU
FDD TDD
-
B1/B3/B5/B7/B8/B20 B38/B40/B41
ICG-2510WG-LTE-EU
ICG-2510W-LTE-US
█
-
B2/B4/B12
ICG-2510WG-LTE-US
█
“Cellular Gateway” is used as an alternative name in this user ’s manual.
1.1. Packet Contents
Open the box of the Cellular G ate way and carefully unpack it. The box should contain the following items:
1. Industrial 4G LTE Cellular Wireless Gateway x 1
2. Quick installation guide x 1
3. I/O connector x 2
4. Power connector x 1
5. Ethernet cable x 1
6. Console cable x 1
7. 4G LTE antenna x 2
8. Wi-Fi antenna x 1
9. GPS antenna x 1 (for ICG-2510WG-LTE)
10. DIN-rail kit x 1
11. Side panel with two screws x 1
12. Antenna dust cap x 4 (ICG-2510W-LTE x 3)
If any item is found missing or damaged, please contact your local reseller for replacement.
7
1.2. Product De s c ription
Making Network Connection Easy with 4G LTE Cellular Gateway
PLANET ICG-2510W(G)-LTE series is a reliable, secure and high-bandwidth communications industrial-grade cellular
gateway for demanding mobile applications, M2M (machine-to-machine) and IoT deployments. It features 4G LTE
(Long Term Evolution), 2.4G/5G Wi-Fi, five Ethernet ports (4 LAN and 1 WAN), serial console port, DI and DO
interfaces, and VPN technology bundled in a compact yet rugged metal case. It establishes a fast cellular connection
between Ethernet and serial port equipped devices.
High-performance 4G LTE
The ICG-2510W(G)-LTE series supports LTE 2x1 DL MIMO technology which can reach a download (DL) speed of up
to 150Mbps and an upload (UL) speed of 50Mbps. The Cellular Gateway also supports multi-band connectivity
including LTE FDD/TDD, WCDMA and GSM for a wide range of applications.
Dual SIM Design
To enhance reliability, the ICG-2510W(G)-LTE series is equipped with dual SIM slots that support failover and roaming
over to ensure uninterrupted connectivity for mission-critical cellular communications. Besides, the ICG-2510W(G)
series supports load balance function to improve network efficiency. It provides a more flexible and easier way for
users to create an instant network sharing service via 4G LTE whenever in public places like transportation, outdoor
event, etc.
8
GPS Included
The ICG-2510WG-LTE is equipped with one convenient feature and that is GPS (global positioning system). It is a
positioning system based on a network of satellites that continuously transmits necessary data. More signals
transmitted from more satellites can triangulate its location on the ground, meaning any location can be easily tracked.
Dual-band WLAN Solution
PLANET ICG-2510W(G) series, adopting the IEEE 802.11b/g/n/ac standard, provides a high-speed transmission of
power and data, meaning two remote nodes in the 5GHz frequency band can be bridged. The 2.4GHz wireless
connection can also be used simultaneously. The Wireless Protected Access (WPA/W PA2 with TKIP/AES) and
Wireless Encryption Protocol (WEP) features enhance the level of transmission security and access control over
wireless LAN.
Cost-effective VPN Solution
The ICG-2510W(G)-LTE series provides a complete data security and privacy feature f or acce ss and exchange of
sensitive data. The full VPN ca pabi lity of the ICG-2510W(G)-LTE series including built-in PPTP, L2TP, OpenVPN,
GRE and IPSec VPN functions with DES/3DES/AES encryption and MD5/SHA-1/SHA-2 authentication makes the
shared connection more secure and flexible. The IPSec VPN also makes the private tunnel over Internet more secure
for enterprises doing business t rans act ion s.
9
Remote Manageable Solution for Ethernet to RS232/RS485 Application
PLANET ICG-2510W(G)-LTE series’ serial RS232/RS485 communication interface can be converted over the Fast
Ethernet networking. It can op erate as a virtu al server or clie nt where IP-ba se d s eria l eq uipment can be managed. The
ICG-2510W(G)-LTE series helps save the network administrator’s valuable time in detecting and locating network
problems, rather than visual inspection of cabling and equipment.
10
11
Superior Management Functions
For networking management features, the ICG-2510W(G)-LTE series provide s suc h funct i ons as DHCP server, DMZ
and port forwarding, as well as full secure functions including Network Address Translation (NAT), WAN access policy,
URL/Packet/MAC filtering. The ICG-2510W(G)-LTE series has 4G and WAN connection failover characteristics, which
can automatically switch over to the redundant, stable WAN connection to keep users always online without missing
any fascinating moments.
User-friendly and Secure Management
For efficient management, the ICG-2510W(G)-LTE series is equipped with console, web , SNMP and CMS (Central
Management System) management interfaces. With the built-in web-based management interface, the
ICG-2510W(G)-LTE series offers an easy-to-use, platform-independent management and configuration facility. The
ICG-2510W(G)-LTE series supports SNMP and it can be managed via any management software based on the
standard SNMP v1 or v2 Protocol. Moreover, the ICG-2510W(G)-LTE s eries offers the remotely secure management
by supporting SSH connection where the packet content can be encrypted at each session. The CMS is able to
manage multiple devices and achieve instant status.
12
1.3. How to Use Thi s Manual
This User Manual is structured as follows:
Section 2, INSTALLATION
The section explains the functions of the Cellular Gateway and how to physically install the Cellular Gateway.
Section 3, CELLULAR GATEWAY MANAGEMENT
The section contains the information about the software function of the Cellular Gateway.
Section 4, WEB CONFIGURATION
The section explains how to manage the Cellular Gateway by Web interface.
Section 5 Appendix A
The section contains cable inf or mat ion of the Cellular Gateway.
13
1.4. Product Fe atures
Benefits
■ Dual module SIMs for network load balancing and redundancy
■ Wi-Fi compliant IEE E 802.11b/g/n/ac dual-band for mobile client connectivity
Supports demilitarized zone (DMZ)
Supports QoS for bandwidth management
Supports VLAN, 15 VLAN ID
Supports Modbus TCP (only functions with console)
Supports Port Forwarding
Supports Dynamic DNS and PLANET DDNS
Supports NTP client
IEEE 802.3x flow control and back pressure
RFC 768 UDP
RFC 791 IP
RFC 792 ICMP
Temperature: -35 ~ 75 degrees C
Temperature: -40~ 85 degrees C
18
2. INSTALLATION
This section describes the hardware features and installation of the Industrial Cellular Gateway on the desktop or
mounting. For easier management and control of t he Industrial Cellular Gateway, familiarize yourself with its display
indicators and ports. Front panel illustrations in this chapter display the unit LED indicators. Before connecting any
network device to the Industrial Cellular Gateway, please read this chapter completely.
2.1. Hardware Description
2.1.1. Cellular Gateway Front Panel
The front panel provides the monitoring of the Cellular Gateway’s simple interfaces. Figure 2-1 & 2-2 shows the front
panels of the Industrial Cellular Gateways.
Figure 2-1 ICG-2510W-LTE Front Panel Figure 2-2 ICG-2510WG-LTE Front Panel
19
Reset Button Pressed and Released
Function
configuration. Industr ial Ce llular Gateway will then reboot an d
Subnet mask: 255.255.255.0
LED
Color
Function
Lights
Indicates the system is powered on.
Off
Indicates the system is powered off.
Blinking
Indicates the system works properly.
Off
Indicates the system does not work.
Lights
Indicates the Wi-Fi is active.
Off
Indicates the Wi-Fi is not active.
(L)
(H)
Lights
Indicates the SIM1 or SIM2 is connecting successfully.
SIM card inserted.
Reset Button
On the front of the ICG-2510W(G)-LTE series, the reset button is designed to reboot the Industrial Cellular Gateway
without turning off and on the power. The following is the summary table of the reset button functions:
Figure 2-3 Rest Button of ICG-2510W(G)-LTE Series
Reset the Industrial Cellular Gateway to Factory Default
The front panel LEDs indicate instant status of port links, data activity and system power; it helps monitor and
troubleshoot when needed.
System
PWR Blue
SYS Blue
Wi-Fi Blue
LTE Signal
LTE Signal
SIM1 & 2 Blue
Blue LightsIndicates the signal is low.
Blue LightsIndicates the signal is normal or high.
Off
Indicates the SIM1 or SIM2 is connecting unsuccessfully or no
20
LED
Color
Function
Lights
Indicates that the link is successfully established.
Blinking
Indicates that the port is actively sending or receiving data.
LED
Color
Function
Lights
Indicates that the link is successfully established.
Blinking
Indicates that the port is actively sending or receiving data.
Input
10/100/1000BASE-T LAN Port Interfa ces (Po rt-1 to Port-4)
Ethernet Green
10/100/1000BASE-T WAN Port Interface
Ethernet Green
2.1.3. Cellular Gateway Upper Panel
The upper panel of the Industrial Cellular Gateway consists of three terminal block connectors. Figure 2-4 shows the
upper panel of the Cellular Gateway.
Figure 2-4: ICG-2510W(G)-LTE Series Upper Panel
2.1.4. Wiring the Power Inputs
The 2-contact terminal bl oc k conne ctor on t he top panel of Industrial Cellular Gatew ay is used for one DC power input.
The power input range is from 9 to 36V DC. Please follow the steps below to insert the power wire.
1. Please read the above description of upper panel carefully before inserting positive/negative DC power wires
into the 2-contact terminal block connector.
2. Confirm that the positive/negative DC power wires will not fall off.
Power
Figure 2-5: Wiring the Power Inputs
21
l Input
Output
2.1.5. Wiring the Digital Input/Output and Rela y
The two 3-contact terminal block connectors on the top panel of ICG-2510W(G)-LTE Series is used for Digital Input,
Digital Output and Relay.
Digital
Digita
Relay
Figure 2-6 Wiring the DI/DO Inputs and Relay
Input ON 5 to 30 VDC
DI
Input OFF 0 to 3 VDC
DO Output < 50mA @ 30VDC
RELAY Load capability 1A 250VAC/30VDC
2.1.6. Console Line Definition
Insert the RJ45 end of the console cable into the RJ45 outlet with sign “console”, and insert the DB9F end of the
console cable into the RS232 serial interface of user’s device.
The signal connection of the console cable is as follows:
Console line definition (RS232 )
RJ45 Color Signal DB9F Description Dir (Router)
1
White/
Orange
2 Orange B 6 RS485-B Input/Output
White/
3
Green
4 Blue DCD 1 Data Carrier Detect Output
5 White/ GND 5 System Ground
A 8 RS485-A Input/Output
RXD 2 Receive Data Output
22
M
into the slot or else it w ill get
stuck.
Blue
6 Green TXD 3 Transmit Data Input
White/
7
Brown
8 Brown RTS 7 Request To Send Input
DTR 4 Data Terminal Ready Input
2.1.7. Dual SIM Cards Installation
1. Before inser ting or re moving th e SIM card, ens ure th at the pow er has been t urned off and the power connector
has been removed from Cellular Gateway.
2. Unscrew the screws of upper panel.
3. Press the button with a paper clip or suitable tool to eject the SIM card from the drawer.
4. Insert the SIM card with the contact facing up and align the SIM card tray properly with the slot. Make sure the
tray is inserted into the slot correctly.
5. Slide the tray back into the slot to lock in place.
6. Tighten the screws of the upper panel.
Inserting the tray
into the slot
ake sure the direction is right when sliding the SIM card tray
Turn off the Cellular Gateway before taking the SIM card.
23
2.1.8. Installing MicroSD Card
The ICG-2510W(G)-LTE series provides a MicroSD card slot . Refer to the SIM card installation method for inserting
the MircoSD card.
24
2.2. Mounti ng Installation
This section describes how to install your Industrial Cellular Gateway and make connections to the Industrial Cellular
Gateway. Please read the following sections and perform the procedures in the order being presented. To install your
Industrial Cellular Gateway on a desktop or shelf, simply complete the following steps.
2.2.1. DIN-rail Mounting
The DIN-rail is screwed on the Industrial Cellular Gatewaywhen out of factory. Please refer to the following figures to
screw the DIN-rail on the Industrial Cellular Gateway. To hang the Industrial Cellular Gateway, follow the steps below:
Step 1: Screw the DIN-rail bracket on the Industrial Cellular Gateway.
25
Step 2: Place the bottom of DIN-rail bracket lightly into the track.
Step 3: Check whether the DIN-rail bracket is tightly on the track.
Step 4: Please refer to the following procedures to remove the Industrial Cellular Gatewayfrom the track.
Step 5: Lightly pull out the bottom of DIN-rail bracket to remove it from the track.
26
I
Cellular
Gateway.
3. CELLULAR GATEWAY MANAGEMENT
This chapter explains the methods that you can use to configure management access to the Industrial Cellular
Gateway. It describes the types of management applications and the communication and management protocols that
deliver data between your management device (workstation or personal computer) and the system. It also contains
information about port connection options.
This chapter covers the following topics:
Requirements
Management Access Overview
Web Management Access
SNMP Access
Standards, Protocols and Related Reading
3.1. Requirements
Workstations running Windows 2000/XP, 2003, Vista/7/8, 2008, MAC OS9 or later, Linux, UNIX or other platforms
are compatible with TCP/IP protocols.
Workstation is installed with Ethernet NIC (Network Interface Card).
Ethernet Port connection
• Network cables -- Use standard network (UTP) cables with RJ45 connectors.
The above Workstation is installed with Web browser and Java runtime environment plug-in.
t is recommended to use Internet Explorer 8.0 or above to access Industrial
27
3.2. Management Access Overview
The Industrial Cellular Gateway gives you the flexibility to access and manage it using any or all of the following
methods:
Web browser interface
An external SNMP-based network management application
The Web brow ser i nter fa ce s are embedded in the Industrial Cellular Gatew ay software and are available f or i mme dia te
use. Each of these management methods has their own advantages. Table 3-1 compares the two management
methods.
Method Advantages Disadvantages
• Ideal for conf igur ing t he
Web
Browser
SNMP
Agent
Cellular Gateway remotely
• Compatible with all popular
browsers
• Can be accessed from any
location
• Most visually appealing
• Communicates with Cellular
Gateway functions at the MIB
level
• Based on open standards
Table 3-1 Comparison of Management Methods
• Securi ty can be compromised
(hackers need to only know the IP
address and subnet mask)
• May encounter lag times on poor
connections
• Requires SNMP manager software
• Least visually appealing of all three
methods
• Some settings require calculations
• Securi ty can be compro mised
(hackers need to only know the
community name)
28
3.3. Web Management
The Industrial Cellular Gateway offers management features that allow users to manage the Industrial Cellular
Gateway from anywhere on the network through a standard browser such as Microsoft Internet Explorer. After you set
up your IP address for the cellular gateway, you can access the Industrial Cellular Gateway's Web interface
applications directly in your Web browser by entering the IP address of the Industrial Cellular Gateway.
Figure 3-1 Web Management
You can then use your Web browser to list and manage the Industrial Cellular Gateway con figuration parameters from
one central location. Web Management requires either Microsoft Internet Explorer 8.0 or later, Google Chrome,
Safari or Mozilla Firefox 1.5 or later.
Figure 3-2 Web Main Screen of Industrial Cellular Gateway
29
3.4. SNMP-based Network Management
You can use an external SNMP-based application to configure and manage the Industrial Cellular Gateway, such as
SNMPc Network Manager, HP Openview Network Node Management (NNM) or What’s Up Gold. This management
method requires the SNMP agent on the cellular gateway and the SNMP Network Management Station to use the
same community string. This management method, in fact, uses two community strings: the get community string
and the set community string. If the SNMP Network Management Station only knows the set community string, it can
read and write to the MIBs. However, if it only knows the get community string, it can only read MIBs. The default get
and set community strings for the Industrial Cellular Gateway are public.
Figure 3-3 SNMP Management
30
4. WEB CONFIGURATION
This chapter describes how to configure and manage the cellular gateway
4.1. Configura t ion Connection
Before configuration, you should connect the cellular gateway and your configuration PC with the supplied network
cable. Plug the cable’s o ne end into t he Loc al Netw ork port o f the cellul ar gatew ay, and another end into your configure
PC’s Ethernet port. The connection diagram is as follows:
Please modify the IP address of PC to the same network segment address of the router, for instance, 192.168.1.9.
Modify the mask code of PC to 255.255.255.0 and set the default gateway of PC as the router’s IP address
(192.168.1.1).
4.2. Accessing the Confi guration Web Page
The chapter is to present main functions of eac h page. Users visit page tool via web browser after connecting user PC
to the cellular gateway. There are eleven main pages: Setting, Wireless, Service, VPN, Security, Access Restrictions,
NAT, QoS Setting, Applications, Management and Status. Users enable to browse slave pages by clicking one main
page.
Users can open IE or others and enter the cellular gateway's default IP address of 192.168.1.1 on address bar, then
click on “Enter” to go to the Web management tool of the cellular gateway. Log in to the web page with the first user
name, and it will display a page asking you to modify the default user name and password of the cellular gateway.
Users have to click "change password" to make it work if they want to modify user name and password.
31
The information main page is shown below.
Users need to input user name and password if it is their first time to log in.
Input correct user name and password to visit relevant menu page. Default user name and pas sw or d are admin.
32
4.3. Management and Configuration
The Industrial Cellular Gateway offers management features that allow users to manage the Industrial Cellular
Gateway from anywhere on the network through a standard browser such as Microsoft Internet Explorer. After you set
up your IP address for the cellular gateway, yo u can access the Industrial Cellular Gateway's Web interface
applications directly in your Web browser by entering the IP address of the Industrial Cellular Gateway.
4.3.1. Setting
The Setup screen is the first screen users will see when access ing the cel lul ar gateway. Most users will be able to
configure the gateway and get it work properly using only the settings on this screen. Some Internet Service Providers
(ISPs) will require users to enter specific information, such as User Name, Password, IP Address, Default Gateway
Address, or DNS IP Address. This information can be obtained from your ISP, if required.
4.3.1.1. Basic Setting
WAN Connection Type
The connection types include Disabled, Static IP, Automatic Configuration-DHCP, dhcp-4G, PPPoE, 3G Link1, 3G
Link2 and dhcp-bkup4G.
Disabled
Forbid the setting of WAN port connection type.
Static IP
33
Object – Static IP Description
WAN IP AddressUsers set IP address by their own or ISP assigns
Subnet MaskUsers set subnet mask by their own or ISP assigns
Gateway Users set gateway by their own or ISP assigns
Static DNS1/DNS2/
Users set static DNS by their own or ISP assigns
DNS3
Automatic Configuration-DHCP
IP address of WAN port gets automatic via DHCP.
DHCP-4G
IP address of WAN port gets automatic via DHCP-4G
34
Object –
dhcp-4G
User NameLogin user’s ISP (Internet Service Provider)
PasswordLogin user’s ISP
APN Access point name of user’s ISP
PIN PIN code of user’s SIM card
Description
35
PPPoE
Object – PPPoE Description
User NameLogin the Internet
PasswordLogin the Internet
36
3G Link1
Object – 3G
Link1
User NameLogin user’s ISP (Internet Service Provider)
PasswordLogin user’s ISP
Dial String Dial number of user’s ISP
APN Access point name of user’s ISP
PIN PIN code of user’s SIM card
Description
37
3G Link2
Object – 3G
Link2
User NameLogin user’s ISP (Internet Service Provider)
PasswordLogin user’s ISP
Dial String Dial number of user’s ISP
APN Access point name of user’s ISP
PIN PIN code of user’s SIM card
dhcp-bkup4G
IP address of WAN port gets automatic via DHCP-4G.
Description
38
Object –
dhcp-bkup4G
User NameLogin user’s ISP (Internet Service Provider)
PasswordLogin user’s ISP
APN Access point name of user’s ISP
PIN PIN code of user’s SIM card
Connection Type
The connection type prov ide s 12 opt ions for required mode. This opti on a llow s u ser to se le ct c onne cti on ty pe which he
prefers, such as auto, force 3G or force 4G. The defa ult sett ing is Auto.
Description
39
When users choose the “Route” or “Ping” method, it’s quite important to make sure that the
“Primary Detection Server IP” and “Backup Detection Server IP” are usable and stable, because
Keep Online
This function is used to detec t w het her the Int er net c onnection is active, if users set it and when the R ou ter detects the
connection is inactive, it will redial to users' ISP immediately to make the connection active. If the network is busy or
the user is in private network, we recommend that Router mode will be better.
Object – Keep
Online
Detection
Method-None
Detection
Method-Ping
Detection
Method-Route
Detection
Method-TCP
Detection
Interval
Primary
Detection Server
IP
Description
Do not set this function
Send ping packet to detect the connection, when choosing this method.
Users should also configure "Detection Interval", "Primary Detection
Server IP" and "Backup Detection Server IP" items.
Detect connection with route method, when choosing this method.
Users should also configure "Detection Interval", "Primary Detection
Server IP" and "Backup Detection Server IP" items.
Detect connection w ith T C P m ethod, when choosing this method. Users
should also configure "Detection Interval" item.
Time interval between two detections; unit is second
The server is used to response the Router’s detection packet. This item
is only valid for method "Ping" and "Route".
Backup
Detection Server
IP
they have to response the detection packet frequently.
The server is used to response the Router’s detection packet. This item
is valid for method "Ping" and "Route"
40
Force reconnect
This option schedules the PPPoE or 3G reconnection by killing the pppd daemon and restarts it. After enabling the
function, you are able to set the time to reconnect.
STP
STP (Spanning T ree Prot oco l) can be appli ed to loop net w or k . T hrough cer t ain algorithm achieves path redundancy,
and loop network cuts to tree-based network without loop, thus avoiding the hyperplasia and infinite circulation of a
message in the loop network.
Optional Settings
Object – Keep
Online
Router Name Set Router name
Host NameISP provides
Domain Name ISP provides
MTU
Description
auto (1500) and manual (1200-1492 in PPPOE/PPTP/L2TP mode,
576-16320 in other modes)
41
LAN Network Setup
Object – Router
IP
Local IP Address IP address of the gateway. The default IP addre ss is 192. 16 8.1. 1
Subnet MaskThe subnet mask of the gateway
Gateway
Local DNS
Network Address Server Settings (DHCP)
These settings for the gateway's Dynamic Host Configuration Protocol (DHCP) server functionality configuration. The
gateway can serve as a network DHCP server. DHCP server automatically assigns an IP address to each computer in
the network. If they choose to enable the gatewayr's DHCP server opti on, user s can set all t he comp uter s on the LAN
to automatically obtain an IP address and DNS, and make sure there are no other DHCP servers in the network.
Description
Set internal gateway of the cellular gateway. By default, internal
gateway is the address of the gateway
DNS server is auto assigned by network operator server. Users enable
to use their own DNS server or other stable DNS servers, if not, keep it
default
42
Keep the default Enable to enable the gateway's DHCP server option. If
Object – DHCP Description
DHCP Type DHCP Server and DHCP Forwarder
DHCP Server
Start IP Address
Maximum DHCP
Users
Client Lease
Time
users already have a DHCP server on their network or users do not
want a DHCP server, then select Disable.
Enter a numerical value for the DHCP server to start with when issuing
IP addresses. Do not start with 192.168.1.1 (the gateway's own IP
address).
Enter the maximum number of PCs that users want the DHCP server to
assign IP addresses to. The absol ute maximum is 253 if 192.168.1.2 is
user’s starting IP address.
The Client Lease Time is the amount of time a network user will be
allowed to connect to the Router with their current dynamic IP address.
Enter the amount of time, in minutes, that the user will be "leased" with
this dynamic IP address.
The Domain Name System (DNS) is how the Internet translates domain
or website names into Internet addresses or URLs. Users' ISP will
Static DNS (1-3)
WINS
provide them with at least one DNS Server IP address. If users wish to
utilize another, enter that IP address in one of these fields. Users can
enter up to three DNS Server IP addresses here. The Router will utilize
them for quicker access to functioning DNS servers
The Windows Internet Naming Service (WINS) manages each PC's
interaction with the Internet. If users use a WINS server, enter that
server's IP address here. Otherwise, leave it blank.
43
Users' domain name in the f iel d of lo cal sear ch i ncreases the expansion
DNSMasq
Time Settings
Select time zone of your location. To use local time, leave the checkmark in the box next to Use local time.
Object – Time
Settings
NTP Client DHCP Server and DHCP Forwarder
of the host option to adopt DNSMasq that can assign IP addresses and
DNS for the subnet. If select DNSMasq, dhcpd service is used for the
subnet IP address and DNS.
Description
Keep the default Enable to enable the gateway's DHCP server option. If
Time Zone
Summer Time
(DST)
Server IP/Name
Adjust Time
To adjust time by t he system and refresh to get t h e t im e o f t h e web, user can set to mod ify the time of the system. T hey
can change to adjust time by manual to achieve adjusted time by the system if the system fails to get NTP server.
users have already a DHCP server on their network or users do not
want a DHCP server, then select Disable.
Enter a numerical value for the DHCP server to start with when issuing
IP addresses. Do not start with 192.168.1.1 (the gateway's own IP
address).
IP address of NT P server is up to 32 characters. If blank, the system w ill
find a server by default.
4.3.1.2. DDNS
If user's network has a permanently assigned IP address, users can register a domain name and have that name
linked with their IP address by public Domain Name Servers (DNS). However, if their Internet account uses a
dynamically assigned IP address, users will not know in advance what their IP address will be, and the address can
change frequently. In this case, users can use a commercial dynamic DNS service, which allows them to register their
domain to their IP address, and will forward traffic directed at their domain to their frequently-changing IP address.
44
Supports wildcard or not, the default is OFF. ON means *.host.3322.org
User NameUsers register in DDNS server, up to 64 characteristic
Host Name
Type
Wildcard
Do not use
external ip check
Force Update
Interval
Status DDNS Status shows connection log information
Zoneedit, NO-IP, 3322, easyDNS, TZO, DynSIP and Custom based on
the user
Users register in DDNS server, not limited for input characteristic for
now
IP address of NTP server, up to 32 characters. If blank, the system will
find a server by default
is equal to host.3322.org
Enable or disable the function of 'do not use external ip check'
Unit is day, try forcing the update dynamic DNS to the server by setting
days
4.3.1.3. Clone MAC Address
Some ISPs need the users to regis ter their M AC address. T he users ca n clone th e gatew ay MAC address to their MAC
address registered in ISP if they do not want to re-register their MAC address. Clo ne M AC addresses can clone thr ee
parts: Clone LAN MAC, Clone WAN MAC, and Clone Wireless MAC.
45
4.3.1.4. Advanced Routing
Operating Mode: Gateway, BGP, RIP2 Router, OSPF Router and Router
If the Router is hosting users' Internet connection, select Gateway mode. If another Router exists on their network,
select Router mode.
Dynamic Routing
Dynamic Routing enables the R outer t o au tom ati cal ly adju st t o phy sical chan ges in the network's layout and exchange
routing tables with other Routers. The Router determines the network packets’ route based on the fewest number of
hops between the source and destination.
To enable the Dynamic Routing feature for the WAN side, select WAN. To enable this feature for the LAN and wireless
side, select LAN and WLAN. To enable the feature for both the WAN and LAN, select Both. To disable the Dynamic
Routing feature for all data transmissions, keep the default setting, Disable.
Dynamic Routing is not available in Gateway mode.
46
(internal wired and wireless networks), the WAN (Internet), or Loopback
Static Routing
Object – Static
Routing
Select set
number
Route NameDefined routing name by users, up to 25 characters
Metric 0-9999
Destination LAN
NET
Subnet Mask
Interface
Show Routing Table
Description
1-50
The Destination IP Address is the address of the network or host to
which users want to assign a static route
The Subnet Mask determines which portion of an IP address is the
network portion, and which portion is the host portion
Indicate whether the Destination IP Address is on the LAN & WLAN
(a dummy network in which one PC acts like a network, necessary for
certain software programs)
4.3.1.5. VLANS
VLANs function is to divide different VLAN ports by users' will. The system supports 15 VLAN ports from
VLAN1-VLAN15. However, there are only 5 ports (1 WAN port and 4 LAN ports) divided by users themselves, and
47
meanwhile LAN port and WAN port disable is to divide into one VLAN port.
4.3.1.6. Networking
Object –
Description
Networking
48
Bridging-Create
Bridge
Bridging-Assign
to Bridge
Current Bridging
Table
Create Bridge
Click 'Add' to create a new bridge; configuration is shown below:
Creates a new empty network bridge for later use. STP means
Spanning Tree Protocol and with PRIO users are able to set the bridge
priority order. The lowest number has the highest priority.
Allows users to assign any valid interface to a network bridge. Consider
setting the Wireless Interface options to Bridged if they want to assign
any Wireless Interface here. Any system specific bridge setting can be
overridden here in this field.
Shows current bridging table
Create bridge option: the first br0 means bridge name. STP means to on/ o f f spanning tree protocol. Prio me an s priority
level of STP; the small er the n umber, the higher the level. M TU means maximum tr ansfer unit; default is 1500. Delete if
it is not needed. And then click 'Save' or 'Add'. Bridge properties are shown below:
Enter relevant bridge IP address and subnet mask, and then click 'Add' to create a bridge.
Only creating a bridge can be applied.
Assign to Bridge
Assign to Bridge option: To assign different ports to created bridge. For example: assign port (wireless port) is ra0 in
br1 bridge as shown below:
49
Prio means priority level: work if multiple ports are within the same brid ge. The smaller the number gets, t he h igh er t he
level is.
Click 'Add' to take effect.
The corresponding interfaces of WAN ports should not be bound; this bridg e func tion is basic ally
used for LAN port, and should not be bound with WAN port
If binding is successful, bridge binding list in the list of current bridging table is shown below:
To make br1 bridge have the same function with DHCP assigned address, users need to set multiple DHCP functions.
See the introduction of multi-channel DHCPD:
Port Setup
Set the port properly; the default is not set
When “Unbridged” is selected, the configuration is shown below.
50
Object – Port
Setup-Unbridged
MTU Maximum transfer unit
Multicast
forwarding
Masquerade/NAT Enable or disable Masquerade/NAT
IP Address Set ra0's IP address, and do not conflict with other ports or bridge
Subnet Mask Set the port's subnet mask
Multiple DHCPDs
Using multiple DHCP serv ic e -- Click 'Add' in multiple DHCP servers t o appear r elevant configuration. The first means
the name of port or bridge (do not be configured as eth0), the second means whether to on DHCP. Start means start
address. Max means maximum assigned DHCP clients. Lea se time means the cl ient lease time. The unit is second.
Click 'Save' or 'Apply' to put it into effect after setting.
Description
Enable or disable multicast forwarding
Only configure and click ' Save' to configure the next; configuring multiple DHCPs at the same t ime
is not possible.
A total of 1-13 channels to choose from for more than one wireless
device environment. Please try to avoid using the same channel with
other devices
Wireless SSID SSID can be hidden when disabled is selected. The default is enabled.
52
ireless
Broadcast
Network
Configuration
Virtual Interfaces
Click Add to add a virtual interface. Click on the remove to remove the virtual interface.
Object – Virtual
Server
AP Isolation
IP address needs to be manually configured w hen unbridg ed is s elected
Description
This setting isolates w irele ss cl ient so a cc es s to and f r om oth er wireless
clients are stopped.
Save your changes after changing the "Wireless Mode". For "Wireless Network Mode", "W
Width", or "Broadband" option, click on the button you prefer to configure.
4.3.2.2. Wireless Security
Wireless security op tion is used to configure the security of your wireless network. This route has a total of seven kinds
of wireless security mode. Disabled by default, not safe mode is enabled. For changes in Safe Mode, click Apply to
take effect immediately.
WEP
It is a basic encryption algor ith m that is less secure than WPA. Use o f WEP is discouraged due to security weaknesses,
and one of the WPA modes should be u sed whenever possible. Only u se WEP if you have c lient s that can only support
WEP (usually older, 802.11b-only clients).
53
Object –
Wireless
Security-WEP
Authentication
Type
Default Transmit
Key
Encryption
ASCII/HEX
Description
Open or shared key
Select the key from Key 1 to Key 4.
There are two levels of WEP encryption, 64-bit (40-bit) and 128-bit. To
utilize WEP, select the desired encryption bit, and enter a passphra se or
WEP key in hexadecimal format. If you are using 64-bit (40-bit), then
each key must consist of exactly 10 hexadecimal characters or 5 ASCII
characters. For 128-bit, each key must consist of exactly 26
hexadecimal characters. Valid hexadecimal characters are "0"-"9" and
"A"-"F"
ASCII, the keys is 5 bit ASCII characters/13bit ASCI I characters
HEX, the keys is 10bit/26 bit hex digits
Passphrase The letters and numbers used to generate a key
Key1-Key4 Manually fill out or generated according to input on the pass phrase
54
WPA Personal/WPA2 Personal/WPA2 Personal Mixed
Object –
Wireless
Security-WPA
Personal/WPA2
Personal/WPA2
Personal Mixed
WPA Algorithms TKIP, AES and TKIP + AES
WPA Shared Key Between 8 and 63 ASCII characters or hexadecimal digits
Key Renewal
Interval (in
seconds)
Object –
Wireless
Security-WPA
Enterprise/WPA2
Enterprise/WPA2
Enterprise Mixed
WPA Algorithms TKIP, AES and TKIP + AES
Radius Auth
Server Address
Description
The IP address of the RADIUS server
55
Radius Auth
Server Port
Radius Auth
Shared Secret
Key Renewal
Interval (in
seconds)
The RADIUS port and the default is 1812
The shared secret from the RADIUS server
1-99999
4.3.3. Services
4.3.3.1. Services
DHCP Server
DHCPd assigns IP addresses to user local devices. While the main configuration is on the setup page users can
program some nifty special functions here.
DNSmasq is a local DNS server. It will resolve all host names known to the Router from dhcp (dynamic and static) as
well as forwarding and cachin g D NS entrie s from r emot e DNS server s. Lo cal DN S enable s D HCP client s on the LAN t o
resolve static and dynamic DHCP host names.
Some extra options users can set by entering them
If users want to assign to certain hosts a specific address, they can
define them here. This is also the way to add hosts with a fixed address
to the gateway's local DNS service (DNSmasq).
56
SNMP
Object –
DNSMasq
Local DNS
No DNS Rebind
Additional
DNSMasq
Options
Description
Enables DHCP clients on the LAN to resolve static and dy na mic DHCP
host names.
When enabled, it can prevent an external attacker to acces s the
gateway's internal Web interface. It is a secure measure.
Some extra options users can set by entering them in Additional DNS
Options.
For example:
max lease number: dhcp-lease-max=2
DHCP server IP range: dhcp-range=192.168.0.110,192.168.0.111,12h
Object – SNMP Description
Location
Contact
Name Some extra options users can set by entering them in Additional DNS
Enables DHCP clients on the LAN to resolve static and dy na mic DHCP
hostnames.
When enabled, it can prevent an external attacker to acces s the
gateway's internal Web interface. It is a secure measure.
Max lease number: dhcp-lease-max=2
DHCP server IP range: dhcp-range=192.168.0.110,192.168.0.111,12h
RO Community SNMP RO community name, the default is public, Only to read
RW Community
SSHD
Enabling SSHd allows users to access the Linux OS of their Router with an SSH client.
Object – Secure
Shell
SNMP RW community name, the default is private, Read-write
permissions
Description
SSH TCP
Enable or disable to support the TCP forwarding
Forwarding
Password Login Allows login with the gateway password (username is admin)
Port Port number for SSHd and the default is 22
Here users paste their public keys to enable key-based logi n (more
Authorized Keys
secure than a simple password)
System Log
Enable Syslogd to capture system messages. By default, they will be collected in the local file /var/log/messages. To
send them to another system, enter the IP address of a remote syslog server.
58
a public hotspot), it is strongly
Object – System
Log
Syslog Out Mode
Remote Server
Telnet
Enable a telnet server to connect to the gateway with telnet. The username is admin and the password is the
gateway's password.
If users use the gateway in an untrusted environment (for example,
recommended to use SSHd and disable telnet.
Description
The Syslog Out Mode supports four log modes.
Net: the log information output to a syslog server
Console: the log information output to con sole port
If net mode is chosen, users should input a syslog server’s IP Address
and run a syslog server program on it
WAN Traffic Counter
Enable or disable WAN traffic counter function.
59
4.3.4. VPN
4.3.4.1. PPTP
PPTP Server
Object – PPTP Server Description
Broadcast Support Enable or disable broadcast support of PPTP server
Force MPPE Encryption Enable of disable force MPPE encryption of PPTP data
DNS1/DNS2/WINS1/WINS-2 Set DNS1/DNS2/WINS1/WINS2
Input IP address of the gateway as PPTP server, different from LAN
Server IP
address
IP address is assigned to the client ; the format is
Client IP(s)
xxx.xxx.xxx.xxx-xxx
CHAP-Secrets User name and password of the client using PPTP service
Client IP must be different with IP assigned by gateway DHCP.
The format of CHAP Secrets is user * password *.
60
PPTP Client
Object – PPTP
Client
Server IP or DNS
Name
Remote Subnet The network of the remote PPTP server
Remote Subnet
Mask
MPPE
Encryption
MTU Maximum transmission unit
MRU Maximum receive unit
NAT Enable or Disable network address translation
Fixed IP
User Name User name to log into PPTP Server
Password Password to log into PPTP Server
Description
PPTP server’s IP address or DNS name
Subnet mask of remote PPTP server
Enable or disable Microsoft Point-to-Point Encryption
61
4.3.4.2. L2TP
L2TP Server
Object – L2TP
Server
Force MPPE
Encryption
Server IP
Client IP(s)
CHAP Secrets User name and password of the client using L2TP service
Description
Enable or disable force MPPE encryption of L2TP data
Input IP address of the gateway as PPTP server, different from LAN
address
IP address is assigned to the client; the format is
xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx
62
L2TP Client
Object – L2TP
Client
User Name User name to log in L2TP server
Password Password to log in L2TP server
Gateway (L2TP
Server)
Remote Subnet The network of remote PPTP server
Remote Subnet
Mask
MPPE
Encryption
MTU Maximum transmission unit
MRU Maximum receive unit
NAT Enable or disable network address translation
Description
L2TP server’s IP Address or DNS Name
The subnet mask of remote PPTP server
Enable or disable Microsoft Point-to-Point Encryption
Require CHAP Enable or disable supporting chap authentication protocol
Refuse PAP Enable or disable refusing to support the pap authenti cat ion
Require Enable or disable supporting authentication protocol
63
Authentication
4.3.4.3. OPENVPN
OPENVPN Server
64
Object –
OPENVPN
Server
Start Type
Config via Server or Daemon
Server Mode Router (TUN) and Bridge (TAP) modes
Router (TUN)
Mode
Description
WAN UP: Start after online
System: Start when booting up
Network: Network address allowed by OPENVPN server
Netmask: Netmask allowed by OPENVPN server
65
DHCP-Proxy mode: enable or disable DHCP-Proxy mode
Bridge (TAP)
Mode
Port Li s ten port of OPENVPN server
Tunnel Protocol UCP or TCP of OPENVPN tunnel protocol
Encryption
Cipher
Hash Algorithm
MRU Maximum receive unit
NAT Enable or disable network address translation
Require CHAP Enable or disable supporting chap authentication protocol
Refuse PAP Enable or disable refusing to support the pap authenti cat ion
Require
Authentication
Pool start IP: Pool start IP of the client allowed by OPENVPN server
Pool end IP: Pool end IP of the client allowed by OPENVPN server
Gateway: The gateway of the client allowed by OPENVPN server
Netmask: Netmask of the client allowed by OPENVPN server
Blowfish CBC, AES-128 CBC, AES-192 CBC, AES-256 CBC, AES-512
CBC
Hash algorithm provides a method of quick access to data, including
SHA1, SHA256, SHA512, MD4, MD5
Enable or disable supporting authentication protocol
Advanced Options
66
OPENVPN Client
Object –
OPENVPN Client
Server IP/Name IP address or domain name of OPENVPN server
Port listen port of OPENVPN client
Tunnel Device
Tunnel Protocol UDP and TCP protocol
Encryption
Cipher
Hash Algorithm
Description
TUN: Router mode
TAP: Bridge mode
Blowfish CBC, AES-128 CBC, AES-192 CBC, AES-256 CBC, AES-512
CBC
Hash algorithm provides a method of quick access to data, including
SHA1, SHA256, SHA512, MD5
67
Object –
OPENVPN Client
TLS Cipher
Use LZO
Compression
NAT Enable or disable NAT through function
Bridge TAP to
br0
IP Address Set IP address of local OPENVPN client
Subnet mask Set IP subnet of local OPENVPN client
Description
TLS (Transport Layer Security) encryption standard supports multiple
options
Enable or disable use LZO compression for data transfer
Enable or disable bridge TAP to br0
68
TUN MTU Setting Set MTU value of the tunnel
TLS Auth Key Authority key of Transport Layer Security
Additional
Config
Policy based
Routing
CA Cert CA certificate
Public Client
Cert
Private Client
Key
Additional configurations of OPENVPN server
Input some defined routing policy
Client certificate
Client key
4.3.4.4. IPSEC
Connect Status and Control
Show IPSEC connection and status of current router on IPSEC page.
Object – IPSEC Description
NAME The name of IPSEC connection
Type The type and function of current IPSEC connection
Local subnet, local address, opposite end address and opposite end
Common Name
subnet of current connection
Closed: This connection does not launch a connection request to
opposite end
Negotiating: This connection launch a request to opposite end, is under
Status
negotiating, the connection has not been established yet
Establish: The connection has been est abli shed, enabled to use this
tunnel
The action of this connection, current is to delete, edit, reconnect and
enable.
Delete: To delete the connection, also will delete IPSEC if IPSEC has
Action
set up
Edit: To edit the configure information of this connection, reload this
connection to make the configuration effect after edit
69
Reconnect: This action will remove current tunnel, and re-launch tunnel
establish request
Enable: When the connection is enable, it will launch tunnel establish
request when the system reboot or reconnect, otherwise the connection
will not do it
Add To add a new IPSEC connection
Add IPSEC connection or edit IPSEC connection
Ty pe: To choose IPSEC mode and relevant functions in this part, supports tunnel mode client, tunnel mode server and
transfer mode currently
Connection: This part contains basic address information of the tunnel
Object – IPSEC Description
NAME To indicate this connection name, must be unique
Enabled
Local WAN
Interface
Peer WAN
If enabled, the connection will send tunnel connection request when it is
reboot or re-connection, otherwise it is no need if disable
Local addresses of the tunnel
IP/domain name of end oppo si t e; thi s op tio n ca n not fill in if using tunnel
address
Local Subnet
Remote Subnet
Local ID Tunnel local end identification, IP and domain name are available
Remote ID Tunnel opposite end identification, IP and domain name are available
mode server
IPSec local protects subnet and subnet mask, i.e. 192.168.1.0/24; this
option cannot fill in if transfer mod is used.
IPSec opposite end protects subnet and subnet mask,
i.e.192.168.7.0/24; this option cannot fill in if transfer mode is used.
70
Detection: This part contain s config ure information of connection detection
Object – IPSEC Description
Enable DPD
Detection
Time Interval Set time interval of connect detection (DPD)
Timeout Set the timeout of connect detection
Action Set the action of connect detection
Advanced Settings: This part contains relevant setting of IKE, ESP, negotiation mode, etc.
Enable or disable this function, tick means enable
Object – IPSEC Description
Enable
Advanced
Settings
IKE Encryption IKE phased encryption mode
IKE Integrity IKE phased integrity solution
IKE Grouptype DH exchange algorithm
IKE Lifetime Set IKE lifetime, current unit is hour, the default is 0
ESP Encryption ESP encryption type
ESP Integrity ESP integrity solution
Enable to configure 1st and 2nd phase information, otherwise it
will automatically negotiate according to opposite end
71
ESP Keylife Set ESP keylife, current unit is hour, the default is 0
IKE aggressive
mode allowed
Perfect Forward
Security (PFS)
Authentication: Choose use share encryption option or certificate authentication option. Current is only to choose use
share encryption option.
Negotiation mode adopt aggressive mode if tick; it is main
mode if non-tick
Tick to enable PFS, non-tick to disable PFS
4.3.4.5. GRE
GRE (Generic Routing Encapsulation, Generic Routing Encapsulation) protocol is a network layer protocol (such as IP
and IPX). Data packets are encapsulated, so these encapsulated data packets go to another network layer protocol
(IP). GRE Tunnel technology is Layer Two Tunneling Protocol VPN (Virtual Private Network).
GRE Tunnel: Enable or disable GRE function.
When GRE tunnel is enabled, the configuration page is shown below.
72
Object – GRE Description
Number Switch on/off GRE tunnel app
Status Switch on/off someone GRE tunnel app
Name GRE tunnel name
Through The GRE packet transmit interface
Peer Wan IP addr The remote WAN address
Peer Subnet The remote gateway local subnet, eg: 192.168.1.0/24
Peer T unnel IP The remote tunnel ip address
Local Tunnel IP The local tunnel ip address
Local Netmask Netmask of local network
Keepalive Enable or disable GRE Keepalive function
Retry times GRE keepalive detects fail retries
Interval The time interval of GRE keepalive packet sent
Fail Action The action would be exec after keeping alive failed
Users can view the information of GRE by clicking on the “View GRE tunnels” button.
73
4.3.5. Security
4.3.5.1. Firewall
You can enable or disable the firewall, filter specific Internet data types, and prevent anonymou s Internet requests,
ultimately enhancing network security .
Firewall enhances ne tw ork security and use SP I to chec k the pac kets in the network. To use firewall protection, choose
enable otherwise disable. Only enable the SPI firewall; you can use other firewall functions: filtering proxy, block WAN
requests, etc.
Object – Security Description
WAN proxy server may reduce the security of the gateway. Filtering
Filter Proxy
Proxy will refuse any access to any WAN proxy server. Click the check
box to enable the function otherwise disabled.
Cookies are the website of data the data stored on your computer.
Filter Cookies
Filter Java
Applets
Filter ActiveX
When you interact with the site, the cookies will be used. Click the
check box to enable the function otherwise disabled.
If Java is refused, you may not be able to open web pages using the
Java programming. Click the check box to enable the function,
otherwise disabled.
If ActiveX is refused, you may not be able to open web pages using the
ActiveX programming. Click the check box to enable the function
otherwise disabled.
74
Object – Security Description
Block
Anonymous
WAN Requests
(ping)
Filter IDENT
(Port 113)
Block WAN
SNMP access
By selecting “Block Anonymous WAN Requests (ping)” box to enable
this feature, you can prevent your network from the Ping or detection of
other Internet users. The default state of this feature is enabled. When
disable is selected, it allows anonymous Internet requests.
Enable this feature can prevent port 113 from being scanned from
outside. Click the check box to enable the function otherwise disabled.
This feature prevents the SNMP connection requests from the WAN.
Object – Security Description
Limit SSH
Access
Limit Telnet
Access
Limit PPTP
Server Access
Limit L2TP
Server Access
This feature limits the access request from the WAN by SSH, and per
minute up to accept two connection requests on the same IP. Any new
access request will be automatically dropped.
This feature limits the access request from the WAN by Telnet, and per
minute up to accept two connection requests on the same IP. Any new
access request will be automatically dropped.
When build a PPTP Ser v er in the Router, this feature limits the access
request from the WAN by SSH, and per minute up to accept two
connection requests on the same IP. Any new access request will be
automatically dropped.
When building a L2TP Server in the Router, this feature limits the
access request from the WAN by SSH. It accepts up to two connection
requests per minute on the same IP. Any new access request will be
75
automatically dropped.
Log Management
The gateway can keep logs of all incoming or outgoing traffic for your Internet connection.
Object – Log
Management
Log
Description
To keep activity logs, select Enable. To stop logging, select Disable.
When selecting enable, the following page will appear.
76
To see a temporary log of the Rout er' s most r e cen t outg oing traffic, click
Log Level
Options
Incoming Log
Outgoing Log
Set this to the required log level. Set Log Level higher to log more
actions.
When selecting Enable, the corresponding connection will be recor ded
in the journal; disable is not recorded.
To see a temporary log of the R outer's m ost recen t incom ing traffic, click
the Incoming Log button.
the Outgoing Log button.
4.3.6. Access Restrictions
4.3.6.1. WAN A ccess
You can block or allow specific types of Internet applications f or WAN access restrictions. You can set specific
PC-based Internet access policies. This feature allows you to customize up to 10 different Internet Access Policies for
particular PCs, which are identified by their IP or MAC addresses.
Two options in the default policy rules: "Filter" and "reject". If selecting "Deny”, you will deny specific computers to
access any Internet service at a particular time period. If you choose "filter", It will block specific computers to access
the specific sites at a specific time period. You can set up 10 Internet access policies filtering specific PCs access
Internet services at a particular time period.
77
Object – WAN
Access
Access Policy
Status Enable or disable a policy.
Policy Name You may assign a name to your policy.
PCs
Days Choose the day of the week to have your policy applied.
Times Enter the time of the day to have your policy applied.
Website
Blocking by URL
Description
You may define up to 10 access policies. Click Delete to delete a policy
or Summary to see a summary of the policy.
The part is used t o edit client list; the str ategy is only effective for the PC
in the list.
You can block access to certain websites by entering their URL.
78
Address
Website
Blocking by
Keyword
You can block access to certain website by the keywords contained in
their webpage
The steps of setting up Internet access policy
1. Select the policy number (1-10) in the drop-down menu.
2. For this policy to be enabled, click the radio button next to "Enable"
3. Enter a name in the Policy Name field.
4. Click the Edit List of PCs button.
5. On the list of PC screen, specify PCs by IP address or MAC address. Enter t he appro pr ia te I P ad dr es se s i nto t he I P
fields. If you have a range of IP addresses to filter and complete the appropriate IP Range fields. Enter the appropriate
MAC addresses into the MAC fields.
6. Click the Apply button to save your changes. Click the Cancel button to cancel your unsaved changes. Click the
Close button to return to the Filters screen.
7. If you want to block the listed PCs from Internet access during the designated days and time, then keep the default
79
After
automatically synchronized, you need to
setting, Deny. If you want the listed PCs to have Internet filtered during the designated days and time, then click the
radio button next to Filter.
8. Set the days when access will be filtered. Select Everyday or the appropriate days of the week.
9. Set the time when access will be filtered. Select 24 Hours, or check the box next to From and use the drop-down
boxes to designate a specific time period.
10. Click the Add to Policy button to save your changes and activate it.
11. To create or edit additional policies, repeat steps 1 to 9.
12. To delete an Internet Access Policy, select the policy number, and click the Delete button.
The default factory value of policy rules is "f iltered". If the user chooses t he default policy rules for
"refuse", editing strategies to directly save the settings. If the strategy edited is the first, it will be
automatically saved into the second, if not, the first to keep the original number.
Turning off the power of the Router or rebooting the Router can cause a temporary failure。
the failure of the Router, if NTP timer server cannot be
recalibrate to ensure the correct implementation of the relevant period control function.
4.3.6.2. URL Filter
If you want to prevent certain client access to specific network domain name, such as www.yahoo.com.tw., achieve it
through the function of URL filtering.
Object – URL
Filter
Discard packets
that conform to
the following
Description
Only discard the matching URL address in the list.
80
rules
Accept only the
data packets that
conform to the
following rules
MAC Filter
Receive only custom rules of network address; discard all other URL
addresses.
Object –MAC
Filter
Discard packets
conform to the
following rules
Accept only the
data packets
conform to the
following rules
Description
Only discard the matching MAC address in the list.
Receive only custom rules of MAC address; discard all other MAC
addresses.
4.3.6.3. Packet Filter
To block some packets getting Internet access or block some Internet packets getting local network access, you can
configure filter items to block these packets. Packet filter function is realized based on IP address or port of packets.
81
Object –Packet
Filter
Enable Packet
Filter
Policy
Add Filter Rule
Direction
Protocol Packet protocol type
Source Ports Packet’s source por t
Destination
Ports
Source IP Packet’s source IP address
Destination IP Packet’s destination IP address
Description
Enable or disable “packet filter” function
Two policies are provided. One is Discard packets conform to the
following rules and the other is Accept only the data packets conform to
the following rules.
Input: packet from WAN to LAN
Output: packet from LAN to WAN
Packet’s destination port
4.3.7. NAT
"Source Port”,” Destination Port" ,"Source IP" ,"Destination IP" could not be all empty.
82
number of the external port (the port nu mber seen by users on
4.3.7.1. Port Forwarding
Port Forwarding allow s y ou to set up public services on your network, such as web servers, ftp servers, e-m ail server s,
or other specialized Internet applications. Specialized Internet applications are any applications that use Internet
access to perform fun ctio ns su ch a s v id eoc onferencing or online gaming. When users send this type of request to your
network via the Internet, the Router will forward those requests to the appropriate PC. If you want to forward a whole
range of ports, see Port Range Forwarding.
Object –Port
Forward
Application Enter the name of the application in the field provided.
Protocol
Source Net Forward only if sender matches this ip/net (example 192.168.1.0/24).
Port from
IP Address Enter the IP Address of the PC running the application.
Port to
Enable Click the Enable checkbox to enable port forwarding for the application.
Description
Chose the right protocol TCP, UDP or Both. Set this to what the
application requires.
Enter the
the Internet).
Enter the number of the internal port (the port number used by the
application).
4.3.7.2. Port Range Forward
Port Range Forwarding allows you to set up public services on your network, such as web servers, ftp servers, e-mail
servers, or other specialized Inter net app lic atio ns. Spe cialized Internet applications are any applications that use
Internet access to perform functions such as videoconferencing or online gaming. When users send this type of
request to your network via the Internet, the Router will forward those requests to the appropriate PC. If you only want
to forward a single port, see Port Forwarding.
83
Object –Port
Range Forward
Application Enter the name of the application in the field provided.
Start
End
Protocol
IP Address Enter the IP Address of the PC running the application.
Enable Click the Enable checkbox to enable port forwarding for the application.
Description
Enter the number of the first port of the range you want to be seen by
users on the Internet and forwarded to your PC.
Enter the number of the last port of the range you want to be seen by
users on the Internet and forwarded to your PC.
Chose the right protocol TCP, UDP or Both. Set this to what the
application requires.
4.3.7.3. DMZ
The DMZ (DeMilitarized Zone) hosting feature allows one local user to be exposed to the Internet for use of a
special-purpose service such as Internet gaming or video co nf eren cin g. D MZ hosting forwards all the ports at the sa me
time to one PC. The Port Forwarding feature is more secure beca use it on ly open s the por t s y ou w ant to have opened,
while DMZ hosting opens all the ports of one computer, exposing the computer so the Internet can see it.
Any PC whose port is being forwarded must have a new static IP address assigned to it because its IP address may
change when using the DHCP function.
DMZ Host IP Address: To expose one PC to the Internet, select Enable and enter the computer's IP address in the
DMZ Host IP Address field. To disable the DMZ, keep the default setting: Disable
84
4.3.8. QoS Setti n g
4.3.8.1. Basic
Bandwidth management priorit izes the traffic on your Router. Interactive traffic (telephony, browsing, telnet, etc.) gets
priority and bulk traffic (file transfer, P2P) gets low priority. The main goal is to allow both types to work side-by-side
leaving out unimportant traffic. All of this is more or less automatic.
Object –QoS Description
In order to use bandwidth management (QoS) you must enter
Uplink (kbps)
Downlink (kbps )
bandwidth values for your uplink. These are generally 80% to 90% of
your maximum bandwidth.
In order to use bandwidth management (QoS) you must enter
bandwidth values for your dow nlin k. T hese are generally 80% to 90% of
your maximum bandwidth.
4.3.8.2. Classification
The classification part includes netmask priority and MAC priority. You are able to specify priority for all traffic from a
given IP address, port range or M A C addr ess. C h ec k al l v alu es an d cl ic k Sav e Set ti ngs t o s av e y our setti ngs. C lick the
Cancel changes button to cancel your unsaved changes.
85
4.3.9. Applications
4.3.9.1. Serial Applications
There is a console port on Router. Normally, this port is used to debug the Router. This port can also be used as a
serial port. The Router has embedded a serial to TCP program. The data sent to the serial port is encapsulated by
TCP/IP protocol st ac k and t he n is s ent to the destination server. This function can work as a DTU (Data Terminal Unit).
86
The time interval to send heart beat packet. This item is valid only when
Object –Serial
Applications
Baudrate
Databit
Stopbit It marks the end of a character data. It is a high level of 1, 1.5, and 2.
Parity Use a set of data to check the data error.
Flow control Including the hardware part and software part in two ways.
Protocol
Description
Baud rate indicates the number of bytes per second transported by
device, commonly used baud rate is115200, 57600, 38400, and 19200.
The data bits can be 4, 5, 6, 7, 8, consti tute a charact er. The ASCII code
is usually used. Starting from the most significant bit is transmitted.
The protocol type for transmitting data.
UDP (DTU): Data transmission in UD P protocol works as an IP MODEM
device which has application protocol.
Pure UDP: Data transmission in standard UDP protocol.
TCP (DTU): Data transmission with TCP protocol works as an IP
MODEM device which has application protocol.
Pure TCP: Data transmission in standard TCP protocol, Router is the
client.
TCP Server: Data transmission in standard TCP protocol, Router is the
server.
TCST: Data tra nsmission in TCP protocol that uses a custom data
Server Address The data service center’s IP Address or domain name.
Server Port The data service center’s listening port.
Device ID The Router’s identity ID.
Device Number The Router’s phone number.
Heartbeat
Interval
TCP Server
Listen Port
Custom
Heartbeat Packet
Custom
Registration
you choose UDP (DTU) or TCP (DTU) protocol type.
This item is valid when Protocol Type is “TCP Server”.
This item is valid when Protocol Type is “TCST”.
This item is valid when Protocol Type is “TCST”.
Packet
4.3.10. Admin
87
username is admin. It is strongly recommended that you change the factory default
4.3.10.1. Management
The Management screen allow s you to change the Router's settings. On this page you will find most of the
configurable items of the Router code.
The new password must not ex ceed 32 chara cters in le ngth and must not i nclude a ny spaces. E nter th e new passw ord
twice to confirm it.
Default
password of the Router, which is admin.
Web Access
This feature allows you to manage the Router using either HTTP protocol or the HTTPS protocol. If you choose to
disable this feature, a manual reboot will be required. You can also activate or inactivate the Router information web
page. It's now possible to have a password to protect this page (same username and password as the above).
Object –Web
Access
Protocol
Auto-Refresh (in
seconds)
Enable Info Site Enable or disable the login sys tem information page.
Description
This feature allows you to manage the Router using either HTTP
protocol or the HTTPS protocol.
Adjust the Web GUI automatic refresh interval. 0 disables this feature
completely.
88
Info Site
Password
Protection
Remote Access
This feature allows you to manage the Router from a remote location via the Internet. To disable this feature, keep the
default setting, Disab le. To enable this feature, sele ct Enable , and use th e spec ified por t (def ault is 8 080) o n your PC to
remotely manage the Router. You must also change the Router's default password to one of your own, if you haven't
already.
To remotely manage the Router, enter http://xxx.xxx.xxx.xxx:8080 (the x's represent the Router's Internet IP address,
and 8080 represents the specified port) in your web browser's address field. You will be asked for the Router's
password.
If you use https you need to specify the url as https://xxx.xxx.xxx.xxx:8080 (not all firmwares do support this without
rebuilding with SSL support).
Enable or disable the password protection feature of the system
information page.
The cron subsystem sche dule s ex ecution of Lin ux commands. You'll need to use the comm and line or star tup s cripts to
actually use this.
Description
You can also enable SSH to remotely access the Router by Secure
Shell. Note that SSH daemon needs to be enabled in Services page.
Enable or disable remote Telnet function.
89
Remote Management
Firmware Upgrade
Choose Enable to have a firmware upgrade.
4.3.10.2. Keep Alive
User is able to reboot the device automatically by interval or specific time.
90
4.3.10.3. Commands
The function allows you to run command line directly via the Web interface.
Object –
Commands
Run Commands
Save Startup
Save Shutdown
Save Firewall
Save Custom
Script
Description
You can run command lines via the web interface. Fill the text area with
your command and click Run Commands to submit.
You can save some command lines to be executed at startup's Router.
Fill out the text area with commands (only one command by row) and
click Save Startup.
You can save some command lines to be executed at shutdown's
Router. Fil l out the text area with commands (only one command by
row) and click Save Shutdown.
Each time the firewall is started, it can run some custom ip tables
instructions. Fill out the text area with firewall's instructions (only one
command by row) and click Save Firewall.
Custom script i s stored i n /tm p/cust om.sh f ile. You can run it manually or
use cron to call it. Fill out the text ar ea with script' s instru ction s (only on e
command by row) and click Save Custom Script.
4.3.10.4. Factory Defaults
Select the “Yes” button to reset all configuration settings to their default values then click the A pply Settings button to
take effect.
91
Any settings you have saved will be lost when the default settings are restored. The
default IP address is 192.168.1.1 and the default password is admin.
4.3.10.5. Firmware Upgrade
4.3.10.6. Backup
Object –Backup Description
Backup Settings
You may back up your current configuration in case you need to reset
the Router back to its factory default sett ing s. Cli ck the Backup button to
92
back up your current configura tion.
Click the “Browse...” button to browse for a configuration file that is
Restore Settings
currently saved on your PC. Click the Restore button to overwrite all
current configurations with the ones in the configuration file.
4.3.11. Status
The Status function provides different system and real-time information such as Router, WAN, Backup WAN, LAN,
Wireless, Bandwidth and Sys-Info. It can help the user to monitor the current state of the machine at any time.
93
5. APPENDIX A RJ45 Pin Assignments
5.1. A.1 10/100/1000Mbps, 10/100/1000BASE-T
When connecting your 10/100/1000Mbps Cellular Gateway to another device, a bridge or a hub, a straight-through or
crossover cable is necessary. Each port of the Cellular Gateway supports auto-MDI/MDI-X detection. That means you
can directly connect the Cellular Gateway to any Ethernet devices without making a crossover cable. The following
table and diagram show the standard RJ45 receptacle/connector and their pin assignments:
RJ45 Connector pin assignment
Contact MDI
Media Dependent
1 Tx + (transmit) Rx + (receive)
2 Tx - (transmit) Rx - (receive)
3 Rx + (receive) Tx + (transmit)
4, 5 Not used
6 Rx - (receive) Tx - (transmit)
7, 8 Not used
The standard cable, RJ45 pin assignment
Interface
MDI-X
Media Dependent
Interface-Cross
The standard RJ45 receptacle/connector
There are 8 wires on a standard UTP/STP cable and each wire is color-coded. The following shows the pin allocation
and color of straight-through c able and cro ssover cab le con n ecti on:
94
12345678
12345678
12345678
12345678
Straight-through Cable SIDE 1 SIDE 2
SIDE 1 1 = White /
Orange
2 = Orange
3 = White /
Green
4 = Blue
SIDE 2
Crossover Cable SIDE 1 SIDE 2
SIDE 1 1 = White /
5 = White /
Blue
6 = Green
7 = White /
Brown
8 = Brown
Orange
2 = Orange
3 = White /
1 = White /
Orange
2 = Orange
3 = White /
Green
4 = Blue
5 = White /
Blue
6 = Green
7 = White /
Brown
8 = Brown
1 = White /
Green
2 = Green
3 = White /
Green
4 = Blue
SIDE 2
Figure A-1: Straight-through and Crossover Cables
Please make sure your connected cables are with the same pin assignment and color as the above table before
deploying the cables into your network.
5 = White /
Blue
6 = Green
7 = White /
Brown
8 = Brown
Orange
4 = Blue
5 = White /
Blue
6 = Orange
7 = White /
Brown
8 = Brown
95
Loading...
+ hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.