all | frequencies |
|
exhibits | applications |
---|---|---|---|---|
manual |
app s | submitted / available | |||||||
---|---|---|---|---|---|---|---|---|
1 |
|
User Manual | Users Manual | 4.46 MiB | ||||
1 | Cover Letter(s) | |||||||
1 | External Photos | |||||||
1 | Internal Photos | |||||||
1 | Cover Letter(s) | |||||||
1 | ID Label/Location Info | |||||||
1 | ID Label/Location Info | |||||||
1 | Test Report | |||||||
1 | Test Setup Photos |
1 | User Manual | Users Manual | 4.46 MiB |
IP3012LIndustrialCommunicationServer UsersManual 2015InHandNetworks.Allrightsreserved. Republicationwithoutpermissionisprohibited. IP3012LUsersManual CopyrightNotice Copyright2015InHandNetworks Allrightsreserved. Reproductionwithoutpermissionisprohibited. Trademarks InHandisaregisteredtrademarkofInHandNetworks.Otherregisteredmarkscitedinthis manualrepresentedtheirrespectivecompanies. Disclaimer Informationinthisdocumentissubjecttochangewithoutnoticeanddoesnotrepresentan obligationonthepartofInHandNetworks. Thisusermanualmayincludeintentionaltechnicalortypographicalerrors.Changesare periodicallymadetothemanualtocorrectsucherrors,andthesechangesarenotinformedin neweditions. TechnicalSupportContactInformation InHandNetworks support@inhandnetworks.com TableofContents IP3012LUSERSMANUAL..........................................................................................................2 1.IP3012LINTRODUCTION................................................................................................................6 1.1Overview.............................................................................................................................6 1.2Features...............................................................................................................................6 2.ESTABLISHNETWORKCONNECTION...................................................................................................9 2.1EstablishNetworkConnection............................................................................................9 2.1.1AutomaticacquisitionofIPaddress(recommended)..................................................9 2.1.2SetastaticIPaddress.................................................................................................12 2.2ConfirmthatthenetworkbetweenthesupervisoryPCandrouterisconnected............13 2.3CanceltheProxyServer....................................................................................................15 3.WEBCONFIGURATION..................................................................................................................17 3.1LogintheWebSettingPageofRouter..............................................................................17 3.2Management.....................................................................................................................18 3.2.1System........................................................................................................................18 3.2.1.1SystemStatus......................................................................................................18 3.2.1.2BasicSettings.......................................................................................................19 3.2.2SystemTime...............................................................................................................19 3.2.2.1SystemTime........................................................................................................20 3.2.2.2SNTPClientPort..................................................................................................20 3.2.3AdminAccess.............................................................................................................22 3.2.3.1Createauser.......................................................................................................22 3.2.3.2ModifyaUser......................................................................................................23 3.2.3.3RemoveUsers......................................................................................................23 3.2.3.4ManagementService..........................................................................................24 3.2.4AAA.............................................................................................................................26 3.2.4.1Radius..................................................................................................................27 3.2.4.2Tacacs+................................................................................................................28 3.2.4.3LDAP....................................................................................................................29 3.2.4.4AAASettings........................................................................................................30 3.2.5ConfigurationManagement.......................................................................................32 3.2.6SNMP..........................................................................................................................33 3.2.6.1SNMP...................................................................................................................35 3.2.6.2SnmpTrap............................................................................................................37 3.2.7Alarm..........................................................................................................................37 3.2.7.1AlarmStatus........................................................................................................38 3.2.7.2AlarmInput.........................................................................................................39 3.2.7.3AlarmOutput......................................................................................................39 3.2.7.4AlarmMap...........................................................................................................41 3.2.8SystemLog.................................................................................................................41 3.2.8.1SystemLog..........................................................................................................41 3.2.8.2SystemLogSettings.............................................................................................42 3.2.8.3KiwiSyslogDaemon............................................................................................43 3.2.9SystemUpgrading.......................................................................................................43 3.2.10Reboot......................................................................................................................44 3.2.11CloudPlatform.........................................................................................................44 3.2.11.1CloudPlatform..................................................................................................44 3.2.11.2MOTTClient......................................................................................................45 3.2.12ScheduledTasks........................................................................................................46 3.3Network.............................................................................................................................47 3.3.1Cellular.......................................................................................................................47 3.3.1.1Status...................................................................................................................47 3.3.1.2Cellular................................................................................................................47 3.3.2WLANInterface2.4G...........................................................................................50 3.3.2.1Status...................................................................................................................50 3.3.2.2WLAN(2.4G).......................................................................................................51 3.3.2.3IPSetup...............................................................................................................53 3.3.2.4SSIDScan.............................................................................................................53 3.3.3WLANInterface5.8G...........................................................................................54 3.3.3.1Status...................................................................................................................54 3.3.3.2WLAN5.8G...................................................................................................54 3.3.3.3IPSetup...............................................................................................................57 3.3.3.4SSIDScan.............................................................................................................57 3.3.4CaptivePortal.............................................................................................................57 3.3.5DHCPservice..............................................................................................................59 3.3.5.1Status...................................................................................................................60 3.3.5.2DHCPServer........................................................................................................60 3.3.5.3DHCPRelay..........................................................................................................62 3.3.5.4DHCPClient.........................................................................................................63 3.3.6DNSServices...............................................................................................................63 3.3.6.1DNSServer..........................................................................................................64 3.3.6.2DNSRelay............................................................................................................64 3.3.7SMS............................................................................................................................65 3.3.8VLANInterface...........................................................................................................66 3.3.8.1VLANConfiguration.............................................................................................66 3.3.8.2VLANAggregation...............................................................................................67 3.3.9ADSLDialupPPPoE..............................................................................................68 3.3.10LoopbackInterface...................................................................................................69 3.3.11DynamicDomainName...........................................................................................70 3.3.12BridgeInterface........................................................................................................72 3.4LinkBackup.......................................................................................................................73 3.4.1SLA..............................................................................................................................73 3.4.2TrackModule..............................................................................................................74 3.4.3VRRP...........................................................................................................................76 3.4.4InterfaceBackup.........................................................................................................79 3.5Routing..............................................................................................................................80 3.5.1StaticRoute................................................................................................................80 3.5.1.1RoutingStatus.....................................................................................................81 3.5.1.2StaticRouting......................................................................................................81 3.5.2DynamicRouting........................................................................................................82 3.5.2.1RoutingStatus.....................................................................................................82 3.5.2.2RIP.......................................................................................................................83 3.5.2.3OSPF....................................................................................................................86 3.5.2.4FilteringRoute.....................................................................................................88 3.5.3MulticastRouting.......................................................................................................89 3.5.3.1BasicSettings.......................................................................................................89 3.5.3.2IGMP....................................................................................................................90 3.6Tools..................................................................................................................................92 3.6.1PING...........................................................................................................................92 3.6.2RoutingDetection......................................................................................................92 3.6.3LinkSpeedTest...........................................................................................................93 3.7InstallationGuide..............................................................................................................94 3.7.1NewDial.....................................................................................................................94 3.7.2NewIPSecTunnel.......................................................................................................95 3.8PersonalizationFeatures...................................................................................................96 3.8.1NginxServer...............................................................................................................96 3.8.2FileSynchronization...................................................................................................97 3.8.3GPSLocationInformation..........................................................................................98 3.8.4RoamingManagement...............................................................................................99 3.8.4.1RoamingManagement........................................................................................99 3.8.4.2UpgradefromAP.................................................................................................99 3.9Firewall............................................................................................................................100 3.9.1AccessControlACL............................................................................................100 3.9.2NAT...........................................................................................................................102 3.10QoS................................................................................................................................105 3.11VPN................................................................................................................................107 3.11.1IPSec.......................................................................................................................107 3.11.1.1IPSecPhase1...................................................................................................108 3.11.1.2IPSecPhase2...................................................................................................111 3.11.1.3IPSecConfiguration.........................................................................................112 3.11.1.4IPSecVPNConfigurationExample...................................................................114 3.11.2GRE.........................................................................................................................118 3.11.3L2TP........................................................................................................................120 3.11.4OPENVPN...............................................................................................................122 3.11.5CertificateManagement........................................................................................124 3.12ConfigurationWizard....................................................................................................126 4.APPLICATIONSCENARIOS.............................................................................................................128 APPENDIX1TROUBLESHOOTING..........................................................................................130 APPENDIX2INSTRUCTIONOFCOMMANDLINE....................................................................133 1.IP3012LIntroduction ThisChapterincludes:
Overview Features 1.1Overview IP3012L is a dedicated vehicle WiFi router with embedded NGINX web server and local storageSSD.WithIP3012LandtheRainbowWiFicloud,motorcoachoperatorsmayeasilysetup anadvancedWiFioperatingsystemwhichprovidesdevicemanagement,contentmanagement, vehicle location management, visitor management, statistical reports, and other features. TravelerssimplyconnecttotheWiFihotspotprovidedbyIP3012LtosurfInternet,andtoenjoy localservicessuchasVODmoviesandinteractivegamesprovidedbyoperators.Bydeployingthe RainbowWiFicloud,motorcoachoperatorsmayeasilyremotelymanagethousandsofIP3012L devices,nomatterchangingvisitorpolicyorupdatingmediacontentdeployedinIP3012L. TheIP3012Lisaportalintothemobileinternetandastepforwardinprovidingvalueadded servicestotravelers. 1.2Features AdvancedWiFi Supportdualband2.4GHzand5.8GH,fullycompliancewithIEEE802.11ac/a/b/g/n standards. With2X2MIMOtechnologyenabled,WiFiconnectionbandwidthcanreachashighas 1.2Gbps,bringsamazingmultiuserperformance. Highspeed4GAccess Integratingupto4Gcellularmodule,IP3012providesFDDLTEaccess,with100Mbps uplinkand50Mbpsdownlink. QuadBandLTE:700/850/AWS(1700/2100)/1900MHz;FDDBand(17,5,4,2);TriBand UMTS(WCDMA):850/AWS(1700/2100)/1900MHz;FDDBand(5,4,2)QuadBand GSM/GPRS/EDGE:850/900/1800/1900MHz GPS WithGPSenabled,IP3012providesvehiclelocation,speed/courseovergroundand trackinformation. PowerfulWebPortal WhenvisitorsconnecttotheWiFihotspotprovidedbyIP3012L,agreetingsplashpage popsup,providinglocalmediaservicesanduserauthentication. BuiltinWebServer EmbedreliableNGINXwebserver,enablinglocalmediaservices. SupportPHP,enablingdynamicpagecontent. LocalStorage SupportSSDupto1TB,toleratingvibrationfromvehicle. Localstoragemaybeusedtostorelocalwebcontent,movies,music,apps,etc.to acceleratelocalaccessandtosaveinternetbandwidth. ContentUpdateMechanism Inremotesynchronizationmode,locallystoredcontentsmaysyncwiththecloud. Inlocalsynchronizationmode,contentmaybeupdatedviaSDcardorFTP. Bothmodesmaybehybridtoenableevenmoreflexibleoperation. VisitorBehaviorManagement SupportvisitorauthenticationbySMSorsocialaccounts. SupportQoStolimitperuserbandwidthandtraffic,preventingoveragesand protectinglatencysensitivetraffic. Supportwebsitesblacklistandwhitelist. CloudManagement SupporttheRainbowWiFicloud,enablingdevicemanagement,contentmanagement, vehiclelocationmanagement,visitormanagement,statisticalreports,andother features. SupportCLI,webUIandSNMPv3. HighReliability Withdedicatedvehiclepowermoduleinside,IP3012Ltoleratespowervoltagedips, overruns,shortandotherfailures.SupportautomaticallypowercontrolwithACC signaltoprotectSSDandvehiclebattery. Fanlesscoolingdesigntosimplifyinstallation. SupportlinkqualityinspectionandautorecoverytoensurereliableLTEaccess. RobustSecurity SupportIPSecVPN,DMVPN,L2TP,SSLVPN,andCAcertificationtoensuredata security. SupportpowerfulfirewallfunctionssuchasStatefulPacketInspection(SPI),Access ControlList(ACLs),DoSattackprevention,etc. SupportAAA,TACACS,Radius,localauthentication,andmultilevelsuserauthorityto ensuresecuremanagement. 2.EstablishNetworkConnection Thischaptermainlycontainsthefollowingcontents:
EstablishNetworkConnection ConfirmthattheconnectionbetweensupervisoryPCandrouter CanceltheProxyServer Aftercompletingthehardwareinstallation,beforetologintheWebsetuppage,youneedto ensurethatthemanagementoftheEthernetcardinstalledonyourcomputer. 2.1EstablishNetworkConnection 2.1.1AutomaticacquisitionofIPaddress(recommended) Please set the supervisory computer to "automatic acquisition of IP address" and "automatic acquisitionofDNSserveraddress"(defaultconfigurationofcomputersystem)tolettherouter automaticallyassignIPaddressforsupervisorycomputer. 1) OpenControlPanel,doubleclickNetworkandInterneticon,enterNetworkandSharing Centers 2) Clickthebutton<LocalConnection>toenterthewindowof"LocalConnectionStatus 3) Click<Properties>toenterthewindowof"LocalConnectionProperties,asshownbelow. 4)SelectInternetPortocolVersion4(TCP/IPv4),click<Properties>toenterInternetPortocol Version 4 (TCP/IPv4)Properties page. Select Obtain an IP address automatically and Obtain DNSServeraddressautomatically,thenclick<OK>tofinishsetting,asshownbelow. 2.1.2SetastaticIPaddress Set computer management IP address and deviece FE port IP address on the same network segment (device FE port initial IP address: 192.168.2.1, Subnet Mask: 255.255.255.0). The followingFE1/1portconnectedtoacomputerandmanagementprovidedinWindowsXPsystem describedasanexample. EnterInternetPortocol(TCP/IP)Propertiespage,selectUsethefollowingIPaddress,typeIP address (arbitrary value between 192.168.2.2192.168.2.254), Subnet Mask (255.255.255.0), andDefafultGateway(192.168.2.1),thenclick<OK>tofinishsetting,asshownFigure25. Figure25InternetPortocol(TCP/IP)Properties 2.2ConfirmthatthenetworkbetweenthesupervisoryPCandrouterisconnected 1)Clickthelowerleftcornerofthescreen<Start>buttontoenterthe"Start"menu,select"Run"
popup"Run"dialogbox,showninFigure26. Figure26Run 2)Enter"ping192.168.2.1(IPaddressofrouter;itisthedefaultIPaddress),andclickthebutton
<OK>. If thepopup dialog box shows the response returned from the router side, it indicates thatthenetworkisconnected;otherwise,checkthenetworkconnection,showninFigure27. Figure27CommandPrompt 2.3CanceltheProxyServer IfthecurrentsupervisorycomputerusesaproxyservertoaccesstheInternet,itisrequiredto canceltheproxyserviceandtheoperatingstepsareasfollows:
1) Select [Tools/Internet OPtions] in the browser to enter the window of [Internet Options], showninFigure28. Figure28InternetOPtions 2Select the tabConnect and click the button<LAN Setting(L)> to enter the page of LAN Setting.Please confirm if the optionUse a Proxy Server for LAN is checked;if it is checked,pleasecancelandclickthebutton<OK>,showninFigure29. Figure29LANSetting 3.WebConfiguration Thischapterincludesthefollowingparts:
Login/outWebConfigurationPage Management Network LinkBackup Routing Tools InstallationGuide PersonalizationFeatures Firewall Qos VPN 3.1LogintheWebSettingPageofRouter RuntheWebbrowser,enterhttp://192.168.2.1:8080intheaddressbar,andpressEntertoskip to the Web login page, as shown in Figure 31. Enter the User Name (default: adm) and Password (default: 123456), and click button <OK> or directly press Enter to enter the Web settingpage. Figure31LoginRouter After entering the Web Setting page, click the "Advanced Configuration" web interface, the popup dialog box, enter "User Name" (default: adm) again and "Password" (default: 123456), then enter the parameter configuration interface start parameter settings. Advanced configurationisshownin3.2~3.11. Atthesametime,therouterallowsuptofouruserstomanagethroughtheWebsetting page.Whenmultiusermanagementisimplementedfortherouter,itissuggestednotto conductconfigurationoperationfortherouteratthesametime;otherwiseitmayleadto inconsistentdataconfiguration. Forsecurity,youaresuggestedtomodifythedefaultloginpasswordafterthefirstlogin andsafekeepthepasswordinformation. 3.2Management 3.2.1System 3.2.1.1SystemStatus Fromtheleftnavigationpanel,selectAdministration/System,thenenterSystemStatuspage. Onthispageyoucanchecksystemstatusandnetworkstatus,asshowninFigure32.Insystem status, by clicking <Sync Time>you can make the time of router synchronized with the system timeofthehost.ClicktheSetonnetworkstatustoenterintotheconfigurationscreendirectly. Forconfigurationmethods,refertoSection3.3.2. Figure32SystemStatus 3.2.1.2BasicSettings SelectAdministration/System,thenenterBasicSetuppage.YoucansetthelanguageofWeb ConfigurationPageanddefineRouterName,asshowninFigure33. Figure33BasicSettings 3.2.2SystemTime To ensure the coordination between this device and other devices, user is required to set the systemtimeinanaccuratewaysincethisfunctionisusedtoconfigureandchecksystemtimeas wellassystemtimezone. ThedevicesupportsmanualsettingofsystemtimeandthetimetopassselfsynchronisticSNTP server. 3.2.2.1SystemTime Time synchronization of router with connected host could be set up manually in system time configurationpartwhilesystemtimeisallowedtobesetasanyexpectedvalueafterYear2000 manually. From the left navigation panel, select Administration/System Time, then enter System Time page,asshowninFigure34. Byclicking<SyncTime>youcanmakethetimeofroutersynchronizedwiththesystemtimeofthe host.SelecttheexpectedparametersinYear/Month/DateandHour:Min:SecColum,thenclick
<Apply&Save>.Therouterwillimmediatelysetthesystemtimeintoexpectedvalue. Figure34SystemTime 3.2.2.2SNTPClientPort SNTP, namely Simple Network Time Protocol, is a system for synchronizing the clocks of networkedcomputers.InmostplacesoftheInternettoday,SNTPprovidesaccuraciesof150ms dependingonthecharacteristicsofthesynchronizationsourceandnetworkpaths. ThepurposeofusingSNTPistoachievetimesynchronizationofalldevicesequippedwithaclock onnetworksoastoprovidemultipleapplicationsbasedonuniformtime. From the left navigation panel, select Administration/System Time, then enter SNTP Client page,asshowninFigure35. Figure35SNTPClientPort PagedescriptionisshowninTable31. Table31SNTPClientPortPageDescription Parameter Description SourceIP ThecorrespondingIPofsourceinterface Default None SNTPServersList SNTP server address (domain name /IP), maximum to set10SNTPserver TheserviceportofSNTPserver None 123 ServerAddress Port BeforesettingaSNTPserver,shouldensureSNTPserverreachable.EspeciallywhentheIP address of SNTP server is domain, should ensure DNS server has been configured correctly. If you configure a source interface and then cannot configure the source address. the oppositeisalsotrue. WhensettingmultipleSNTPserver,systemwillpollallSNTPserversuntilfindanavailableSNTP server. 3.2.3AdminAccess Admin Access allows the management of users which are categorized into superuser and commonuser. Superuser:onlyoneautomaticallycreatedbythesystem,allocatedwiththeusername ofadmandgrantedwithallaccessrightstotherouter. Commonuser:createdbysuperuserwiththerighttocheckratherthenmodifyrouter configuration. 3.2.3.1Createauser Clicknavigationpanel/AdminAccess,enterCreateauserpage,Whereintheuserpermissions value,thehighertheprivilege,showninFigure36. Figure36Createauser 3.2.3.2ModifyaUser Fromtheleftnavigationpanel,selectAdministration/AdminAccess,thenenterModifyaUser page,asshowninFigure37.PresstheuserthatneedstomodifyinUserSummary,afterthe backgroundturnsblue,enternewinformationinModifyaUser. Figure37ModifyaUser 3.2.3.3RemoveUsers Fromtheleftnavigationpanel,selectAdministration/AdminAccess,thenenterRemoveUsers page,asshowninFigure38. PresstheuserthatneedstoremoveinUserSummary.Afterthebackgroundturnsblue,press
<Delete>toremovetheuser. Figure38RemoveUsers Thesuperuser(adm)canneitherbemodifiednordeleted.Butsuperuserspasswordcanbe modified. 3.2.3.4ManagementService HTTP HTTP,shortenedformofHypertextTransferProtocol,isusedtotransmitWebpageinformation onInternet.HTTPislocatedastheapplicationlayerinTCP/IPprotocolstack. ThroughHTTP,usercouldlogonthedevicetoaccessandcontrolitthroughWeb. HTTPS HTTPS(HypertextTransferProtocolSecure)supportsHTTPinSSL(SecuritySocketLayer). HTTPS,dependingonSSL,isabletoimprovethedevicessecuritythroughfollowingaspects:
Distinguish legal clients from illegal clients through SSL and Disable illegal clients to accessthedevice;
Encrypt the data exchanged between client and device to guarantee security and integralityofdatatransmissionsoastoachievethesafemanagementofdevice;
An access control strategy based on certificate attributions is established for further controlofclientsaccessauthoritysoastofurtheravoidattackforillegalclients. TELNET TelnetisanapplicationlayerprotocolinTCP/IPprotocolfamily,providingtelnetandVTfunctions through Web. Depending on Server/Client, Telnet Client could send request to Telnet server whichprovidesTelnetservices.ThedevicesupportsTelnetClientandTelnetServer. SSH IncomparisonwithTelnet,STelnet(SecureTelnet),basedonSSH2,allowstheClienttonegotiate withServersoastoestablishsecureconnection.ClientcouldlogonServerjustasoperationof Telnet. ThroughfollowingmeasuresSSHwillrealizethesecuretelnetoninsecurenetwork:
SupportRASauthentication. Support encryption algorithms such as DES, 3DES and AES128 to encrypt usernamepasswordanddatatransmission. Localconnection.ASSHchannelcouldbeestablishedbetweenSSHClientandSSH Server to achieve local connection. Following is a figure showing the establishmentofaSSHchannelinLAN:
WAN connection. A SSH channel could be established between SSH Client and SSH ServertoachieveWANconnection.Followingisafigureshowingtheestablishmentofa SSHchannelinWAN:
From the left navigation panel, select Administration/Admin Access, then enter Management Servicepage,asshowninFigure39. Figure39ManagementService 3.2.4AAA AAA access control is used to control visitors and corresponding services available as long as accessisallowed.Samemethodisadoptedtoconfigurethreeindependentsafetyfunctions.It providesmodularizationmethodsforfollowingservices:
Authentication:verifywhethertheuserisqualifiedtoaccesstothenetwork. Authorization:relatedwithservicesavailable. Charging:recordsoftheutilizationofnetworkresources. UsermayonlyuseoneortwosafetyservicesprovidedbyAAA.Forexample,thecompanyjust wantsidentityauthenticationwhenemployeesareaccessingtosomespecifiedresources,then network administrator only needs to configure authentication server. But if recording of the utilizationofnetworkisrequired,then,achargingservershallbeconfigured. Commonly AAA adopts ClientServer structure which is featured by favorable expandability andfacilitatescentralizedmanagementofusersinformation,asthefollowingfigureshows:
3.2.4.1Radius RemoteAuthenticationDialinUserService(RADIUS),aninformationexchangeprotocolwitha distributive Client/Server structure, could prevent the network from any disturbance from unauthorized access and is generally applied in various network environments with higher requirements on security and that permit remote user access. The protocol has defined the Radius frame format based on UDP and information transmission mechanism, confirmed UDP Port 1812 as the authentication port. Radius Server generally runs on central computer or workstation;RadiusClientgenerallyislocatedonNAS. InitiallyRadiusisdesignedanddevelopedagainstAAAprotocolofdialinusers.Alongwiththe diversifieddevelopmentofuseraccessways,Radiusalsoadaptsitselftosuchchanges,including Ethernet access and ADSL access. Access service is rendered through authentication and authorization. MessageflowbetweenRadiusClientandServerisshownasfollows:
UsernameandpassportwillbesenttotheNASwhentheuserlogsonit;
Radius Client on NAS receives username and password and then sends an authenticationrequesttoRadiusServer;
Uponthereceptionoflegalrequest,RadiusServerexecutesauthenticationandfeeds back required user authorization information to Client; For illegal request, Radius ServerwillfeedbackAuthenticationFailedtoClient. Fromtheleftnavigationpanel,selectAdministration/AAA,thenenterRadiuspage,asshownin Figure310. Figure310Radius PagedescriptionisshowninTable32. Table32RadiusDescription Parameter ServerAddress Description Serveraddress(domainname/IP) Port Key Consistentwiththeserverport Consistentwiththeserverauthenticationkey 3.2.4.2Tacacs+
Default None 1812 None Tacacs+, or Terminal Access Controller Access Control System, similar to Radius, adopts Client/ServermodetoachievethecommunicationbetweenNASandTacacs+Server.But,Tacacs+
adoptsTCPwhileRadiusadoptsUDP. Tacacs+ismainlyusedforauthentication,authorizationandchargingofaccessusersandterminal usersadoptingPPPandVPDN.Itstypicalapplicationisauthentication,authorizationandcharging forterminalusersrequiringloggingonthedevicetocarryoutoperation.AstheClient,thedevice will have username and password sent to Tacacs+ Server for verification. So long as user verificationpassedandauthorizationobtained,loggingandoperationonthedeviceareallowed. Fromtheleftnavigationpanel,selectAdministration/AAA,thenenterTacacs+page,asshown inFigure311. PagedescriptionisshowninTable33. Figure311Tacacs+
Table33Tacacs+Description Parameters Description Default ServerAddress Serveraddress(domainname/IP) Consistentwiththeserverport Consistentwiththeserverauthenticationkey Port Key 3.2.4.3LDAP None 49 None OneofthegreatadvantagesofLDAPisrapidresponsetouserssearchingrequest.Forinstance, usersauthenticationwhichmaygeneralalargeamountofinformationsentasthesametime.If databaseisadoptedforthispurpose,sinceitisdividedintomanytables,eachtimetomeetsuch asimplerequirement,thewholedatabasehastobesearched,integratedandfilteredslowlyand disadvantageously.LDAP,simpleasatable,onlyrequiresusernameandcommandandsomething else.Authenticationismetfromefficiencyandstructure. Fromtheleftnavigationpanel,selectAdministration/AAA,thenenterLDAPpage,asshownin Figure312. PagedescriptionisshowninTable34. Figure312LDAP Table34LDAPDescription Parameters Description Default Name Defineservername ServerAddress Serveraddress(domainname/IP) Port BaseDN Username Password Security Consistentwiththeserverport ThetopofLDAPdirectorytree Usernameaccessingtheserver Passwordaccessingtheserver Encryptionmod:None,SSL,StartTLS None None None None None None None VerifyPeer VerifyPeer Unopened 3.2.4.4AAASettings AAAsupportsfollowingauthenticationways:
None:withgreatconfidencetousers,legalcheckomitted,generallynotrecommended. Local: Have users information stored on NAS. Advantages: rapidness, cost reduction. Disadvantages:storagecapacitylimitedbyhardware. Remote:Haveusersinformationstoredonauthenticationserver.Radius,Tacacs+and LDAPsupportedforremoteauthentication. AAAsupportsfollowingauthorizationways:
None:authorizationrejected. Local:authorizationbasedonrelevantattributionsconfiguredbyNASforlocalusers account. Tacacs+:authorizationdonebyTacacs+Server. RadiusAuthenticationBased:authenticationbondedwithauthorization,authorization onlybyRadiusnotallowed. LDAPAuthorization. From the left navigation panel, select Administration/AAA, then enter AAA Setting page, as showninFigure313. Figure313AAAauthentication PagedescriptionisshowninTable35. Table35AAASettingsKeyItems KeyItems Description radius tacacs+
ldap local AuthenticationandAuthorizationServer AuthenticationandAuthorizationServer AuthenticationandAuthorizationServer Thelocalusernameandpassword Authentication1shouldbesetconsistentlywithAuthorization1;Authentication2shouldbe set consistently with Authorization 2; Authentication 3 should be set consistently with Authorization3. Whenconfigureradius,Tacas+,localatthesametime,priorityorderfollow:1>2>3. 3.2.5ConfigurationManagement Hereyoucanbackuptheconfigurationparameters,importthedesiredparametersconfiguration backupandrestorethefactorysettingsoftherouter. From the left navigation panel, select Administration/Config Management, then enter Config Managementpage,asshownin314. Figure314ConfigurationManagement PagedescriptionisshowninTable36. Table36ConfigManagementDescription Parameters Description Default Backuprunningconfig Backuprunningconfigfiletohost. Backupstartupconfig Backupstartupconfigfiletohost. Automatically save modified Decidewhethertoautomaticallysave configuration RestoreDefault Configuration configurationaftermodifytheconfiguration. Restorefactoryconfiguration None None On None Whenimporttheconfiguration,thesystemwillfilterincorrectconfigurationfiles,andsavethe correct configuration files,when systemrestarts, it will orderly executetheses configuration files.Iftheconfigurationfilesdidntbearrangedaccordingtoeffectiveorder,thesystemwont enterthedesiredstate. Inordernottoaffectcurrentsystemrunning,whenperformingtheimportconfigurationand restorethedefaultconfiguration,needtoreboottherouternewconfigurationwilltakeeffect. 3.2.6SNMP Definition SNMP, or Simple Network ManagementProtocol, is a standard network management protocol widely used in TCP/IP networks and provides a method of managing the device through the runningthecentralcomputerofnetworkmanagementsoftware.FeaturesofSNMP:
Simplicity: SNMP adopts polling mechanism, providesthe most basic sets of features and could be used in smallscale, rapid, low cost environments. SNMP, with UDP messageasthecarrier,issupportedbyagreatmajorityofdevices. Powerfulness: objective of SNMP is to ensure the transmission of management information between any two points so as to facilitate administrators retrieval of informationonanynodeonnetworkandmodificationandtroubleshooting. Benefits NetworkadministratorscouldmakeuseofSNMPtoaccomplishtheinformationquery, modification, troubleshooting and other jobs on any node on network to achieve higherefficiency. Shieldingofphysicaldifferencesbetweendevices.SNMPonlyprovidesthemostbasic sets of features for mutual independence between administration and the physical properties, network types of devices under administration; therefore, it could realize theuniformmanagementofdifferentdevicesatalowercost. Simple design, lower cost. Simplicity is stressed on addition of software/hardware, typesandformatsofmessageondevicessoastominimizetheinfluenceandcoston devicescausedbyrunningSNMP. Application:managementofdeviceisachievedthroughSNMP Administratorisrequiredtocarryoutconfigurationandmanagementofalldevicesinthesame network, which are scattered, making onsite device configuration impracticable. Moreover, in case that those network devices are supplied from different sources and each source has its independent management interfaces (for example, different command lines), the workload of batchconfigurationofnetworkdeviceswillbeconsiderable.Therefore,undersuchcircumstances, traditional manual ways will result in lower efficiency at higher cost. At that time, network administratorwouldmakeuseofSNMPtocarryoutremotemanagementandconfigurationof attacheddevicesandachieverealtimemonitoring.Followingisafigureshowinghowtomanage devicesthroughSNMP:
ToconfigureSNMPinnetworking,NMS,amanagementprogramofSNMP,shallbeconfiguredat theManager.Meanwhile,Agentshallbeconfiguredaswell. ThroughSNMP:
NMScouldcollectstatusinformationofdeviceswheneverandwhereverandachieve remotecontrolofdevicesundermanagementthroughAgent. AgentcouldtimelysendcurrentstatusinformationtoNMSreportdevice.Incaseofany problem,NMSwillbenotifiedimmediately. 3.2.6.1SNMP SNMPagentofdevicesupportsSNMPv1,SNMPv2andSNMPv3atpresent. SNMPv1andSNMPv2adoptcommunitynametoauthenticate. SNMPv3adoptusernameandpasswordtoauthenticate. From the left navigation panel, select Administration/SNMP, then enter SNMP page, as showninFigure315. Figure31SNMPv1&SNMPv2cSettings PagedescriptionisshowninTable37. Table37SNMPKeyItems Parameters Description Default CommunityName UserdefineCommunityName Publicandprivate AccessLimit Selectaccesslimit MIBView SelectMIBView Readonly defaultView WhenchoosingSNMPv3version,thecorrespondingUseandUserGroupshouldbeconfigured. TheconfigurationpageisshowninFigure316. PagedescriptionisshowninTable38. Figure316SNMPv3Setting Parameters Table38SNMPv3Description Description GroupManagement Default Groupname Userdefine,length:132charaters None SecurityLevel IncludesNoAuth/NoPriv,Auth/NoPriv,Auth/priv NoAuth/NoPriv ReadonlyView OnlysupportdefaultViewatpresent ReadwriteView OnlysupportdefaultViewatpresent OnlysupportdefaultViewatpresent UserManagement defaultView defaultView defaultView InformView Username GroupName Authentication Mode Authentication password Encryptionmode Userdefinedusername,length:132characters Selectusertojoinusergroup,firstdefinedintheusergroup managementtable,beforethis,selectappropriateusergroup Select authentication mode. MD5 and SHA provides two authentication modes, no identification" not enable authentication. When only authentication mode is not "no identification", authenticationpasswordcanenter. Length:832characters. ChoosewhethertouseDESencryptionmode None None SHA None DES Encryption Password Only encryption mode is not "no encryption", encryption modepasswordcanenter. Length:832characters. None 3.2.6.2SnmpTrap SNMP trap: A certain port where devices under the management of SNMP will notify SNMP managerratherthanwaitingforpollingfromSNMPmanager.InNMS,Agentsinmanageddevices couldhaveallerrorsreportedtoNMWatanytimeinsteadofwaitingforpollingfromNMWafter itsreceptionofsucherrorswhich,asamatteroffact,arethewellknownSNMPtraps. From the left navigation panel, select Administration/SNMP, then enter SnmpTrap page, as showninFigure317. PagedescriptionisshowninTable39. Figure317SnmpTrap Table39SnmpTrapDescription Parameters Description Default HostAddress FillintheNMSIPaddress SecurtiyName FillinthegroupnamewhenusetheSNMPv1/v2c;Fillinthe usernamewhenusetheSNMPv3.Length:132characters UDPPort FillinUDPport,thedefaultportrangeis165535 None None 162 3.2.7Alarm Alarmfunctionisawaywhichisprovidedforuserstogetexceptionsofdevice,whichcanmake theusersfindandsolveexceptionsassoonaspossible.Whenabnormalityhappened,devicewill send alarm. User can choose many kinds of exceptions which system defined and choose appropriatenoticewaytogettheseexceptions.Alltheexceptionsshouldberecordedinalarm logsothatusertroubleshootproblem. Alarmcanbedivided:
Raise:Indicatesthealarmoccurrencehasnotbeenconfirmed. Confirm:Alarmindicatesthatausercannottemporarysolve. All:Indicatesallalarmsoccur. Alarmlevelcanbedivided:
EMERGDeviceoccurssomefaults,itcouldleadtothesystemrestart. CRITDeviceoccurssomefaultswhichareunrecoverable. WARNDeviceoccurssomefaultswhichcouldaffectsystemfunction. NOTICEDeviceoccurssomefaultswhichcouldaffectsystemproperties. INFODeviceoccurssomenormalevents. 3.2.7.1AlarmStatus From the left navigation panel, select Administration/Alarm, then enter Alarm State page, as showninFigure318.Throughthispage,youcancheckallthealrmssincetherouterispowered. Click<ClearAllAlarms>tosetallthealarmtoclearstate. Click<ConfirmAllAlarms>tosetallthealarmtocconfirmstate. Click<Reload>toreloadallthealarms. Figure318AlarmStatus 3.2.7.2AlarmInput Hereusercouldselectalarmtypesincludingsystemalarmandportalarm.Oneormorethanone typescouldbeselected. Fromtheleftnavigationpanel,selectAdministration/Alarm,thenenterAlarmInputpage,as showninFigure319. Figure319AlarmInput 3.2.7.3AlarmOutput Whenanalarmhappens,thesystemconfiguredwiththisfunctionwillsendthealarmcontentto intendedemailaddressfromthemailaddresswhereanalarmemailissentinaformofemail. Generallythisfunctionisnotconfigured. Fromtheleftnavigationpanel,selectAdministration/Alarm,thenenterAlarmOutputpage,as showninFigure320. Figure320AlarmOutput PagedescriptionisshowninTable310. Table310AlarmOutputDescription Parameters Description MailServerIP/Name SetIPaddressofMailServerthatsendalarmemails MailServerPort SetPortofMailServerthatsendalarmemails AccountName SetEmailaddressfromwhichalarmemailsaresent AccountPassword SetEmailpassword Crypt Setthecryptmethod EmailAddresses Destinationaddressofreceivingalarmemail(110) Default None 25 None None None None Whentheemailparametershadbeenconfigured,youshouldclickthesendtestemailbutton sothatensuretheconfigurationiscorrect.Ifthetestemailfailed,itmaythenetwork configurationormailboxconfigurationisnotcorrect. 3.2.7.4AlarmMap AlarmMapconsistsoftwomappingways:CLI(consoleinterface)andEmail.Incaseoflatterone isselected,andthenalarmoutputshallbeactivatedwithanemailaddresswellconfigured. From the left navigation panel, select Administration/Alarm, then enter Alarm Map page, as showninFigure321. Figure321AlarmMap 3.2.8SystemLog SystemLogincludesmassiveinformationaboutnetworkanddevices,includingoperatingstatus, configuration changes and so on, serving as an important way for network administrator to monitorandcontroltheoperationofnetworkanddevices.SystemLogcouldprovideinformation to help network administrator to find network problems or safety hazard so as to take more targetedmeasures. 3.2.8.1SystemLog From the left navigation panel, select Administration/Log, then enter System Log page, as showninFigure322. Figure322SystemLog Whendownloadsystemlog,routersettingswillalsobedownloaded. 3.2.8.2SystemLogSettings OnSystemLogSettings,remotelogservercouldbeset.Routerwillhaveallsystemlogssentto remotelogserverdependingonremotelogsoftware(forexample:KiwiSyslogDaemon). From navigation panel, select Administration/Log, then enter System Log page, as shown in Figure223. Figure323SystemLogSettings PagedescriptionisshowninTable311. Table311SystemLogSettingsDescription Parameters Description Default LogtoRemoteSystem Open/closeremotelogfunction Close IPAddress/Port(UDP) SetremoteserversIPaddress/Port None/514 LogtoConsole Open/closeconsolelogfunction Open 3.2.8.3KiwiSyslogDaemon KiwiSyslogDaemonisakindoffreelogserversoftwareusedinWindows,whichcouldreceive, record and display logs formed when powering on the host of syslog (for example, router, exchangeboard,Unixhost).AfterdownloadingandinstallationofKiwiSyslogDaemon,configure necessaryparametersonFile>>Setup>>Input>>UDP. 3.2.9SystemUpgrading Fromnavigationpanel,selectAdministration/Upgrade,thenenterUpgradepage,asshownin Figure324. Figure324SystemUpgrading Click < Browse > to upgrade documents and then click <Upgrade> to start. The whole process takes about 1min, upon the completion of which, restart the router and new firmware takes effect. Software upgrade takes time, during which, please do no carry out any operation on Web, otherwise,interruptionmaytakeplace. Upgradeconsistsoftwostages:firststage:readinofupgradedocumentintobackupfirmware zone,asdescribedinSectionofSystemUpgrade;secondstage:copyofdocumentsinbackup firmwarezoneintomainfirmwarezone,whichmaybeexecutedinsystemreboot. 3.2.10Reboot From navigation panel, select Administration/Reboot, then enter Reboot page, as shown in Figure325.Click<Yes>torebootthesystem. Figure325Reboot Pleasesavetheconfigurationsbeforereboot,otherwisetheconfigurationsthatarenotsaved willbelostafterreboot. 3.2.11CloudPlatform Cloudplatformisthroughsoftwareplatformtomanagedevices.Afterenablingcloudplatform,it can operatethe device managementthrough software platform that enables networkefficient running.Forexample,queryequipmentrunningstatus,updatethedevicesoftware,rebootthe device, and send configuration parameters to the equipment, etc., may also send control or querymessagetothedevicethroughthecloudplatform. 3.2.11.1CloudPlatform Fromnavigationpanel"Administration>>DeviceManagementCloud"menu,enterthe"Cloud Platform"screen,asshowninFigure326. Figure326CloudPlatform PagedescriptionisshowninTable312. Table312CloudPlatformDescription Parameters Description Default Server Port SetcloudplatformIPaddress Settingcloudplatformportnumber none none 3.2.11.2MOTTClient FromnavigationpanelAdministration>>DeviceManagementCloud"menu,enterthe"MOTT Client"screen,asshownbelow. 3.2.12ScheduledTasks From navigation panel, select Administration>>Schedule Management, then enter Schedule Managementpage,asshowninFigure327. Figure327ScheduleManagement 3.3Network 3.3.1Cellular SIMcarddialoutthroughDialInterface,achieverouterWiFicapabilities. Dialinterfacesupportsthreeconnections:alwayson,ondemanddialingandmanualdialing. 3.3.1.1Status Fromnavigationpanel,selectNetwork>>Cellular,thenenterStatuspage,asshowninFigure 328. Figure328Status 3.3.1.2Cellular Inthe"Cellular"page,youcancompletethewirelessdialconfiguration. Fromnavigationpanel,selectNetwork>>Cellular,thenenterCellularpage,asshowninFigure 3291. Figure3291Cellular AdvancedoptionsareshowninFigure3292. Figure3292CellularAdvancedoptions PagedescriptionisshowninTable313. Parameters Profile Roaming PINCode NetworkSelectionMode StaticIP Connection RedialInterval ICMPdetectionserver ICMPdetectioninterval ICMPdetectiontimeout ICMPdetectionmaximum numberofretries ICMPstrictdetection Index Network APN (CDMA2000 series doesnotsetthis) DialNumber UserName Password Table313CellularPageDescription Description Default Dialpolicychoices,donotneedtoconfigurehere Selectroaming SIMcardPINcode Threeoptions:Automatic,2Gand3G Click Enable (Enable require operators to open relatedservices) Alternativelyalwaysonline,ondemanddial(allows data activation, phone activation, SMS activation), manualdialing whensettingupthelandingfails,redialinginterval DetectremoteIPaddress SetICMPdetectioninterval SetICMPdetectiontimeout ICMP Set maximum number of retries when detection fails(Redial after reaching the maximum number) ClickEnable Dialparameters Userdefined, generally in the order defined by digital. Mobilenetworktypeusedforselecting Mobileoperatorstoprovidetherelevant parameters(accordingtolocaloperatorschoose) Mobileoperatorstoprovidetherelevant parameters(accordingtolocaloperatorschoose) Mobileoperatorstoprovidetherelevant parameters(accordingtolocaloperatorschoose) Mobileoperatorstoprovidetherelevant parameters(accordingtolocaloperatorschoose) 1 Enable None Auto Off Always online 10sec None 30sec 5sec 5 Off None GSM 3gnet
*99***1#
gprs
******
ClickEnableShowAdvancedOptions(thefollowingaretherelevantparameterstoconfigure InitiaCommands RSSIPollInterval Dialtimeout MTU MRU aftertheadvancedoptionsturnon) Usedtosetadvancednetworkparameters, generallydonotneedtofillin Setsignalqueryinterval Set dial timeout (after dialing timeout the system willredial) Setsthemaximumtransmissionunitinbytes Settingmaximumreceivingunitinbytes None 120sec 120sec 1500 1500 Enabledefaultasyncmap UseassignedDNSserver ClickEnabledefaultasyncmap Click to enable to accept assigned DNS by mobile operators. Disable Enable Connectiondetection interval ConnectionDetection maximumnumberof retries Enabledebugmode ExpertOptions Setconnectiondetectioninterval Set maximum number of retries when connection detection fails(Redial after reaching the maximum number) Thesystemcanprintamoredetailedlog Provide additional PPP parameters, users generally donotset 55sec 5 Enable None 3.3.2WLANInterface2.4G WLANorWirelessLAN,isquiteconvenientdatatransmissionsystem,whichusesradiofrequency
(RadioFrequency;RF)technology,toreplacetheoldoutofthewayoftwistedcopper(Coaxial) local area network composed of such a wireless local area network, can be accessed using a simplearchitectureallowsuserstothroughit,to"carryinformationtechnologytofacilitatetravel theworld,"theidealstate. 3.3.2.1Status From navigation panel, select Network/WLAN(2.4G), enter Status page, as shown in Figure 330. Figure330WLAN(2.4G)Status 3.3.2.2WLAN(2.4G) WLAN interface has access point and client two types. From navigation panel, select
"Network/WLAN (2.4G)" menu, enter "WLAN (2.4G)" page. Interface type using the "access point",asshowninFigure331a;interfacetypeusingthe"client",asshowninFigure331b. Figure331aWLAN(2.4G)AccessPoint PagedescriptionisshowninTable314a. Parameters MultipleSSID SSIDBroadcast RFType Channel Table314aAccessPointDescription Description ClickEnable,enabledreusablecustom3SSID Open"SSIDBroadcast",usercansearchwirelessnetwork throughSSIDname. SixtypesOptional:
802.11g/n,802.11g,802.11n,802.11b,802.11b/g,802.11b/
g/n Selectchannel Default Disable Enable 802.11g/n 11 UserdefinedSSIDname Fourauthenticationmodesavailable:Open,Shared, WPAPSKandWPA2PSK According to the different authentication methods, supportNONE,WEP40andWEP104 Twooptions:20MHzand40MHz Userdefined(upto128) InPortal3000 Open NONE 20MHz None SSID Authentication Encryption Wireless Bandwidth MaximumNumber ofClients Figure331bWLAN(2.4G)Client PagedescriptionisshowninTable314b. Table314bClientInterfaceDescription Parameters Description SSID Authentication Encryption WhentheWLANissetasClientmode,refertothefollowing3steps:
FillintheSSIDnametoconnect SSIDauthenticationmethod SSIDencryptionmethod Default None Open NONE Step 1: select "Network/Cellular" menu,enter "Cellular" page, anddisable Cellular function. If therouterdoesnothavecelluarmodule,skipthisstepandgotostep2. Step2:select"Network/WLAN(2.4G)"menu,enter"WLAN(2.4G)"pageandchooseClientto configurerelatedparametersasshowninFigure331b. Step2:select"Network/WLAN(2.4G)"menu,enter"IPSetup"pagetoconfigureIPparametersas shownin3.3.2.3IPSetup. 3.3.2.3IPSetup WLANinterfaceIPaddresssupportmultipleIP,itcanbesetaccordingtodemand,butuptomore than10. Fromnavigationpanel,select"Network/WLAN(2.4G)"menu,enter"IPSetup"page,asshownin Figure332. Figure332WLAN(2.4G)IPSetup 3.3.2.4SSIDScan WLAN interface selects client (Section 3.3.2.2WLAN Interface (2.4G)), SSID scanning function starts.Fromnavigationpanel"Network/WLAN(2.4G)"menu,enter"SSIDScan"page,willdisplay alltheavailableSSIDnames,andthedisplayInportalcanbeconnectedasaclientstate. 3.3.3WLANInterface5.8G 3.3.3.1Status From navigation panel, select Network/WLAN (5.8G), enter Status page, as shown in Figure 334. 3.3.3.2WLAN5.8G Figure334WLAN(5.8G)Status WLANinterfacehasaccesspointandclienttwotypes.Fromnavigationpanel"Network/WLAN
(5.8G)"menu,enter"WLAN(5.8G)"page.Interfacetypeusingthe"accesspoint",asshownin Figure335a;interfacetypeusingthe"client",asshowninFigure335b. Figure335aWLANinterface(5.8G)AcessPoint PagedescriptionisshowninTable315a. Table315aAcessPointDescription Description ClickEnable,enabledreusablecustom3SSID Open"SSIDBroadcast",usercansearchwirelessnetwork throughSSIDname. SixtypesOptional:
802.11g/n,802.11g,802.11n,802.11b,802.11b/g,802.11b/
g/n Selectchannel UserdefinedSSIDname Fourauthenticationmodesavailable:Open,Shared, WPAPSKandWPA2PSK According to the different authentication methods, supportNONE,WEP40andWEP104 Twooptions:20MHzand40MHz Default Disable Enable 802.11g/n 11 InPortal3000 Open NONE 20MHz Parameters MultipleSSID SSIDBroadcast RFType Channel SSID Authentication Encryption Wireless Bandwidth MaximumNumber ofClients Userdefined(upto128) None Figure335bWLANinterface(5.8G)Client PagedescriptionisshowninTable315b. Table315bWLANinterface(5.8G)Description Parameters Description 5Gpriority SSID Authentication Encryption WhentheWLANissetasClientmode,refertothefollowing3steps:
SelectEnable SSIDnametoconnect SSIDauthenticationmethod SSIDencryptionmethod Default Disable None Open NONE Step 1: select "Network/Cellular" menu,enter "Cellular" page, anddisable Cellular function. If therouterdoesnothavecelluarmodule,skipthisstepandgotostep2. Step2:select"Network/WLAN(5.8G)"menu,enter"WLAN(5.8G)"pageandchooseClientto configurerelatedparametersasshowninFigure335b. Step2:select"Network/WLAN(5.8G)"menu,enter"IPSetup"pagetoconfigureIPparametersas shownin3.3.3.3IPSetup. 3.3.3.3IPSetup WLANinterfaceIPaddresssupportmultipleIP,itcanbesetaccordingtodemand,butuptomore than10. Fromnavigationpanel,selectNetwork/WLAN(5.8G),enter"IPSetup"page,asshowninFigure 336. 3.3.3.4SSIDScan Figure336WLAN(5.8G)IPSetup WLAN interface selects client (Section 3.3.3.2WLAN Interface (5.8G)), SSID scanning function starts.Fromnavigationpanel"Network/WLANinterface(5.8G)"menu,enter"SSIDScan"page, willdisplayalltheavailableSSIDnames,andthedisplayInportalcanbeconnectedasaclient state. 3.3.4CaptivePortal CaptiveportalisWebpagethatusermustvisitandinteractwithbeforegrantedaccesstopublic access network. Captive portal usually offers free WiFi hotspot services to Internet users in commercialcenters,airports,hotellobbies,cafesandotherpublicplacestouse. Fromnavigationpanel"Network/captiveportal"menu,enterthe"captiveportal"page.Asshown inFigure338. PagedescriptionisshowninTable316. Figure338CaptivePortal Parameters LANInterface WANInterface SplashedHomePage Authentication Server ForceReloginPeriod SilentUser Table316CaptivePortalDescription Description Captiveportallocalinterface Externalnetworkadapter PushHometocustomers UserauthenticationserverIPaddressforuserlogin authentication Forceusertorelogin Userautomaticlogoffwhennoflow Default dotllradio1 cellular1 wifi.go None:80 None 5 AutomaticLogoff ClientFairness SpeedLimit Known Users Access Control Usedinconjunctionwiththespeedfunction Wificlienttrafficrestrictions Authenticated user access control two optionals:
blacklistandwhitelistmode. Enable None Blacklist TrustedMACAddressesList Serialnumber MACaddressauthenticationfreeuser Globalwhitelist Serialnumber addressorIPthatcanbeaccessedwithout authentication Authenticatedusersblacklist Serialnumber Restrictauthenticateduserstoaccessnetwork,thatis cannotbeaccessedbyauthenticatedusersto blacklistaddressesorIP None None None None None None ID MACAddress ID Domain/IP ID Domain/IP 3.3.5DHCPservice Alongwiththecontinuousexpansionofnetworksizeandcomplicationofnetwork,numberof computers often exceeds distributable IP addresses. Meanwhile, in pace with the extensive applicationofportabledevicesandwirelessnetwork,positionofcomputerchangesfrequently, resultingtothefrequentupgradeofIPaddress,leadingtoamoreandmorecomplicatednetwork configuration.DHCP(DynamicHostConfigurationProtocol)isaproductforsuchdemands. DHCP adopts Client/Server communication mode. Client sends configuration request to Server whichfeedsbackcorrespondingconfigurationinformation,includingdistributedIPaddresstothe ClienttoachievethedynamicconfigurationofIPaddressandotherinformation. In typical applications of DHCP, generally one DHCP Server and a number of Clients (PC and PortableDevices)areincluded,asthefollowingfigureshows:
When DHCP Client and DHCP Server are in different physical network segment, Client could communicate with Server through DHCP Relay to obtain IP address and other configuration information,asthefollowingfigureshows:
3.3.5.1Status Fromnavigationpanel,selectNetwork/DHCP,thenenterStatuspage,asshowninFigure339. Figure339DHCPStatus 3.3.5.2DHCPServer ThedutyofDHCPServeristodistributeIPaddresswhenWorkstationlogsonandensureeach workstation is supplied with different IP address. DHCP Server has simplified some network managementtasksrequiringmanualoperationsbeforetothelargestextent. From navigation panel, select Network >>DHCP, then enter DHCP Server page, as shown in Figure340. Figure340DHCPServer PagedescriptionisshowninTable317. Parameters Enable Interface StartingAddress Table317DHCPServerDescription Description On/Off dot11radio1 DynamicaldistributionofstartingIPaddress EndingAddress DynamicaldistributionofendingIPaddress Lease DynamicaldistributionofIPvalidity DNSServer Oneortwo,orNone WINS SetupofWINS,generallyleftblank StaticIPSetup Default Off dot11radio1 N/A N/A 1440 N/A N/A MACAddress IPAddress Set up a static specified DHCPs MAC address
(differentfromotherMACstoavoidconfliction) 0000.0000.0000 Set up a static specified IP address (within the scopefromstartIPtoendIP) N/A If the host connected with router chooses to obtain IP address automatically, then such service must be activated. Static IP setup could help a certain host to obtain specified IP address. 3.3.5.3DHCPRelay Generally, DHCP data packet is unable to be transmitted through router. That is to say, DHCP Server is unable to provide DHCP services for two or more devices connected with a router remotely.ThroughDHCPrelay,DHCPrequestsandresponsedatapacketcouldgothroughmany routers(BroadbandRouter). Fromnavigationpanel,selectNetwork/DHCP,thenenterDHCPRelaypage,asshowninFigure 341. Figure341DHCPRelay PagedescriptionisshowninTable318. Table318DHCPRealyDescription Parameters Description Enable On/Off DHCPSever SetDHCPserver;upto4serverscanbeconfigured SourceIP AddressoftheinterfaceconnectedtotheDHCPserver Default Off N/A N/A 3.3.5.4DHCPClient From navigation panel, select Network/DHCP, then enter DHCP Client page, by clicking to enable,chooseSSIDinterface,asshowninFigure342. 3.3.6DNSServices Figure342DHCPClient DNS (Domain Name System) is a DDB used in TCP/IP application programs, providing switch betweendomainnameandIPaddress.ThroughDNS,usercoulddirectlyusesomemeaningful domain name which could be memorized easily and DNS Server in network could resolve the domainnameintocorrectIPaddress. The device supports to achieve following two functions through domain name service configuration:
DNSServer:fordynamicdomainnameresolution. DNSrelay:thedevice,asaDNSAgent,relaysDNSrequestandresponsemessagebetween DNSClientandDNSServertocarryoutdomainnameresolutioninlieuofDNSClient. 3.3.6.1DNSServer DomainNameServer:DNSstandsforDomainNameSystem.ItisacoreserviceoftheInternet. AsadistributeddatabasethatcanletthedomainnamesandIPaddressesmappingtoeachother, itallowspeopletomoreconvenientlyaccesstotheInternetwithouttheneedtomemorizetheIP stringthatcanbedirectlyreadbythecomputer. Fromnavigationpanel,selectNetwork/DNS,thenenterDNSServerpage.Inmanualsetupof DNSServer,ifitisblank,thendialtoobtainDNS.Generallythisitemisrequiredtobesetwhen WANportusesstaticIP,asshowninFigure343. Figure343DNSServer PagedescriptionisshowninTable319. Table319DNSServerDescription Parameters Description Default PrimaryDNS UserdefinePrimaryDNSaddress SecondaryDNS UserdefineSecondaryDNSaddress N/A N/A 3.3.6.2DNSRelay DNSforwarding:DNSforwardingisopenbydefault.Youcansetthespecified[DomainName<=>
IP Address] to let IP address match with the domain name, thus allowing access to the appropriateIPthroughaccessingtothedomainname. Fromnavigationpanel,selectNetwork/DNS,thenenterDNSRelaypage,asshownin344. PagedescriptionisshowninTable320. Figure344DNSRelay Table320DNSDelayDescription Description Default On/Off DomainName SetIPAddress1 SetIPAddress2 On N/A N/A N/A Parameters EnableDNSRelay Host IPAddress1 IPAddress2 OnceDHCPisturnedon,DNSrelaywillbeturnedonasdefaultandcantbeturnedoff;toturn offDNSrely,DHCPServerhastobeclosedfirstly. 3.3.7SMS SMSpermitsmessagebasedrebootandmanualdialing. Fromnavigationpanel,selectNetwork/SMS,thenenterBasicpage.ConfigurePermitactionto PhoneNumberandclick<Apply&Save>.Afterthatyoucansendrebootcommandtorestart the device or cellular 1 ppp up/down to redial ordisconnect the device, as shown in Figure 345. Figure345SMS PagedescriptionisshowninTable321. Parameters Table321SMSDescription Description Enable Mode On/Off TEXTandPDU PollInterval UserdefinePollInterval ID Action SMSAccessControl UserdefineID Permitandrefuseareavailable PhoneNumber Trustingphonenumber 3.3.8VLANInterface Default Off TEXT 120 1 Permit N/A VLAN (Virtual Local Area Network) divides LAN device logically into one and another network segment,enableemergingdataexchangetechnologyofvirtualworkgroups. 3.3.8.1VLANConfiguration From navigation panel "Network/VLAN" menu, enter "Configure VLAN Parameters" page, click
<Add>buttontoaddtheVLAN,asshowninFigure346. Figure346ConfigureVLANParameters PagedescriptionisshowninTable322. Table322ConfigureVLANParametersDescription Parameters Description Default None VLANID IP Primary Address Secondary IPAddress VLANID,Userdefined VLANInterface IPaddress Subnet Mask IPaddress Subnet Mask Users can configure or change the primary IP addressneeded Userscanconfigureorchangethesubnetmaskif necessary InadditiontoprimaryIP,usercanalsoconfigure 10SecondaryIPaddresses Userscanconfigureorchangethesubnetmaskif necessary None None 3.3.8.2VLANAggregation Fromnavigationpanel"Network/VLANmenu,enter"VLANTrunk"page,setVLANportmodefor InPortal,themodecanbesettoAccessorTrunk,asshowninFigure347. 3.3.9ADSLDialupPPPoE Figure347VLANTrunk PPPoEisPointtoPointProtocoloverEthernet.Usersneedwhilemaintainingtheoriginalaccess, installaPPPoEclient.ThroughPPPoE,aremoteaccessdevicecanrealizecontrolandaccounting ofeachaccessuser. EthernetinterfaceconnectionmodeyouconfigurehereisPPPoE,namelytheinterfaceasPPPoE client. Fromnavigationpanel"Network/ADSLDialup(PPPoE)"menu,enter"ADSLDialup(PPPoE)"page, asshowninFigure348. Figure348PPPoE PagedescriptionisshowninTable323. Table323PPPoEDescription Parameters Description Default DialPool Interface Userdefined,easytorememberandmanage SelectFastethernet0/1orFastethernet0/2 None Fastethernet0/1 ID PoolID AuthenticationType UserName Password LocalIPAddress PPPoEList Userdefined,easytorememberandmanage DialpoolIndex Threeoptions:Auto,PAP,CHAP Relevantparametersprovidedbypeer operator Relevant parameters provided by peer operator AssignedIPaddresstoEthernetinterface RemoteIPAddress RemoteIPaddress 1 None Auto None None None None 3.3.10LoopbackInterface Loopback is used to represent router ID, because if you use active interface, when activity interfaceDOWN,routerIDissubjecttoreselection,thatwouldcauseOSPFconvergencetime slow,thusloopbackinterfaceisgenerallyusedasarouterID. Loopbackinterfaceislogicalandvirtualinterfaceonrouters.Nodefaultrouterloopbackinterface. Youcancreateanynumberofloopbackinterfacesasneeded.Theseinterfacesonroutertreated like physical interface: You can assign them addressing information, including their choice to updatethenetworknumberinrouters,oreventerminateIPconnectiononthem. From navigation panel "Network/Loopback Interface" menu, enter "loopback" page, shown in Figure349. PagedescriptionisshowninTable324. Figure349Loopback Table324LoopbackInterfaceDescription Description Default Usercannotchange. Usercannotchange. InadditiontotheaboveIP,useralsocanbeequipped withotherIPaddresses 127.0.0.1 255.0.0.0 None Parameters IPAddress SubnetMask MultiIPsettings SinceloopbackinterfaceisexclusiveofoneIPaddress,subnetmaskisgenerallyrecommended to255.255.255.255,tosaveresources. 3.3.11DynamicDomainName DDNS Dynamic Domain Name Service is mapping user dynamic IP address to a fixed domain nameresolutionservices,whenuserconnecttothenetwork,clientprogramwillpassdynamicIP address of the host through information transfer to server program on the host of service providers, the server program is responsible for providing DNS service and realizing dynamic domain name resolution. That is, DDNS to capture changeable IP address, then corresponding with domain name, so that other Internet users can communicate through the domain name. And all final customers to remember, is to remember the dynamic domain name given by suppliers,withouthavingtopipehowtheyareimplemented. DDNSfunctionasDDNSclienttools,weneedtoworkwithDDNSserver.Beforeusingthisfeature, youneedfirsttofindcorrespondingsitessuchas(www.3322.org)andapplyforregistrationofa domainname. DDNS service type include: DynAccess, QDNS
(3322)Dynamic, QDNS
(3322)Static, DynDNSDynamic,DynDNSStaticandNoIP. Fromnavigationpanel"Network/DDNS"menu,enter"DDNS"page.Setdynamicbindingdomain. AsshowninFigure350. Figure350DynamicDomainName PagedescriptionisshowninTable325. Table325DynamicDomainNameDescription Parameters Description Default Method ServiceType UserName Password Host SpecifiedInterface UpdateMethod Userdefined Selectdynamicdomainnameserviceproviders ApplyregistrationDDNSusername ApplyregistrationDDNSusername ApplyregistrationDDNShost Defineddynamicdomainupdatemethod None Disable None None None None IfIProuterdialobtainaprivateaddress,dynamicDNSfunctionisnotavailable. 3.3.12BridgeInterface Fromnavigationpanel"Network/Bridge"menu,enter"Bridge1"page,setrelatedparameters,as showninFigure351. PagedescriptionisshowninTable326. Figure351Bridge1 Table326EthernetInterfaceParameterDescription Parameters Description BridgeID Bridgenumbercanonlybeassignedto1 BridgeInterface IPaddressandsubnetmaskof primaryaddress IPaddressandsubnetmaskof secondaryaddress Configure or change the primary IP address and subnetmaskasneeded. InadditiontoprimaryIPfromoutside,clientsalso can be equipped with secondary IP address and subnetmask Clickenablebridgeinterface BridgeMember Default None None None None 3.4LinkBackup 3.4.1SLA BasicConceptsandPrinciples Undernormalcircumstances,theedgeroutercandetectifthelinklinkedtotheISPisinfault.If thenetworklinkingtooneISPisinfault,anotherISPwillbeusedtotransmitallthedatastreams. However,ifthelinkofanISPisnormalandtheinfrastructurefails,theedgerouterwillcontinue tousethisroute.Then,thedataisnolongerreachable. Onefeasiblesolutionistousingstaticroutingorpolicybasedroutingtofirsttestthereachability ofimportantdestination.Ifitisunreachable,thestaticroutingwillbedeleted. ThereachabilitytestcanbeperformedwithInHandSLAtocontinuouslycheckthereachabilityof ISPandbeassociatedwithstaticrouting. BasicprinciplesofInHandSLA:1.Objecttrack:Trackthereachabilityofthespecifiedobject.2. SLAprobe:TheobjecttrackfunctioncanuseInHandSLAtosenddifferenttypesofdetectionsto theobject.3.Policybasedroutingusingroutemappingtable:Itassociatesthetrackresultswith theroutingprocess.4.Usingstaticroutingandtrackoptions. SLAConfigurationSteps Step1:DefineoneormoreSLAoperations(detection). Step2:DefineoneormoretrackobjectstotrackthestatusofSLAoperation. Step3:Definemeasuresassociatedwithtrackobjects. Fromnavigationpanel,selectLinkBackup>>SLA,thenenterSLApage,asshowninFigure 352. Figure352SLA PagedescriptionisshowninTable327. Parameters Index Type Table327SLADescription Description SLAindexorID Default 1 Detectiontype,defaultisicmpecho,theusercannotchange icmpecho IPAddress DetectedIPaddress DataSize Userdefinedatasize Interval Userdefinedetectioninterval Timeout(ms) Userdefine,Timeoutfordetectiontofail Connecutive Detectionretries Life Defaultisforever,usercannotchange Starttime DetectionStarttime,selectnoworNone 3.4.2TrackModule None 56 30 5000 5 forever now Track is designed to achieve linkage consisting of application module, Track module and monitoringmodule.Linkagereferstoachievethelinkageamongstdifferentmodulesthroughthe establishmentoflinkageitems,namely,themonitoringmodulecouldtriggerapplicationmodule totakeacertainactionthroughTrackmodule.Monitoringmoduleisresponsiblefordetectionof linkstatus,networkperformanceandnotificationtoapplicationmoduleofdetectionresultsvia Track module. Once the application module finds out any changes in network status, corresponding measures will be taken on a timely basis so as to avoid interruption of communicationorreductionofservicequality. Trackmoduleislocatedbetweenapplicationmoduleandmonitoringmodulewithmainfunctions ofshieldingthedifferencesofdifferentmonitoringmodulesandprovidinguniforminterfacesfor applicationmodule. TrackModuleandMonitoringModuleLinkage Throughconfiguration,thelinkagerelationshipbetweenTrackmoduleandmonitoringmoduleis established.Monitoringmoduleisresponsiblefordetectionoflinkstatus,networkperformance andnotificationtoapplicationmoduleofdetectionresultsviaTrackmodulesoastocarryout timelychangeofthestatusofTrackitem:
Successfuldetection,correspondingtrackitemisPositive Faileddetection,correspondingtrackitemisNegative TrackModuleandApplicationModuleLinkage Throughconfiguration,thelinkagerelationshipbetweenTrackmoduleandapplicationmoduleis established. In case of any changes in track item, a notification requiring correspondent treatmentwillbesenttoapplicationmodule. Currently, application modules which could achieve linkage with track module include: VRRP, staticrouting,strategybasedroutingandinterfacebackup. Undercertaincircumstances,onceanychangesinTrackitemarefounded,ifatimelynotification issenttoapplicationmodule,thencommunicationmaybeinterruptedduetoroutingsfailurein timelyrestorationandotherreasons.Forexample,MasterrouterinVRRPbackupgroupcould monitorthestatusofupstreaminterfacethroughTrack.Incaseofanyfaultinupstreaminterface, MasterrouterwillbenotifiedtoreduceprioritysothatBackuproutermayascendtothenew Mastertoberesponsibleforrelayofmessage.Onceupstreaminterfaceisrecovered,solongas TrackimmediatelysendsamessagetooriginalMasterroutertorecoverpriority,thentherouter willtakeoverthetaskofmessagerelay.Atthattime,messagerelayfailuremayoccursincethe routerhasnotrestoredtotheupstreamrouter.Undersuchcircumstances,usertoconfigurethat once any changes take place in Track item, delays a period of time to notify the application module. Fromnavigationpanel,selectLinkBackup/Track,thenenterTrackpage,asshownFigure353. Figure353TrackM PagedescriptionisshowninTable328. Parameters Description Table328TrackDescription Index Type SLA ID Interface TrackindexorID Defaultsla,Usercannotchange DefinedSLAIndexorID Detectinterfacesup/downstate Default 1 sla None cellular1 Incaseofnegativestatus,switchingcanbedelayedbasedon thesettime(0representsimmediateswitching),ratherthan 0 immediateswitching. Incaseoffailurerecovery,switchingcanbedelayedbasedon thesettime(0representsimmediateswitching),ratherthan 0 immediateswitching. Negative Delay
(m) Positive Delay
(m) 3.4.3VRRP Default route provides convenience for users configuration operations but also imposes high requirementsonstabilityofthedefaultgatewaydevice.Allhostsinthesamenetworksegment aresetupwithanidenticaldefaultroutewithgatewaybeingthenexthopingeneral.Whenfault occursongateway,allhostswiththegatewaybeingdefaultrouteinthenetworksegmentcant communicatewithexternalnetwork. Increasingexitgatewayisacommonmethodforimprovingsystemreliability.Then,theproblem to be solved is how to select route among multiple exits. VRRP (Virtual Router Redundancy Protocol)addsasetofroutersthatcanundertakegatewayfunctionintoabackupgrouptoforma virtual router. The election mechanism of VRRP will decide which router to undertake the forwarding task and the host in LAN is only required to configure the default gateway for the virtualrouter. VRRPwillbringtogetherasetofroutersinLAN.Itconsistsofmultipleroutersandissimilartoa virtual router in respect of function. According to the vlan interface ip of different network segments,itcanbevirtualizedintomultiplevirtualrouters.EachvirtualrouterhasanIDnumber andupto255canbevirtualized. VRRPhasthefollowingcharacteristics:
VirtualrouterhasanIPaddress,knownastheVirtualIPaddress.ForthehostinLAN,it isonlyrequiredtoknowtheIPaddressofvirtualrouter,andsetitastheaddressofthe nexthopofthedefaultroute. Host in the network communicates with the external network through this virtual router. 1 router will be selected from the set of routers based on priority to undertake the gatewayfunction.Otherrouterswillbeusedasbackuprouterstoperformthedutiesof gateway for the gateway router in caseof fault of gateway router,thus to guarantee uninterruptedcommunicationbetweenthehostandexternalnetwork VRRPNetworkingScheme AsshowninFigureabove,RouterAandRouterCcomposeavirtualrouter.Thisvirtualrouterhas itsownIPaddress.ThehostinLANwillsetthevirtualrouterasthedefaultgateway.RouterAor RouterC,theonewiththehighestpriority,willbeusedasthegatewayroutertoundertakethe functionofgateway.AnotherrouterwillbeusedasaBackuprouter. MonitorinterfacefunctionofVRRPbetterexpandsbackupfunction:thebackupfunctioncanbe offered when interface of a certain router has fault or other interfaces of the router are unavailable. WheninterfaceconnectedwiththeuplinkisatthestateofDownorRemoved,therouteractively reducesitsprioritysothatthepriorityofotherroutersinthebackupgroupishigherandthusthe routerwithhighestprioritybecomesthegatewayforthetransmissiontask. From navigation panel, select Link Backup/VRRP, then enter VRRP page, as shown in Figure 354. Figure354VRRP PagedescriptionisshowninTable329. Parameters Description Table329VRRPDescription Enable Enable/Disable VirtualRouteID UserdefineVirtualRouteID Interface ConfiguretheinterfaceofVirtualRoute VirtualIPAddress ConfiguretheIPaddressofVirtualRoute Default Enable None vlan1 None TheVRRPpriorityrangeis0255(alargernumberindicates Priority ahigherpriority).Therouterwithhigherprioritywillbe 100 morelikelytobecomethegatewayrouter. Advertisement Heartbeat package transmission time interval between Interval routersinthevirtualipgroup If the router works in the preemptive mode, once it finds PreemptionMode that its own priority is higher than that of the current gateway router, it will send VRRP notification package, resulting in reelection of gateway router and eventually 1 Enable replacing the original gateway router. Accordingly, the originalgatewayrouterwillbecomeaBackuprouter. TrackID TraceDetection,selectthedefinedTrackindexorID None 3.4.4InterfaceBackup Interfacebackupreferstobackuprelationshipformedbetweenappointedinterfacesinthesame equipment. When service transmission cant be carried out normally due to fault of a certain interfaceorlackofbandwidth,rateofflowcanbeswitchedtobackupinterfacequicklyandthe backup interface will carry out service transmission and share network flow so as to raise reliabilityofcommunicationofdataequipment. Whenlinkstateofmaininterfaceisswitchedfromuptodown,systemwillwaitforpresetdelay first instead of switching to link of backup interface immediately. Only if the state of main interface still keeps down after the delay, system will switch to link of backup interface. Otherwise,systemwillnotswitch. Afterlinkstateofmaininterfaceisswitchedfromdowntoup,systemwillwaitforpresetdelay firstinsteadofswitchingbacktomaininterfaceimmediately.Onlyifstateofmaininterfacestill keepsupafterthedelay,systemwillswitchbacktomaininterface.Otherwise,systemwillnot switch. Fromnavigationpanel,selectLinkBackup/InterfaceBackup,thenenterInterfaceBackuppage, asshowninFigure355. Figure355InterfaceBackup PagedescriptionisshowninTable330. Table330InterfaceBackupDescription Parameters Description PrimaryInterface Theinterfacebeingused BackupInterface Interfacetobeswitched Default cellular1 cellular1 StartupDelay Sethowlongtowaitforthestartuptrackingdetection 60 UpDelay DownDelay policytotakeeffect When the primary interface switches from failed detection to successful detection, switching can be delayedbasedonthesettime(0representsimmediate switching),ratherthanimmediateswitching. When the primary interface switches from successful detection to failed detection, switching can be delayed based on the set time (0 represents immediate switching),ratherthanimmediateswitching. 0 0 TrackID TraceDetection,selectthedefinedTrackindexorID None 3.5Routing 3.5.1StaticRoute Staticroutingisaspecialroutingthatrequiresyourmanualsetting.Aftersettingstaticrouting, thepackageforthespecifieddestinationwillbeforwardedaccordingtothepathdesignatedby you.Inthenetworkwithrelativelysimplenetworkingstructure,itisrequiredtosetstaticrouting to achieve network interworking. Proper setting and use static routing can improve the performanceofnetworkandcanguaranteebandwidthforimportantnetworkapplications. Disadvantages of static routing: It cannot automatically adapt to the changes in the network topology. The network failure or changes in topology may cause the route unreachable and networkinterrupted.Then,youarerequiredtomanuallymodifythesettingofstaticrouting. StaticRoutingperformsdifferentpurposesindifferentnetworkenvironments. Whenthenetworkstructureiscomparativelysimple,thenetworkcanworknormally onlywithStaticRouting. Whileincomplexnetworkenvironment,StaticRoutingcanimprovetheperformanceof networkandensurebandwidthforimportantapplication. StaticRoutingcanbeusedinVPNexamples,mainlyforthemanagementofVPNroute. 3.5.1.1RoutingStatus Fromnavigationpanel,selectRouting/StaticRouting,thenenterRouteTablepage,asshownin Figure356. Figure356RoutingStatus 3.5.1.2StaticRouting From navigation panel, select Routing/Static Routing, then enter Static Routing, page. Add/deleteadditionalRouterstaticrouting.Normallyusersdonnotneedtoconfigurethisitem, asshownin357. Figure357StaticRouting PagedescriptionisshowninTable331. Table331StaticRoutingDescription Parameters Description Default Destinationaddress EnterthedestinationIPaddressneedtobereached None SubnetMask Enter the subnet mask of destination address need to be None reached Interface The interface through which the data reaches the None destinationaddress Gateway IP address of the next router to be passed by before the None Distance TrackID inputdatareachesthedestinationaddress Priority,smallervaluecontributestohigherpriority SelectthedefinedTrackindexorID None None 3.5.2DynamicRouting The routing table entry on dynamic router is obtained in accordance with certain algorithm optimization through the information exchange between the connected routers, while the routing information is continuously updating in certain time slot so as to adapt to the continuouslychangingnetworkandobtaintheoptimizedpathfindingeffectsatanytime. In order to achieve efficient pathfinding of IP packet, IETF has developed a variety of pathfinding protocols, including Open Shortest Path First (OSPF) and Routing Information Protocol(RIP)forAutonomousSystem(AS)interiorgatewayprotocol.Thesocalledautonomous system refers to the collection of hosts, routers and other network devices under the managementofthesameentity(e.g.schools,businesses,orISP) 3.5.2.1RoutingStatus Fromnavigationpanel,selectRouting/DynamicRouting,thenenterRouteTablepage,asshown inFigure358. Figure358RoutingStatus 3.5.2.2RIP RIP(RoutingInformationProtocol)isarelativelysimpleinteriorgatewayprotocol(IGP),mainly usedforsmallernetworks.ThecomplexenvironmentsandlargenetworksgeneraldonotuseRIP. RIP uses Hop Count to measure the distance to the destination address and it is called RoutingCost.InRIP,thehopcountfromtheroutertoitsdirectlyconnectednetworkis0andthe hop count of network to be reached through a router is 1 and so on. In order to limit the convergencetime,thespecifiedRoutingCostofRIPisanintegerintherangeof0~15andhop countlargerthanorequalto16isdefinedasinfinity,whichmeansthatthedestinationnetwork orhostisunreachable.Becauseofthislimitation,theRIPisnotsuitableforlargescalenetworks. Toimproveperformanceandpreventroutingloops,RIPsupportssplithorizonfunction.RIPalso introducesroutingobtainedbyotherroutingprotocols. ItisspecifiedinRFC1058RIPthatRIPiscontrolledbythreetimers,i.e.Periodupdate,Timeout andGarbageCollection:
EachrouterthatrunsRIPmanagesaroutingdatabase,whichcontainsroutingentriestoreachall reachabledestinations.Theroutingentriescontainthefollowinginformation:
Destinationaddress:IPaddressofhostornetwork. Addressofnexthop:IPaddressofinterfaceoftheroutersadjacentroutertobepassedby onthewaytoreachthedestination. Outputinterface:Theoutputinterfacefortheroutertoforwardpackage. RoutingCost:Costfortheroutertoreachthedestination. Routingtime:Thetimefromthelastupdateofrouterentrytothepresent.Eachtimethe routerentryisupdated,theroutingtimewillberesetto0. Fromnavigationpanel,selectRouting>>DynamicRouting,thenenterRIPpage,asshownFigure 3591. Figure3591RIP AdvancedOptionsareshowninFigure3592. Figure3592RIP PagedescriptionisshowninTable332. Parameters Table332RIPDescription Description Enable Enable/Disable Updatetimer Itdefinestheintervaltosendroutingupdates Default Disable 30 Itdefinestheroutingagingtime.Ifnoupdatepackageon Timeouttimer aroutingisreceivedwithintheagingtime,theroutings 180 ClearTimer RoutingCostintheroutingtablewillbesetto16. ItdefinesthetimefromthetimewhentheRoutingCost ofaroutingbecomes16tothetimewhenitisdeleted fromtheroutingtable.Inthetimeof GarbageCollection,RIPuses16astheRoutingCostfor sendingupdatesoftherouting.Incaseoftimeoutof GarbageCollectionandtheroutingstillhasnotbeen 120 updated,theroutingwillbecompletelyremovedfrom theroutingtable. Network ThefirstIPaddressandsubnetmaskofthesegment None DefaultPost DefaultMetric Redirectdirectroute RedirectStatic RoutE RedirectOSPRoutE Distance IPaddress SubnetMask AdvancedOptions ClickEnable,thedefaultinformationwillenable publishing Defaultcostofroutertodestination Direct, Static, and OSP route agreement introduced to RIProuteagreement AdvancedOptionsDistance/MetricManagement Set RIP routing administrative distance, priority, the smallervalue,thepriority Network number is the first IP address in network segment Subnetmask,networknumberissubnetmaskofthefirst IPaddressinnetworksegment Disable 1 Disable Disable Disable 120 None None Redirectrouting metric Ingress/egress filteringpolicy Interface AccessList PolicyType Policyname Ingress/egress filteringpolicy Interface Sendfiltration AccessList ApplicationoftheACLID Rewritedefaultcostfromroutetothedestination Setredirectionroutefilteringpolicy(in/out) SetInterfacerewritingtoroute ApplicationoftheACLID AdvancedOptionsRouteFilteringPolicy Selectthetypeofpolicytoimplement Custompolicyname None None in None None Accesslist None Selectpolicyappliedintheoutboundorinbound in SelectroutefilteringpolicyenforcementInterface After enabling, only RIP packet send to the default routinginterface. None Disable PassiveInterface RIPsendversion RIPReceiveversion Horizontalsplit/
toxicityFlip Authentication Key AdvancedOptionsInterface Afterenabling,onlyreceiveRIPpacket,nosend SelectSendRIPpacketversion ChoosereceiveRIPpacketversion Selectenablesplithorizonorpoisonreversefunction Selecttheinterfaceauthenticationmode Fillinthecorrespondingkey AdvancedOptionsNeighbor IPaddress NeighborIPaddress Disable Default Default None None None None 3.5.2.3OSPF OpenShortestPathFirst(OSPF)isalinkstatusbasedinteriorgatewayprotocoldevelopedbyIETF. RouterID If a router wants to run the OSPF protocol, there should be a Router ID. Router ID can be manually configured. If no Router ID is configured, the system will automatically select one IP addressofinterfaceastheRouterID. Theselectionorderisasfollows:
If a Loopback interface address is configured, then the last configured IP address of LoopbackinterfacewillbeusedastheRouterID;
If no LoopBack interface address is configured, choose the interface with the biggest IP adressfromotherinterfacesastheRouterID. NeighborandNeighboring AfterthestartupofOSPFrouter,itwillsendoutHellopacketsthroughtheOSPFinterface.Upon receiptofHellopacket,OSPFrouterwillchecktheparametersdefinedinthepacket.Ifbothare consistent,aneighborrelationshipwillbeformed.Notallbothsidesinneighborrelationshipcan form theadjacency relationship. It is determined based on the network type. Only when both sidessuccessfullyexchangeDDpacketsandLSDBsynchronizationisachieved,theadjacencyin thetruesensecanbeformed.LSAdescribethenetworktopologyaroundarouter,LSDBdescribe entirenetworktopology. From navigation panel, select Routing/Dynamic Routing, then enter OSPF page,as shown in Figure360. Figure360OSPF PagedescriptionisshowninTable333. Parameters Enable RouterID Table333OSPFDescription Description Enable/Disable RouterIDoftheoriginatingtheLSA Interface Interface Theinterface Default Disable None None HelloInterval Send interval of Hello packet. If the the Hello 10 timebetweentwoadjacentroutersisdifferent, youcannotestablishaneighborrelationship. Dead Time. If no Hello packet is received from theneighbors,theneighborisconsideredfailed. DeadInterval If dead times of two adjacent routers are 40 different, the neighbor relationship can not be established. WhentherouternotifiesanLSAtoitsneighbor, itisrequiredtomakeacknowledgement.Ifno RetransmitInterval acknowledgementpacketisreceivedwithinthe 5 retransmissioninterval,thisLSAwillbe retransmittedtotheneighbor. OSPFpacketalsoneedtospendtimewhen travelingonlinks,soLSAagingtime(age)before transferringtoaddadelaytime,inthe lowspeedlinksrequireconsiderationof configuration. 1 InterfaceInterfaceAdvancedOptions ConfigureOSPFinterfaceparameters Afterenabling,onlyreceiveRIPpacket,nosend Bydefault,aninterfacecomputesitscost accordingtothebandwidth ConfigureOSPFrouterinterfacepriority Network IPAddressoflocalnetwork SubnetMaskofIPAddressoflocalnetwork AreaIDofrouterwhichoriginatingLSA None Disable 10 10 None None None LSAtransmissiondelay timer InterfaceName PassiveInterface InterfaceCost ProtocolPriority IPAddress SubnetMask AreaID 3.5.2.4FilteringRoute ClicknavigationpanelRouting/DynamicRoutingmenu,enterFilteringRouteinterface,as showninFigure361. Figure361FilteringRoute PagedescriptionisshowninTable334. Parameter Table334FilteringRouteDescription Description AccessControlList Accesslist Userdefined Action Permitanddeny Default None Permit AnyAddress Any address after clicking, no matching IP address and Disable subnetmaskagain 3.5.3MulticastRouting Multicast routing sets up an acyclic data transmission route from data source end to multiple receivingends,whichreferstotheestablishmentofamulticastdistributiontree.Themulticast routing protocol is used for establishing and maintaining the multicast routing and forrelaying multicastdatapacketcorrectlyandefficiently. 3.5.3.1BasicSettings Thebasicismainlytodefinethesourceofmulticastrouting. From navigation panel, select Routing/Multicast Routing, then enter Basic page,as shown in Figure362. PagedescriptionisshowninTable335. Figure362BasicSettings Table335BasicSettingsDescription Parameters Description Default Enable Source Netmask 3.5.3.2IGMP Open/Close IPAddressofSource NetmaskofSource Close None 255.255.255.0 IGMP,beingamulticastprotocolinInternetprotocolfamily,whichisusedforIPhosttoreportits constitutiontoanydirectlyadjacentrouter,definesthewayformulticastcommunicationofhosts amongstdifferentnetworksegmentswithpreconditionthattherouteritselfsupportsmulticast andisusedforsettingandmaintainingtherelationshipbetweenmulticastmembersbetweenIP host and the directly adjacent multicast routing. IGMP defines the way for maintenance of memberinformationbetweenhostandmulticastroutinginanetworksegment. In the multicast communication model, sender, without paying attention to the position informationofreceiver,onlyneedstosenddatatotheappointeddestinationaddress,whilethe informationaboutreceiverwillbecollectedandmaintainedbynetworkfacility.IGMPissucha signaling mechanism for a host used in the network segment of receiver to the router. IGMP informs the router the information about members and the router will acquire whether the multicastmemberexistsonthesubnetconnectedwiththerouterviaIGMP. Functionofmulticastroutingprotocol:
Discovering upstream interface and interface closest to the source for the reason that multicastroutingprotocolonlycarestheshortestroutetothesource. Decidingtherealdownstreaminterfacevia(S,G).Amulticasttreewillbefinishedafterall routers acquire their upstream anddownstream interfaces with root being router directly connectedwiththesourcehostandbranchesbeingroutersdirectlyconnectedviasubnet withmemberdiscoveredbyIGMP. Managingmulticasttree.Themessagecanbetransferredoncetheaddressofnexthopcan beacquiredbyunicastrouting,whilemulticastreferstorelaymessagegeneratedbysource toagroup. From navigation panel, select Routing/Multicast Routing, then enter IGMP page,as shown in Figure363. PagedescriptionisshowninTable336. Figure363IGMP Parameters Table336IGMPDescription Description UplinkInterface Default UplinkInterface linktouppernetworkdeviceinterface None DownlinkInterface DownlinkInterface UplinkInterface linktoterminalequipmentinterface linktouppernetworkdeviceinterface cellular1 cellular1 3.6Tools 3.6.1PING HelptoPINGinternetthroughroute. Fromnavigationpanel,selectTools/Ping,thenenterPingpage,asshowninFigure364. Figure364PING PagedescriptionisshowninTable337. Table337PINGDescription Parameters Description Default Host It requires the destination host address of PING 192.168.2.1 detection PingCount SetPingdetectioncount PacketSize Setpacketsizeofpingdetection ExpertOptions Advancedparametersofpingcanbeused 4 32bytes None 3.6.2RoutingDetection Itisusedtodetectnetworkroutingfailure. Fromnavigationpanel,selectTools/Traceroute,thenenterTraceroutepage,asshowninFigure 365. Figure365Traceroute PagedescriptionisshowninTable338. Table338TracerouteDescription Parameters Description Host Hostaddressneedstodetect MaxiumHops Setthemaxiumhopsofroutingdetection Timeout Protocol Settimeoutofroutingdetection SelectICMP/UDP ExpertOptions Advancedparametersofpingcanbeused 3.6.3LinkSpeedTest Default 192.168.2.1 20 3secs UDP None Throughuploadanddownloadfiles,linkspeedcanbetested. Fromnavigationpanel,selectTools/LinkSpeedTest,thenenterLinkSpeedTestpage,asshown inFigure366. Figure366LinkSpeedTest 3.7InstallationGuide Simplify general configuration, where the router with fast, simple, basic configuration, configuration result can not be displayed here, but view it when finished in a specific correspondingconfigurationsetting. 3.7.1NewDial Fromnavigationpanel"Wizards/NewCellular"menu,enter"NewCellular"page,asshownin Figure367. PagedescriptionisshowninTable339. Figure367NewCellular Parameters APN Accessnumber Username password Network Address Table339NewCellularDescription Description SelectNewWANInterface Mobileoperatorprovidedialupparameters(pleasechoose accordingtothelocaloperator) Mobileoperatorprovidedialupparameters(pleasechoose accordingtothelocaloperator) Mobileoperatorprovidedialupparameters(pleasechoose accordingtothelocaloperator) ClickEnable,putprivateIPaddressconvertedintoapublicIP address Default 3gnet
*99***1#
gprs Disable Translation 3.7.2NewIPSecTunnel Fromnavigationpanel"Wizards/NewIPSecTunnel"menu,enter"NewIPSecTunnel"page,as showninFigure368. Table368NewIPSecTunnel PagedescriptionisshowninTable340. Table340NewIPSecTunnelDescription Parameters Description Basic Default TunnelNo. InterfaceName PeerAddress NegotiationMode Optional main mode, aggressive mode. (Usually Mainmode SetTunnelNo. SelectInterfaceName SetVPNpeerIP 1 cellular1 None selectmainmode) Localsubnet address LocalSubnetMask Peersubnet address Peersubnetmask SetIPSeclocalprotectionsubnet None SetIPSeclocalprotectionsubnetmask 255.255.255.0 SetIPSecpeerprotectionsubnet None SetIPSecpeerprotectionsubnetmask 255.255.255.0 Phase1 Optional3DESMD5DH1or3DESMD5DH2,etc. SetIKELifeCycle IKEPolicy IKELifeCycle LocalIdentityType OptionalFQDN,USERFQDN,IPaddress OnlyinFQDNandUSERFQDN.Fillinthe appropriateidentificationaccordingtotheselected identitytype(USERFQDNshouldbeastandard mailboxformat) LocalIndex PeerIndex PeerIdentityType OptionalFQDN,USERFQDN,IPaddress OnlyinFQDNandUSERFQDN.Fillinthe appropriateidentificationaccordingtotheselected identitytype(USERFQDNshouldbeastandard mailboxformat) Choosetosharekeysanddigitalcertificates Authentication mode select shared keys show the feature.SetIPSecVPNagreementkey Authentication Key 3DESMD5DH2 86400sec IPaddress None IPaddress None sharekeys None IPSecPolicy IPSecLifeCycle Optional3DESMD596or3DESSHA196etc. SetIPSecLifeCycle 3DESMD596 3600sec Phase2 Create inbound and outbound rules to each tunnel collection. If only to create a oneway connectionfilter,theruleisnotapplied. 3.8PersonalizationFeatures According to the specific needs of individual customers, private custom functions can be equippedtoInPortal. 3.8.1NginxServer Setharddiskserverfunction.Afteropeningcaptiveportalloginb,usershareharddiskdata. From navigation panel "Personalized Function/Nginx" menu, enter "Nginx" page, as shown in Figure369. Figure369Nginx 3.8.2FileSynchronization From navigation panel "Personalized Function/File Synchronization" menu, enter "File Synchronization"page,asshowninFigure370. Figure370FileSynchronization PagedescriptionisshowninTable341. Table341FileSynchronizationDescription Parameters Description Task Server Userdefinedtaskname RsyncServerAddress Default None None ServerDirectory SynchronizefilestoRsyncserveraddress LocalDirectory Synchronizefilestolocaldirectory Username Password Rsyncservername Rsyncserverpassword None None None None 3.8.3GPSLocationInformation From navigation panel "Personalized Function /GPS Config"menu, enter " GPS Config " page, showninFigure371. PagedescriptionisshowninTable342. Figure371GPSSettings Parameters Server Port Positioningtimeinterval UploadLocation informationgap Table342GPSConfigDescription Description Default uploadlocationinformationserverIPaddress Uploadlocationinformationserverport Setpositioningtimeinterval SetuploadLocationinformationgap None 80 60 60 3.8.4RoamingManagement 3.8.4.1RoamingManagement FromnavigationpanelPersonalizedFunction/RoamingManagement"menu,enter"Roaming Management"page,showninFigure372. 3.8.4.2UpgradefromAP Figure372RoamingManagement From navigation panel "Personalized Function /Roaming Management" menu, enter "Slave AP Upgrade"page,asshowninFigure373. 3.9Firewall Figure373SlaveAPUpgrade With the expansion of network and increase in flow, the control over network safety and the allocationofbandwidthbecometheimportantcontentsofnetworkmanagement.Thefirewall function of the router implements corresponding control to data flow at entry direction (from Internettolocalareanetwork)andexitdirection(fromlocalareanetworktoInternet)according tothecontentfeaturesofmessage(suchas:protocolstyle,source/destinationIPaddress,etc.) andensuressafeoperationofrouterandhostinlocalareanetwork. 3.9.1AccessControlACL ACL, namely access control list, implements permission or prohibition of access for appointed dataflow(suchasprescribedsourceIPaddressandaccountnumber,etc.)viaconfigurationofa seriesofmatchingrulessoastofilterthenetworkinterfacedata.Aftermessageisreceivedby portofrouter,thefieldisanalyzedaccordingtoACLruleappliedonthecurrentport.Andafter the special message is identified, the permission or prohibition of corresponding packet is implementedaccordingtopresetstrategy. ACL classifies data packages through a series of matching conditions. These conditions can be datapackagessourceMACaddress,destinationMACaddress,sourceIPaddress,destinationIP address,portnumber,etc. ThedatapackagematchingrulesasdefinedbyACLcanalsobeusedbyotherfunctionsrequiring flowdistinguish. Fromnavigationpanel,selectFirewall/ACL,thenenterACLpage,asshowninFigure3741. Figure3741AccessControlACL Click<Add>toaddnewaccesscontrollist,asshowninFigure3742. Figure3742AccessControlACL PagedescriptionisshowninTable343. Table343AccessControlDescription Parameters Description Default StandardACLcanblockallcommunicationflowsfroma network, or allow all communication flows from a particularnetwork,ordenyallcommunicationflowsofa protocolstack(e.g.IP)of. TheextendedACLprovidesawiderrangeofcontrolthan Type that provided by the standard ACL. For example, if the Extended network administrator wants to "allow external Web communicationflowstopassthroughandrejectexternal communicationflows,e.g.FTPandTelnet,theextended ACL can be used to achieve the objective. The standard ACLcannotbecontrolledsoprecisely. ID Action Protocol Userdefine Permit/Deny AccessControlProtocol SourceIPAddress IPAddressofSource DestinationIP IPAddressofDestination Destinationnetworkaddress Destinationaddressmaskinverted DestinationIP address Destination Mask Invert Logging Description Click Enable, the system will record access control on a log Easytorecordcontrolaccessparametersonalog Disable None NetworkInterfacelist InterfaceName Rules SelectInterfaceName Selectinbound,outboundandmanagementrules cellular1 none 3.9.2NAT NATcanachieveInternetaccessbymultiplehostswithintheLANthroughoneormorepublic network IP addresses. It means that few public network IP addresses represent more private None Permit ip None None None None networkIPaddresses,thussavingpublicnetworkIPaddresses. Fromnavigationpanel,selectFirewall/NAT,thenenterNATpage,asshowninFigure3751. Figure3751NAT NATruleistoapplyACLtoaddresspool,onlymatchingtheACLaddressbeforeconversion. Click<Add>toaddnewNATrules,asshowninFigure3752. Figure3752NAT PagedescriptionisshowninTable344. Table344NATDescription Parameters Description Default SNATSourceNAT TranslateIPpacket'ssourceaddress intoanotheraddress Action DNATDestinationNAT:Mapasetoflocalinternal SNAT addressestoasetoflegalglobaladdresses. 1:1NAT TransferIPaddressonetoone. SourceNetwork InsideInsideaddress OutsideOutsideaddress TranslationType SelecttheTranslationType Inside IPtoIP Private network IP address refers to the IP address of internal network or host, while public networkIPaddressisagloballyuniqueIPaddressontheInternet. RFC1918threeIPaddressblocksfortheprivatenetworkasfollows:
ClassA:10.0.0.0~10.255.255.255 ClassB:172.16.0.0~172.31.255.255 ClassA:192.168.0.0~192.168.255.255 TheaddresseswithintheabovethreerangeswillnotbeallocatedontheInternet.Therefore, theycanbefreelyusedincompaniesorenterpriseswithouttheneedtomakeapplicationtothe operatororregistrationcenter 3.10QoS In the traditional IP network, all packetsare treated equally without distinction. Each network deviceusesfirstinfirstoutstrategyforpacketprocessing.Thebesteffortnetworksendspackets tothedestination,butitcannotguaranteetransmissionreliabilityanddelay. QoS can control network traffic, avoid and manage network congestion, and reduce packet dropping rate. Some applications bring convenience to users, but they also take up a lot of network bandwidth. To ensure all LAN users can normally get access to network resources, IP trafficcontrolfunctioncanlimittheflowofspecifiedhostonlocalnetwork. QoS provides users with dedicated bandwidth and different service quality for different applications, greatly improving the network service capabilities. Users can meet various requirements of different applications like guaranteeing low latency of timesensitive business andbandwidthofmultimediaservices. QoS can guarantee high priority data frames receiving, accelerate highpriority data frame transmission, and ensure that critical services are unaffected by network congestion. IR900 supportsfourservicelevels,whichcanbeidentifiedbyreceivingportofdataframe,Tagpriority andIPpriority. Fromnavigationpanel,selectQos/TrafficControl,thenenterTrafficControlpage,asshownin Figure376. PagedescriptionisshowninTable345. Figure376QoS Parameters Name AnyPackets Source Destination Protocol Name Classifier Table345QoSDescription Description Type Name ClickStartupforflowcontroltoanypackets Sourceaddressofflowcontrol Destinationaddressofflowcontrol Clicktoselectprotocolstyle Policy Nameofuserdefinedflowcontrolstrategy Nameofstyledefinedabove GuaranteedBandwidth Kbps Userdefinedguaranteedbandwidth MaximumBandwidthKbps Userdefinedmaximumbandwidth LocalPriority Localpriorityofselectionstrategy ApplyQos Default Name Disable N/A N/A N/A N/A N/A N/A N/A N/A Interface Selectionofflowcontrolinterface cellular1 Ingress Max bandwidth User define, bigger than maximum bandwidth of N/A Kbps inputstrategy User define, bigger than maximum bandwidth of N/A outputstrategy Nameofpolicydefinedabove Nameofpolicydefinedabove N/A N/A EgressMaxbandwidthKbps IngressPolicy EgressPolicy 3.11VPN VPNisanewtechnologythatrapidlydevelopedinrecentyearswiththeextensiveapplicationof Internet. It isfor building a private dedicated network on a publicnetwork. 'Virtuality" mainly referstothatthenetworkisalogicalnetwork. TwoBasicFeaturesofVPN:
Private: the resources of VPN are unavailable to unauthorized VPN users on the internet;
VPNcanensureandprotectitsinternalinformationfromexternalintrusion. Virtual: the communication among VPN users is realized via public network which, meanwhilecanbeusedbyunauthorizedVPNuserssothatwhatVPNusersobtainedisonly alogisticprivatenetwork.ThispublicnetworkisregardedasVPNBackbone. FundamentalPrincipleofVPN ThefundamentalprincipleofVPNindicatestoencloseVPNmessageintotunnelwithtunneling technologyandtoestablishaprivatedatatransmissionchannelutilizingVPNBackbonesoasto realizethetransparentmessagetransmission. Tunnelingtechnologyenclosestheotherprotocolmessagewithoneprotocol.Also,encapsulation protocolitselfcanbeenclosedorcarriedbyotherencapsulationprotocols.Totheusers,tunnelis logicalextensionofPSTN/linkofISDN,whichissimilartotheoperationofactualphysicallink. ThecommontunnelprotocolsincludeL2TP,PPTP,GRE,IPSec,MPLS,etc. 3.11.1IPSec AmajorityofdatacontentsarePlaintextTransmissionontheInternet,whichhasmanypotential dangers such as password and bank account information stolen and tampered, user identity imitated,sufferingfrommaliciousnetworkattack,etc.AfterdisposalofIPSeconthenetwork,it canprotectdatatransmissionandreduceriskofinformationdisclosure. IPSecisagroupofopennetworksecurityprotocolmadebyIETF,whichcanensurethesecurityof data transmission between two parties on the Internet, reduce the risk of disclosure and eavesdropping,guaranteedataintegrityandconfidentialityaswellasmaintainsecurityofservice transmission of users via data origin authentication, data encryption, data integrity and antireplayfunctionontheIPlevel. IPSec,includingAH,ESPandIKE,canprotectoneandmoredateflowsbetweenhosts,between host and gateway, and between gateways. The security protocols of AH and ESP can ensure securityandIKEisusedforciphercodeexchange. IPSeccanestablishbidirectionalSecurityAllianceontheIPSecpeerpairstoformasecureand interworkingIPSectunnelandtorealizethesecuretransmissionofdataontheInternet. 3.11.1.1IPSecPhase1 IKEcanprovideautomaticnegotiationciphercodeexchangeandestablishmentofSAforIPSecto simplify the operation and management of IPSec. The selfprotection mechanisms of IKE can completeidentityauthenticationandkeydistributioninaninsecurenetwork. From navigation panel, select VPN/IPSec, then enter IPSec Phase 1 page,as shown in Figure 377. PagedescriptionisshowninTable346. Figure377IPSecPhase1 Parameters Table346IPSecPhase1Description Description Keyring Name Userdefinekey IPAddress EndtoendIPaddress SubnetMask Endtoendsubnetmask Key Userdefinekeycontent Identification PolicyidentificationofuserdefinedIKE IKEPolicy Authentication Alternativeauthentication:sharedkeyanddigitalcertificate Default N/A N/A N/A N/A N/A Shared key 3des:encryptplaintextwiththreeDESciphercodesof64bit Encryption des:encrypta64bitplaintextblockwith64bitciphercode 3des Aes: encrypt plaintext block with AES Algorithm with cipher codelengthof128bit,192bitor256bit Hash md5: input information of arbitrary length to obtain 128bit md5 messagedigest. sha1: input information with shorter length of bit to obtain 160bitmessagedigest. Comparingboth,md5isfasterwhilesha1issafer. DiffieHellman KeyExchange Threeoptions:Group1,Group2andGroup5 Group2 86400 N/A Main Lifetime Activetimeofpolicy Name ISAKMPProfile NameofuserdefinedISAKMPProfile Negotiation Mode Mainmode:asanexchangemethodofIKE,mainmodeshallbe establishedinthesituationwherestricteridentityprotectionis required. Aggressivemode: as an exchange method of IKE, aggressive mode modeexchangingfewermessage,canacceleratenegotiationin thesituationwhereordinaryidentityprotectionisrequired. LocalIDType Selecttypeoflocalidentification LocalID ThelocalIDcorrespondingtotheselectedlocalID Remote ID Type RemoteID SelecttypeofRemoteID The Remote ID corresponding to the selected peer identification Policy ThedefinedstrategyidentificationintheIKEStrategylist KeyRing Thedefinedkeysetinthekeysetlist UsedfordetectionintervalofIPSecneighborstate. DPDInterval After initiating DPD, If receiving end can not receive IPSec cryptographic message sent by peer end within interval of IP Address N/A IP Address N/A N/A N/A N/A triggering DPD, receiving end can make DPD check, send requestmessagetooppositeendautomatically,detectwhether IKEpeerpairexists. DPDTimeout ReceivingendwillmakeDPDcheckandsendrequestmessage automaticallytooppositeendforcheck.Ifitdoesnotreceive IPSec cryptographic message from peer end beyond timeout, N/A ISAKMPProfilewillbedeleted. Thesecuritylevelofthreeencryptionalgorithmsrankssuccessively:AES,3DES,DES.The implementationmechanismofencryptionalgorithmwithstrictersecurityiscomplexandslow arithmeticspeed.DESalgorithmcansatisfytheordinarysafetyrequirements. 3.11.1.2IPSecPhase2 Fromnavigationpanel,selectVPN>>IPSec,thenenterIPSecPhase2page,asshowninFigure 378. Figure378IPSecPhase2 PagedescriptionisshowninTable347. Table347IPSecIPSecPhase2Description Parameters Description Name UserdefineTransformSetname Encapsulation Chooseencapsulationformsofdatapacket AH: protect integrity and authenticity of data packet from Default N/A esp hacker intercepting data packet or inserting false data packetontheinternet. ESP: encrypt the user data needing protection, and then enclose into IP packet for the purpose of confidentiality of data. Encryption Threeoptions:AES,3DES,DES Authentication Alternativeauthentication:md5andsha1 Tunnel Mode: besides source host and destination host, special gateway will be operated with password to ensure thesafetyfromgatewaytogateway. IPSecMode TransmissionMode: source host and destination host must directly be operated with all passwords for the purpose of higherworkefficiency,butcomparingwithtunnelmodethe securitywillbeinferior. 3des md5 Tunnel Mode 3.11.1.3IPSecConfiguration From navigation panel, select VPN/IPSec, then enter IPSec Setting page, as shown in Figure379. Default N/A Figure379IPSecConfiguration PagedescriptionisshowninTable348. Table348IPSecConfigurationDescription Parameters Description Name ISAKMPProfile TransformSet IPSecProfile UserdefineIPSecProfilename ISAKMP Profile names defined in the first stage of N/A parametersofIPSec TransformSetdefinedinthefirststageofparametersof N/A IPSec Perfect Forward Meanstherevealofoneciphercodewillnotendanger Security(PFS) informationprotectedbyotherciphercodes. Lifetime LifetimeofIPSecProfile RekeyMargin(S) Reconnectiontimeforthesecondstage RekeyFuzz() Deviation percentage of the reconnection time for the secondstage Disable 3600 540 100 SIMCardBinding With this function activated, successful dialing of the Disable cardwithwhichIPSecisbondedisapreconditionforthe useofIPSec. CryptoMap Userdefinenameofcryptomap UserdefineIDofcryptomap Name ID PeerAddress PeerIPAddress ACLID IDofACLdefinedinACLoffirewall N/A N/A N/A N/A ISAKMPProfile TransformSet ISAKMP Profile names defined in the first stage of N/A parametersofIPSec TransformSetdefinedinthefirststageofparametersof N/A IPSec Perfect Forward Meanstherevealofoneciphercodewillnotendanger Security(PFS) informationprotectedbyotherciphercodes. Lifetime ValidityofCryptoMap RekeyMargin(S) Reconnectiontimeforthesecondstage RekeyFuzz() Parameters Deviation percentage of the reconnection time for the secondstage Description Interface<==>CryptoMap MAPInterface SelectInterfaceName MapName SelectfromdefinednamesofCryptoMap.Onenameis matchedwithseveralmarks. Disable 3600 540 100 Default cellular1 none 3.11.1.4IPSecVPNConfigurationExample Building a secure channel between Router A and Router B to ensure the secure data flow between Customer Branch As subnet (192.168.1.0/24) and Customer Branch Bs subnet
(172.16.1.0/24). Security protocol is ESP, the encryption algorithm is 3DES, and authentication algorithmisSHA. Thetopologyisasfollows:
ConfigurationSteps:
(1)RouterASettings Step1:IPSecSettingPhase1 From navigation panel, select VPN/IPSec, then enter IPSec Setting Phase 1 page,as shown below. NoneedtofillinLocalIDTypeandRemoteIDType. Step2:IPSecSettingPhase2 From navigation panel, select VPN/IPSec, then enter IPSec Setting Phase 2 page, as shown below. Step3:IPSecSetting From navigation panel, select VPN/IPSec, then enter IPSec Setting page,as shown below. IPSecProfilesettingisneededonlywhenitsDMVPN.
(2)RouterBSettings Step1:IPSecSettingPhase1 From navigation panel, select VPN/IPSec, then enter IPSec Setting Phase 1 page, as shown below. Step2:IPSecSettingPhase2 From navigation panel, select VPN/IPSec, then enter IPSec Setting Phase 2 page, as shown below. Step3:IPSecSetting From navigation panel, select VPN/IPSec, then enter IPSec Setting page,as shown below.
(3)VPNStatusChecking From navigation panel, select VPN/IPSec, then enter IPSec Status page, as shown below. 3.11.2GRE GenericRouteEncapsulation(GRE)definestheencapsulationofanyothernetworklayerprotocol on a network layer protocol. GRE could be used as the L3TP of VPN to provide a transparent transmissionchannelforVPNdata.Insimpleterms,GREisatunnelingtechnologywhichprovides achannelthroughwhichencapsulateddatamessagecouldbetransmittedandencapsulationand decapsulationcouldberealizedatbothends.GREtunnelapplicationnetworkingshownasthe followingfigure:
AlongwiththeextensiveapplicationofIPv4,tohavemessagesfromsomenetworklayerprotocol transmitted on IPv4 network, those messages could by encapsulated by GRE to solve the transmissionproblemsbetweendifferentnetworks. InfollowingcircumstancesGREtunneltransmission:
GRE tunnel could transmit multicast data packets as if it were a true network interface. SingleuseofIPSeccannotachievetheencryptionofmulticast. Acertainprotocoladoptedcannotberouted. AnetworkofdifferentIPaddressshallberequiredtoconnectothertwosimilarnetworks. GREapplicationexample:combinedwithIPSectoprotectmulticastdata GREcanencapsulateandtransmitmulticastdatainGREtunnel,butIPSec,currently,couldonly carry out encryption protection against unicast data. In case of multicast data requiring to be transmitted in IPSec tunnel, a GRE tunnel could be established first for GRE encapsulation of multicast data and then IPSec encryption of encapsulated message so as to achieve the encryptiontransmissionofmulticastdatainIPSectunnel. Fromnavigationpanel,selectVPN/GRE,thenenterGREpage,asshowninFigure380. Figure380GRESettings PagedescriptionisshowninTable349. Parameters Table349GREDescription Description Enable Index Clicktoopen SetGREtunnelname NetworkType SelectGREnetworktype LocalVirtualIP SetLocalVirtualIPAddress PeerVirtualIP SetPeerVirtualIPAddress Default Open None peerto peer None None SourceType SelectsourcetypeandsettheaccordingIPaddressorinterface IP SetLocalIPAddress SetPeerIPAddress Setthekeyoftunnel to connect Setthemaximumtransmission,unitinbytes Next Hop Resolution Protocol, used to nonbroadcast multiple access (NBMA) formula subnetwork source station (host or router) decided to reach "NBMA next hop" internetworking layer address and NBMA subnetwork betweenthedestinationstationaddress. Adddescription None None None None Enable None LocalIP PeerIP Key MTU EnableNHRP Description 3.11.3L2TP L2TP,oneofVPDNTPs,hasexpandedtheapplicationsofPPP,knownasaveryimportantVPN technologyforremotedialinusertoaccessthenetworkofenterpriseheadquarters. L2TP,throughdialupnetwork(PSTN/ISDN),basedonnegotiationofPPP,couldestablishatunnel betweenenterprisebranchesandenterpriseheadquarterssothatremoteuserhasaccesstothe network of enterprise headquarters. PPPoE is applicable in L2TP. Through the connection of Ethernet and Internet, a L2TP tunnel between remote mobile officers and enterprise headquarterscouldbeestablished. L2TPLayer2TunnelProtocol,encapsulatesprivatedatafromusernetworkattheheadofL2PPP. Noencryptionmechanismisavailable,thusIPSesisrequiredtoensuresafety. MainPurpose:branchesinotherplacesandemployeesonabusinesstripcouldaccessto thenetworkofenterpriseheadquarterthroughavirtualtunnelbypublicnetworkremotely. Fromnavigationpanel,selectVPN/L2TP,thenenterL2TPClientpage,asshowninFigure381. Default PagedescriptionisshowninTable350. Figure381L2TPClient Parameters Name Authentication HostName Tunnel Authenticationkey Name L2TPClass SourceInterface Table350L2TPClientDescription Description L2TPClass UserdifineL2TPClassName ClickEnable,peerauthenticationisrequiredtonetwork connectionwhenenable. Networkconnectiontolocalhostname,notto configure. When the tunnel must be configured to enable the authentication,clickauthenticationkey,oryouwillnot needtoconfigure. None Disable None None PseudowireClass UserdifinePseudowireClassName L2TPClassname Seclectsourceinterfacename L2TPTunnel Enable Index Clicktoenable Automaticgenerated L2TPServer SetL2TPServeraddress None None cellular1 Enable 1 None PseudowireClass PseudowireClassname AuthenticationType SelectAuthenticationType Username Password PeerServerusername PeerServerpassword LocalIPAddress RemoteIPAddress SetlocalIPaddress,orautomaticallyallocatedbypeer server. SetremoteIPaddres,ornot None Auto None None None None 3.11.4OPENVPN SinglepointparticipatingintheestablishmentofVPNisallowedtocarryoutIDverificationby presetprivatekey,thirdpartycertificateorusername/password.OpenSSLencryptionlibraryand SSLv3/TLSv1protocolaremassivelyused. InOpenVpn,ifauserneedstoaccesstoaremotevirtualaddress(addressfamilymatchingvirtual networkcard),thenOSwillsendthedatapacket(TUNmode)ordataframe(TAPmode)tothe visual network card through routing mechanism. Upon the reception, service program will receiveandprocessthosedataandsendthemoutthroughouternetbySOCKET,owingtowhich, theremoteserviceprogramwillreceivethosedataandcarryoutprocessing,thensendthemto the virtual network card, then application software receive and accomplish a complete unidirectionaltransmission,viceversa. From navigation panel, select VPN/OPENVPN, then enter OPENVPN Client page,as shown in Figure382. PagedescriptionisshowninTable351. Figure382OPENVPNClient Parameter Enable ID ServerIPAddress PortNumber AuthenticationType Username Password Channeldescription Table351OPENVPNOPENVPNClientDescription Description ClickEnable SetchannelID SetpeerserverIPaddresss Setpeerserverportnumber Selectandconfigureauthenticationtypeparameters oftypecertification Keepconsistencywithserver Keepconsistencywithserver userdefinechanneldescription AdvancedOptions SourcePort Selectsourceportname Default Enable None None 1194 User name/Password None None None None NetworkType Selectnetworktype net30 PortType ProtocolType Select data form issued from the interface. tun packet,tapdataframe Keepconsistencywithserverprotocol tun udp AdvancedOptions keepconsistencywithserver ClickEnable Setconnectingtestingtimeinterval Setconnectingtestingovertime Setexpertoption:blankadvisable Encryption Algorithm LZOCompression Connection Testing Interval Connection Testing Overtime Expert Configuration Default Off None None None Importconfigurationscanbedirectlyimportedintotheconfigureddocumentsgeneratedfrom backendserverandmanualconfigurationofOPENVPNcustomerendparameterisinnoneed afterimport. 3.11.5CertificateManagement From navigation panel, select VPN/Certificate Management, then enter Certificate Managementpage,asshowninFigure383. PagedescriptionisshowninTable352. Figure383CertificateManagement Table352CertificateManagementDescription Parameter Description Forcedtoreapply RequestStatus Certificate ProtectionKey Certificate ProtectionKey Confirmation ServerURL Ifthecertificatehasnotexpired,butneedtoreapply,click forced to reapply, reconfigure the certificate request parameter. successfulapplication,"RequestStatus"shows:
Completion Setcertificateprotectionkey Confirmcertificateprotectionkey SetcertificateserverIP Certificatename Setcertificatename Default Disable Initiation None None None None None None None None None None None FQDN Setfulldomainname UnitName1 Setunitname1 UnitName2 Setunitname2 DomainName Setdomainname SerialNumber Authentication Password Authentication Password Confirmation HostIP RSAKeylength QueryInterval QueryTimeout Setapplicationcertificateserialnumber Setauthenticationpassword Confirmauthenticationpassword Setrouteraddressintheuseofcertificateapplication SetRSAkeylength Setqueryinterval Setquerytimeout None 1024 60sec 3600sec 3.12ConfigurationWizard AfterlogintheconfigurationpageviaWeb,clickConnectInternettoenterconfigurationpage below:
Pagedescription:
Figure3121ConnectInternet Table3121ConnectInternetConfigurationDescription Parameters Description Default InterfaceType:3G/LTE,ADSL,DHCPandStaticIPAddress APN Username Password DialedNumbers Username Password IPAddress Subnetmask Gateway PrimaryDNS SecondaryDNS 3G/LTE Providedbylocaloperator Providedbylocaloperator Providedbylocaloperator Providedbylocaloperator ADSL Providedbylocaloperator Providedbylocaloperator NoconfigurationforDHCP StaticIPAddress Userdefine Userdefine Userdefine Userdefine Userdefine 3gnet gprs gprs
*99***1#
N/A N/A N/A 255.255.255.0 N/A N/A N/A Savetheconfigurationandclick<NextStep>toenterCloudPlatformconfigurationpageas shownbelow:
Figure3122CloudManagementPlatform Table3122CloudManagementPlatformConfigurationDescription Description Default The address and port number of cloud platform Clicktoenable rainbow.inhand.com.cn80 Disable Parameters Platform Address DemoMode 4.ApplicationScenarios PlaceonabusoneInhandIPortal3000server,usingWIFIwirelesscoverageinsidethecar,built 3G/4GmoduletoaccesstheInternet.Passengerssmartphones,tabletandnotebooksandother intelligentterminalaccesstotheWIFIhotspot,InPortal3000withPortalauthenticationmethod pushspecifiedpagetothemobileterminal,toprovideinformation,downloads,entertainment andotherinformationservicesandInternetservices.Informationservicesavailableatthelocal store InPortal 3000 enhance user access experience, synchronous update Center and local contentvia3G/4G. Appendix1Troubleshooting Thismanualdescribesonlyasimpleroutertroubleshootingmethod,ifstillcannotruleout,you cangettheservicethroughTable11. 1) CannotlogonlocallyrouterthroughWebsettingpage?
useMSDOSPingcommandtocheckthenetworkconnection a.Ping127.0.0.1usedtocheckthecomputermanagementTCP/IPprotocolisinstalled. b.PingcollectiontoFEinterfaceIPaddresswhichdirectlyconnectedtorouter,usedto checkwhethercollectionofmanagementcomputertorouter. Numberofusersallowedtomanagetherouterhasreachedthemaximum(foruptofour userstosimultaneouslylog),pleasetryagainlater. PleasechecktheWebbrowserissetupaproxyserverordialupconnection,ifany,unset. SeeabovePCfirewallsettingsareusedtoconfiguretherouter,whethershieldingfunction. PleasecheckwhetherIEisequippedwiththirdpartyplugins(eg:3721,IEpartner,etc.)itis recommendedtoconfigureafteruninstalling. InPortalispoweredon,butcannotaccessInternet?
Pleasecheck 2) WhethertheInPortalisinsertedwithaSIMcard. WhethertheSIMcardisenabledwithdataservice,whethertheserviceoftheSIMcardis suspendedbecauseofanoverduecharge. Whether the dialup parameters, e.g. APN, dialup number, account, and password are correctlyconfigured. WhethertheIPAddressofyourcomputeristhesamesubnetwithInPortalandthegateway addressisInPortalLANaddress. 3) LANusersdroppedcable,cannotaccesstheInternet?
Checkswitchcablecollectedtorouter,andWANportnetworkcable,ifthereisloosening. Log into the router's Web setup page, check access control list, to check whether the IP addressofasegmentisnotallowedtoaccesstheInternet. 4) InPortalispoweredon,haveapingtodetectInPortalfromyourPCandfindpacketloss?
Pleasecheckifthenetworkcrossovercableisingoodcondition. 5) ForgetthesettingafterrevisingIPaddressandcannotconfigureInPortal?
Method1:connectInPortalwithserialcable,configureitthroughconsoleport. Method 2: InPortal is powered on, press and hold RESET Reset button (until ERROR lights), releasetheRESETbutton(ERRORlampisoff),pressandholdtheRESETbuttonagain(untilthe ERRORindicatorblinks),andyoucanrestorethefactorydefaultsettings. Afterapplyingtheabovetwomethods,configuretheInPortal. 6) AfterInPortalispoweredon,itfrequentlyautorestarts.Whydoesthishappen?
Pleasecheck:
Whetherthemoduleworksnormally. WhethertheInPortalrisinsertedwithaSIMcard. WhethertheSIMcardisenabledwithdataservice,whethertheserviceoftheSIMcardis suspendedbecauseofanoverduecharge. Whether the dialup parameters, e.g. APN, dialup number, account, and password are correctlyconfigured. Whetherthesignalisnormal. Whetherthepowersupplyvoltageisnormal. 7) InPortalispoweredon,butthePowerLEDisnoton?
Pleasecheck:
Checkthefuseisburnedout. Checksupplyvoltage,andthepolarityisconnectedcorrectly. 8) InPortalispoweredon,connectedtothePC,WhyEthernetportlightisnoton?
Pleasecheck:
Checkthenetworkcableisnormal. NICcharacteristiconthePCissetto10/100M,fullduplex. 9) InPortalispoweredon,whenconnectedwithPC,theNetworkLEDisnormalbutcannot haveapingdetectiontotheInPortal?
CheckiftheIPAddressofthePCandInPortalareinthesamenetworksegmentandInPortalIPas gatewayaddress. 10) InPortaldialupalwaysfails,Icannotfindoutwhy?
PleaserestoreInPortaltofactorydefaultsettingsandconfiguretheparametersagain. Table11SalesService Trouble Description Hardware failure Software Prolem Forexample:InPortaldoesnotappearnormal power,didnotplugthenetworkcablewhile Ethernetportlightwaslitandotherissues. Forexample:InPortalfeatureisunavailable, abnormalorconfigurationadvice. Obtainservice PleasecontactInhand TechnicialSupportHotline forhelp:01064391099 PleasecontactInhand TechnicialSupportHotline forhelp:01064391099 Appendix2InstructionofCommandLine OperatingstatusLED:
POWER STATUS WARN Thepower LED(red) StatusLED
(green) AlarmLED
(yellow) ERROR Error LED(red) on on on on on on on blink blink blink blink blink on on blink off blink on off off off off blink blink Description Powerstatus PowerSuccess Dialing DialingSuccess Beingupgraded ResetSuccess SignalStatusLEDandDescription:
Signal Status Signal Status Signal Status GreenLED1 GreenLED2 GreenLED3 Description off on on on off off on on off Nosignalwasdetected 19 signal condition (in this case signal conditions describe problems, please check the antenna is installedintact,thesignalsituationintheregionis good) 1019signalcondition(inthiscaseillustratesignal statusisnormal,InPortalcanbeusednormally) 2031 signal condition (in this case illustrate the signalingoodcondition) off off on EthernetPortStatusLEDandDescription:
GreenLED on blink off Description Thenetworkportis100M,inanormalstate,nodatatransmission Thenetworkportis100M,inanormalstate,indatatransmission Noconnection MODEMLEDandDescription MODEMGreenLED Description on blink Alreadydialed Notdailed POWERLEDandDescription POWERRedLED Description on off Nomalpowerconnection Nopowerconnection WLANLEDandDescription WLANGreenLED Description on off WLANonfunction WLANofffunction FCCSTATEMENT 1.ThisdevicecomplieswithPart15oftheFCCRules.Operationissubjecttothefollowingtwo conditions:
(1)Thisdevicemaynotcauseharmfulinterference.
(2)Thisdevicemustacceptanyinterferencereceived,includinginterferencethatmaycause undesiredoperation. 2.Changesormodificationsnotexpresslyapprovedbythepartyresponsibleforcompliance couldvoidtheuser'sauthoritytooperatetheequipment. NOTE: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense. InHandNetworks InHand Networks provides reliable, secured and intelligent M2M solution for electric power, industrial automation, commercial and medical devices. We are recognized by world class customers and partners and proven by a large installbase. InHand Networks has become leader in industrial grade networktechnologybyprovidingindustrialcellularrouters, industrial Ethernet switches, wireless sensor network devicesandcloudbasedM2Mplatforms. Connectingdevices,enablingservice. InHandNetworks 7926JonesBranchDr.Suite110 McLean,Virginia22102 USA T:+17033482988 F:+17033482988 info@inhandnetworks.com www.inhandnetworks.com
frequency | equipment class | purpose | ||
---|---|---|---|---|
1 | 2015-10-25 | JBP - Part 15 Class B Computing Device Peripheral | Original Equipment |
app s | Applicant Information | |||||
---|---|---|---|---|---|---|
1 | Effective |
2015-10-25
|
||||
1 | Applicant's complete, legal business name |
Beijing InHand Networks Technology Co., Ltd.
|
||||
1 | FCC Registration Number (FRN) |
0022847826
|
||||
1 | Physical Address |
Room 302, floor 3, building 103, lize zhongyuan
|
||||
1 |
Beijing, N/A 100102
|
|||||
1 |
China
|
|||||
app s | TCB Information | |||||
1 | TCB Application Email Address |
t******@siemic.com
|
||||
1 | TCB Scope |
A1: Low Power Transmitters below 1 GHz (except Spread Spectrum), Unintentional Radiators, EAS (Part 11) & Consumer ISM devices
|
||||
app s | FCC ID | |||||
1 | Grantee Code |
2AANY
|
||||
1 | Equipment Product Code |
IP30
|
||||
app s | Person at the applicant's address to receive grant or for contact | |||||
1 | Name |
J******** G****
|
||||
1 | Title |
Certification Engineer
|
||||
1 | Telephone Number |
15281********
|
||||
1 | Fax Number |
010-8********
|
||||
1 |
g******@inhand.com.cn
|
|||||
app s | Technical Contact | |||||
n/a | ||||||
app s | Non Technical Contact | |||||
n/a | ||||||
app s | Confidentiality (long or short term) | |||||
1 | Does this application include a request for confidentiality for any portion(s) of the data contained in this application pursuant to 47 CFR § 0.459 of the Commission Rules?: | Yes | ||||
1 | Long-Term Confidentiality Does this application include a request for confidentiality for any portion(s) of the data contained in this application pursuant to 47 CFR § 0.459 of the Commission Rules?: | No | ||||
if no date is supplied, the release date will be set to 45 calendar days past the date of grant. | ||||||
app s | Cognitive Radio & Software Defined Radio, Class, etc | |||||
1 | Is this application for software defined/cognitive radio authorization? | No | ||||
1 | Equipment Class | JBP - Part 15 Class B Computing Device Peripheral | ||||
1 | Description of product as it is marketed: (NOTE: This text will appear below the equipment class on the grant) | Industrial Communication Server | ||||
1 | Related OET KnowledgeDataBase Inquiry: Is there a KDB inquiry associated with this application? | No | ||||
1 | Modular Equipment Type | Does not apply | ||||
1 | Purpose / Application is for | Original Equipment | ||||
1 | Composite Equipment: Is the equipment in this application a composite device subject to an additional equipment authorization? | No | ||||
1 | Related Equipment: Is the equipment in this application part of a system that operates with, or is marketed with, another device that requires an equipment authorization? | No | ||||
1 | Is there an equipment authorization waiver associated with this application? | No | ||||
1 | If there is an equipment authorization waiver associated with this application, has the associated waiver been approved and all information uploaded? | No | ||||
app s | Test Firm Name and Contact Information | |||||
1 | Firm Name |
SIEMIC (Nanjing-China) Laboratories
|
||||
1 | Name |
L****** B******
|
||||
1 | Telephone Number |
86-25********
|
||||
1 | Fax Number |
86-25********
|
||||
1 |
l******@siemic.com
|
|||||
Equipment Specifications | |||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Line | Rule Parts | Grant Notes | Lower Frequency | Upper Frequency | Power Output | Tolerance | Emission Designator | Microprocessor Number | |||||||||||||||||||||||||||||||||
1 | 1 | 15B |
some individual PII (Personally Identifiable Information) available on the public forms may be redacted, original source may include additional details
This product uses the FCC Data API but is not endorsed or certified by the FCC