FCC ID: 2AYHY-UG65 LoRaWAN Gateway

by: Xiamen Milesight IoT Co., Ltd. latest update: 2021-03-18 model: UG65

Two grants have been issued under this FCC ID on 03/18/2021 (this is one of fifteen releases in 2021 for this grantee). Public details available include frequency information, internal & external photos, and manuals. some products also feature user submitted or linked password defaults, troubleshooting guides, drivers, instructions, & warrantee terms.

permalink for this FCC identifier

search for: Repair details

from iFixIt

Replacement

on Amazon

Trade-in? Recycling locations

eg is reader-supported. when you buy through links on our site, we may earn an affiliate commission.

eg for Slack usage

all	frequencies					exhibits	applications
		manual	photos		label

all exhibits 18
1 ~ 2021-03-18 14
2 ~ 2021-03-18 14

app s				submitted / available
1 2	User Manual	Users Manual	pdf	4.93 MiB	March 18 2021
1 2	Internal Photos	Internal Photos	pdf	3.93 MiB	March 18 2021
1 2	External Photos	External Photos	pdf	1.40 MiB	March 18 2021
1 2	Label & Location	ID Label/Location Info	pdf	144.11 KiB	March 18 2021
1 2	Block Diagram	Block Diagram	pdf		March 18 2021	confidential
1 2	Circuit Description	Operational Description	pdf		March 18 2021	confidential
1 2	DoS Letter	Cover Letter(s)	pdf	203.76 KiB	March 18 2021
1 2	FCC Long Term Confidential Authorization Form	Cover Letter(s)	pdf	45.34 KiB	March 18 2021
1 2	Parts List	Parts List/Tune Up Info	pdf		March 18 2021	confidential
1 2	RF Exposure	RF Exposure Info	pdf	131.97 KiB	March 18 2021
1 2	Schematics	Schematics	pdf		March 18 2021	confidential
1 2	Test Report part 1	Test Report	pdf	3.54 MiB	March 18 2021
1 2	Test Report part 2	Test Report	pdf	3.71 MiB	March 18 2021
1 2	Tune-up Procedure	Parts List/Tune Up Info	pdf		March 18 2021	confidential
1 2	Attestation Letter	Attestation Statements	pdf	41.91 KiB	March 18 2021
1 2	Professional Installation Declaration Letter	Cover Letter(s)	pdf	40.74 KiB	March 18 2021
1 2	Test Report	Test Report	pdf	2.30 MiB	March 18 2021
1 2	Test Setup Photos	Test Setup Photos	pdf	571.06 KiB	March 18 2021

exhibit
download
text

1 2

User Manual

Users Manual

pdf

4.93 MiB

March 18 2021

UG65 Gateway User Guide X i a m e n M i l e s i g h t I o T Co., Ltd. Preface Thanks for choosing Milesight UG65 LoRaWAN gateway. UG65 delivers tenacious connection over network with full-featured design such as automated failover/failback, extended operating temperature, dual SIM cards, hardware watchdog, VPN, Gigabit Ethernet and beyond. This guide is applicable for following models:

UG65-868M, UG65-868M-EA, UG65-L00E-868M, UG65-L00E-868M-EA, UG65-L04EU-868M, UG65-L04EU-868M-EA, UG65-915M, UG65-915M-EA, UG65-L00AF-915M, UG65-L00AF-915M-EA, UG65-L04AF-915M, UG65-L04AF-915M-EA This guide shows you how to configure and operate the UG65 LoRaWAN gateway. You can refer to it for detailed functionality and gateway configuration. Readers

- Network Planners This guide is mainly intended for the following users:

- On-site technical support and maintenance personnel

- Network administrators responsible for network configuration and maintenance 2011-2021 Xiamen Milesight IoT Co., Ltd. All rights reserved. All information in this user guide is protected by copyright law. Whereby, no organization or individual shall copy or reproduce the whole or part of this user guide by any means without written authorization from Xiamen Milesight Iot Co., Ltd. Related Documents Document Description UG65 Datasheet Datasheet for UG65 LoRaWAN gateway. UG65 Quick Start Guide Quick Installation Guide for UG65 LoRaWAN gateway. 2 UG65 User Guide Declaration of Conformity CE, FCC, and RoHS. UG65 is in conformity with the essential requirements and other relevant provisions of the For assistance, please contact Milesight technical support:

Email: iot.support@milesight.com Tel: 86-592-5085280 Fax: 86-592-5023065 Address: 4/F, No.63-2 Wanghai Road, 2nd Software Park, Xiamen, China Revision History Date Doc Version Description Aug. 31, 2020 Dec. 10, 2020 V1.0 V2.0 Initial version Layout replace www.milesight-iot.com 3 UG65 User Guide Contents Chapter 1 Product Introduction........................................................................................................7 1.1 Overview.................................................................................................................................7 1.2 Advantages............................................................................................................................7 1.3 Specifications....................................................................................................................... 8 1.4 Dimensions (mm)...............................................................................................................10 Chapter 2 Access to Web GUI.........................................................................................................11 2.1 Wireless Access................................................................................................................. 11 2.2 Wired Access...................................................................................................................... 12 Chapter 3 Web Configuration......................................................................................................... 15 3.1 Status................................................................................................................................... 15 3.1.1 Overview...................................................................................................................15 3.1.2 Packet Forwarder................................................................................................... 15 3.1.3 Cellular..................................................................................................................... 17 3.1.4 Network.................................................................................................................... 18 3.1.5 WLAN........................................................................................................................ 19 3.1.6 VPN........................................................................................................................... 20 3.1.7 Host List................................................................................................................... 21 3.2 LoRaWAN.............................................................................................................................22 3.2.1 Packet Forwarder................................................................................................... 23 3.2.1.1 General..........................................................................................................23 3.2.1.2 Radios........................................................................................................... 24 3.2.1.3 Advanced......................................................................................................26 3.2.1.4 Custom..........................................................................................................27 3.2.1.5 Traffic............................................................................................................28 3.2.2 Network Server....................................................................................................... 29 3.2.2.1 General..........................................................................................................29 3.2.2.2 Application................................................................................................... 31 3.2.2.3 Profiles..........................................................................................................34 3.2.2.4 Device............................................................................................................37 3.2.2.5 Packets......................................................................................................... 40 3.3 Network................................................................................................................................43 3.3.1 Interface................................................................................................................... 43 3.3.1.1 Port................................................................................................................ 43 3.3.1.2 WLAN.............................................................................................................46 3.3.1.3 Cellular..........................................................................................................49 3.3.1.4 Loopback...................................................................................................... 52 3.3.2 Firewall..................................................................................................................... 52 3.3.2.1 Security.........................................................................................................53 3.3.2.2 ACL................................................................................................................ 53 3.3.2.3 DMZ............................................................................................................... 55 3.3.2.4 Port Mapping............................................................................................... 55 www.milesight-iot.com 4 UG65 User Guide 3.3.2.5 MAC Binding................................................................................................ 56 3.3.3 DHCP.........................................................................................................................57 3.3.4 DDNS.........................................................................................................................58 3.3.5 Link Failover............................................................................................................ 59 3.3.5.1 SLA................................................................................................................ 59 3.3.5.2 Track............................................................................................................. 60 3.3.5.3 WAN Failover............................................................................................... 61 3.3.6 VPN........................................................................................................................... 62 3.3.6.1 DMVPN..........................................................................................................62 3.3.6.2 IPSec............................................................................................................. 63 3.3.6.3 GRE................................................................................................................ 66 3.3.6.4 L2TP.............................................................................................................. 67 3.3.6.5 PPTP............................................................................................................. 69 3.3.6.6 OpenVPN Client...........................................................................................71 3.3.6.7 OpenVPN Server......................................................................................... 72 3.3.6.8 Certifications............................................................................................... 74 3.4 System................................................................................................................................. 76 3.4.1 General Settings..................................................................................................... 76 3.4.1.1 General..........................................................................................................76 3.4.1.2 System Time................................................................................................ 77 3.4.1.3 SMTP.............................................................................................................79 3.4.1.4 Phone............................................................................................................ 79 3.4.1.5 Email..............................................................................................................80 3.4.2 User Management.................................................................................................. 81 3.4.2.1 Account.........................................................................................................81 3.4.2.2 User Management...................................................................................... 82 3.4.3 SNMP........................................................................................................................82 3.4.3.1 SNMP............................................................................................................ 83 3.4.3.2 MIB View.......................................................................................................83 3.4.3.3 VACM............................................................................................................ 84 3.4.3.4 Trap............................................................................................................... 85 3.4.3.5 MIB.................................................................................................................85 3.4.5 Device Management.............................................................................................. 86 3.4.6 Events....................................................................................................................... 87 3.4.6.1 Events............................................................................................................87 3.4.6.2 Events Settings........................................................................................... 88 3.5 Maintenance....................................................................................................................... 89 3.5.1 Tools......................................................................................................................... 89 3.5.1.1 Ping................................................................................................................89 3.5.1.2 Traceroute....................................................................................................89 3.5.2 Schedule...................................................................................................................90 3.5.3 Log.............................................................................................................................90 3.5.3.1 System Log.................................................................................................. 90 3.5.3.2 Log Settings.................................................................................................91 www.milesight-iot.com 5 UG65 User Guide 3.5.4 Upgrade.................................................................................................................... 92 3.5.5 Backup and Restore............................................................................................... 93 3.5.6 Reboot...................................................................................................................... 93 3.6 APP....................................................................................................................................... 94 3.6.1 Python.......................................................................................................................94 3.6.1.1 Python........................................................................................................... 95 3.6.1.2 App Manager Configuration......................................................................95 3.6.1.3 Python App...................................................................................................96 Chapter 4 Application Examples....................................................................................................97 4.1 Packet Forwarder Configuration..................................................................................... 97 4.2 Application Configuration................................................................................................ 98 4.3 Device Configuration.......................................................................................................100 4.4 Send Data to Device........................................................................................................ 101 4.5 Restore Factory Defaults................................................................................................104 4.5.1 Via Web Interface.................................................................................................104 4.5.2 Via Hardware.........................................................................................................106 4.6 Firmware Upgrade........................................................................................................... 106 4.7 Cellular Connection......................................................................................................... 107 4.8 Wi-Fi Application Example............................................................................................. 108 4.8.1 AP Mode................................................................................................................ 108 4.8.2 Client Mode........................................................................................................... 109 www.milesight-iot.com 6 UG65 User Guide Chapter 1 Product Introduction 1.1 Overview UG65 is a robust 8-channel indoor LoRaWAN gateway. Adopting SX1302 LoRa chip and high-performance quad-core CPU, UG65 supports connection with more than 2000 nodes. UG65 has line of sight up to 10km and can cover about 2km in urbanized environment, which is ideally suited to smart office, smart building and many other indoor applications. UG65 supports not only multiple back-haul backups with Ethernet, Wi-Fi and cellular, but also has integrated mainstream network servers (such as TTN, ChirpStack, etc.) and built-in network server and Milesight IoT Cloud for easy deployment. Figure 1-1 1.2 Advantages Benefits

Built-in industrial CPU and big memory;

Ethernet, 2.4GHz Wi-Fi and global 2G/3G/LTE options make it easy to get connected Embedded network server and compliant with several third party network servers

- MQTT, HTTP or HTTPS protocol for data transmission to application server Rugged enclosure, optimized for wall or pole mounting 3-year warranty included Security & Reliability Automated failover/failback between Ethernet and Cellular (dual SIM) Enable unit with security frameworks like IPsec/OpenVPN/GRE/L2TP/PPTP/ DMVPN Embedded hardware watchdog to automatically recover from various failure and ensure highest level of availability www.milesight-iot.com 7 UG65 User Guide Easy Maintenance management of remote devices

- Milesight DeviceHub provides easy setup, mass configuration, and centralized The user-friendly web interface design and various upgrading options help administrator to manage the device as easy as pie

- WEB GUI and CLI enable the admin to achieve quick configuration and simple management among a large quantity of devices Users can efficiently manage the remote devices on the existing platform through the industrial standard SNMP Capabilities constantly changing Link remote devices in an environment where communication technologies are Industrial quad core 64-bit ARM Cortex-A53 processor, high-performance operating up to 1.5GHz with low power consumption, and 8GB eMMC available to support more Support wide operating temperature ranging from -40C to 70C/-40F to 158F 1.3 Specification

(Note: In the FCC market,CE parameters are masked by software.)

applications Hardware System CPU Memory LoRaWAN Antenna Channel Quad-core 1.5GHz, 64-bit ARM Cortex-A53 8 GB eMMC Flash, 512 MB DDR4 RAM Fully Integrated and Internal Antenna

(Optional: 1 50 N-Female External Connector) 8 Frequency Band 125kHz:867.1-867.9MHz,868.1-868.5MHz(for CE) LoRa:923.3-927.5MHz(for FCC) Sensitivity

-140dBm Sensitivity @292bps Output Power 12.86dBm(for CE) 11.47dBm(for FCC) V1.0 Class A/Class C and V1.0.2 Class A/Class C Protocol Ethernet Ports 1 RJ-45 (PoE PD supported) Physical Layer 10/100/1000 Base-T (IEEE 802.3) Data Rate 10/100/1000 Mbps (auto-sensing) www.milesight-iot.com 8 UG65 User Guide Interface Mode Wi-Fi Interfaces Antenna Auto MDI/MDIX Full or half duplex (auto-sensing) Fully Integrated and Internal Antenna Standards IEEE 802.11 b/g/n Frequency Band 2412-2472MHz/2422-2462MHz(TX/RX for CE) 2412-2462MHz/2422-2452MHz(TX/RX for FCC) 12.16dBm(for CE) 17.80dBm(802.11b),16.69dBm(802.11g) 16.81dBm(802.11n-HT20),16.90dBm(802.11n-HT40)(for FCC) Cellular Interfaces (Optional) Tx Power Antenna SIM Slots Frequency Band Fully Integrated and Internal Antenna 1 For CE Frequency Band EGSM900:880-915MHz(TX),925-960MHz(RX) DCS1800:1710-1785MHz(TX),1805-1880MHz(RX) WCDMA B1:1920-1980MHz(TX),2110-2170MHz(RX) WCDMA B8:880-915MHz(TX),925-960MHz(RX) LTE B1:1920-1980MHz(TX),2110-2170MHz(RX) LTE B3: 1710 -1785 MHz(TX),1805-1880 MHz(RX) LTE B7:2500-2570MHz(TX),2620-2690MHz(RX) LTE B8:880-915MHz(TX),925-960MHz(RX) LTE B20:832-862MHz(TX),791-821MHz(RX) For FCC Frequency Band WCDMA Band 2: 1850-1910MHz(TX); 1930-1990MHz(RX) WCDMA Band 4: 1710-1755MHz(TX); 2110-2155MHz(RX) WCDMA Band 5: 824-849MHz(TX); 869-894MHz(RX) LTE Band 2: 1850-1910MHz(TX); 1930-1990MHz(RX) LTE Band 4: 1710-1755MHz(TX); 2110-2155MHz(RX) LTE Band 5: 824-849MHz(TX); 869-894MHz(RX) LTE Band 12: 699-716MHz(TX); 729-746MHz(RX) LTE Band 13: 777-787MHz(TX); 746-756MHz(RX) LTE Band 14: 788-798MHz(TX); 758-768MHz(RX) LTE Band 66:1710-1780MHz(TX); 2110-2180MHz(RX) LTE Band 71: 663-698MHz(TX); 617-652MHz(RX) For CE Tx Power EGSM900:32.33dBm(GMSK),26.16dBm(8PSK) DCS 1800:28.81dBm(GMSK),25.17(8PSK), WCDMA900:23.63dBm WCDMA2100:23.47dBm LTE: Band 1: 23.5dBm,LTE: Band 3: 23.7dBm LTE: Band 7: 23.8dBm,LTE: Band 8: 23.7dBm LTE: Band 20: 23.4dBm For FCC Tx Power WCDMA B2/4/5:23.0dBm LTE B2/4/5/12/13/14/66/71:23.5dBm 9 Tx Power www.milesight-iot.com UG65 User Guide Software Network Protocols PPPoE, SNMP v1/v2c/v3, TCP, UDP, DHCP, DDNS, HTTP, HTTPS, DNS, SNTP, Telnet, SSH, MQTT, etc. VPN Tunnel DMVPN/IPsec/OpenVPN/PPTP/L2TP/GRE Access Authentication CHAP/PAP/MS-CHAP/MS-CHAPV2 Firewall ACL/DMZ/Port Mapping/MAC Binding Management Web, CLI, SMS, On-demand dial up Power Supply and Consumption Power Supply 2. 1 802.3 af PoE input 1. DC Jack Connector for 9-24 VDC power supply LED Indicators 1 POWER, 1 STATUS, 1 LoRa, 1 Wi-Fi, 1 LTE, 1 ETH Consumption 4.2W Physical Characteristics Ingress Protection IP65 Dimensions 180 x 110 x 56.5 mm Desktop, Wall or Pole Mounting Mounting Others Reset Button 1 RST Built-in Environmental Watchdog, RTC, Timer Operating

-40C to +70C (-40F to +158F) Temperature Reduced cellular performance above 60C Storage Temperature

-40C to +85C (-40F to +185F) Ethernet Isolation 1.5 kV RMS Relative Humidity 0% to 95% (non-condensing) at 25C/77F 1.4 Dimensions (mm) www.milesight-iot.com 10 UG65 User Guide Chapter 2 Access to Web GUI This chapter explains how to access to Web GUI of the UG65. 2.1 Wireless Access Gateway_****** to connect it. 1. Enable Wireless Network Connection on your computer and search for access point 2. Open a Web browser on your PC (Chrome is recommended) and type in the IP address 192.168.1.1 to access the web GUI. 3. Enter the username and password, click Login. If you enter the username or password incorrectly more than 5 times, the login page will be locked for 10 minutes. 4. After logging the web GUI, follow the guide to complete the basic configurations. You can also skip the instructions. Its suggested that you change the password for the sake of security. 5. You can view system information and perform configuration of the gateway. www.milesight-iot.com 11 UG65 User Guide 2.2 Wired Access Connect PC to UG65 ETH port directly or through PoE injector to access the web GUI of gateway. The following steps are based on Windows 10 system for your reference. 1. Go to Control Panel Network and Internet Network and Sharing Center, then click Ethernet (May have different names). 2. Go to Properties Internet Protocol Version 4(TCP/IPv4) and select Use the following IP address, then assign a static IP manually within the same subnet of the gateway. www.milesight-iot.com 12 UG65 User Guide 3. Open a Web browser on your PC (Chrome is recommended) and type in the IP address 192.168.23.150 to access the web GUI. 4. Enter the username and password, click Login. If you enter the username or password incorrectly more than 5 times, the login page will be locked for 10 minutes. 5. After logging the web GUI, follow the guide to complete the basic configurations. You can also skip the instructions. Its suggested that you change the password for the sake of security. www.milesight-iot.com 13 6. After guide complete, you can view system information and perform configuration of the gateway. UG65 User Guide www.milesight-iot.com 14 UG65 User Guide Chapter 3 Web Configuration 3.1 Status 3.1.1 Overview You can view the system information of the gateway on this page. Item Model Region Serial Number Firmware Version Hardware Version Local Time Uptime CPU Load Figure 3-1-1-1 System Information Description Show the model name of gateway. Show the LoRaWAN frequency region of gateway. Show the serial number of gateway. Show the currently firmware version of gateway. Show the currently hardware version of gateway. Show the currently local time of system. Show the information on how long the gateway has been running. Show the current CPU utilization of the gateway. RAM (Capacity/Available) Show the RAM capacity and the available RAM memory. eMMC (Capacity/Available) Show the eMMC capacity and the available eMMC memory. Table 3-1-1-1 System Information 3.1.2 Packet Forwarder You can view the LoRaWAN status of gateway on this page. www.milesight-iot.com 15 UG65 User Guide Figure 3-1-2-1 Packet Forwarder Status Description Item Basic Version Status Region Code Uplink Gateway ID Show the ID of the gateway. Show the version of packet forwarder software. Show the status of packet forwarder. Show the LoRa region code which is based on the gateways variant. Packet Received Show the count of data packet from node to gateway. Packets received State Show the RF packets receiving state:

CRC_OK: Percentage of CRC verification CRC_Fail: Percentage of CRC verification failure www.milesight-iot.com 16 UG65 User Guide Push Data Acknowledged Downlink Pull Data Sent NO_CRC: Percentage of abnormal packets without CRC Packets Forwarded Packets that CRC verified are sent from gateway to server. Push Data Datagrams Sent The total quantity of packets sent from gateway to server, including the RF packets forwarded and statistics packets. Percentage of acknowledged packets among Push Data Datagrams Sent. Show the number of keepalive packets sent to the server, and percentage of acknowledged packet regarding the keepalive packet from the server. Pull Resp Datagrams Received Show the packet counts and size that will be sent from server to gateway. Packets Sent to node Packets Sent Errors Show the RF packet counts and size that will be sent from gateway to node. Show the RF packet counts that fail to be sent from server to node. Table 3-1-2-1 LoRaWAN Status 3.1.3 Cellular You can view the cellular network status of gateway on this page. Figure 3-1-3-1 www.milesight-iot.com 17 UG65 User Guide Modem Information Description Show corresponding detection status of module and SIM card. Show the model name of cellular module. Show the version of cellular module. Signal Level Show the cellular signal level. Register Status Show the registration status of SIM card. Show the IMEI of the module. Show IMSI of the SIM card. Show ICCID of the SIM card. Network Type Show the connected network type, such as LTE, 3G, etc. Show the network provider which the SIM card registers on. Show the current PLMN ID, including MCC, MNC, LAC and Cell ID. Item Status Model Version IMEI IMSI ICCID ISP PLMN ID LAC Cell ID Show the location area code of the SIM card. Show the Cell ID of the SIM card location. Table 3-1-3-1 Modem Information Figure 3-1-3-2 Network Status Item Status Netmask Gateway DNS Description Show the connection status of cellular network. IP Address Show the IP address of cellular network. Show the netmask of cellular network. Show the gateway of cellular network. Show the DNS of cellular network. Connection Duration Show information on how long the cellular network has been connected. Table 3-1-3-2 Network Status 3.1.4 Network On this page you can check the Ethernet port status of the gateway. www.milesight-iot.com 18 UG65 User Guide Figure 3-1-4-1 Description Show the name of the Ethernet port. Show the status of the Ethernet port. "Up" refers to a status that WAN is enabled and Ethernet cable is connected. "Down" means Ethernet cable is disconnected or WAN function is disabled. Type Show the dial-up type of the Ethernet port. IP Address Show the IP address of the Ethernet port. Show the netmask of the Ethernet port. Show the gateway of the Ethernet port. Show the DNS of the Ethernet port. Show the information about how long the Ethernet cable has been connected to the Ethernet port when the port is enabled. Once the port is disabled or Ethernet cable is disconnected, the duration will stop. Table 3-1-4-1 WAN Status Network Item Port Status Netmask Gateway DNS Duration 3.1.5 WLAN client. You can check Wi-Fi status on this page, including the information of access point and www.milesight-iot.com 19 Figure 3-1-5-1 UG65 User Guide Wireless Status Show the wireless status. Description WLAN Status Item MAC Address Interface Type SSID Channel Status IP Address Netmask Gateway Encryption Type Show the encryption type. Show the MAC address. Show the interface type, such as "AP" or Client". Show the SSID. Show the wireless channel. Show the connection status. Show the IP address of the gateway. Show the wireless MAC address of the gateway. Show the gateway address in wireless network. Connection Duration Show information on how long the Wi-Fi network has been connected. Table 3-1-5-1 WLAN Status Figure 3-1-5-2 Description Show the IP address of access point or client. Show the MAC address of the access point or client. Show information on how long the Wi-Fi network has been connected. Table 3-1-5-2 WLAN Status Associated Stations Item IP Address MAC Address Connection Duration 3.1.6 VPN DMVPN. You can check VPN status on this page, including PPTP, L2TP, IPsec, OpenVPN and www.milesight-iot.com 20 UG65 User Guide Figure 3-1-6-1 Figure 3-1-6-2 VPN Status Item Name Status Local IP Remote IP Figure 3-1-6-3 Description Show the name of the VPN tunnel. Show the status of the VPN tunnel. Show the local tunnel IP of VPN tunnel. Show the remote tunnel IP of VPN tunnel. Table 3-1-6-1 VPN Status 3.1.7 Host List You can view the host information on this page. www.milesight-iot.com 21 UG65 User Guide Figure 3-1-7-1 Description Show IP address of DHCP client Show MAC address of DHCP client Lease Time Remaining Show the remaining lease time of DHCP client. Show the IP address and MAC address set in the Static IP list of DHCP service. Table 3-1-7-1 Host List Description Host List Item DHCP Leases IP Address MAC Address MAC Binding IP & MAC 3.2 LoRaWAN www.milesight-iot.com 22 3.2.1 Packet Forwarder 3.2.1.1 General UG65 User Guide General Settings Item Description Figure 3-2-1-1 Gateway EUI Show the identifier of the gateway. Gateway ID Frequency-Sync Multi-Destination Fill in the corresponding ID which youve used for register gateway on the remote network server, such as TTN. It is usually the same as gateway EUI and can be changed. Sync frequency configurations from network server by selecting the corresponding ID. The gateway will forward the data to the network server address that was created and enabled in the list. Table 3-2-1-1 General Setting Parameters Default Generated from MAC address of the gateway and cannot be changed. The same as gateway EUI. Disabled Local host Related Configuration Example Packet fowarder configuration www.milesight-iot.com 23 3.2.1.2 Radios UG65 User Guide Figure 3-2-1-2 Figure 3-2-1-3 Radios-Radio Channel Setting Description Item Antenna Type Region Select the transmission type of antennas. Internal Antenna Choose the LoRaWAN frequency plan used for the upstream and downlink frequencies and datarates. Available channel plans depend on the gateways model. Center Frequency Radio 0 : supports transmitting and receiving packet. Radio 1 : only supports receiving packet from nodes. Table 3-2-1-2 Radio Channels Setting Parameters Default Based on the gateways model Based on what is specified in the LoRaWAN regional parameters document www.milesight-iot.com 24 UG65 User Guide Item Enable Index Radio Item Enable Radio Radios-Multi Channel Setting Description Figure 3-2-1-4 to transmit Click to enable this channel packets. Indicate the ordinal of the list. Choose Radio 0 or Radio 1 as center frequency. Default Enabled

Radio 0 Frequency/MHz Enter the frequency of this channel. Range: center frequency0.9. Based on the LoRaWAN regional document Table 3-2-1-3 Multi Channel Setting Parameters Radios-LoRa Channel Setting Description Figure 3-2-1-5 Click to enable this channel packets. to transmit Choose Radio 0 or Radio 1 as center frequency. Frequency/MHz Enter the frequency of this channel. Range: center frequency0.9. Bandwidth/MHz Spread Factor Enter the bandwidth of this channel. Recommended value: 125KHz, 250KHz, 500KHz bandwidth of the FCC)

(Note:500 KHz is belong to the Choose the selectable spreading factor. The channel with large spreading factor corresponds to a low rate, while the small one corresponds to a high rate. Table 3-2-1-4 LoRa Channel Setting Parameters Default Enabled Radio 0 Based on the supported frequency 500KHz Based on what is specified in the LoRaWAN regional parameters document www.milesight-iot.com 25 UG65 User Guide Figure 3-2-1-6 Radios-FSK Channel Setting Description Item Enable Radio Click to enable this channel packets. to transmit Choose Radio 0 or Radio 1 as center frequency. Frequency/MHz Enter the frequency of this channel. Range: center frequency0.9. Bandwidth/MHz Enter the bandwidth of this channel. Recommended value: 125KHz, 250KHz, 500KHz

(Note:500 KHz is belong to the bandwidth of the FCC) Default Disabled Radio 0 Based on the supported frequency Based on the supported frequency Data Rate Enter the data rate. Range500-25000. 500 Table 3-2-1-5 FSK Channel Setting Parameters 3.2.1.3 Advanced Figure 3-2-1-7 Advanced Item Keep Alive Interval Description Default Enter the interval of keepalive packet which is sent from gateway to network server to keep the connection stable and alive. 10 www.milesight-iot.com 26 UG65 User Guide Range: 1-3600. Enter the interval to update the network server with gateway statistics. Range: 1-3600. Enter the timeout to wait for the response from server after the gateway sends data of node. Rang:

1-1999. 30 100 Enable to send packets received with CRC disabled to the network server. Enable to send packets received with CRC errors to the network server. Disabled Disabled Enable to send packets received with CRC valid to the network server. Enabled Table 3-2-1-6 Advanced Parameters Stat Interval Push Timeout Forward CRC Disabled Forward CRC Error Forward CRC Valid 3.2.1.4 Custom Figure 3-2-1-8 When Custom Configuration mode is enabled, you can write your own packet forwarder configuration file in the edit box to configure packet forwarder. Click Save to save your custom configuration file content, and click Apply to take effect. You can click Clear to erase all content in the edit box. If you dont know how to write configuration file, please click Example to go to reference page. www.milesight-iot.com 27 3.2.1.5 Traffic When navigating to the traffic page, any recent traffic received by the gateway will display. To watch live traffic, click Start. UG65 User Guide Item Refresh Clear Rfch Direction Time Ticks Frequency Datarate Coderate RSSI SNR Figure 3-2-1-9 Description Click to obtain the latest data. Click to clear all data. Show the channel of this packet. Show the direction of this packet. Show the receiving time of this packet. Show the ticks of this packet. Show the frequency of the channel. Show the datarate of the channel. Show the coderate of this packet. Show the received signal strength. Show the signal to noise ratio of this packet. Table 3-2-1-7 Traffic Parameters www.milesight-iot.com 28 3.2.2 Network Server 3.2.2.1 General UG65 User Guide Item Description General Setting Figure 3-2-2-1 Enable Click to enable Network Server mode. Enabled Milesight IoT Cloud Enabled to connect gateway to Milesight IoT Cloud. NetID Enter the network identifier. Default Disabled 010203 Join Delay RX1 Delay the interval Enter time between when the end-device sends a Join_request_message to network server and when the end-device prepares the Join_accept_message from network server. to open RX1 to receive sent Enter the interval time between when the end-device sends uplink packets and when the end-device prepares to open RX1 to receive the downlink packet. Enter the amount of time till a successful join expires. The format is hours-minutes-seconds. If the join-type is OTAA, then the end-devices need to join the network server again when it 5 1 Lease Time 876000-00-00 www.milesight-iot.com 29 UG65 User Guide Depend on the gateways model exceeds the lease time. Log level Choose the log level. Info Channel Plan Setting Channel Plan Choose LoRaWAN channel plan used for the upstream and downlink frequencies and datarates. Available channel plans depend on the gateways model. Enabled frequencies are controlled using channel mask. Leave it blank means using all the default standard usable channels specified in the LoRaWAN regional parameters document. A bit in the ChMask field set to 1 means that the corresponding channel can be used for uplink transmissions if this channel allows the data rate currently used by the end-device. Depend on the gateways model Channel Mask A bit set to 0 means the corresponding channels should be avoided. US 915 and AU 915 have a 80-bit channel mask for 72 usable channels and EU, AS, IN, KR frequencies have a 16-bit mask for 16 usable channels. Table 3-2-2-1 General Parameters Note: For some regional variants, if allowed by your LoRaWAN region, you can use Additional Plan to configure additional channels undefined by the LoRaWAN Regional Parameters, like EU868 and KR920, as the following picture shows:

Figure 3-2-2-2 Additional Channels Item Description Default Frequency/MHz Enter the frequency of the additional plan. Null. Max Datarate DR0(SF12,125kHz) Enter the max datarate for the end-device. The range is based on what is specified in the LoRaWAN regional parameters document. Min Datarate Enter the min datarate for the end-device. DR3(SF9,125kHz) www.milesight-iot.com 30 UG65 User Guide The range is based on what is specified in the parameters document. LoRaWAN regional Table 3-2-2-2 Additional Plan Parameters 3.2.2.2 Application An application is a collection of devices with the same purpose/of the same type. All devices with the same Payload Codec and data transmission destination can be added under the same application. You can edit the application by clicking or create a new application by clicking

. Item Name Description Figure 3-2-2-3 Description Enter the name of the application profile. E.g Smoker-sensor-app. Enter the description of this application. E.g a application for smoker sensor. Payload Codec Select from: None, Cayenne LPP, Custom. None: This mode enables devices not to encode data. Cayenne LPP: This mode enables devices to encode data with the Cayenne Low Power Payload (LPP). Custom: This mode enables devices to encode data with the decoder function and the encoder function which you have entered the code. Data Transmission Data will be sent to your custom server using the MQTT,HTTP or HTTPS protocol. Table 3-2-2-3 Application Parameters www.milesight-iot.com 31 UG65 User Guide Figure 3-2-2-4 Figure 3-2-2-5 www.milesight-iot.com 32 UG65 User Guide Default MQTT Settings Description Item General Broker Address Client ID MQTT broker address to receive data. Broker Port MQTT broker port to receive data. Client ID is the unique identity of the client to the server. It must be unique when all clients are connected to the same server, and it is the key to handle message at QoS 1 and 2. Connection Timeout/s Keep Alive Interval/s If the client does not get a response after the connection timeout, the connection will be considered as broken. The Range: 1-65535 After the client is connected with the server, the client will send heartbeat packet to the server regularly to keep alive. Range: 1-65535 User Credentials Enable Enable user credentials. Username The username used for connecting to MQTT broker. Password The password used for connecting to MQTT broker.

30 60 Enable the TLS encryption in MQTT communication. Select from Self signed certificates, CA signed server certificate. CA signed server certificate:verify with the certificate issued by Certificate Authority (CA) that pre-loaded on device. Self signed certificates: upload the custom CA certificates, client certificates and secret key for verification. Data Type Data type sent to MQTT broker. Topic Topic name of the data type using for publish. TLS Enable Mode Topic QoS QoS 0 Only Once This is the fastest method and requires only 1 message. It is also the most unreliable transfer mode. QoS 1 At Least Once This level guarantees that the message will be delivered at least once, but may be delivered more than once. QoS 2 Exactly Once QoS 2 is the highest level of service in MQTT. This level guarantees that each message is received only once by the intended recipients. QoS 2 is the safest and slowest quality of service level. Table 3-2-2-4 MQTT Settings Parameters www.milesight-iot.com 33 UG65 User Guide Figure 3-2-2-6 HTTP/HTTPS Settings Item Description HTTP Header Header Name A core set of fields in HTTP header. Header Value Value of the HTTP header. URL Topic URL Data Type Data type sent to HTTP/HTTPS server. Topic name of the data type using for publish. HTTP/HTTPS server URL to receive data. Table 3-2-2-5 HTTP/HTTPS Settings Parameters Related Configuration Example Application configuration 3.2.2.3 Profiles A Profile defines the device capabilities and boot parameters that are needed by the Netwo rk Server for setting the LoRaWAN radio access service. These information elements shall be provided by the end-device manufacturer. You can edit the device profile by clicking or create a new device profile by clicking

. www.milesight-iot.com 34 UG65 User Guide Figure 3-2-2-7 Figure 3-2-2-8 Device Profiles Settings Description Item Name Enter the name of the device profile. E.g. Smoker-sensor-app. Default Null Max TXPower Enter the maximum transmit power. The TXPower indicates power levels relative to the Max EIRP level of the end-device. 0 means using the max EIRP. EIRP refers to the Equivalent Isotropically Radiated Power. 0 Select from: OTAA and ABP. OTAA:Over-the-Air Activation. For over-the-air activation, end-devices must follow a join procedure prior to participating in data exchanges with the network server. An end-device has to go through a new join procedure every time as it has lost the session context information. ABP: Activation by Personalization. Under certain circumstances, end-devices can Join Type OTAA www.milesight-iot.com 35 UG65 User Guide be activated by personalization. Activation by personalization directly ties an end-device to a specific network bypassing the join request -

join accept procedure. Select from: Class A and Class C. Class A: Class A operation has the lowest power consumption for applications that require downlink communication from the server shortly after the end-device has sent an uplink transmission. Class C: End-device of Class C will continuously open receive windows, only closed when transmitting. Class C end-device will spend more power than Class A or Class B but they offer the lowest latency for server to end-device communication. Table 3-2-2-6 Device Profiles Setting Parameters Class Type Class A Device Profile Advanced Settings Figure 3-2-2-9 Item MAC Version Regional Parameter Revision RX1 Datarate Offset RX2 Datarate Description Choose the version of the LoRaWAN supported by the end-device. Default 1.0.2 Revision of the Regional Parameters document supported by the end-device. B Enter the offset which used for calculate the RX1 data-rate, based on the uplink data-rate. The range is based on what is specified in the LoRaWAN regional parameters document. Enter the RX2 datarate which used for the RX2 receive-window. The range is based on what is Based on what is specified in the LoRaWAN regional parameters document www.milesight-iot.com 36 UG65 User Guide specified in the LoRaWAN regional parameters document. Enter the RX2 channel frequency which used for the RX2 receive-window. The range is based on is specified in the LoRaWAN regional what parameters document. List of factory-preset frequencies. The range is is specified in the LoRaWAN based on what regional parameters document. RX2 Channel Frequency Frequency List ACK Timeout Enter the time for confirmed downlink transmissions. Only applicable to class C. Table 3-2-2-7 Device Profiles Advanced Setting Parameters Null 0 3.2.2.4 Device A device is the end-device connecting to, and communicating over the LoRaWAN network. Item Add Bulk Import Delete All Device Name Device EUI Device-Profile Application Last Seen Activated Figure 3-2-2-10 Description Add a device. Download template and import multiple devices. Delete all devices in the list. Show the name of the device. Show the EUI of the device. Show the name of the devices device profile. Show the name of the devices application. Show the time of last packet received. Show the status of the device . means that the device Operation Edit or delete the device. has been activated. Table 3-2-2-8 Device Parameters www.milesight-iot.com 37 UG65 User Guide Figure 3-2-2-11 Device Configuration Item Description Device Name Enter the name of this device. Description Device EUI Enter the description of this device. Enter the EUI of this device. Device-Profile Choose the device profile. Application Choose the application profile. Modbus RTU Data Transmission Fport Choose from: "Disable", "Modbus RTU to TCP",

"Modbus RTU over TCP". This feature is only applicable to Milesight LoRaWAN controllers.

-Modbus RTU to TCP: TCP client can send Modbus TCP commands to ask for controller Modbus data.

-Modbus RTU over TCP: TCP client can send Modbus RTU commands to ask for controller Modbus data. Enter the LoRaWAN frame port for transparent transmission between Milesight LoRaWAN controllers and UG65. Range: 2-84, 86-223. Default Null Null Null Null Null Disable Null www.milesight-iot.com 38 UG65 User Guide Note: this value must be the same as the Milesight LoRaWAN controllers Fport. Enter the TCP port for data transmission between the TCP Client and UG65 (as TCP Server). Range: 1-65535. If disable the frame-counter validation, it will compromise security as it enables people to perform replay-attacks. an end-device Whenever via over-the-air activation, the application key is used for derive the Application Session key. a network joins Enabled Device Address The device address identifies the end-device within the current network. Null Null Null Null Null Null Null The network session key specific for the end-device. It is used by the end-device to calculate the MIC or part of the MIC (message integrity code) of all uplink data messages to ensure data integrity. The AppSKey is an application session key specific for the end-device. It is used by both the application server and the end-device to encrypt and decrypt the payload field of application-specific data messages. The number of data frames which sent uplink to the network server. It will be incremented by the end-device and received by the end-device. Users can reset the a personalized end-device manually, then the frame counters on the end-device and the frame counters on the network server for that end-device will be reset to 0. The number of data frames which received by the end-device downlink from the network server. It will be incremented by the network server. Users cloud reset the a personalized end-device manually, then the frame counters on the end-device and the frame counters on the network server for that end-device will be reset to 0. Table 3-2-2-9 Device Setting Parameters TCP Port Frame-Counter Validation Application Key Network Session Key Application Session Key Uplink Frame-counter Downlink Frame-counter Related Configuration Example Device configuration www.milesight-iot.com 39 3.2.2.5 Packets UG65 User Guide Figure 3-2-2-12 Send Data To Device Item Description Device EUI Enter the EUI of the device to receive the payload. Type Payload Port Choose from: ASCII, hex, base64. Choose the payload type to enter in the payload Input box. Enter the message to be sent to this device. Enter the LoRaWAN frame port for packet transmission between device and Network Server. Confirmed After enabled, the end device will receive downlink packet and should answer confirmed to the network server. Disabled Table 3-2-2-10 Send Data to Device Parameters Default Null ASCII Null Null Network Server Item Device EUI Frequency Datarate SNR RSSI Size Fcnt Type Description Show the EUI of the device. Show the used frequency to transmit packets. Show the used datarate to transmit packets. Show the signal-noise ratio. Show the received signal strength indicator. Show the size of payload. Show the frame counter. Show the type of the packet:

www.milesight-iot.com 40 UG65 User Guide JnAcc - Join Accept Packet JnReq - Join Request Packet UpUnc - Uplink Unconfirmed Packet UpCnf - Uplink Confirmed Packet - ACK response from network requested DnUnc - Downlink Unconfirmed Packet DnCnf - Downlink Confirmed Packet- ACK response from end-device requested Time Show the time of packet was sent or received. Table 3-2-2-11 Packet Parameters Click to get more details about the packet. As shown:

Figure 3-2-2-13 Item Description Dev Addr Show the address of the device. GwEUI AppEUI DevEUI Show the EUI of the gateway. Show the EUI of the application. Show the EUI of the device. Immediately TimeSinceGP SEpoch Show the GPS time. Timestamp Show the timestamp of this packet. Frequency Show the frequency of this channel. True: Device may transmit an explicit (possibly empty) acknowledgement data message immediately after the reception of a data message requiring a confirmation. www.milesight-iot.com 41 Type Adr Ack Fcnt FPort SNR RSSI Power MIC UG65 User Guide Show the type of the packet:

JnAcc - Join Accept Packet JnReq - Join Request Packet UpUnc - Uplink Unconfirmed Packet UpCnf - Uplink Confirmed Packet - ACK response from network requested DnUnc - Downlink Unconfirmed Packet DnCnf - Downlink Confirmed Packet- ACK response from end-device requested True: The end-node has enabled ADR. False: The end-node has not enabled ADR. AdrAcKReq In order to validate that the network is receiving the uplink messages, nodes periodically transmit ADRACKReq message. This is 1 bit long. True: Network should respond in ADR_ACK_DELAY time to confirm that it is receiving the uplink messages. False: ADR is disabled or Network does not respond in ADR_ACK_DELAY. True: This frame is ACK. False: This frame is not ACK. Show the frame-counter of this packet.The network server tracks the uplink frame counter and generates the downlink counter for each end-device. FPort is a multiplexing port field. If the frame payload field is not empty, the port field must be present. If present, a FPort 16 value of 0 indicates that the FRMPayload contains MAC commands only.When this is the case, the FOptsLen field must be zero. FOptsLen is the length of the FOpts field in bytes. Modulation LoRa means the physical layer uses the LoRa modulation Bandwidth Show the bandwidth of this channel. SpreadFactor Show the spreadFactor of this channel. Bitrate Show the bitrate of this channel. CodeRate Show the coderate of this channel. Show the SNR of this channel. Show the RSSI of this channel. Show the transmit power of the device. Payload (b64) Show the application payload of this packet. Payload (hex) Show the application payload of this packet. Show the MIC of this packet.MIC is a cryptographic message integrity code, computed over the fields MHDR, FHDR, FPort and the encrypted FRMPayload. Table 3-2-2-12 Packets Details Parameters Related Topic Send Data to Device www.milesight-iot.com 42 UG65 User Guide 3.3 Network 3.3.1 Interface 3.3.1.1 Port The Ethernet port can be connected with Ethernet cable to get Internet access. It supports 3 connection types.

- Static IP: configure IP address, netmask and gateway for Ethernet WAN interface.

- DHCP Client: configure Ethernet WAN interface as DHCP Client to obtain IP address automatically.

- PPPoE: configure Ethernet WAN interface as PPPoE Client. Select from "Static IP", "DHCP Client" and "PPPoE". Static IP Figure 3-3-1-1 Description Enable WAN function. The port that is currently set as eth0 port. Set the maximum transmission unit. Set the primary DNS. Set the secondary DNS. Port Setting Item Enable Port Connection Type MTU Primary DNS Server Secondary DNS Server Enable NAT Default Enable eth 0 1500 Null Null Enable or disable NAT function. When enabled, a private IP can be translated to a public IP. Enable Table 3-3-1-1 Port Parameters www.milesight-iot.com 43 1. Static IP Configuration mode. If the external network assigns a fixed IP for the Ethernet port, user can select Static IP UG65 User Guide Figure 3-3-1-2 Static IP Item Description IP Address Set the IP address which can access Internet. Netmask Set the Netmask for Ethernet port. Gateway Set the gateway's IP address for Ethernet port. Default 192.168.23.150 255.255.255.0 192.168.23.1 Set the multiple IP addresses for Ethernet port. Null Table 3-3-1-2 Static IP Parameters If the external network has DHCP server enabled and has assigned IP addresses to the Ethernet WAN interface, user can select DHCP client mode to obtain IP address Multiple IP Address 2. DHCP Client automatically. www.milesight-iot.com 44 UG65 User Guide Figure 3-3-1-3 Description Obtain peer DNS automatically during PPP dialing. DNS is necessary when user visits domain name. Table 3-3-1-3 DHCP Client Parameters DHCP Client Item Use Peer DNS 3. PPPoE control of each user. PPPoE refers to a point to point protocol over Ethernet. User has to install a PPPoE client on the basis of original connection way. With PPPoE, remote access devices can get www.milesight-iot.com 45 UG65 User Guide Figure 3-3-1-4 PPPoE Item Username Password Link Detection Interval (s) Description Enter the username provided by your Internet Service Provider (ISP). Enter the password provided by your Internet Service Provider (ISP). Set the heartbeat interval for link detection. Range: 1-600. Max Retries Set the maximum retry times after it fails to dial up. Range: 0-9. Use Peer DNS Obtain peer DNS automatically during PPP dialing. DNS is necessary when user visits domain name. Table 3-3-1-4 PPOE Parameters 3.3.1.2 WLAN 802.11 b/g/n, as AP or client mode. This section explains how to set the related parameters for Wi-Fi network. UG65 supports www.milesight-iot.com 46 Figure 3-3-1-5 UG65 User Guide WLAN Settings Item Enable BSSID SSID Client Mode Scan Encryption Mode Cipher Key User Anonymous Identity Phase2 Public Server Certificate AP Mode Work Mode Select gateway's work mode. The options are "Client" or "AP". Figure 3-3-1-6 Description Enable/disable WLAN. Fill in the MAC address of the access point. Either SSID or BSSID can be filled to joint the network. Fill in the SSID of the access point. Click "Scan" button to search the nearby access point. Select encryption mode. The options are No Encryption", WEP Open System" , WEP Shared Key", WPA-PSK", WPA2-PSK" , WPA-PSK/WPA2-PSK", WPA-Enterprise, WPA2-Enterpriseand WPA-Enterprise/WPA2-Enterprise. Select cipher. The options are Auto", AES", TKIP" and AES/TKIP". Fill the pre-shared key of WEP/WPA encryption. XSupplicant Type Select from Peap, Leap, TLS and TTLS. Fill the user of WPA/WPA2-Enterprise. Fill the anonymous identity of WPA/WPA2-Enterprise. Fill the phase2 of WPA/WPA2-Enterprise. The public server certificate used for verifying with WPA/WPA2-Enterprise access point. SSID Broadcast When SSID broadcast is disabled, other wireless devices can't not find the SSID, and users have to enter the SSID manually to www.milesight-iot.com 47 UG65 User Guide AP Isolation Radio Type access to the wireless network. When AP isolation is enabled, all users which access to the AP are isolated without communication with each other. Select Radio type. The options are 802.11b (2.4 GHz)", 802.11g

(2.4 GHz)", 802.11n (2.4 GHz). Channel Select wireless channel. The options are "Auto", "1", "2"......"11". Encryption Mode Select encryption mode. The options are No Encryption", WEP Open System" , WEP Shared Key", WPA-PSK", WPA2-PSK" and WPA-PSK/WPA2-PSK". Cipher Key Select cipher. The options are Auto", AES", TKIP" and AES/TKIP". Fill the pre-shared key of WPA encryption. Bandwidth Select bandwidth. The options are "20MHz" and "40MHz". Max Client Number Set the maximum number of client to access when the gateway is configured as AP. IP Setting Protocol IP Address Netmask Gateway Set the protocol in wireless network. Set the IP address in wireless network. Set the netmask in wireless network. Set the gateway in wireless network. Table 3-3-1-5 WLAN Parameters Client Mode-Scan SSID Channel Signal BSSID Figure 3-3-1-7 Show SSID. Show wireless channel. Show wireless signal. Show the MAC address of the access point. www.milesight-iot.com 48 UG65 User Guide Security Show the encryption mode. Frequency Show the frequency of radio. Join Network Click the button to join the wireless network. Table 3-3-1-6 WLAN Scan Parameters Related Topic Wi-Fi Application Example 3.3.1.3 Cellular This section explains how to set the related parameters for cellular network. Figure 3-3-1-8 www.milesight-iot.com 49 UG65 User Guide Figure 3-3-1-9 General Settings Item Enable Description Check the option to enable the corresponding SIM card. Select from "Auto, "Auto 3G/4G, "4G Only" and "3G Only". Auto: connect to the network with the strongest signal automatically. 4G Only: connect to 4G network only. And so on. Enter the Access Point Name for cellular dial-up connection provided by local ISP. Enter the username for cellular dial-up connection provided by local ISP. Enter the password for cellular dial-up connection provided by local ISP. Network Type APN Username Password Access Number Enter the dial-up center NO. For cellular dial-up connection provided by local ISP. PIN Code Enter a 4-8 characters PIN code to unlock the SIM. Authentication Type Select from "Auto", "PAP", "CHAP", "MS-CHAP", and

"MS-CHAPv2". Roaming Enable or disable roaming. SMS Center Enter the local SMS center number for storing, forwarding, converting and delivering SMS message. Enable NAT Enable or disable NAT function. Default Enable Auto Null Null Null Null Null Auto Disable Null Enable Restart When When this function is enabled, the gateway will restart Disabled www.milesight-iot.com 50 UG65 User Guide Dial-up failed automatically if the dial-up fails several times. ICMP Server Set the ICMP detection server's IP address. 8.8.8.8 Set the secondary ICMP detection server's IP address. 114.114.114.114 Secondary ICMP Server ICMP Detection Max Retries ICMP Detection Timeout ICMP Detection Interval Set max number of retries when ICMP detection fails. Set timeout of ICMP detection. Set interval of ICMP detection. 3 5 15 PDU SMS Mode Select SMS mode from TEXT and PDU. Table 3-3-1-7 Cellular Parameters Item Description Connection Mode Figure 3-3-1-10 Connection Mode Select from "Always Online" and "Connect on Demand". Redial Interval(s) Set the time interval between redials. Range: 0-3600. Max Idle Time(s) Triggered by Call Call Group Triggered by SMS Set the maximum duration of the gateway when current link is under idle status. Range: 10-3600. The gateway will switch from offline mode to cellular network mode automatically when it receives a call from the specific phone number. Select a call group for call trigger. Go to "System > General Settings > Phone" to set up phone group. The gateway will switch from offline mode to cellular network mode automatically when it receives a specific SMS from the specific mobile phone. SMS Group Select a SMS group for trigger. Go to "System > General Settings > Phone" to set up SMS group. SMS Text Fill in the SMS content for triggering. Table 3-3-1-8 Cellular Parameters Related Topics Cellular Connection Application Example www.milesight-iot.com 51 UG65 User Guide Phone Group 3.3.1.4 Loopback Loopback interface is used for replacing gateway's ID as long as it is activated. When the interface is DOWN, the ID of the gateway has to be selected again which leads to long convergence time of OSPF. Therefore, Loopback interface is generally recommended as the ID of the gateway. Loopback interface is a logic and virtual interface on gateway. Under default conditions, there's no loopback interface on gateway, but it can be created as required. Figure 3-3-1-11 Loopback Item Description IP Address Unalterable Netmask Unalterable Multiple IP Addresses Apart from the IP above, user can configure other IP addresses. Table 3-3-1-9 Loopback Parameters Default 127.0.0.1 255.0.0.0 Null 3.3.2 Firewall This section describes how to set the firewall parameters, including website block, ACL, DMZ, Port Mapping and MAC Binding. The firewall implements corresponding control of data flow at entry direction (from Internet to local area network) and exit direction (from local area network to Internet) according to the content features of packets, such as protocol style, source/destination IP address, etc. It ensures that the gateway operate in a safe environment and host in local area network. www.milesight-iot.com 52 3.3.2.1 Security UG65 User Guide Website Blocking Figure 3-3-2-1 URL Address Enter the HTTP address which you want to block. Keyword You can block specific website by entering keyword. The maximum number of character allowed is 64. Table 3-2-2-1 Security Parameters 3.3.2.2 ACL Access control list, also called ACL, implements permission or prohibition of access for specified network traffic (such as the source IP address) by configuring a series of matching rules so as to filter the network interface traffic. When gateway receives packet, the field will be analyzed according to the ACL rule applied to the current interface. After the special packet is identified, the permission or prohibition of corresponding packet will be implemented according to preset strategy. The data package matching rules defined by ACL can also be used by other functions requiring flow distinction. www.milesight-iot.com 53 UG65 User Guide Item ACL Setting Default Filter Policy Access Control List Type ID Action Protocol Source IP Source Wildcard Mask Destination Wildcard Mask Description ICMP Type ICMP Code Figure 3-3-2-2 Description Select from "Accept" and "Deny". The packets which are not included in the access control list will be processed by the default filter policy. Select type from "Extended" and "Standard". User-defined ACL number. Range: 1-199. Select from "Permit" and "Deny". Select protocol from "ip", "icmp", "tcp", "udp", and "1-255". Source network address (leaving it blank means all). Wildcard mask of the source network address. Destination IP Destination network address (0.0.0.0 means all). Wildcard mask of destination address. Fill in a description for the groups with the same ID. Enter the type of ICMP packet. Range: 0-255. Enter the code of ICMP packet. Range: 0-255. Source Port Type Select source port type, such as specified port, port range, etc. Source Port Set source port number. Range: 1-65535. Start Source Port Set start source port number. Range: 1-65535. End Source Port Set end source port number. Range: 1-65535. www.milesight-iot.com 54 UG65 User Guide Destination Port Type Select destination port type, such as specified port, port range, etc. Destination Port Set destination port number. Range: 1-65535. Set start destination port number. Range: 1-65535. End Destination Port Set end destination port number. Range: 1-65535. Show information of the port. Start Destination Port More Details Interface List Interface In ACL Out ACL Select network interface for access control. Select a rule for incoming traffic from ACL ID. Select a rule for outgoing traffic from ACL ID. Table 3-3-2-2 ACL Parameters 3.3.2.3 DMZ forwarded ports in port mapping. DMZ is a host within the internal network that has all ports exposed, except those DMZ Item Enable Figure 3-3-2-3 Description Enable or disable DMZ. DMZ Host Enter the IP address of the DMZ host on the internal network. Source Address Set the source IP address which can access to DMZ host.

"0.0.0.0/0" means any address. Table 3-3-2-3 DMZ Parameters 3.3.2.4 Port Mapping Port mapping is an application of network address translation (NAT) that redirects a communication request from the combination of an address and port number to another while the packets are traversing a network gateway such as a gateway or firewall. Click to add a new port mapping rules. www.milesight-iot.com 55 UG65 User Guide Port Mapping Item Source IP Source Port Destination IP Destination Port Protocol Description Figure 3-3-2-4 Description Specify the host or network which can access local IP address. 0.0.0.0/0 means all. Enter the TCP or UDP port from which incoming packets are forwarded. Range: 1-65535. Enter the IP address that packets are forwarded to after being received on the incoming interface. Enter the TCP or UDP port that packets are forwarded to after being received on the incoming port(s). Range: 1-65535. Select from "TCP" and "UDP" as your application required. The description of this rule. Table 3-3-2-4 Port Mapping Parameters Related Configuration Example NAT Application Example 3.3.2.5 MAC Binding MAC Binding is used for specifying hosts by matching MAC addresses and IP addresses that are in the list of allowed outer network access. Figure 3-3-2-5 MAC Binding List Item Description MAC Address Set the binding MAC address. www.milesight-iot.com 56 UG65 User Guide IP Address Set the binding IP address. Description Fill in a description for convenience of recording the meaning of the binding rule for each piece of MAC-IP. Table 3-3-2-5 MAC Binding Parameters 3.3.3 DHCP UG65 can be set as a DHCP server to distribute IP address when Wi-Fi work as AP mode. Figure 3-3-3-1 DHCP Server Item Enable Interface Start Address Description Enable or disable DHCP server. Only wlan interface is allowed to distribute IP addresses. Define the beginning of the pool of IP addresses which will be leased to DHCP clients. End Address Define the end of the pool of IP addresses which will be leased to DHCP clients. Netmask Define the subnet mask of IP address obtained by DHCP clients from DHCP server. Default Enable wlan0 192.168.1.100 192.168.1.199 255.255.255.0 Lease Time

(Min) Set the lease time on which the client can use the IP address obtained from DHCP server. Range: 1-10080. 1440 Primary Set the primary DNS server. 114.114.114.114 www.milesight-iot.com 57 UG65 User Guide DNS Server Secondary DNS Server Windows Name Server Static IP MAC Address IP Address 3.3.4 DDNS Set the secondary DNS server. Define the Windows Internet Naming Service obtained by DHCP clients from DHCP sever. Generally you can leave it blank. Set a static and specific MAC address for the DHCP client (it should be different from other MACs so as to avoid conflict). Set a static and specific IP address for the DHCP client (it should be outside of the DHCP range). Table 3-3-3-1 DHCP Server Parameters Null Null Null Null Dynamic DNS (DDNS) is a method that automatically updates a name server in the Domain Name System, which allows user to alias a dynamic IP address to a static domain name. DDNS serves as a client tool and needs to coordinate with DDNS server. Before starting configuration, user shall register on a website of proper domain name provider and apply for a domain name. Figure 3-3-4-1 Description Give the DDNS a descriptive name. Interface Set interface bundled with the DDNS. Service Type Select the DDNS service provider. Username Enter the username for DDNS register. DDNS Item Name User ID Password Server Hostname Append IP Enter User ID of the custom DDNS server. Enter the password for DDNS register. Enter the name of DDNS server. Enter the hostname for DDNS. Append your current IP to the DDNS server update path. Table 3-3-4-1 DDNS Parameters www.milesight-iot.com 58 UG65 User Guide This section describes how to configure link failover strategies, such as VRRP strategies. 3.3.5 Link Failover Configuration Steps 1. Define one or more SLA operations (ICMP probe). 2. Define one or more track objects to track the status of SLA operation. 3. Define applications associated with track objects, such as VRRP or static routing. 3.3.5.1 SLA SLA setting is used for configuring link probe method. The default probe type is ICMP. SLA Item ID Type Figure 3-3-5-1 Description Default SLA index. Up to 10 SLA settings can be added. Range: 1-10. 1 ICMP-ECHO is the default type to detect if the link is alive. icmp-echo Destination Address The detected IP address. 114.114.114.11 4 Secondary Destination Address Data Size Interval (s) Timeout (ms) Packet Loss Count Start Time The secondary detected IP address. 8.8.8.8 User-defined data size. Range: 0-1000. 56 User-defined detection interval. Range: 1-608400. 30 User-defined timeout for response to determine ICMP detection failure. Range: 1-300000. 5000 Define packet loss count in each SLA probe. SLA probe fails when the preset packet loss count is exceeded. 5 Detection start time; select from "Now" and blank character. Blank character means this SLA detection doesn't start. now Table 3-3-5-1 SLA Parameters www.milesight-iot.com 59 UG65 User Guide 3.3.5.2 Track Track setting is designed for achieving linkage among SLA module, Track module and Application module. Track setting is located between application module and SLA module with main function of shielding the differences of various SLA modules and providing unified interfaces for application module. Linkage between Track Module and SLA module Once you complete the configuration, the linkage relationship between Track module and SLA module will be established. SLA module is used for detection of link status, network performance and notification of Track module. The detection results help track status change timely.

For successful detection, the corresponding track item is Positive. For failed detection, the corresponding track item is Negative. Linkage between Track Module and Application Module After configuration, the linkage relationship between Track module and Application module will be established. When any change occurs in track item, a notification that requires corresponding treatment will be sent to Application module. Currently, the application modules like VRRP and static routing can get linkage with track module. If it sends an instant notification to Application module, the communication may be interrupted in some circumstances due to routing's failure like timely restoration or other reasons. Therefore, user can set up a period of time to delay notifying application module when the track item status changes. Item Index Type SLA ID Figure 3-3-5-2 Description Default Track index. Up to 10 track settings can be configured. Range: 1-10. The options are "sla" and "interface". SLA Defined SLA ID. Interface Select the interface whose status will be detected. cellular0 Negative Delay (s) When interface is down or SLA probing fails, it will wait according to the time set here before actually changing its status to Down. Range: 0-180 (0 refers to immediate switching). 1 1 0 www.milesight-iot.com 60 UG65 User Guide Positive Delay (s) When failure recovery occurs, it will wait according to the time set here before actually changing its status to Up. Range: 0-180 (0 refers to immediate switching). 1 Table 3-3-5-2 Track Parameters 3.3.5.3 WAN Failover WAN failover refers to failover between Ethernet WAN interface and cellular interface. When service transmission cant be carried out normally due to malfunction of a certain interface or lack of bandwidth, the rate of flow can be switched to backup interface quickly. Then the backup interface will carry out service transmission and share network flow so as to improve reliability of communication of data equipment. When link state of main interface is switched from up to down, system will have the pre-set delay works instead of switching to link of backup interface immediately. Only if the state of main interface is still down after delay, will the system switch to link of backup interface. Otherwise, system will remain unchanged. WAN Failover Parameters Description Figure 3-3-5-3 Main Interface Select a link interface as the main link. Backup Interface Select a link interface as the backup link. Startup Delay (s) Set how long to wait for the startup tracking detection policy to take effect. Range: 0-300. Up Delay (s) Down Delay (s) When the primary interface switches from failed detection to successful detection, switching can be delayed based on the set time. Range: 0-180 (0 refers to immediate switching) When the primary interface switches from successful detection to failed detection, switching can be delayed based on the set time. Range: 0-180 (0 refers to immediate switching). Track ID Track detection, select the defined track ID. Table 3-3-5-3 WAN Failover Parameters Default

30 0 0

www.milesight-iot.com 61 UG65 User Guide Virtual Private Networks, also called VPNs, are used to securely connect two private networks together so that devices can connect from one network to the other network via secure channels. UG65 supports DMVPN, IPsec, GRE, L2TP, PPTP, OpenVPN, as well as GRE over IPsec and L2TP over IPsec. 3.3.6 VPN 3.3.6.1 DMVPN A dynamic multi-point virtual private network (DMVPN), combining mGRE and IPsec, is a secure network that exchanges data between sites without passing traffic through an organization's headquarter VPN server or gateway. Figure 3-3-6-1 DMVPN Item Enable Figure 3-3-6-2 Description Enable or disable DMVPN. Hub Address The IP address or domain name of DMVPN Hub. Local IP address DMVPN local tunnel IP address. www.milesight-iot.com 62 UG65 User Guide GRE Hub IP Address GRE Hub tunnel IP address. GRE Local IP Address GRE local tunnel IP address. GRE Netmask GRE local tunnel netmask. GRE Key GRE tunnel key. Negotiation Mode Select from "Main" and "Aggressive". Authentication Algorithm Select from "DES", "3DES", "AES128", "AES192" and

"AES256". Encryption Algorithm Select from "MD5" and "SHA1". DH Group Key Select from "MODP768_1", "MODP1024_2" and

"MODP1536_5". Enter the preshared key. Local ID Type Select from "Default", "ID", "FQDN", and "User FQDN"

IKE Life Time (s) Set the lifetime in IKE negotiation. Range: 60-86400. SA Algorithm PFS Group Select from "DES_MD5", "DES_SHA1", "3DES_MD5",

"3DES_SHA1", "AES128_MD5", "AES128_SHA1",

"AES192_MD5", "AES192_SHA1", "AES256_MD5" and

"AES256_SHA1". Select from "NULL", "MODP768_1", "MODP1024_2" and

"MODP1536-5". Life Time (s) Set the lifetime of IPsec SA. Range: 60-86400. DPD Interval Time (s) Set DPD interval time DPD Timeout (s) Set DPD timeout. Cisco Secret Cisco Nhrp key. NHRP Holdtime (s) The holdtime of Nhrp protocol. Table 3-3-6-1 DMVPN Parameters 3.3.6.2 IPSec IPsec is especially useful for implementing virtual private networks and for remote user access through dial-up connection to private networks. A big advantage of IPsec is that security arrangements can be handled without requiring changes to individual user computers. IPsec provides three choices of security service: Authentication Header

(AH), Encapsulating Security Payload (ESP), and Internet Key Exchange (IKE). AH essentially allows authentication of the senders data. ESP supports both authentication of the sender and data encryption. IKE is used for cipher code exchange. All of them can protect one and more data flows between hosts, between host and gateway, and between gateways. www.milesight-iot.com 63 UG65 User Guide Figure 3-3-6-3 IPsec Item Enable IPsec Gateway Address IPsec Mode IPsec Protocol Local Subnet Description Enable IPsec tunnel. A maximum of 3 tunnels is allowed. Enter the IP address or domain name of remote IPsec server. Select from "Tunnel" and "Transport". Select from "ESP" and "AH". Enter the local subnet IP address that IPsec protects. Local Subnet Netmask Enter the local netmask that IPsec protects. Local ID Type Remote Subnet Select from "Default", "ID", "FQDN", and "User FQDN". Enter the remote subnet IP address that IPsec protects. Remote Subnet Mask Enter the remote netmask that IPsec protects. Remote ID type Select from "Default", "ID", "FQDN", and "User FQDN". Table 3-3-6-2 IPsec Parameters www.milesight-iot.com 64 UG65 User Guide Figure 3-3-6-4 IKE Parameter Item Description IKE Version Select from "IKEv1" and "IKEv2". Negotiation Mode Select from "Main" and "Aggressive". Encryption Algorithm Select from "DES", "3DES", "AES128", "AES192" and "AES256". Select from "MD5" and " SHA1"

Select from "MODP768_1", "MODP1024_2" and "MODP1536_5". Local Authentication Select from "PSK" and "CA". Local Secrets Enter the preshared key. Enter XAUTH username and password after XAUTH is enabled. Set the lifetime in IKE negotiation. Range: 60-86400. Select from "DES_MD5", "DES_SHA1", "3DES_MD5",

"3DES_SHA1", "AES128_MD5", "AES128_SHA1", "AES192_MD5",

"AES192_SHA1", "AES256_MD5" and "AES256_SHA1". Select from "NULL", "MODP768_1" , "MODP1024_2" and

"MODP1536_5". Authentication Algorithm DH Group XAUTH Lifetime (s) SA Parameter SA Algorithm PFS Group Lifetime (s) Set the lifetime of IPsec SA. Range: 60-86400. www.milesight-iot.com 65 UG65 User Guide DPD Interval Time(s) Set DPD interval time to detect if the remote side fails. DPD Timeout(s) Set DPD timeout. Range: 10-3600. IPsec Advanced Enable Compression The head of IP packet will be compressed after it's enabled. VPN Over IPsec Type Select from "NONE", "GRE" and "L2TP" to enable VPN over IPsec function. Table 3-3-6-3 IPsec Parameters 3.3.6.3 GRE Generic Routing Encapsulation (GRE) is a protocol that encapsulates packets in order to route other protocols over IP networks. Its a tunneling technology that provides a channel through which encapsulated data message can be transmitted and encapsulation and decapsulation can be realized at both ends. In the following circumstances the GRE tunnel transmission can be applied:

GRE tunnel can transmit multicast data packets as if it were a true network interface. Single use of IPSec cannot achieve the encryption of multicast. A certain protocol adopted cannot be routed. A network of different IP addresses shall be required to connect other two similar networks. GRE Item Enable Figure 3-3-6-5 Description Check to enable GRE function. www.milesight-iot.com 66 UG65 User Guide Remote IP Address Enter the real remote IP address of GRE tunnel. Local IP Address Set the local IP address. Local Virtual IP Address Netmask Set the local tunnel IP address of GRE tunnel. Set the local netmask. Peer Virtual IP Address Enter remote tunnel IP address of GRE tunnel. Global Traffic Forwarding All the data traffic will be sent out via GRE tunnel when this function is enabled. Remote Subnet Enter the remote subnet IP address of GRE tunnel. Remote Netmask Enter the remote netmask of GRE tunnel. MTU Key Enter the maximum transmission unit. Range: 64-1500. Set GRE tunnel key. Enable NAT Enable NAT traversal function. Table 3-3-6-4 GRE Parameters 3.3.6.4 L2TP Layer Two Tunneling Protocol (L2TP) is an extension of the Point-to-Point Tunneling Protocol (PPTP) used by an Internet service provider (ISP) to enable the operation of a virtual private network (VPN) over the Internet. Figure 3-3-6-6 Description Check to enable L2TP function. L2TP Item Enable Username Password Remote IP Address Enter the public IP address or domain name of L2TP server. Enter the username that L2TP server provides. Enter the password that L2TP server provides. www.milesight-iot.com 67 UG65 User Guide Authentication Global Traffic Forwarding Select from "Auto", "PAP", "CHAP", "MS-CHAPv1" and

"MS-CHAPv2". All of the data traffic will be sent out via L2TP tunnel after this function is enabled. Remote Subnet Enter the remote IP address that L2TP protects. Remote Subnet Mask Enter the remote netmask that L2TP protects. Key Enter the password of L2TP tunnel. Table 3-3-6-5 L2TP Parameters Advanced Settings Item Description Figure 3-3-6-7 Set tunnel IP address of L2TP client. Client will obtain tunnel IP address automatically from the server when it's null. Peer IP Address Enter tunnel IP address of L2TP server. Enable NAT traversal function. Enable MPPE encryption. For PPP initialization. User can keep the default option. For PPP initialization. User can keep the default option. One of the PPP protocol initialization strings. User can keep the default value. Range: 0-ffffffff. Set the maximum receive unit. Range: 64-1500. Set the maximum transmission unit. Range: 64-1500 Link Detection Interval Set the link detection interval time to ensure tunnel www.milesight-iot.com 68 Local IP Address Enable NAT Enable MPPE Address/Control Compression Protocol Field Compression Asyncmap Value MRU MTU UG65 User Guide connection. Range: 0-600. Set the maximum times of retry to detect the L2TP connection failure. Range: 0-10. User can enter some other PPP initialization strings in this field and separate the strings with blank space. Table 3-3-6-6 L2TP Parameters

(s) Max Retries Expert Options 3.3.6.5 PPTP Point-to-Point Tunneling Protocol (PPTP) is a protocol that allows corporations to extend their own corporate network through private "tunnels" over the public Internet. Effectively, a corporation uses a wide-area network as a single large local area network. Figure 3-3-6-8 Description Enable PPTP client. A maximum of 3 tunnels is allowed. Enter the public IP address or domain name of PPTP server. Enter the username that PPTP server provides. Enter the password that PPTP server provides. Select from "Auto", "PAP", "CHAP", "MS-CHAPv1", and

"MS-CHAPv2". All of the data traffic will be sent out via PPTP tunnel once enable this function. PPTP Item Enable Remote IP Address Username Password Authentication Global Traffic Forwarding Remote Subnet Mask Remote Subnet Set the peer subnet of PPTP. Set the netmask of peer PPTP server. Table 3-3-6-7 PPTP Parameters www.milesight-iot.com 69 UG65 User Guide PPTP Advanced Settings Figure 3-3-6-9 Item Local IP Address Peer IP Address Enable NAT Enable MPPE Address/Control Compression Protocol Field Compression Asyncmap Value MRU MTU Max Retries Expert Options Description Set IP address of PPTP client. Enter tunnel IP address of PPTP server. Enable the NAT faction of PPTP. Enable MPPE encryption. For PPP initialization. User can keep the default option. For PPP initialization. User can keep the default option. One of the PPP protocol initialization strings. User can keep the default value. Range: 0-ffffffff. Enter the maximum receive unit. Range: 0-1500. Enter the maximum transmission unit. Range: 0-1500. Set the maximum times of retrying to detect the PPTP connection failure. Range: 0-10. User can enter some other PPP initialization strings in this field and separate the strings with blank space. Table 3-3-6-8 PPTP Parameters Link Detection Interval

(s) Set the link detection interval time to ensure tunnel connection. Range: 0-600. www.milesight-iot.com 70 UG65 User Guide 3.3.6.6 OpenVPN Client OpenVPN is an open source virtual private network (VPN) product that offers a simplified security framework, modular network design, and cross-platform portability. Advantages of OpenVPN include:

Security provisions that function against both active and passive attacks.

Compatibility with all major operating systems.

- High speed (1.4 megabytes per second typically).

Ability to configure multiple servers to handle numerous connections simultaneously. All encryption and authentication features of the OpenSSL library. Advanced bandwidth management. A variety of tunneling options. Compatibility with smart cards that support the Windows Crypt application program interface (API). Figure 3-3-6-10 OpenVPN Client Item Enable Description Enable OpenVPN client. A maximum of 3 tunnels is allowed. www.milesight-iot.com 71 UG65 User Guide Protocol Select from "UDP" and "TCP". Remote IP Address Enter remote OpenVPN server's IP address or domain name. Enter the listening port number of remote OpenVPN server. Range: 1-65535. Select from "tun" and "tap". Select from "None", "Pre-shared", "Username/Password",

"X.509 cert", and "X.509 cert+user". Local Tunnel IP Set local tunnel address. Remote Tunnel IP Enter remote tunnel address. All the data traffic will be sent out via OpenVPN tunnel when this function is enabled. Check to enable TLS authentication. Enter username provided by OpenVPN server. Enter password provided by OpenVPN server. Enable NAT traversal function. Select LZO to compress data. Link Detection Interval

(s) Set link detection interval time to ensure tunnel connection. Range: 10-1800. Link Detection Timeout

(s) Set link detection timeout. OpenVPN will be reestablished after timeout. Range: 60-3600. Cipher MTU Select from "NONE", "BF-CBC", "DE-CBC", "DES-EDE3-CBC",

"AES-128-CBC", "AES-192-CBC" and "AES-256-CBC". Enter the maximum transmission unit. Range: 128-1500. Max Frame Size Set the maximum frame size. Range: 128-1500. Verbose Level Select from "ERROR", "WARING", "NOTICE" and "DEBUG". User can enter some other PPP initialization strings in this field and separate the strings with blank space. Port Interface Authentication Global Traffic Forwarding Enable TLS Authentication Username Password Enable NAT Compression Expert Options Local Route Subnet Subnet Mask Set the local route's IP address. Set the local route's netmask. Table 3-3-6-9 OpenVPN Client Parameters 3.3.6.7 OpenVPN Server UG65 supports OpenVPN server to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. www.milesight-iot.com 72 UG65 User Guide Figure 3-3-6-11 OpenVPN Server Item Enable Protocol Port Listening IP Interface Authentication Figure 3-3-6-12 Description Enable/disable OpenVPN server. Select from TCP and UDP. Fill in listening port number. Range: 1-65535. Enter WAN IP address or LAN IP address. Leaving it blank refers to all active WAN IP and LAN IP address. Select from " tun" and "tap". Select from "None", "Pre-shared", "Username/Password",

"X.509 cert" and "X. 509 cert +user". Local Virtual IP The local tunnel address of OpenVPN's tunnel. www.milesight-iot.com 73 UG65 User Guide Remote Virtual IP The remote tunnel address of OpenVPN's tunnel. Client Subnet Client Netmask Local subnet IP address of OpenVPN client. Local netmask of OpenVPN client. Renegotiation Interval(s) Set interval for renegotiation. Range: 0-86400. Max Clients Enable CRL Enable CRL Maximum OpenVPN client number. Range: 1-128. Enable Client to Client Allow access between different OpenVPN clients. Enable Dup Client Allow multiple users to use the same certification. Enable NAT Compression Check to enable the NAT traversal function. Select "LZO" to compress data. Set link detection interval time to ensure tunnel connection. Range: 10-1800. Select from "NONE", "BF-CBC", "DES-CBC", "DES-EDE3-CBC",

"AES-128-CBC", "AES-192-CBC" and "AES-256-CBC". Enter the maximum transmission unit. Range: 64-1500. Set the maximum frame size. Range: 64-1500. Select from "ERROR", "WARING", "NOTICE" and "DEBUG". User can enter some other PPP initialization strings in this field and separate the strings with blank space. The real local IP address of OpenVPN client. The real local netmask of OpenVPN client. Link Detection Interval Cipher MTU Max Frame Size Verbose Level Expert Options Local Route Subnet Netmask Account 3.3.6.8 Certifications Username & Password Set username and password for OpenVPN client. Table 3-3-6-10 OpenVPN Server Parameters User can import/export certificate and key files for OpenVPN and IPsec on this page. Figure 3-3-6-13 OpenVPN Client Item CA Description Import/Export CA certificate file. www.milesight-iot.com 74 UG65 User Guide Public Key Import/Export public key file. Private Key Import/Export private key file. TA Import/Export TA key file. Preshared Key Import/Export static key file. PKCS12 Import/Export PKCS12 certificate file. Table 3-3-6-11 OpenVPN Client Certification Parameters OpenVPN Server Figure 3-3-6-14 Description Import/Export CA certificate file. Public Key Private Key Import/Export public key file. Import/Export private key file. Import/Export DH key file. Import/Export TA key file. Import/Export CRL. Preshared Key Import/Export static key file. Table 3-3-6-12 OpenVPN Server Parameters Item CA DH TA CRL Figure 3-3-6-15 www.milesight-iot.com 75 UG65 User Guide IPsec Item CA Client Key Server Key Private Key CRL 3.4 System Description Import/Export CA certificate. Import/Export client key. Import/Export server key. Import/Export private key. Import/Export certificate recovery list. Table 3-3-6-13 IPsec Parameters This section describes how to configure general settings, such as administration account, access service, system time, common user management, SNMP, event alarms, etc. 3.4.1 General Settings 3.4.1.1 General General settings include system info, access service and HTTPS certificates. Figure 3-4-1-1 General Item System Description Default Hostname User-defined gateway name, needs to start with a URSA www.milesight-iot.com 76 UG65 User Guide 1800

80 443 23 22 letter. Web Login Timeout (s) You need to log in again if it times out. Range:

100-3600. Access Service Port HTTP HTTPS TELNET SSH Certificate Key Set port number of the services. Range: 1-65535. Users can log in the device locally via HTTP to access and control it through Web after the option is checked. Users can log in the device locally and remotely via HTTPS to access and control it through Web after option is checked. Users can log in the device locally and remotely via TELNET to access and control it through Web after option is checked. Users can log in the device locally and remotely via SSH after the option is checked. Click "Browse" button, choose certificate file on the PC, and then click "Import" button to upload the file into gateway. Click "Export" button will export the file to the PC. Click "Delete" button will delete the file. Click "Browse" button, choose key file on the PC, and then click "Import" button to upload the file into gateway. Click "Export" button will export file to the PC. Click "Delete" button will delete the file.

Table 3-4-1-1 General Setting Parameters HTTPS Certificates 3.4.1.2 System Time This section explains how to set synchronization type. the system time including time zone and time Note: to ensure that the gateway runs with the correct time, its recommended that you set the system time when configuring the gateway. Figure 3-4-1-2 www.milesight-iot.com 77 UG65 User Guide Figure 3-4-1-3 Figure 3-4-1-4 Description Show the current system time. System Time Item Current Time Time Zone Sync Type Click the drop down list to select the time zone you are in. Click the drop down list to select the time synchronization type. Sync with Browser Synchronize time with browser. Browser Time Show the current time of browser. Set up Manually Manually configure the system time. Sync with NTP Server Sync with NTP Server Synchronize time with NTP server so as to achieve time synchronization of all devices equipped with a clock on network. NTP Server Address Set NTP server address (domain name/IP). Enable NTP Server NTP client on the network can achieve time synchronization with gateway after "Enable NTP Server" option is checked. Table 3-4-1-2 System Time Parameters www.milesight-iot.com 78 3.4.1.3 SMTP SMTP, short for Simple Mail Transfer Protocol, is a TCP/IP protocol used in sending and receiving e-mail. This section describes how to configure email settings. UG65 User Guide Figure 3-4-1-5 SMTP Client Settings Description SMTP Item Enable Enable or disable SMTP client function. Email Address Enter the sender's email account. Password Enter the sender's email password. SMTP Server Address Enter SMTP server's domain name. Port Enable TLS Enter SMTP server port. Range: 1-65535. Enable or disable TLS encryption. Table 3-4-1-3 SMTP Setting Related Topics Events Setting 3.4.1.4 Phone Phone settings involve in call/SMS trigger and SMS alarm for events. 1. Add phone list. 2. Select phone numbers and add them to the phone group. 3. Go to Network > Interface > Cellular > Connection Mode > Connect on Demand >

Trigger by Call / Trigger by SMS or go to System > Events > Event Settings > SMS and then select the phone group ID. www.milesight-iot.com 79 UG65 User Guide Figure 3-4-1-6 Phone Number List Description Enter the telephone number. Digits, "+" and "-" are allowed. The description of the telephone number. Set number for phone group. Range: 1-100. The description of the phone group. Show the phone list. Show the selected phone number. Table 3-4-1-4 Phone Settings Phone Item Number Description Group ID Description List Selected Phone Group List Related Topic Connect on Demand 3.4.1.5 Email Email settings involve email alarm for events. 1. Add email list. 2. Select email addresses and add them to the phone group. 3. Go to System > Events > Event Settings > Email and then select the email group ID. www.milesight-iot.com 80 UG65 User Guide Email Item Email List Email Address Description Email Group List Group ID Description List Selected Figure 3-4-1-7 Description Enter the Email address. The description of the Email address. Set number for email group. Range: 1-100. The description of the Email group. Show the Email address list. Show the selected Email address. Table 3-4-1-5 Email Settings 3.4.2 User Management 3.4.2.1 Account Here you can change the login username and password of the administrator. Note: it is strongly recommended that you modify them for the sake of security. www.milesight-iot.com 81 UG65 User Guide Account Item Username Figure 3-4-2-1 Description Enter a new username. You can use characters such as a-z, 0-9, "_", "-", "$". The first character can't be a digit. Old Password New Password Enter the old password. Enter a new password. Confirm New Password Enter the new password again. Table 3-4-2-1 Account Information 3.4.2.2 User Management This section describes how to create common user accounts. The common user permission includes Read-Only and Read-Write. User Management Item Username Password Permission Figure 3-4-2-2 Description Set password. Enter a new username. You can use characters such as a-z, 0-9, "_", "-", "$". The first character can't be a digit.

Select user permission from Read-Only and Read-Write. Read-Only: users can only view the configuration of gateway in this level. Read-Write: users can view and set the configuration of gateway in this level.

Table 3-4-2-2 User Management 3.4.3 SNMP SNMP is widely used in network management for network monitoring. SNMP exposes management data with variables form in managed system. The system is organized in a management information base (MIB) which describes the system status and configuration. These variables can be remotely queried by managing applications. Configuring SNMP in networking, NMS, and a management program of SNMP should be set up at the Manager. Configuration steps are listed as below for achieving query from NMS:

www.milesight-iot.com 82 UG65 User Guide Enable SNMP setting. 1. 2. Download MIB file and load it into NMS. 3. Configure MIB View. 4. Configure VCAM. 3.4.3.1 SNMP UG65 supports SNMPv1, SNMPv2c and SNMPv3 version. SNMPv1 and SNMPv2c employ community name authentication. SNMPv3 employs authentication encryption by username and password. SNMP Settings Item Enable Port Figure 3-4-3-1 Description Enable or disable SNMP function. Set SNMP listened port. Range: 1-65535. The default port is 161. SNMP Version Select SNMP version; support SNMP v1/v2c/v3. Location Information Fill in the location information. Contact Information Fill in the contact information. Table 3-4-3-1 SNMP Parameters 3.4.3.2 MIB View This section explains how to configure MIB view for the objects. www.milesight-iot.com 83 UG65 User Guide MIB View Item View Name View Filter View OID Included Excluded Figure 3-4-3-2 Description Set MIB view's name. Select from "Included" and "Excluded". Enter the OID number. You can query all nodes within the specified MIB node. You can query all nodes except for the specified MIB node. Table 3-4-3-2 MIB View Parameters 3.4.3.3 VACM This section describes how to configure VCAM parameters. Figure 3-4-3-3 Description SNMP v1 & v2 User List VACM Item Community Permission MIB View Network Set the community name. Select from "Read-Only" and "Read-Write". Select an MIB view to set permissions from the MIB view list. The IP address and bits of the external network accessing the MIB view. www.milesight-iot.com 84 UG65 User Guide Read-Write Read-Only SNMP v3 User List The permission of the specified MIB node is read and write. The permission of the specified MIB node is read only. Group Name Set the name of SNMPv3 group. Security Level Select from "NoAuth/NoPriv", "Auth/NoPriv", and " Auth/Priv". Read-Only View Select an MIB view to set permission as "Read-only" from the MIB view list. Read-Write View Select an MIB view to set permission as "Read-write" from the MIB view list. Inform View Select an MIB view to set permission as "Inform" from the MIB view list. Table 3-4-3-3 VACM Parameters 3.4.3.4 Trap This section explains how to enable network monitoring by SNMP trap. SNMP Trap Item Enable SNMP Version Server Address Port Name Auth/Priv Mode Figure 3-4-3-4 Description Enable or disable SNMP Trap function. Select SNMP version; support SNMP v1/v2c/v3. Fill in NMS's IP address or domain name. Fill in UDP port. Port range is 1-65535. The default port is 162. Fill in the group name when using SNMP v1/v2c; fill in the username when using SNMP v3. Select from "NoAuth & No Priv", "Auth & NoPriv", and

"Auth & Priv". Table 3-4-3-4 Trap Parameters 3.4.3.5 MIB This section describes how to download MIB files. www.milesight-iot.com 85 UG65 User Guide MIB Item MIB File Download Figure 3-4-3-5 Description Select the MIB file you need. Click "Download" button to download the MIB file to PC. Table 3-4-3-5 MIB Download 3.4.5 Device Management centrally and remotely. You can connect the device to the DeviceHub on this page so as to manage the gateway Figure 3-4-5-1 DeviceHub Item Status Activation Server Address DeviceHub Server Address Description Show the connection status between the gateway and the DeviceHub. Disconnected Click this button to disconnect the gateway from the DeviceHub. IP address or domain of the DeviceHub. The URL address for the device to connect to the DeviceHub, e.g. http://220.82.63.79:8080/acs. Activation Method Select activation method to connect the gateway to the www.milesight-iot.com 86 UG65 User Guide Authentication Code Fill in the authentication code generated from the DeviceHub. DeviceHub server, options are "By Authentication ID" and "By ID". Fill in the registered DeviceHub account (email) and password. Table 3-4-5-1 Event feature is capable of sending alerts by Email when certain system events occur. You can view alarm messages on this page. ID Password 3.4.6 Events 3.4.6.1 Events Figure 3-4-6-1 Description Mark as Read Mark the selected event alarm as read. Delete Delete the selected event alarm. Mark All as Read Mark all event alarms as read. Delete All Alarms Delete all event alarms. Events Item Status Type Time Show the reading status of the event alarms, such as Read and Unread. Show the event type that should be alarmed. Show the alarm time. Message Show the alarm content. Table 3-4-6-1 Events Parameters www.milesight-iot.com 87 3.4.6.2 Events Settings In this section, you can decide what events to record and whether you want to receive email and SMS notifications when any change occurs. UG65 User Guide Figure 3-4-6-2 Event Settings Item Enable Description Check to enable "Events Settings". Cellular Up Cellular network is connected. Cellular Down Cellular network is disconnected. WAN Up WAN Down VPN Up VPN Down Record Email Email Setting SMS SMS Setting Ethernet cable is connected to WAN port. Ethernet cable is disconnected to WAN port. VPN is connected. VPN is disconnected. The relevant content of event alarm will be recorded on "Event"

page if this option is checked. The relevant content of event alarm will be sent out via email if this option is checked. Click and you will be redirected to the page "Email" to configure the Email group. The relevant content of event alarm will be sent out via SMS if this option is checked. Click and you will be redirected to the page of "Phone" to configure phone group list. www.milesight-iot.com 88 UG65 User Guide Phone Group List Select phone group to receive SMS alarm. Email Group List Select Email group to receive Email alarm. Table 3-4-6-2 Events Parameters Related Topics Email Setting Phone Setting 3.5 Maintenance 3.5.1 Tools 3.5.1.1 Ping This section describes system maintenance tools and management. Troubleshooting tools includes ping and traceroute. Ping tool is engineered to ping outer network. Figure 3-5-1-1 PING Item Host Description Ping outer network from the gateway. Table 3-5-1-1 IP Ping Parameters 3.5.1.2 Traceroute Traceroute tool is used for troubleshooting network routing failures. Figure 3-5-1-2 www.milesight-iot.com 89 UG65 User Guide Traceroute Item Host Description Address of the destination host to be detected. Table 3-5-1-2 Traceroute Parameters 3.5.2 Schedule This section explains how to configure scheduled reboot on the gateway. Figure 3-5-2-1 Description Select schedule type. Reboot the gateway regularly. Hour & Minute Select the time to execute the schedule. Select the frequency to execute the schedule. Table 3-5-2-1 Schedule Parameters Schedule Item Schedule Reboot Frequency 3.5.3 Log The system log contains a record of informational, error and warning events that indicates how the system processes. By reviewing the data contained in the log, an administrator or user troubleshooting the system can identify the cause of a problem or whether the system processes are loading successfully. Remote log server is feasible, and gateway will upload all system logs to remote log server such as Syslog Watcher. 3.5.3.1 System Log This section describes how to download log file and view the recent log on web. www.milesight-iot.com 90 UG65 User Guide System Log Item Download Figure 3-5-3-1 Description Download log file. View recent (lines) View the specified lines of system log. Clear Log Clear the current system log. Table 3-5-3-1 System Log Parameters 3.5.3.2 Log Settings This section explains how to enable remote log server and local log setting. Figure 3-5-3-2 www.milesight-iot.com 91 UG65 User Guide Description With Remote Log Server enabled, gateway will send all system logs to the remote server. Fill in the remote system log server address (IP/domain name). Fill in the remote system log server port. Log Settings Item Remote Log Server Enable Syslog Server Address Port Local Log File Storage Size User can store the log file in memory or TF card. Set the size of the log file to be stored. Log Severity The list of severities follows the syslog protocol. Table 3-5-3-2 System Log Parameters 3.5.4 Upgrade This section describes how to upgrade the gateway firmware via web. Generally you dont need to do the firmware upgrade. Note: any operation on web page is not allowed during firmware upgrade, otherwise the upgrade will be interrupted, or even the device will break down. Upgrade Item Description Figure 3-5-4-1 Firmware Version Show the current firmware version. Reset Configuration to Factory Default When this option is checked, the gateway will be reset to factory defaults after upgrade. Upgrade Firmware Click "Browse" button to select the new firmware file, and click "Upgrade" to upgrade firmware. Table 3-5-4-1 Upgrade Parameters Related Configuration Example Firmware Upgrade www.milesight-iot.com 92 3.5.5 Backup and Restore This section explains how to create a complete backup of the system configurations to a file, restore the config file to the gateway and reset to factory defaults. UG65 User Guide Backup and Restore Item Description Figure 3-5-5-1 Config File Click "Browse" button to select configuration file, and then click "Import"

button to upload the configuration file to the gateway. Backup Click "Backup" to export the current configuration file to the PC. Reset Click "Reset" button to reset factory default settings. gateway will restart after reset process is done. Table 3-5-5-1 Backup and Restore Parameters Related Configuration Example Restore Factory Defaults 3.5.6 Reboot On this page you can reboot the gateway and return to the login page. We strongly recommend clicking Save button before rebooting the gateway so as to avoid losing the new configuration. www.milesight-iot.com 93 UG65 User Guide Figure 3-5-6-1 3.6 APP 3.6.1 Python Python is an object-oriented programming language that has gained popularity because of its clear syntax and readability. As an interpreted language, Python has a design philosophy that emphasizes code readability, notably using whitespace indentation to delimit code blocks rather than curly brackets or keywords, and a syntax that allows programmers to express concepts in fewer lines of code than its used in other languages such as C++ or Java. The language provides constructs and intends to enable writing clear programs on both small and large scale. Users can use Python to quickly generate the prototype of the program, which can be the final interface of the program, rewrite it with a more appropriate language, and then encapsulate the extended class library that Python can call. This section describes how to view the relevant running status such as App-manager, SDK version, extended storage, etc. Also you can change the App-manager configuration, and import the Python App package from here. www.milesight-iot.com 94 3.6.1.1 Python UG65 User Guide Python Item Description Figure 3-6-1-1 AppManager Status Show AppManager's running status, like "Uninstalled",

"Running" or "Stopped". SDK Version SDK Path Show the version of the installed SDK. Show the SDK installation path. Available Storage Select available storage to install SDK. SDK Upload Upload and install SDK for Python. Uninstall View Uninstall SDK. View application status managed by AppManager. Table 3-6-1-1 Python Parameters 3.6.1.2 App Manager Configuration Figure 3-6-1-2 www.milesight-iot.com 95 UG65 User Guide AppManager Configuration Item Description Enable App Management After enabling Python AppManager, user can click "View" button on the "Python" webpage to view the application status managed by AppManager. ID Show the ID of the imported App. App Command Show the name of the imported App. Logfile Size(MB) User-defined Logfile size. Range: 1-50. Uninstall APP. Show the name of the imported App. Show the version of the imported App. Show the SDK version which the imported App is based on. Table 3-6-1-2 APP Manager Parameters Uninstall App Status App Name App Version SDK Version 3.6.1.3 Python App Figure 3-6-1-3 Description Select App package and import. Select App to import configuration. Python APP Item App Package App Name Debug File Debug Script App Configuration Select configuration file and import. Export script file. Select Python script to be debugged and import. Table 3-6-1-3 APP Parameters www.milesight-iot.com 96 UG65 User Guide Chapter 4 Application Examples 4.1 Packet Forwarder Configuration 1. Go to Packet Forwarder > General. 2. Click to add a new network server. Milesight type indicates the gateway network server. 3. Add the gateway on network server page. Take TTN for example, type and save the gateway EUI and other information when you connect it via Semtech packet forwarder. After you add the gateway, TTN will show connection status. www.milesight-iot.com 97 4. Go to Traffic page to view the data communication of UG65. UG65 User Guide 4.2 Application Configuration You can create a new application on this page, which is mainly used to define the method of decoding the data sent from end-device and choosing the data transport protocol to send data to another server address. The data will be sent to your custom server address using MQTT, HTTP or HTTPS protocol. 1. Go to Network Server > Application. 2. Click to enter the configuration page, displayed as the following picture 3. Click to add a data transmission type of HTTP or HTTPS Step 1: select HTTP or HTTPS as transmission protocol. Step 2: Enter the header name and header value as needed. www.milesight-iot.com 98 UG65 User Guide Headers are name/value pairs that appear in both request and response messages. The name of the header is separated from the value by a single colon. For example, this request message provides a header called User-Agent whose value is Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko. The purpose of this particular header is to supply the web server with information about the type of browser making the request. Step 3: Enter the destination URL. Different types of data can be sent to different URLs. 4. Click to add a data transmission type of MQTT Step 1: select the transmission protocol as MQTT. Step 2: Fill in general settings. www.milesight-iot.com 99 Step 3: Select the authentication method required by the server. If you select user credentials for authentication, you need to enter the username and password for authentication. UG65 User Guide If certificate is necessary for verification, please select mode and import CA certificate, client certificate and client key file for authentication. Step 4: Enter the topic to receive data and choose the QoS. 4.3 Device Configuration Go to Device page and click Add to add LoRaWAN node devices. Please select correct device profile according to device type. www.milesight-iot.com 100 UG65 User Guide You can also click Bulk Import if you want to add many nodes all at once. Click Template Download to download template file and add device information to this file. Application and device profile should be the same as you created on web page. Import this file to add bulks of devices. 4.4 Send Data to Device Go to Network Server > Packets. www.milesight-iot.com 101 Step 1: Please check the packet in the network server list to make sure that the device has joined the network successful. UG65 User Guide Step 2: Fill these input box. Step 3: Click Send. Step 4: Check the packet in the network server list to make sure that the device has received this message successful. Its suggested to enable Confirmed. You can click Refresh to refresh the list or set automatic refreshing frequency for the list. If the devices class type is Class C, then the device will be constantly receiving packet. This packets type is DnCnf (Downlink Confirmed Packet) and if the packets color is gray, then it means the packet cannot be transmitted now because at least one message has been in the queue. This is the data packet has been delivered successfully. If the device receives this downlink confirmed packet, then the device will reply ACK when delivering next. www.milesight-iot.com 102 UG65 User Guide Ack is true means that the device has received this packet. If the devices class type is Class A, Only after the device sends out an uplink packet will the network server sends out data to the device. www.milesight-iot.com 103 UG65 User Guide Related Topic Packets 4.5 Restore Factory Defaults 4.5.1 Via Web Interface Log in web interface, and go to Maintenance > Backup and Restore. 1. 2. Click Reset button under the Restore Factory Defaults. You will be asked to confirm if youd like to reset it to factory defaults. Then click Reset button. www.milesight-iot.com 104 UG65 User Guide Then the gateway will reboot and restore to factory settings immediately. Please wait till STATUS light staticly and the login page pops up again, which means the gateway has already been reset to factory defaults successfully. Related Topic Restore Factory Defaults www.milesight-iot.com 105 Locate the reset button on the gateway, and take corresponding actions based on the UG65 User Guide 4.5.2 Via Hardware status of STATUS LED. STATUS LED Action Blinking Static Green Rapidly Blinking Off Blinking 4.6 Firmware Upgrade Press and hold the reset button for more than 5 seconds. Release the button and wait. The gateway is now reset to factory defaults. It is suggested that you contact Milesight technical support first before you upgrade gateway firmware. Gateway firmware file suffix is .bin. After getting firmware file please refer to the following steps to complete the upgrade. 1. Go to Maintenance > Upgrade. 2. Click Browse and select the correct firmware file from the PC. 3. Click Upgrade and the gateway will check if the firmware file is correct. If its correct, the firmware will be imported to the gateway, and then the gateway will start to upgrade. Related Topic Upgrade www.milesight-iot.com 106 4.7 Cellular Connection 1. Go to Network > Interface > Cellular > Cellular Setting and configure the cellular info. 2. Choose relevant network type. UG65 User Guide Click Save and Apply for configuration to take effect. 3. Check the cellular connection status by WEB GUI of gateway. Click Status > Cellular to view the status of the cellular connection.

'Connected', SIM has dialed up successfully. If it shows www.milesight-iot.com 107 4. Check out if network works properly by browser on PC. Open your preferred browser on PC, type any available web address into address bar and see if it is able to visit Internet via the UG65. UG65 User Guide Related Topic Cellular Setting Cellular Status 4.8 Wi-Fi Application Example 4.8.1 AP Mode Application Example Configure UG65 as AP to allow connection from users or devices. Configuration Steps 1. Go to Network > Interface > WLAN to configure wireless parameters as below. Click Save and Apply buttons after all configurations are done. www.milesight-iot.com 108 2. Use a smart phone to connect the access point of gateway. Go to Status > WLAN, and you can check the AP settings and information of the connected client/user. UG65 User Guide 4.8.2 Client Mode Application Example Configuration Steps Configure UG65 as Wi-Fi client to connect to an access point to have Internet access. 1. Go to Network > Interface > WLAN and click Scan to search for WiFi access point. 2. Select one access point and click Join Network, then type the password of the access point. www.milesight-iot.com 109 UG65 User Guide Click Save and Apply buttons after all configurations are done. 3. Go to Status > WLAN, and you can check the connection status of the client. Related Topic WLAN Setting WLAN Status

[END]

www.milesight-iot.com 110 UG65 User Guide UG65 User Guide FCC Caution:

Any Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment. This device complies with part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. IMPORTANT NOTE:

Note: This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:

Reorient or relocate the receiving antenna. Increase the separation between the equipment and receiver. Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. Consult the dealer or an experienced radio/TV technician for help. FCC Radiation Exposure Statement:

This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment

.This equipment should be installed and operated with minimum distance 20cm between the radiator&

your body.

[END]

www.milesight-iot.com 111

exhibit
download
text

1 2

Internal Photos

Internal Photos

pdf

3.93 MiB

March 18 2021

exhibit
download
text

1 2

External Photos

External Photos

pdf

1.40 MiB

March 18 2021

exhibit
download
text

1 2

Label & Location

ID Label/Location Info

pdf

144.11 KiB

March 18 2021

exhibit
download
text

1 2

DoS Letter

Cover Letter(s)

pdf

203.76 KiB

March 18 2021

exhibit
download
text

1 2

FCC Long Term Confidential Authorization Form

Cover Letter(s)

pdf

45.34 KiB

March 18 2021

exhibit
download
text

1 2

RF Exposure

RF Exposure Info

pdf

131.97 KiB

March 18 2021

exhibit
download
text

1 2

Test Report part 1

Test Report

pdf

3.54 MiB

March 18 2021

exhibit
download
text

1 2

Test Report part 2

Test Report

pdf

3.71 MiB

March 18 2021

exhibit
download
text

1 2

Attestation Letter

Attestation Statements

pdf

41.91 KiB

March 18 2021

exhibit
download
text

1 2

Professional Installation Declaration Letter

Cover Letter(s)

pdf

40.74 KiB

March 18 2021

exhibit
download
text

1 2

Test Report

Test Report

pdf

2.30 MiB

March 18 2021

exhibit
download
text

1 2

Test Setup Photos

Test Setup Photos

pdf

571.06 KiB

March 18 2021

		frequency	equipment class	purpose
1	2021-03-18	1860 ~ 1900	PCB - PCS Licensed Transmitter	Original Equipment
2		2412 ~ 2462	DTS - Digital Transmission System

Application Forms

app s	Applicant Information
1 2	Effective	2021-03-18
1 2	Applicant's complete, legal business name	Xiamen Milesight IoT Co., Ltd.
1 2	FCC Registration Number (FRN)	0030310346
1 2	Physical Address	4/F,NO. 63-2 Wanghai Road, 2nd Software Park
1 2		Xiamen, N/A
1 2		China

app s	TCB Information
1 2	TCB Application Email Address	b******@baclcorp.com
1 2	TCB Scope	B1: Commercial mobile radio services equipment in the following 47 CFR Parts 20, 22 (cellular), 24,25 (below 3 GHz) & 27
1 2	TCB Scope	A4: UNII devices & low power transmitters using spread spectrum techniques

app s	FCC ID
1 2	Grantee Code	2AYHY
1 2	Equipment Product Code	UG65

app s	Person at the applicant's address to receive grant or for contact
1 2	Name	Z****** T******
1 2	Title	Manager
1 2	Telephone Number	0592-********
1 2	Fax Number	0592-********
1 2	E-mail	t******@ursalink.com

app s	Technical Contact
		n/a

app s	Non Technical Contact
		n/a

app s	Confidentiality (long or short term)
1 2	Does this application include a request for confidentiality for any portion(s) of the data contained in this application pursuant to 47 CFR § 0.459 of the Commission Rules?:	Yes
1 2	Long-Term Confidentiality Does this application include a request for confidentiality for any portion(s) of the data contained in this application pursuant to 47 CFR § 0.459 of the Commission Rules?:	No
	if no date is supplied, the release date will be set to 45 calendar days past the date of grant.

app s	Cognitive Radio & Software Defined Radio, Class, etc
1 2	Is this application for software defined/cognitive radio authorization?	No
1 2	Equipment Class	PCB - PCS Licensed Transmitter
1 2	Equipment Class	DTS - Digital Transmission System
1 2	Description of product as it is marketed: (NOTE: This text will appear below the equipment class on the grant)	LoRaWAN Gateway
1 2	Related OET KnowledgeDataBase Inquiry: Is there a KDB inquiry associated with this application?	No
1 2	Modular Equipment Type	Does not apply
1 2	Purpose / Application is for	Original Equipment
1 2	Composite Equipment: Is the equipment in this application a composite device subject to an additional equipment authorization?	Yes
1 2	Related Equipment: Is the equipment in this application part of a system that operates with, or is marketed with, another device that requires an equipment authorization?	No
1 2	Grant Comments	Output power listed is ERP for operation below 1 GHz and EIRP for operation above 1 GHz. LTE supports 1.4/3/5/10/15/20 MHz BW modes in Band 2/4/66, 1.4/3/5/10 MHz BW modes in Band 5/12, 5/10/15/20 MHz BW modes in Band 7/71, and 5/10 MHz BW modes in Band 13/14. The antenna(s) used for this transmitter must be installed to provide a separation distance of at least 20 cm from all persons and must not be co-located or operating in conjunction with any other antenna or transmitter, except in accordance with FCC multi-transmitter product procedures. Users and installers must be provided with antenna installation instructions and transmitter operating conditions for satisfying RF exposure compliance. This device contains functions that are not operational in U.S Territories. This filing is only applicable for US operations.
1 2	Grant Comments	Power output listed is conducted. The antenna(s) used for this transmitter must be installed to provide a separation distance of at least 20 cm from all persons and must not be co-located or operating in conjunction with any other antenna or transmitter, except in accordance with FCC multi-transmitter product procedures. Users and installers must be provided with antenna installation instructions and transmitter operating conditions for satisfying RF exposure compliance. This device supports 20 MHz and 40 MHz bandwidth modes.
1 2	Is there an equipment authorization waiver associated with this application?	No
1 2	If there is an equipment authorization waiver associated with this application, has the associated waiver been approved and all information uploaded?	No

app s	Test Firm Name and Contact Information
1 2	Firm Name	Bay Area Compliance Laboratories Corp. (Shenzhen)
1 2	Name	W****** W******
1 2	Telephone Number	+86 (********
1 2	E-mail	q******@baclcorp.com

Equipment Specifications
	Line	Rule Parts	Grant Notes	Lower Frequency	Upper Frequency	Power Output	Tolerance	Emission Designator	Microprocessor Number
1	1	22H		826.4	846.6	0.138	2.5 ppm	4M21F9W
1	2	24E		1852.4	1907.6	0.261	2.5 ppm	4M17F9W
1	3	27		1712.4	1752.6	0.225	2.5 ppm	4M21F9W
1	4	24E		1851.5	1908.5	0.285	2.5 ppm	2M70G7D
1	5	24E		1851.5	1908.5	0.285	2.5 ppm	2M69D7W
1	6	24E		1860	1900	0.278	2.5 ppm	18M0G7D
1	7	24E		1860	1900	0.278	2.5 ppm	18M0D7W
1	8	27		1712.5	1752.5	0.233	2.5 ppm	4M564G7
1	9	27		1712.5	1752.5	0.233	2.5 ppm	4M55D7W
1	1	27		1720	1745	0.227	2.5 ppm	18M0G7D
1	11	27		1720	1745	0.196	2.5 ppm	17M9D7W
1	12	22H		825.5	847.5	0.141	2.5 ppm	2M70G7D
1	13	22H		825.5	847.5	0.141	2.5 ppm	2M70D7W
1	14	22H		829	844	0.14	2.5 ppm	8M96G7D
1	15	22H		829	844	0.14	2.5 ppm	8M96D7W
1	16	27		704	711	0.175	2.5 ppm	8M96G7D
1	17	27		704	711	0.175	2.5 ppm	8M96D7W
1	18	27		779.5	784.5	0.176	2.5 ppm	4M52G7D
1	19	27		779.5	784.5	0.181	2.5 ppm	4M52D7W
1	2	27		782	782	0.171	2.5 ppm	8M97G7D
1	21	27		782	782	0.173	2.5 ppm	8M91D7W
1	22	27		1711.5	1778.5	0.23	2.5 ppm	2M70G7D
1	23	27		1711.5	1778.5	0.23	2.5 ppm	2M70D7W
1	24	27		1720	1770	0.237	2.5 ppm	17M9G7D
1	25	27		1720	1770	0.216	2.5 ppm	18M0D7W
1	26	27		670.5	690.5	0.138	2.5 ppm	13M5G7D
1	27	27		670.5	690.5	0.144	2.5 ppm	13M5D7W
1	28	27		673	688	0.142	2.5 ppm	17M9G7D
1	29	27		673	688	0.142	2.5 ppm	17M9D7W
1	3	9		790.5	795.5	0.143	2.5 ppm	4M52G7D
1	31	9		790.5	795.5	0.143	2.5 ppm	4M54D7W
1	32	9		793	793	0.136	2.5 ppm	8M91G7D
1	33	9		793	793	0.136	2.5 ppm	8M94D7W
	Line	Rule Parts	Grant Notes	Lower Frequency	Upper Frequency	Power Output	Tolerance	Emission Designator	Microprocessor Number
2	1	15C		923.3	927.5	0.014
2	2	15C		2412	2462	0.061

some individual PII (Personally Identifiable Information) available on the public forms may be redacted, original source may include additional details