5G CPE02 User Manual

5G CPE02 User Manual


Declaration

Thank you for choosing our company's product! Before use, please carefully read this user manual. By complying with the following statements, you will help maintain intellectual property rights and legal compliance, ensuring that your user experience aligns with the latest product information. If you have any questions or need written permission, please feel free to contact our technical support team.

  1. Copyright Statement

This user manual contains copyrighted content, and the copyright belongs to InHand Networks Technology and its licensors. Without written permission, no organization or individual may excerpt, copy any part of the content of this manual, or distribute it in any form.

  1. Disclaimer

Due to ongoing updates in product technology and specifications, the company cannot guarantee that the information in the user manual is entirely consistent with the actual product. Therefore, no disputes arising from any discrepancies between the actual technical parameters and the user manual are accepted. Any changes to the product will not be notified in advance, and the company reserves the right to make the final changes and interpretations.

  1. Copyright Information

The content of this user manual is protected by copyright laws, and the copyright belongs to InHand Networks and its licensors, reserving all rights. Without written permission, the content of this manual may not be used, copied, or distributed without authorization.


Conventions


Symbol

Indication

[  ]

Referring to function modules or menus, such as in the [ Status ] menu."

“ ”

Referring to a button name, such as Clicking the “Add” button.

Multiple levels of menus are separated by "〉". For example, "File〉New〉Folder" represents the "Folder" menu item under the "New" submenu, which is under the "File" menu.

Cautions

Please be mindful of the following points during the operation, as improper actions may result in data loss or device damage.

Note

Supplement and provide necessary explanations for the description of the operation.


Technical Support


Email: support@inhandnetworks.com

1. Overview

Product Overview
The 5G CPE02 series leverages the high-speed connectivity of 5G cellular networks to significantly enhance network flexibility and convenience, empowering businesses to rapidly build next-generation digital networks. Combined with the InCloud Manager platform, this product offers a cloud-managed solution that integrates high-speed, security, and ease of use, driving business growth.

Product Features
  1. Outstanding Performance: Supports 5G cellular network downlink speeds of up to 3.4Gbps, Wi-Fi 6 wireless speeds of 5400Mbps, and 2.5Gbps wired access, effortlessly creating a full gigabit network.
  2. Convenient Management: Manage devices globally with InCloud Manager, enabling real-time monitoring and performance optimization.
  3. High Reliability: Plug-and-play for quick deployment, suitable for various network scenarios.

User Manual Guidelines
This manual is designed to help you quickly understand the functions and configuration methods of the 5G CPE02. Please follow these recommendations:
  1. Read Thoroughly: Carefully review this manual before configuring the device to ensure familiarity with key operations.
  2. Follow Instructions: Strictly adhere to the guidelines to avoid data loss or device damage.
  3. Technical Support: If you encounter any issues, please contact the technical support team for assistance.

This manual will help you understand the product and configure device functionalities. Please carefully follow the instructions to prevent any data loss or device damage.

Fig. 1 Application case

2. Hardware

2.1 Indicator Description



2.2 Restoring to Default Settings via the Reset Button

Fig.2-2 Reset Button
1. Power on the device. When the SYS indicator is solid red, press and hold the reset button (approximately 50 seconds) until the SYS indicator turns solid blue.
2. Release the reset button. The SYS indicator will flash blue. Press and hold the reset button again. Once the SYS indicator turns solid blue, release it to start the factory reset process.

2.3 WPS Button

If your terminal device supports the WPS function, you can achieve password-free connection to the WiFi SSID by clicking the "WPS" button. Terminal devices with IOS/MAC OS operating system currently do not support this feature.
Fig.2-3 WPS Button
Step1: Locate the WPS button on the front of the CPE02 and press it for 5 seconds, enable the 2.4G Wi-Fi function on the CPE02.
Step2: Please turn on the WPS switch in the WLAN settings of the terminal device, In the WLAN settings, select the SSID of CPE02.
Fig.2-3 -a Select a CPE02' SSID


Step3 Press the WPS button on the front of the CPE02.

Fig.2-3 -b Password-free connection.
Step4Wait for the terminal to connect to the CPE02. The WPS function on the CPE02 will automatically deactivate after 120 seconds.
Fig.2-3 -c Connection successful.

3. Default Settings

No.

Function

Default Settings

1

Cellular

Enable Dual SIM Cards, using SIM1 by default.

2

Wi-Fi

1. Wi-Fi 2.4G access point enabled, SSID: Prefixed with "CPE02
-", followed by the last 6 digits of the wireless MAC address.

2. Wi-Fi 5G access point enabled, SSID: Prefixed with "CPE02
-5G-", followed by the last 6 digits of the wireless MAC address.

3. The authentication method is WPA2-PSK.

4. The password for both is the last 8 digits of the serial number.

3

Ethernet

1. Enable 1 WAN port and 1 Ethernet port.

2. IP Address: 192.168.2.1

Subnet Mask: 255.255.255.0

3. DHCP server enabled, with an address pool from 192.168.2.2 to 192.168.2.100 for automatic IP address assignment to connected devices.

4

Management Services

Local HTTP and HTTPS are enabled with port numbers 80 and 443 respectively. Disable access from the cellular network.

5

Username and Password

Please check your device's nameplate for login credentials.

4. Safety Precautions

1. Please use the provided original power adapter to prevent any potential device damage resulting from using incompatible power adapters.
2. During installation, ensure the device is positioned away from areas with strong electromagnetic interference and maintains a safe distance from high-power equipment. After installation, verify that the device is securely mounted to prevent accidental falls and potential damage.
3. Make certain that the device operates within the temperature and humidity specifications outlined in the product manual based on its operating environment.
4. Conduct regular inspections of device cables, which include Ethernet cables and power adapter connections. Keep the cables clean and promptly replace any cables showing damage.
5. When cleaning the device, refrain from directly spraying chemical agents onto the device's surface to avoid potential harm to the housing or internal components. Utilize a soft cloth for cleaning purposes.
6. Do not attempt to disassemble, repair, or modify the device on your own, as this may lead to safety risks and void warranty coverage.
7. Regularly update the device's software version to access the latest security patches and feature upgrades. Always acquire firmware versions from official and reputable sources to prevent potential data loss or device damage. Utilizing unofficial or unauthorized firmware can result in compatibility issues, instability, and security vulnerabilities.
8. Securely store the device's login password and avoid disclosing it to unauthorized individuals to mitigate security risks.

5. Login and Access to the Internet

Before Powering on the device, please follow the steps below:
1.Insert the SIM card and securely close the SIM card cover. 
2.Check the power and power cable: Ensure that the device's power cable is securely connected and there are no damaged or exposed wires. Make sure the power plug matches the power outlet and is connected to a reliable power source.

5.1 Connect via Ethernet Cable

After powering on the device, connect your PC to the device's LAN port using an Ethernet cable, and perform the following steps on your PC.
The device's LAN port has DHCP Server functionality enabled by default. Once the PC has automatically obtained an IP address, please ensure that your PC and 5G CPE02 are in the same address range.
If your PC fails to obtain an IP address automatically, please configure it with a static IP address and the following parameters:
  1. IP Address: 192.168.2.x (Choose an available address within the range of 192.168.2.2 to 192.168.2.254).
  2. Subnet Mask: 255.255.255.0.
  3. Default Gateway: 192.168.2.1.
  4. DNS Servers: 8.8.8.8 (or your ISP's DNS server address)
3. Enter the default device address 192.168.2.1, in the browser's address bar. After entering the username and password (Please check the product nameplate to obtain it), access the device's web management interface. If the page shows a security warning, click on the "Hide" or "Advanced" button and select "Proceed" to continue.

Fig.5-1 Web login interface

4. Check the network in the “Dashboard〉Interface Status”. The device connects to the Internet successfully if the “Cellular” or “WAN” icon turns green. Click the corresponding icon to view interface information such as signal strength, IP address and traffic consumption.
5. If this device cannot connect to a network, click “Internet-->Uplink Table〉Edit ” to set up network parameters. The device enables the dial-up function and WAN by default, please wait for a few minutes to go online, and re-enable the dial-up if it is not dialed.


Fig. 5-2 Edit the Uplink interface

6. Monitoring

Once the device is added to the platform, you can manage and monitor the network from the platfrom which supporting viewing real-time stastus information on the device local interface remotely at the same time.

6.1 Overview of the Device

In the "Devices" section, you can click on the "Device Name" to access the device's details page.

6.1.1 Overview

Click on [ Dashboard ] in the left menu to access the dashboard interface. Here, you can view essential device information, interface status, traffic statistics, cellular signal strength, and the number of connected Wi-Fi devices.

Fig. 6-1-1-a View the device

Click the interface name under [Uplink] to view the interface details.
Fig. 6-1-1-b View the device

6.1.2 Data Usage

In this function, you can view the traffic usage and historical data of various uplink links, including a breakdown by year, month, and day

Fig. 6-1-2 Check the traffic data usage record

6.1.3 Cellular Signal

In this function, you can view cellular signal curves such as RSSI, RSRP, RSRQ, and SINR.

Fig. 6-1-3- Cellular Signal

6.1.4 Clients

Through this feature, you can view recently connected wired and wireless terminals to the CPE02.

Fig. 6-1-4- Clients

6.1.5 Details

Through [Details], you can view basic device information such as model, IP, MAC, group, and configuration status; license details, including current status and expiration date; the latest available software version; and device location information.

Fig. 6-1-5-Details

6.1.6 Tools

The Tools menu offers three commonly used features to help IT diagnose and troubleshoot network issues.

Fig. 6-1-6 Tools
  1. Ping:Check the network connectivity between the device and the target address, with customizable ping parameters.
  2. Traceroute:Trace the number of hops required for the device to reach the target address.
  3. Capture: Capture data packets on a specified interface

6.2 Local Device  Information

Through the platform's "Remote Access" feature, you can assist in real-time viewing and configuring of devices. Select the target device, click "Remote Access," and it will open the device's local login interface.

Fig. 6-2-a Remote access entry

Fig. 6-2-b Access local device login page

6.2.1 Device Information

In the “Dashboard--〉Device Information” interface, you can check the details about the device name, Model, S/N, Firmware Version and so on.

Fig. 6-2-1 Device Information panel

  • Name: Identifies the device's name, default is "CPE02”, but it can be modified.
  • MAC Address: Identifies the device's physical MAC address.
  • Local Gateway IP: The default subnet gateway address for the device.
  • Model: The specific model of the device helps determine if it supports cellular and WLAN features.
  • Uptime: The device's running time since power-up.
  • System Time: Displays the device's time zone and system time.
  • Serial: A unique code that identifies the device, which can be used for indexing or adding to a platform account.
  • Internet Access: The upstream interface used for device connectivity.
  • License Status: Information about the license applied to the device, which may include the InCloud Manager Basic or Professional version.
  • Firmware Version: The current software version used by the device.
  • Uplink IP: The IP address of the upstream interface used for device connectivity.

6.2.2 Interface Status

In the "Dashboard-- > Interface Status" feature, you can visually check the operational status of each interface. By clicking on the "Interface


Fig. 6-2-2  Cellular information

6.2.3 Traffic Statistics

Users can use the "Dashboard > Traffic Statistics" feature to monitor the usage of traffic on each upstream interface since the router was powered on. The traffic statistics data will reset after a device reboot. If you need to view historical traffic records, you can do so on the corresponding device's details page in the InCloud Manager Platform.


Fig. 6-2-3 Traffic statistics

6.2.4 Wi-Fi Connections

In the "Dashboard > Wi-Fi Connections" feature, users can view the number of currently enabled SSIDs on the 5G CPE02 and the number of clients connected per SSID.

Fig. 6-2-4 Wi-Fi Connections panel

Users can monitor the health status of upstream links and access information such as throughput, latency, packet loss, signal strength, and more for each interface through the "Status > Link Monitoring" feature.

Fig. 6-2-6 Link monitor panel

6.2.7 Cellular Signal

Users can check the signal strength as well as parameters like RSSI, SINR, RSRP, and more of the cellular dial-up through the "Status > Cellular Signal" feature.

Fig. 6-2-7 Cellular Signal panel

6.2.8 Clients

Users can access detailed information about wired/wireless clients connected to the router, including details like name, IP address, MAC address, VLAN, connected subnet, traffic usage, online duration, and more through the "Status > Clients" feature.


Fig. 6-2-8 Clients panel


6.2.9 VPN

Users can view information about IPSec VPN and L2TP VPN, including status, traffic, and the duration of the most recent connection through the "Status > VPN" feature.


Fig. 6-2-9 VPN status panel

6.2.10 Passthrough

Through the IP Passthrough function, terminal devices can directly obtain a public IP address assigned by the carrier, rather than using a private IP address with NAT mapping to the public network.The status page will display the working status of Passthrough.
Fig. 6-2-10  Passthrough Status
  1. Status:Record the working status of Passthrough.
  2. Passthrough WAN:The uplink of Passthrough transmission.
  3. Passthrough LAN:The LAN interface to which Passthrough is transmitted
  4. Passthrough IP/Mask:The IP address and subnet mask of the Passthrough.
  5. Passthrough Gateway:The gateway address of the Passthrough
  6. Passthrough DNS1/2:The DNS resolution address when Passthrough is active
  7. Passthrough MAC:The MAC address obtained by Passthrough.
  8. Address Allocation Status:The status of Passthrough address allocation.
  9. Lease Timeout:The lease time of Passthrough.

6.2.11 Events

This device will record event logs, including user login, configuration changes, link changes, reboot, and other events. You can check that information in the “Status〉Events” interface and view specific events on a particular date by setting the start and end dates or choosing the event type.

Fig. 6-2-11 Events records

6.2.12 Logs

The device will record the logs generated during operation to facilitate fault localization and diagnosis when the device encounters malfunctions.
You can check the recorded logs in the “Status〉Logs” interface, at the same time, you can check the specific logs on a particular date by setting the start and end dates or setting the keyword

Fig. 6.2.12 Logs interface
  • Download Logs: Download the device's operational logs.
  • Download Diagnostic Logs: Download the device's diagnostic logs, which include system operation logs, device information, and device configurations.
  • Clear Logs: Clear the device's operational logs; this does not clear the device's diagnostic logs.

7. Configuraion

You can achieve batch configuration of devices through the platform's remote configuration. Select the target device, click "Edit" in the remote configuration section, and complete the configuration for the device. Below is an introduction to the configuration for a single device:

7.1 Internet

Click “Internet” in the left menu to check and configure the uplink interfaces and multi-link work mode of this device.
Please exercise caution when modifying the upstream link settings as it may result in network interruption.


Fig. 7-1 Internet Page
Users can edit the cellular interface and WAN1 interface in the “Internet > Uplink Table” section. By deleting the WAN1 interface, WAN1 will switch to LAN1. When you need to use WAN1 again, simply click “Add” on this page. You can drag the “Priority” icon to adjust the priority of each interface. The priorities are arranged from top to bottom, determining the uplink interface the device currently uses.

Fig. 7-1-1-a Uplink Table

Cautions:

  1. When you delete the WAN1 interface,The WAN1 interface will be switched to the LAN1 interface. Routing, policy routing, inbound/outbound rules, port forwarding, DDNS, and VPN related to the WAN interface will be deleted.The WAN port of the device supports three different internet connection modes.
  2. DHCP: The DHCP service is enabled on the WAN1 port by default which means this device cannot connect to the Internet immediately if the upstream device connected to the WAN port does not have the DHCP server enabled.

Fig. 7-1-1-b DHCP Client

  1. Static IP: You can assign a static IP address obtained from the ISP or upstream network device manually.

Fig. 7-1-1-c Set the static IP

  1. PPPoE: Users can set the PPPoE service on the WAN port and then this device can dial up to the Internet through the broadband service.

Fig. 7-1-1-d Set the PPPoE service


The Cellular interface supports three working modes of sim cards, you can configure the sim card working mode and other cellular parameters in “Internet--〉Uplink table--〉Cellular”.
  1. Only SIM1: The CPE02 uses only the external SIM card for dialing, which is the default working mode for cellular dialing on the CPE02.
  2. Only eSIM:The CPE02 only supports built-in SIM card dialing. When using eSIM, please confirm the APN username and password with the local carrier or service provider
  3. Dual Mode:The CPE02 can operate in both external SIM card and eSIM modes, prioritizing the primary card for dialing.

Fig. 7-1-1-e Configure the cellular interface




Users can configure link detection-related settings in the "Internet > Uplink Setting" feature and configure the collaboration mode between various uplink interfaces.

Fig. 7-1-2 Uplink settings

“Link detection” is enabled by default. In the private network environment, please manually configure the address in “Detection Address” or disable the link detection function to prevent the cellular interface from malfunctioning. 

Cautions:

Link detection switch: when enabled, it detects the connectivity of all uplink interfaces and is enabled by default.
Detection address: fill in the specified probe address.
  1. After filling in, all uplink links will only detect this address. When the address cannot be detected, the equipment networking will be affected.
  2. If it is not filled in, the device will detect the DNS address and alternative detection address of the uplink interface, and select the available detection address from them.
Link switching based on detection items: In the link backup mode, users can set detection items to trigger the switching between links and SIM cards.
The following conditions need to be met simultaneously:
  1. Link detection switch on
  2. Enable detection item
  3. It works in the link backup mode and is not the "do not switch" option

7.2 Local Network

You can configure the LAN network of the device in the “Local Network--〉Local Network List”The newly created local subnet can be applied to a specific physical LAN port in interface management or to a designated SSID in WiFi settings.



Fig. 7-2-a Local Network interface
When you need to add or edit a new subnet, you can create or modify it on this page.


Fig. 7-2-b Configure the LAN network parameters

7.3 Wi-Fi

WiFi is an extremely important feature in small and medium-sized stores and home networks. The CPE02-NANR supports a maximum Wi-Fi 6 speed of 5400Mbps, offering dual-frequency bands of 2.4GHz and 5GHz to meet most WiFi connectivity needs.
The 5G CPE02 can function as an access point (AP) and provide multiple SSIDs for wireless network access, allowing users to customize different SSIDs for various purposes and configuration.

Fig. 7-3-a Wi-Fi interface
You can configure the parameters by clicking the “Edit” button.

Fig. 7-3-b Set the SSID’s parameters

Notes:

  1. The device comes with two default main SSIDs for 2.4GHz and 5GHz, and these main SSIDs cannot have their frequency bands modified or deleted.
  2. Once an SSID is added, its frequency band cannot be modified, and the channel will automatically align with the channel of the corresponding main SSID.
  3. The CPE02 series products only support AP mode and do not support Wi-Fi STA.
  4. The SSID's network can be assigned to a previously created subnet within the local network.

7.4 VPN

A VPN (Virtual Private Network) is designed to create a secure and private network within a public network, enabling encrypted communication. With a VPN router, remote access is made possible by encrypting data packets and modifying their destination addresses. VPN can be implemented using server-based, hardware-based, or software-based solutions. In comparison to traditional DDN private lines or frame relays, VPN offers a more secure and convenient remote access solution.

7.4.1 IPSec VPN

IPsec (Internet Protocol Security) VPN is a protocol suite designed to enhance network communication security. Its primary purpose is to protect the transmission of data through encryption and authentication. It is widely used for establishing secure remote access, site-to-site connections, and virtual private networks (VPNs).
You can create a new IPSec VPN item by “VPN〉IPSec VPN〉Add”, and the following parameters must be set correctly.
Fig. 7-4-1 Set the IPSec VPN’s parameters
  1. Name: Specify the name of the IPSec VPN created on the device, which is used for local VPN management.
  2. Status: Configure the enable status of the IPsec function.
  3. IKE Version: Specify the version of the IKE protocol used on this device, IKEv1 and IKEv2 are optional.
  4. Negotiation Mode: Based on the configuration parameters of the peer device, you can choose between Main Mode and Aggressive Mode.
  5. Pre-Shared Key: Specify the authentication key for IKE negotiation, which must be consistent on both sides.
  6. Uplink Interface: Specify the local uplink interface used to establish the tunnel.
  7. Peer Address: Specify the IP address of the peer device. The peer address must be set to 0.0.0.0 if the device works as an IPSec VPN server.
  8. Tunnel Mode: Specify the IP packet encapsulation mode on the IPSec VPN tunnel, and the tunnel mode and transmission mode are optional.
  9. Local Subnet: Specify the IP address segment of the traffic to be sent out by the device through the IPSec VPN tunnel.
  10. Peer Subnet: Specify the IP address segment used for communication on the remote client.
  11. IKE Policy:
    1. Encryption: Specify the encryption algorithm for IKE.
    2. Authentication:  Authentication parameters during the IKE negotiation process.
    3. DH Groups: Specify the DH key exchange mode.
    4. Lifetime: Specify the lifetime of the IKE SA, and 86400 is set by default.
  12. IPSec Policy:
    1. Security Protocol: Specify the security protocol used for ESP.
    2. Encryption: Specify the encryption algorithm of the ESP protocol.
    3. Authentication: specify the authentication algorithm for ESP.
    4. PFS Groups: specify the Perfect Forward Secrecy (PFS) mode, which improves the communication security through an additional key exchange in Phase 2 negotiation.
    5. Lifetime: Specify the lifetime of the IPSec SA, and 86400 is set by default.

7.4.2 L2TP VPN

The Layer 2 Tunneling Protocol (L2TP) is a Layer 2 VPN protocol designed to provide secure point-to-point or site-to-site virtual private network (VPN) connections. It is commonly used for remote access and branch office connectivity, establishing secure communication channels for users or networks, thus ensuring the privacy and integrity of data transmission.
You can add a new L2TP VPN or configure the exited one in “VPN--〉L2TP VPN”

7.4.2.1 Server

Typically, the L2TP server is strategically deployed at the enterprise's headquarters to facilitate remote access for employees. You can configure the server in “VPN--〉L2TP VPN--〉Server”.

Fig. 7-4-2-1 L2TP VPN Server
Please configure the following parameters based on the actual network requirements.
    • Name: The name of the L2TP server, which cannot be changed.
    • Status: You can enable or disable this L2TP server by clicking the switch.
    • Uplink Interface: Specify the uplink interface to establish a tunnel from the L2TP server.
    • VPN Connection Address: Specify the gateway address for the L2TP VPN client.
    • IP PoolThe system will assign an IP address to the L2TP client from the specified IP address pool.
    • Username/Password: Specify the username and password for L2TP negotiation, which must be consistent on both ends of the tunnel.
    • Authentication Mode: Specify the authentication mode for the L2TP tunnel.
    • Enable Tunnel Authentication: Please make sure both ends of the tunnel are configured with the same username and password for this option.

7.4.2.2 Client

You can configure the L2TP client parameters to establish a tunnel with a remote L2TP server in “VPN〉L2TP VPN 〉Clients”.

Fig. 6-6-2-2 L2TP VPN Client 
Please configure the following parameters based on the actual network requirements.
    • Name: Specify the local name of the L2TP client tunnel.
    • Status: You can enable or disable this L2TP server by clicking the switch.
    • Uplink Interface: Specify the uplink interface to establish a tunnel with a remote L2TP server.
    • Server Address: Specify the IP address set by the remote L2TP server.
    • Username/Password: Specify the username and password for L2TP negotiation, which must be consistent on both ends of the tunnel.
    • Authentication Mode: Specify the authentication mode for the L2TP tunnel.
    • Enable Tunnel Verification: Please make sure that both ends of the tunnel are configured with the same server’s name and verification key as this option is enabled.

7.5 Security

In the [ Security ] menu, The firewall currently includes functions such as inbound rules, outbound rules, port forwarding, MAC address filtering, and more.

7.5.1 Inbound/Outbound Rules

  1. Inbound Rules: Traffic accessing the internal network from the outside will be restricted by configured inbound rules, which allow all through by default.
  2. Outbound Rules: Traffic accessing the external network from the inside will be restricted by configured inbound rules, which forbid all through by default.
Users can control traffic entering and leaving based on interfaces using the "Security --> Inbound Rules/Outbound Rules" feature. For example, if a user is experiencing a large volume of attack traffic from a specific source IP address, they can use inbound firewall rules to limit the traffic data from that IP address.

Fig. 7-5-1-a Set the Inbound/Outbound Rules


Fig. 7-5-1-b Add an Inbound Rule
The following parameters must be configured properly.
  1. Name: Set the local identifier of the inbound rule.
  2. Status: You can enable or disable this rule by clicking the switch.
  3. Interface: Set the forwarding interface for traffic. In the inbound direction, the outbound interface is generally the upstream interface of the device.
  4. ProtocolConfigure the protocol type of packets to be matched, Optional Any, UDP, TCP, ICMP, Custom.
  5. Source: Set the source IP address of packets to be matched, supporting IP address or retain the default option Any.
  6. Destination: Set the destination IP address of the packets to be matched, supporting entering an IP address or retaining the default option Any.
  7. Behaviour: Set the behaviour if the traffic matches the configured rules.

7.5.2 NAT

Source NAT (SNAT): Converts private IP addresses used by devices in a private network (e.g., 192.168.x.x) to a public IP address, enabling devices within the LAN to access the internet.
Destination NAT (DNAT): Maps data traffic from specific public ports to internal devices (i.e., port forwarding), allowing external access to LAN devices, such as for remote desktop or accessing an internal server.
For example, after setting port forwarding rules like below, when users from the public network try to access to device’s port 2000 on WAN, the system will transfer the request to 192.168.1.23:8080 in LAN.

Fig. 7-5-2-a Set the NAT Rules



Fig. 7-5-2-b Add a Port Forwarding Rule
The following parameters must be set properly.
  1. Name: Set the local identifier of the port forwarding rule.
  2. Status: You can enable or disable this rule by clicking the switch.
  3. InterfaceSet the uplink interface that provides port mapping for internal clients. This interface must be configured with a public IP address.
  4. Protocol: Set the protocol of the port on which port mapping takes effect. It supports TCP, UDP, and TCP&UDP.
  5. Public Port: Set the protocol port on the uplink interface to be mapped.
  6. Local Address: Set the IP address of the target client that external users need to access.
  7. Local Port: Set the protocol port that external users need to access on the target client.

7.5.3 MAC Address 

MAC Address Filter: MAC address filtering refers to the practice of blocking or allowing devices to access the internet based on a list of MAC addresses. This means that you can control internet access requests from devices within your local network using the MAC address filtering feature on your router. Users can configure MAC address filtering rules in "Security --> MAC Address Filtering."

Fig. 7-5-3-a  Set the MAC Address Filter Rule
Notes:
  1. Blacklist: Devices with MAC addresses listed in the blacklist cannot access the internet.
  2. Whitelist:  Only devices with MAC addresses in the whitelist can access the internet. Before saving the configuration, please ensure that the MAC address of the configured device is included in the whitelist.

Fig. 7-5-3-b Add a MAC Address Filter Rule
  1. Blacklist: Devices in the blacklist will not be able to access the Internet.
  2. Whitelist: Only devices in the whitelist are allowed to access the Internet.

7.5.4 Domain Name Filtering 

Users can configure which domain names are allowed and which domain names are blocked based on business requirements.

Fig. 7-5-4-a Domain Name Filtering


Fig. 7-5-4-b Add a Domain name filtering

The following parameters must be set properly.
  1. Name: Set the local identifier of the rule.
  2. Status: You can enable or disable this rule by clicking the switch.
  3. Protocol: Set the protocol of the port. It supports TCP, UDP, and TCP&UDP.
  4. SourceSet the source IP address of packets to be matched, supporting IP address or retain the default option Any.
  5. Destination: Set the destination IP address of the packets to be matched, supporting entering an IP address or retaining the default option Any.
  6. Output: Set the traffic egress interface, optional WAN port and cellular.


7.6 Service

7.6.1 Interface Management

Users can configure the allowed local networks through a specified interface and set the interface's network in the "Services > Interface Management" function.

Fig.7-6-1-a Interface Management


Fig. 7-6-1-b Edit the interface management

7.6.2 DHCP Server

The DHCP (Dynamic Host Configuration Protocol) service operates in a client/server communication mode, where clients request IP addresses from servers, and servers respond to these requests by assigning IP addresses dynamically to clients.
Users can configure the DHCP server’s IP address pool using the "Services > DHCP Server" feature.

Fig. 7-6-2-a DHCP Server

Fig. 7-6-2-b Edit the DHCP Server

7.6.3 DNS Server

DNS (Domain Name System) servers are a critical component of the network. They are responsible for translating human-readable domain names (e.g., www.example.com) into IP addresses that computers can understand (e.g., 192.168.1.1). DNS servers act as the internet's address book, helping computers and devices locate the whereabouts of other devices and ensuring that information can be correctly transmitted on the network.
When no DNS server address is set in "Services > DNS Server," the device will use the DNS addresses obtained from the upstream interface for address resolution. Once DNS server addresses are configured, the specified DNS addresses will be used for address resolution.

Fig. 7-6-3 DNS Server 

7.6.4 Fixed Address List

Users can allocate a fixed IP address to a device based on its MAC address using the "Services > Fixed Address List" feature. This ensures that the device receives the same IP address every time it connects to the 5G CPE02.

Fig. 7-6-4 Fixed Address 

Cautions:

  1. The addresses available for allocation must fall within the address range of the IP-mode local network, or else the configuration will not take effect.
  2. When a local network is deleted, all fixed address allocation rules within the address range of that local network will also be deleted.

7.6.5 Static Routes

Users can configure static routing entries using the "Services > Static Routes" feature to manually define routes for data to be forwarded through specific paths and interfaces. The contents of the static routing table are created manually by users, and routes generated by other services, such as VPN functionality, will not appear in this table.

Fig. 7-6-5 Static Routes 

Cautions:

  1. Static routes with the same destination address/network cannot have the same next-hop address, interface, or priority. Otherwise, it may lead to routing failures.
  2. When WAN1 is deleted, the corresponding static routes using those interfaces will also be removed.

7.6.6 Dynamic DNS

Dynamic DNS (Dynamic Domain Name System) is used to automatically update the content of name servers in the Domain Name System. According to the rules of the Internet, domain names are usually associated with fixed IP addresses. Dynamic DNS technology provides fixed name servers for users with dynamic IP addresses, allowing external users to connect to users with dynamic IP addresses through regular updates of their URLs.
Users can manually configure the Dynamic DNS server address under the "Services > Dynamic DNS" feature.

Fig. 7-6-6 Set the Dynamic DNS Address
  1. Service Provider: Provided by the dynamic DNS service provider, you can choose from dyndns, 3322, oray, no-IP, or customize (requires a URL).
  2. Hostname: Click on the URL below the service provider to register and obtain the hostname.
  3. Username: Click on the URL below the service provider to register and obtain the username.
  4. Password: The password set by the user during registration.

7.6.7 Passthrough Settings

Users can enable the IP Passthrough feature in "Services > Passthrough Settings". Once enabled, client devices can obtain the upstream interface address of the 5G CPE02.

Fig. 7-6-7 Set the IP Passthrough mode
  1. IP Passthrough Switch:The enable switch for the IP Passthrough (IPPT) status.
  2. Passthrough MAC: Only clients bound to this MAC can obtain the upstream interface address of the device.
  3. Passthrough WAN: IP The uplink for IP Passthrough.
  4. Passthrough LAN:  The LAN port for IP Passthrough
  5. Passthrough IP Mask:  The subnet mask transmitted through the uplink interface for IP Passthrough.
  6. DHCP Server: The DHCP function switch for IP Passthrough.
  7. Lease: The lease time for the DHCP service.

7.7 System

7.7.1   account Management

Please check your device's nameplate for a username and password. To ensure the security of your device, it's recommended that you change the password. You can do this by clicking on "adm" in the top navigation bar and selecting "Change Password" from the dropdown menu.
Fig. 7-7-1  Change the login password

7.7.2 Cloud Management

The InCloud Service (star.inhandcloud.com) is a cloud platform developed by InHand Networks to address the challenges faced by enterprise networks, such as slow deployment, complex operations, and poor user experiences. This platform is designed with a focus on user needs and integrates features like zero-touch deployment, intelligent operations and maintenance, security protection, and excellent user experience capabilities. Once devices are connected to the cloud platform, users can perform remote management, batch configuration, traffic monitoring, and other operations through the platform, making network device management more convenient and efficient.
5G CPE02 automatically connects to the InCloud Service after establishing an internet connection by default. If you do not wish to use the cloud management function, you can disable it manually in the "System > Cloud Management" function.

Fig. 7-7-2 Configure the Cloud Management service

7.7.3 Remote Access Control

Users can control whether external access to the router's web configuration interface from the Internet is allowed by configuring the "System > Remote Access Control" function. This feature also allows users to set the service port for remote access.

Fig. 7-7-3 Configure the Remote Access Control
  1. HTTPS: When enabled, users can access the router's web interface remotely by entering the public IP address and port of the upstream interface in a web browser.
  2. SSH: When enabled, users can remotely log in to the router's backend by using remote tools like CRT, entering the public IP address and port of the device's upstream interface, along with a username and password.
  3. Ping: When enabled, the upstream interface address allows external networks to initiate Ping requests.

7.7.4 System Clock

In network functionality, the clock function refers to the capability used to coordinate and synchronize the time between network devices. Clock functionality within a network is crucial for data transmission, log recording, security, coordination, and troubleshooting. It ensures that various devices in the network are operating with synchronized times, which is essential for efficient and secure network operations.
Users can use the "System > Clock" function to select their current time zone and configure NTP (Network Time Protocol) server addresses to synchronize the device's system time with an NTP server.

Fig. 7-7-4 Set the System Clock and NTP Server

7.7.5 Device Option

In the "System > Device Options" section, users can perform various device operations such as rebooting, upgrading firmware, and restoring factory settings.

Fig. 7-7-5 Device Option

  1. Reboot Device: You can click the "Reboot" button to reboot the device
  2. Upgrade Software: You can click the "Upgrade" button to upload the software version locally and complete the upgrade.
  3. Upgrade Module Version: The CPE02 provides a module upgrade option for updating the cellular module. Non-professionals are advised not to perform this operation.
  4. Restore to Factory:Click "Restore Factory Settings" to reset the device to its initial configuration state.

7.7.6 Configuration Management

Configuring backups and backup recovery are critical tasks in network management and maintenance. They involve the process of preserving configuration information for network devices so that they can be quickly restored or migrated when needed. This practice ensures the resilience and reliability of network operations and simplifies the recovery process in case of system failures or configuration changes.
Users can export the device configuration to local storage in "System > Configuration Management." This backup can be useful in cases where device configuration is lost or needs to be restored.

Fig. 7-7-6 Configuration Management
Note:
Configuration files cannot be imported between different models.


7.7.7 Tools

Fig. 7-7-7 Tools

7.7.7.1 Ping

Users can use ICMP (Internet Control Message Protocol) to check the device's external network connectivity. In the "Target" field, enter any domain name or IP address you want to test the device's connectivity to, and then click "Start" to check the connectivity status between the device and the specified target. This can help you determine whether the device can reach the target over the internet.
Users can perform a network ping test on a target by going to "System > Tools > Ping." This allows them to send ICMP echo requests to the specified target IP address or domain name and receive ICMP echo replies to check network connectivity and latency to that target.

Fig. 7-7-7-1 Ping


7.7.7.2 Traceroute

Users can use the "System > Tools > Traceroute" function to check the routing connectivity from the device to a target host. They can input the target host's IP address or domain name, select the outbound interface for traffic, and click "Start" to trace the route from the device to the target IP, displaying each hop along the way. This can help diagnose network routing issues and identify the path taken by data packets to reach the destination.


Fig. 7-7-7-2 Traceroute

7.7.7.3 Capture

Users can use the "System > Tools > Capture" function to capture packets passing through a specific interface. By selecting the "Output" option, users can choose to either display the captured data in the interface or export it locally for further analysis. This feature is useful for network troubleshooting and analyzing network traffic.


Fig. 7-7-7-3 Capture

7.7.8 Scheduled Reboot

Scheduled reboot is a strategy in network device management that allows administrators to automatically restart devices at specific times or under certain conditions to ensure their normal operation and performance.
In practical use, users can set up device scheduled restart times in the "System > Scheduled Reboot" function based on their business needs. The device supports scheduled reboots at fixed times on a daily, weekly, or monthly basis.
For monthly reboots, when the selected reboot day is greater than the actual number of days in that month, the device will reboot on the last day of that month. For example, if you choose to reboot on the 31st of the month in a month with only 30 days, the device will reboot on the 30th.

Fig. 7-7-8 Set the scheduled reboot time

7.7.9 Account Management

You can modify or reset the device password in the account management settings under the Services menu.


Fig. 7-7-9 Set the account setting

7.7.10 Other Settings

7.7.10.1 Web Login Management

After a certain period of inactivity, when a user logs into the local interface of a device through a web interface, the system will automatically log them out or disconnect to ensure user privacy and security.
Users can set the logout time in "System > Other Settings > Web Login Management." Once the online time for a single login session on the device's web page exceeds the configured time, the system will automatically log out the user, and they will need to log in again to continue their operations.

Fig. 7-7-10-1 Set the web page logout time

7.7.10.2 Automatically Restarts

To enable automatic network recovery, the device will automatically reboot if it cannot connect to the internet for 1 hour.Enabled by default. If you do not want the device to reboot automatically, you can click the button to disable it.

Fig. 7-7-10-2  Automatically Restarts

7.7.10.3 SIP ALG

It is typically used as a firewall and consists of two technologies: Session Initiation Protocol (SIP) and Application Layer Gateway (ALG). This protocol is typically used to assist in the management and processing of SIP communications (Session Initiation Protocol), which is used to establish and manage real-time communication sessions, such as voice and video calls.
Users can enable this feature in "System > Other Settings > SIP ALG". Enabling this feature may impact VoIP telephone communication.

Fig. 7-7-10-3  SIP ALG

Note:

If the connected device needs to engage in VoIP (Voice over Internet Protocol) phone communication, it is recommended to disable this function.

7.7.10.4 Blocking the Reset Button

To prevent accidental factory resets, you can disable the Reset button in the software.


Fig. 7-7-10-4  Blocking the reset button

8. Troubleshooting

8.1 Unable to connect to the cellular network

1. Ensure that the SIM card is properly installed and valid.
2. Check the cellular network signal strength and try moving the router to an area with better signal coverage.
3. Ensure that the data plan is still active and not exceeding data limits.
4.Restart the device and wait for it to establish a connection.

8.2 Slow or unstable speeds

1. Check the cellular network signal strength and ensure that the router is positioned in an area with strong signal reception.
2. Connect the device to the 5Ghz band.
3. Update the router firmware to access the latest performance and stability improvements.

9. FAQ

Unable to Connect to 4G/5G Network?

1. Physical Environment: Start by checking if the SIM card is inserted into the correct slot and ensure all cellular antennas are properly installed.
2. APN Settings: Make sure that the APN configuration matches the information provided by your service provider.
3. Check Device Connectivity: Log in to the device's local interface and use the built-in ICMP tool to ping 8.8.8.8 to test connectivity. If it can connect, then check the connectivity between your device (e.g., computer or smartphone) and the router.
4. Check SIM Card: Take out the SIM card and insert it into a phone to see if it can connect to the internet.
5.Restart: Try powering off the router, wait a few seconds, and then reconnect the power to retry the network connection.
6.Factory Reset: Perform a factory reset on the router and then attempt to connect again.
If you cannot resolve the issue using the above steps or encounter any other problems, please contact InHand Networks immediately for technical support. You can visit www.inhandnetworks.com. for more information.

Is the cloud platform free of charge?

InHand Networks has been committed to providing high-quality network services for small and medium-sized chain organizations. When users utilize the cloud platform services, they are required to purchase licenses for each device to access the extensive cloud-based features.

How to add devices to the cloud platform?

1. Start by registering for a InCloud Manager login account at https://star.inhandcloud.com/.

2. Log in to the cloud platform using your registered account. Under the device menu, click "Add," and follow the prompts to enter the device's serial number and MAC address. This will complete the device addition process. When a device is added for the first time, it comes with a complimentary 3-year free Basic Edition license. Users can renew their licenses as needed in the future.

Is it possible to use the device without the cloud platform?

Yes, it is possible. Users can complete the majority of configuration tasks locally. However, for features like bulk configuration deployment, firmware upgrades,  Connector, and more, you would need to combine local device settings with the cloud platform.
If you are unable to resolve the issue using the above steps or encounter any other problems, please contact InHand Networks for technical support. You can visit www.inhandnetworks.com for more information.


    • Related Articles

    • 5G ODU2002 Product User Manual

      Declaration Thank you for choosing our company's product! Before use, please carefully read this user manual. By complying with the following statements, you will help maintain intellectual property rights and legal compliance, ensuring that your ...

    • 5G FWA02 Product User Manual

      Declaration Thank you for choosing our company's product! Before use, please carefully read this user manual. By complying with the following statements, you will help maintain intellectual property rights and legal compliance, ensuring that your ...

    • Industrial Router IR900 Product User Manual

      Declaration Thank you for choosing our product. Before using the product, read this manual carefully. The contents of this manual cannot be copied or reproduced in any form without the written permission of InHand. Due to continuous updating, InHand ...

    • Portable Router CR202-Pro Product User Manual

      Declaration Thank you for choosing our product. Before using the product, please read this manual carefully. The contents of this manual cannot be copied or reproduced in any form without the written permission of InHand. Due to continuous updating, ...

    • Industrial Router IR624 Product User Manual

      Deceleration Thank you for choosing our company's product! Before use, please carefully read this user manual. By complying with the following statements, you will help maintain intellectual property rights and legal compliance, ensuring that your ...