Edge Router 605 Product User Manual

Edge Router 605 Product User Manual

Deceleration

Thank you for choosing our company's product! Before use, please carefully read this user manual. By complying with the following statements, you will help maintain intellectual property rights and legal compliance, ensuring that your user experience aligns with the latest product information. If you have any questions or need written permission, please feel free to contact our technical support team.

Copyright Statement
This user manual contains copyrighted content, and the copyright belongs to InHand Networks and its licensors. Without written permission, no organization or individual may excerpt, copy any part of the content of this manual, or distribute it in any form.

Disclaimer

Due to ongoing updates in product technology and specifications, the company cannot guarantee that the information in the user manual is entirely consistent with the actual product. Therefore, no disputes arising from any discrepancies between the actual technical parameters and the user manual are accepted. Any changes to the product will not be notified in advance, and the company reserves the right to make the final changes and interpretations.

Copyright Information
The content of this user manual is protected by copyright laws, and the copyright belongs to InHand Networks and its licensors, reserving all rights. Without written permission, the content of this manual may not be used, copied, or distributed without authorization.

 

Conventions

Symbol

Indication

[  ]

Referring to function modules or menus, such as in the [ Status ] menu."

“ ”

Referring to a button name, such as Clicking the “Add” button.

Multiple levels of menus are separated by "〉". For example, "File〉New〉Folder" represents the "Folder" menu item under the "New" submenu, which is under the "File" menu.

Cautions

Please be mindful of the following points during the operation, as improper actions may result in data loss or device damage.

Note

Supplement and provide necessary explanations for the description of the operation.

 

Technical Support

 

E-mail:support@inhandnetworks.com

URL: www.inhandnetworks.com

 


1.   Overview

The ER605 transforms device interconnectivity into a reality, providing a high-speed gateway for device informatization.The Edge Router 805 is a next-generation 5G edge router product introduced by InHand Networks for the commercial networking sector. It seamlessly integrates 4G/5G wireless networks with a variety of broadband services, offering high-speed and secure network access to various industries. Users can enjoy uninterrupted internet connectivity anytime and anywhere, while benefiting from comprehensive security features and exceptional wireless services. The ER605 transforms device interconnectivity into a reality, providing a high-speed gateway for device informatization.


Fig. 1 ER605’s Application

2.   Hardware

2.1 LED Indicators

Indicators

Status and Description

System

Off --- Power Off

Steady in red --- System booting in progress.

Blink in red --- System malfunction detected.

Blink in yellow --- The system is upgrading.

Blink in green --- The system is running smoothly

Network

Off --- The network is not connected.

Blink in red --- Cellular network connecting.

Steady in green --- Cellular network connected.

Blink in yellow --- Wired network connecting.

Steady in yellow --- Wired network connected.

Cellular

Off --- Cellular disabled

Steady in red --- Poor signal quality.

Steady in yellow --- Good signal quality.

Steady in green --- Excellent signal quality.

Wi-Fi 2.4G

Off --- 2.4G Wi-Fi disabled.

Steady in green --- Working normally.

Blink in green --- Working abnormally.

Wi-Fi 5G

Off --- 5G Wi-Fi disabled.

Steady in yellow --- Working normally.

Blink in yellow --- Working abnormally.

For the network status indicator:

  1. If both the wired and 4G/5G connections are functioning normally, it will display a yellow wired indicator.
  2. If only one type of network connection is working correctly, it will display the indicator for the active network.
  3. If there is no network connection, it will display red.

 

2.2 Restore to Factory Defaults


To reset to factory default settings using the Reset button:

Step 1: Power on the device (for 10 seconds) while holding down the reset button until the System indicator light is solid yellow.

Step 2: Release the reset button, and the System indicator light will start flashing yellow.

Step 3: Press the reset button again until the System indicator light remains solid yellow.


3.   Default Settings

No.

Function

Default Settings

1

Cellular Dialing

Default dialing is set to "SIM1"

2

Wi-Fi

1. Wi-Fi 2.4G access point enabled, SSID: Prefixed with "ER605-", followed by the last 6 digits of the wireless MAC address.

2. Wi-Fi 5G access point enabled, SSID: Prefixed with "ER605-5G-", followed by the last 6 digits of the wireless MAC address.

3. The authentication method is WPA2-PSK.

4. The password for both is the last 8 digits of the serial number.

3

Ethernet

1. Enable all 4 LAN ports.

2. IP Address: 192.168.2.1

Subnet Mask: 255.255.255.0

3. DHCP server enabled, with an address pool from 192.168.2.2 to 192.168.2.100 for automatic IP address assignment to connected devices.

4

Network Access Control

Local HTTP and HTTPS are enabled with port numbers 80 and 443 respectively. Disable access from the cellular network.

5

Username/Password

Please check your device's nameplate for login credentials.

4.   Quick Network Connection

4.1 Environment Setup

Step 1: Install the 4G/5G and Wi-Fi antennas and insert the SIM card.

Step 2Connect the power cable and an Ethernet cable; connect any LAN port to your PC.

Step 3: Set your PC's IP address to be on the same subnet as the edge router.


Fig. 4-1-a Set the IP address of PC
The device's LAN port has DHCP Server functionality enabled by default. Once the PC has automatically obtained an IP address, please ensure that your PC and router are in the same address range.If your PC fails to obtain an IP address automatically, please configure it with a static IP address and the following parameters:
IP Address: 192.168.2.x (Choose an available address within the range of 192.168.2.2 to 192.168.2.254). Subnet Mask: 255.255.255.0. Default Gateway: 192.168.2.1. DNS Servers: 8.8.8.8 (or your ISP's DNS server address)

Step 4: Enter the default device address 192.168.2.1, in the browser's address bar. After entering the username and password (Please check your device's nameplate for login credentials.), access the device's web management interface. If the page shows a security warning, click on the "Hide" or "Advanced" button and select "Proceed" to continue.


Fig.4-1-b Device Web Login Page

4.2 Access to the Internet

The ER605 supports three access network modes, including wired, cellular, and Wi-Fi. The device comes with two non-removable upstream links by default, WAN1 and Cellular. It can support up to four upstream links, including WAN1, WAN2, Cellular, and Wi-Fi (STA). WAN2 and Wi-Fi (STA) interfaces need to be manually added and can be removed as needed.

4.2.1 Wired Connection

The ER605 supports three wired internet connection methods: DHCP, Static IP, and PPPoE. You can modify the connection method by clicking on the "Edit" button as shown in the illustration. The default method is "DHCP."

Fig. 4-2-1-a Uplink Table Interface

  1. DHCP: The WAN interface is configured to enable DHCP service by default. By connecting the WAN port to the internet using an Ethernet cable, the device will automatically establish an internet connection.
  2. Static IP: Users have the option to manually configure an address either obtained from their internet service provider or one that is within the same network segment as their upstream device. Once the configuration is complete, the router will access the network via the specified static IP address.



Fig. 4-2-1-b Assigning a static IP address to the router

  1. PPPoE: Users have the option to configure broadband dial-up. Once the configuration is complete, the router will establish an internet connection through the broadband dial-up.

Fig. 4-2-1-c Setting up Dial-up Internet Access

When users require dual WAN connections, they can click the "Add" button in the [ Internet ] menu to add the WAN2 interface. The WAN2 interface supports the same configuration options as the WAN1 interface.

Fig. 4-2-1-d Adding WAN2

Note:

  1. After adding the WAN2 interface, the original LAN1 interface role will switch to WAN2.
  2. After deleting the WAN2 interface, the WAN2 interface role will switch back to LAN1.
  3. After deleting WAN2, all configuration related to the WAN2 interface, including static routes, inbound/outbound rules, port forwarding, policy routing, and traffic shaping settings will be removed.

4.2.2 5G/4G Connection

In the usual scenario, as per the instructions, upon inserting the SIM card and connecting the Wi-Fi antennas, the ER605 router will automatically establish a dial-up connection and connect to the network when powered on.
To configure APN (Access Point Name) parameters, users can select the "Cellular" interface in the [ Internet ] menu and click the "Edit" button to access the APN parameter configuration interface.

Fig. 4-2-2-a Edit the cellular interface

The ER605, in addition to supporting cellular internet access, now includes a traffic policy feature. Once the policy is enabled, the SIM card will take specific actions when the traffic reaches a threshold. Traffic usage statistics will reset at the beginning of the next month.You can select the "Cellular" interface in the [ Internet ] menu and click the "Policy" button to access the SIM card’s policy parameter configuration interface.

Fig. 4-2-2-b Edit the SIM card policy

  1. Actions: These are the actions triggered when SIM card traffic reaches a threshold.
    1. Notification: It generates an event when traffic reaches the threshold but does not stop forwarding regular business traffic.
    2. Cloud Management Only: It generates an event when traffic reaches the threshold, allowing only the forwarding of cloud-based management traffic while blocking access to the internet for regular business traffic.
    3. Switch the SIM card: It generates an event when traffic reaches the threshold and switches to another SIM card for internet access.

Cautions:

  1. In certain dedicated network scenarios, it may be necessary to manually disable the "Link Detection" function under the [ Internet ] menu to prevent cellular connectivity issues caused by unsuccessful detection.
  2. In some cases, manual configuration of the subnet mask for the cellular interface may be required to ensure the proper functioning of the ARP (Address Resolution Protocol) feature.
  3. When inserting or removing a SIM card, it is essential to disconnect the power to prevent data loss or damage to the device.

4.2.3 Wireless Connection

The ER605 supports connecting as a client to an on-site AP's network. To do this, click on the "Add" button as shown in the illustration, select "Wi-Fi (STA)," and fill in the required parameters, including the SSID name and password.

Fig. 4-2-3 Add the Wi-Fi (STA) interface

Cautions:

  1. Upon adding Wi-Fi (STA), ER605 will automatically disable SSIDs in the same frequency band within the Wi-Fi settings, and the status field for those SSIDs cannot be modified.
  2. After removing Wi-Fi (STA), the “Status” field and SSIDs in the same frequency band within the Wi-Fi settings can be modified.
  3. When Wi-Fi (STA) is deleted, all configuration associated with the Wi-Fi (STA) interface, including static routes, inbound/outbound rules, port forwarding, policy routing, and traffic shaping settings, will be removed.

4.3 Connect to InCloud Manager

ER605 is a cloud-managed router, and with InCloud Manager, you can achieve batch configuration deployment and software upgrades. The cloud platform offers rich visual charts and advanced features such as SD-WAN and Connector for remote maintenance, enabling small and medium-sized enterprise branches to complete their digital network infrastructure. To use InCloud Manager to manage your ER805, please follow the steps below.

4.3.1 Registration

In your web browser (Google Chrome is recommend.), enter the following URL: https://star.inhandcloud.com. You will be automatically redirected to the portal page, where you can select "InCloud Manager" to access the SaaS platform for enterprise branch networking.Click 'Create now' to create a new platform account.

Fig. 4-3-1 Create a new account

4.3.2 Login

After completing the email registration, you can log in to InCloud Manager using the username and password you used during the registration.

Fig. 4-3-1Choose your SaaS service
Note:
When a device is initially added to the platform account, it will automatically receive a 1-year  Essential license. Users can renew the license through the "License" menu.

4.3.3 Add Device

After logging in, go to the "Devices" menu, click the "Add" button, fill in the device's name, serial number, and MAC address, and then click "Finish" to complete the addition.

Fig. 4-3-1 Add adevice to the InCloud Manager

5. Monitoring

Once the deivce is added to the platform, you can manage and monitor the network form the platform which supporting viewing real-time status information on the device's local interface remotely at the same time.

5.1 Overview of Device

In the "Devices" section, you can click on the "Device Name" to access the device's details page.

5.1.1 Overview

Click on [ Dashboard ] in the left menu to access the dashboard interface. Here, you can view essential device information, interface status, traffic statistics, cellular signal strength, and the number of connected Wi-Fi devices.

Fig. 5-1-1 View the deivce

5.1.2 Data Usgae

In this function, you can view the traffic usage and historical data of various upstream links.

Fig. 5-1-2 Traffic Data Usage

5.1.3 Cellular Signal

In this function, you can view cellular signal curves such as RSSI, RSRP, RSRQ, and SINR.

Fig. 5-1-3 Check the cellular signal record

5.1.3 Traffic Statistics

Users can monitor the usage of traffic on each upstream interface since the router was powered on through the "Dashboard > Traffic Statistics" feature. The data in traffic statistics will reset after the device is rebooted. If you need to review historical traffic records, you can access this information on the device's details page within InCloud Manager.

Fig. 5-1-3 Traffic Statistics

5.1.4 Wi-Fi Connections

In the "Dashboard > Wi-Fi Client Count" feature, users can check the number of active SSIDs on the ER605 and the number of connected clients under each SSID.

Fig. 5-1-4 The number of clients connected per SSID

5.1.5 Clients Traffic Top 5

In the "Dashboard > Top 5 Client Traffic" feature, users can view the current ranking of client traffic usage for devices connected to the router. It displays up to 5 records, and when a client disconnects, its statistical data will be cleared.

Fig 5-1-5 Top 5 clients by traffic

5.2 Status

By clicking on the "Status" option in the left-side menu, you can access the status interface to view information about the device's upstream links, cellular signal, connected clients, VPN, events, logs, and more.

5.2.1 Link Monitor

You can utilize the "Status > Link Monitoring" feature to check the health status of each upstream link and access information about throughput, latency, packet loss, signal strength, and more for each interface.

Fig. 5-2-1 Link Monitor interface

5.2.2 Cellular Signals

You can access the "Status > Cellular Signal" feature to check the signal strength of SIM cards under the cellular interface, along with parameters such as RSSI, SINR, RSRP, and more.

Fig. 5-2-2 Signal Strength

5.2.3 Clients

Through the "Status > Clients" feature, users can view detailed information about both wired and wireless clients connected to the router. This includes details such as names, addresses, MAC addresses, VLANs, connected subnets, traffic usage, online duration, and more.

Fig. 5-2-3 Clients connected to ER605

5.2.4 VPN

Users can access the "Status > VPN" feature to view information about IPSec VPN and L2TP VPN, including their status, traffic, and the duration of the most recent connection.

Fig. 5-2-4 VPN Information

5.2.5 Events

Users can use the "Status > Events" feature to check event information related to the device's operation, helping users understand the device's operational status.

Fig. 5-2-5 Event Types


Currently supported event types:

  1. Successful/Failed User Logins.
  2. High CPU Utilization in the Last 5 Minutes.
  3. High Memory Utilization in the Last 5 Minutes.
  4. Cellular Traffic Reaches Threshold.
  5. VPN Status Changes.
  6. Uplink Status Changes.
  7. Uplink Switching.
  8. WAN2/LAN1 Switching.
  9. Reboot.
  10. Upgrade.

5.2.6 Logs

Through the "Status > Logs" feature, users can examine the system logs, which contain information about the device's operational history. When the device encounters issues, technical personnel can use these logs for troubleshooting and diagnosis.

Fig. 5-2-5 Logs information

  1. Download Logs: Download the device's operational logs.
  2. Download Diagnostic Logs: Download the device's diagnostic logs, which include system operation logs, device information, and device configurations.
  3. Clear Logs: Clear the device's operational logs; this does not clear the device's diagnostic logs.

5.3 Internet

Users can configure the parameters and operational modes of each upstream interface under the "Internet" feature.

5.3.1 Uplink Table

Users can edit the WAN1 and Cellular interfaces and add/edit/remove WAN2 and Wi-Fi (STA) interfaces in the "Internet > Upstream Link List." More details are available in the "4.2 Access to Internet" section. You can also adjust the priority of each interface by dragging the "Priority" icon. Interfaces are arranged from top to bottom based on their priority, with higher priority interfaces taking precedence in determining the current upstream interface for device operation.

Fig. 5-3-1 Uplink Table Interface

5.3.2 Uplink Settings

Users can configure link detection settings and establish collaboration modes between different upstream interfaces through the "Internet > Upstream Link Settings" feature.

Fig. 5-3-2 Uplink Settings Interface

Link Detection Switch: The device has link detection functionality enabled by default. However, in certain specialized network environments where external communication is not possible, users may need to manually disable link detection. When link detection is turned off, users won't be able to view latency, jitter, packet loss, signal strength, and other information for upstream interfaces in the [ Status ] menu.

Notes:

  1. Modifying settings in the Internet menu can potentially lead to a disruption in device connectivity. Exercise caution when making changes.
  2. When the link detection address is left empty, the default behavior is to detect the DNS address via the upstream interface. If you specify a detection address, all upstream interfaces will only detect the address you provided.
  3. In the router's link backup mode, users can customize detection parameters, and the device will switch links based on the enabled detection items. When detection items are not enabled, upstream link switching will only occur based on priority and link connectivity.
  4. In the device's load balancing mode, all operational upstream links will forward business traffic, provided they are functioning correctly.

5.4 Local Network

In the [ Local Network ] feature, users have the flexibility to define their local subnets. This includes configuring the address range, VLAN ID, DHCP services, and other related parameters for the local LAN. Once the configuration is complete, users need to further apply these settings to the device's LAN port through [ Interface Management ] or apply them to the desired SSID in the Wi-Fi settings. This series of operations is intended to ensure that client devices can smoothly connect to the local network according to the planned network addresses.

Fig 5-4-a Local Network List

Click the "Add/Edit" button to add a new local network or edit an existing one.

Fig. 5-4-b Add/Edit the local network

Name: Used to identify the network. Users can select this name to apply the network in both [ Wi-Fi ] and [ Interface Management ].
Mode: Choose whether the current subnet operates in 2-layer transparent mode or 3-layer IP mode. The default is "IP mode."
VLAN: This allows for the division of the local network into different virtual logical networks. The default VLAN for all interfaces and Wi-Fi is "default (VLAN1)."
IP Address/Subnet Mask: This is the gateway address for accessing the router through the LAN port or Wi-Fi. The default is "192.168.2.1."
DHCP Server: Clients connecting to the router can obtain IP addresses through this function. It is enabled by default, and the address range is generated based on the "IP Address/Subnet Mask."

Note:

  1. The default local network cannot be deleted, and you can only modify the IP address/subnet mask and DHCP server settings.
  2. Once a local network is added, you cannot change its mode.
  3. The VLAN Only mode is designed for 2-layer transparent operation and doesn't require configuration of IP address/subnet mask or DHCP server settings.

5.5 Wi-Fi

Wi-Fi is a widely used wireless communication technology that enables computers, smartphones, tablets, and other devices to connect to the internet or a local network. Wi-Fi technology allows devices to transmit data over a certain range through wireless signals, providing the convenience of accessing networks without the need for physical connections.

The ER605 can function as an Access Point (AP) to provide multiple SSID wireless network access. Users have the flexibility to customize different SSIDs for various purposes and configurations.


Fig. 5-5-a Wi-Fi List

By clicking the "Add/Edit" button under "Wi-Fi > Wi-Fi List," you can add a new SSID or edit an existing one.

Fig. 5-5-b Edit the SSID

Notes:

  1. The device comes with default 2.4GHz and 5GHz main SSIDs. The frequency bands of these main SSIDs cannot be modified and cannot be deleted.
  2. Once an SSID is added, its frequency band cannot be changed, and it will automatically use the same channel as its corresponding main SSID.
  3. If a user creates a Wi-Fi (STA) interface in the "Internet" menu with the same frequency band as an existing SSID, that SSID cannot be enabled until the Wi-Fi (STA) interface is deleted.

5.6 VPN

A Virtual Private Network (VPN) is an encryption technology used to establish a secure, private network connection over the public internet. It enables users to securely access private network resources over the internet from anywhere. VPNs achieve this by encrypting communication data, ensuring the confidentiality and security of the communication and preventing unauthorized access. This technology is highly valuable for connecting to corporate networks, maintaining online privacy, and accessing restricted content. VPNs have a wide range of applications, including in the corporate, personal, and mobile device sectors, making them a crucial tool for safeguarding privacy and data security.

5.6.1 IPSec VPN

IPsec (Internet Protocol Security) VPN is a protocol suite designed to enhance network communication security by encrypting and authenticating data transmission. It is widely used for establishing secure remote access, site-to-site connections, and Virtual Private Networks (VPNs). IPsec VPN ensures data protection and security through encryption and authentication methods.Click the "Add" button under "VPN > IPSec VPN" to add a new IPSec VPN.

Fig. 5-6-1 Add an IPSec VPN

Once configurations are completed at both ends, the tunnel can be established. Users can check the tunnel establishment status in the "Status > VPN" menu. 
  1. Name:  This is the user-assigned name for the IPSec VPN to identify it for local management purposes.
  2. IKE Version:  You can set the version of the Internet Key Exchange (IKE) protocol to be used. It supports both IKEv1 and IKEv2.
  3. Pre-Shared Key: This is a secret shared key that must be configured the same on both devices for authentication during IKE negotiation.
  4. Internet Interface:  Choose the upstream interface used to establish the IPSec VPN locally.
  5. Tunnel Mode: This sets the encapsulation mode for IPSec on IP packets. It supports both tunnel mode and transport mode.
  6. Peer Address: This is the address of the remote endpoint with which ER805 establishes the IPSec tunnel.

Notes:

 When establishing a connection using IPSec VPN, by default, use the device with the public IP address as the server. The remote address on the IPSec server side needs to be configured as 0.0.0.0, and the remote address on the IPSec client side should be set to the public IP address of the IPSec server.

  1. Local Subnet: Specify the subnet addresses that need to communicate through the ER605 IPSec VPN tunnel.
  2. Remote Subnet: Specify the subnet address on the other end of the tunnel that needs to communicate through the IPSec VPN tunnel.
  3. IKE Policy: Supports configuring the IKE protocol.
  4. Encryption Method: Sets the encryption algorithm used by IKE.
    1. Options: DES, 3DES, AES128, AES192, AES256 (default: AES128)
  5. Authentication Method: Set the authentication algorithm used by IKE.
    1. Options: MD5, SHA1, SHA2-256, SHA2-384, SHA2-512 (default: SHA1)
  6. DH Group: Configure the DH exchange parameters used during the IKE phase key negotiation.
    1. Options: 1, 2, 5, 14, 15, 16, 19, 20
  7. Timeout: Set the IKE SA (Security Association) lifetime, defaulting to 86400 seconds.
  8. IPSec Policy: This allows you to configure IPSec parameters.
  9. Security Protocol:  Sets the security protocol used by the ESP protocol.
    1. Options: DES, 3DES, AES128, AES192, AES256 (default: AES128)
  10. Encryption Method: Sets the encryption algorithm used by the ESP protocol.
    1. Options: MD5, SHA1, SHA2-256, SHA2-384, SHA2-512 (default: SHA1)
  11. PFS Group: In IPSec, during the negotiation of a security policy, an additional key exchange is performed in Phase 2 to enhance communication security.
    1. Options: 1, 2, 5, 14, 15, 16, 19, 20
  12. Timeout: Sets the IPSec SA aging time, default is 86400 seconds.

    5.6.2 L2TP VPN

    The Layer 2 Tunneling Protocol (L2TP) is a Layer 2 VPN protocol designed to establish secure point-to-point or site-to-site Virtual Private Network (VPN) connections. It is commonly used for remote access and branch office connectivity, creating secure communication channels for users or networks to protect the privacy and integrity of data transmission.

    5.6.2.1 Work as a client

    The ER605 can act as an L2TP client and establish a tunnel with a remote L2TP server. Click on the "L2TP VPN" menu, then navigate to "Client," and use the "Add" button to configure an L2TP client.

    Fig. 5-6-2-1 Set the L2TP client parameters

    1. Name: The name of the L2TP client for local identification.
    2. Status: The switch to enable or disable the L2TP client tunnel.
    3. NAT: The switch for NAT functionality when forwarding with the L2TP client.
    4. Upstream Interface: The upstream interface used for communication between the L2TP client and the server.
    5. Server Address: The communication address of the remote L2TP server.
    6. Username/Password: Usernames and passwords that need to be configured the same on both ends during L2TP negotiation.
    7. Authentication Mode: Setting the L2TP authentication mode.
    8. Enable Tunnel Authentication: When enabled, both ends need to configure the same username and password for tunnel authentication.

    5.6.2.2 Work as a Server

    The L2TP server is typically deployed at the corporate headquarters to provide remote access to mobile offices or branch locations. Click "VPN > L2TP VPN > Server" to enter the editing page for the L2TP server.

    Fig. 5-6-2-2 Set the L2TP server parameters

    1. Name: The name of the L2TP server, not editable.
    2. Status: The on/off switch for the L2TP server function, default is off.
    3. Upstream Interface: The upstream interface used by the L2TP server.
    4. VPN Communication Address: The gateway address for L2TP clients, which can be assigned to devices within the IP address pool.
    5. Address Pool: The IP address pool is used for communication when L2TP clients connect.
    6. Username/Password: Usernames and passwords that need to be the same on both ends for L2TP negotiation.
    7. Authentication Mode: Setting the L2TP authentication mode.
    8. Enable Tunnel Verification Function: When enabled, the usernames/passwords for tunnel verification on both ends need to be the same.

    5.6.3 VXLAN VPN

    VXLAN (Virtual Extensible LAN) is essentially a tunneling technology that establishes a logical tunnel over an IP network between source and target network devices. It accomplishes data transmission and forwarding by encapsulating user data packets in a specific manner.Click the "Add" button under "VPN > VXLAN VPN" to create a new VXLAN VPN.

    Fig. 5-6-3 Add a VXLAN VPN

    1. Name: Set the name for this VXLAN VPN network.
    2. Upstream Interface: The outbound interface used to establish a VXLAN tunnel with other devices.
    3. Peer Address: Configure the IP address of the peer device with which this device needs to establish a VXLAN VPN network.
    4. VNI: The VXLAN Network Identifier, where each VNI represents a different tenant or network segment.
    5. Local Subnet: Specify the address range assigned to local client devices when they connect.
    Notes:

    1. VXLAN cannot be used with other VPN functions and IP Passthrough functions at the same time.

    5.7 Security

    In the [ Security ] menu, users can configure advanced features related to firewalls, policy routing, and traffic shaping.

    5.7.1 Firewall

    The firewall currently includes functions such as inbound rules, outbound rules, port forwarding, MAC address filtering, and more.

    5.7.1.1 Inbound Rules/Outbound Rules

    Users can implement traffic in/out control based on interfaces through the "Security > Firewall > Outbound Rules/Inbound Rules" feature. For example, if a user is subjected to a significant amount of attacks from a specific source IP address, they can use inbound firewall rules to restrict traffic from that IP address.

    Fig. 5-7-1-1-a Firewall Interface

    Furthermore, IT personnel can utilize outbound firewall rules to restrict certain users' access to external networks. Inbound and outbound rules share the same configurable content, with the only distinction being the default rules.

    Fig. 5-7-1-1-b Add an Inbound rule

    1. Name: Set the name of the inbound/outbound rule for local identification.
    2. Status: Rule function switch.
    3. Interface: For outbound rules, it specifies the upstream interface where traffic leaves the router. For inbound rules, it specifies the upstream interface where traffic enters the router
    4. Protocol: Match traffic based on the protocol type, with options like Any, TCP, UDP, ICMP, or custom.
    5. Source: Match the source address for traffic, supporting custom, with the default as Any.
    6. Destination: Match the destination address for traffic, supporting custom, with the default as Any.
    7. Action: Action taken for matching traffic in inbound/outbound rules, supporting allow and deny.
    8. Inbound Rules: Traffic management rules for external network accessing the router, with the default as deny all.
    9. Outbound Rules: Traffic management rules for traffic going out through the router, with the default allowing all.
    10. Support for adjusting the priority of inbound and outbound rules.

    5.7.1.2 Port Forwarding

    Port forwarding, also known as port mapping or port redirection, is used to redirect network packets from one network port (or address) to another network port or address. Users can configure port forwarding rules under "Security > Firewall > Port Forwarding." When external traffic accesses a specific port on the router, the device forwards the data to the corresponding port of an internal client, enabling external access to services inside the router.
    For example, when a user needs to access the service on port 1024 of the internal client at 192.168.2.10 from the external network, they can map this client's port to port 1024 under the WAN1 interface. External users only need to enter "https://WAN1 address:1024" in their browser to access the target device's data, where the WAN1 address is the IP address of the WAN1 interface.

    Fig. 5-7-1-2 Add a Port Forwarding Rule

    1. Name: The name of the port forwarding rule, used for local identification.
    2. Status: The on/off switch for the port forwarding rule.
    3. Interface: The upstream interface that provides mapping functionality for internal clients. The upstream interface needs public IP address support.
    4. Protocol: The protocol type of the traffic for port mapping, supports TCP, UDP, and TCP & UDP.
    5. Public Port: The port number on the upstream interface that provides mapping
    6. Local Address: The address of the target device located under the router that the external network needs to access.
    7. Local Port: The port of the target device that the external network needs to access. It needs to be consistent with the public port input range.

    5.7.1.3 MAC Address Filter

    MAC address filtering involves allowing or disallowing devices in a MAC address list to access the internet, which means controlling LAN devices' internet access requests through MAC address filtering on the router. Users can configure MAC address filtering rules in "Security > Firewall > MAC Address Filtering."
    You can create multiple MAC addresses in the list, add address descriptions, and set it to allow only the MAC addresses to access the network (whitelist), or you can block MAC addresses in the list from accessing the network (blacklist).

    Fig. 5-7-1-3 Add a MAC address filter rule

    5.7.2 Policy-Based Routing

    Policy routing is a feature that allows users to create policies based on their specific needs, enabling them to route different data flows through different links. This improves the flexibility and control of routing decisions, enhances link utilization efficiency, and reduces enterprise costs. Click the "Add" button under "Security > Policy Routing" to create a new policy routing rule.

    Fig. 5-7-2 Add a router policy

    Cations:

    1. The source address and destination address in a policy routing rule cannot both be set as "Any."

    5.7.3 Traffic Shaping

    Create a traffic shaping policy to optimize your network based on each protocol, giving users control and prioritizing critical business traffic. This feature can also reduce the bandwidth allocated to entertainment traffic.
    You can configure traffic shaping rules in "Security > Traffic Shaping > Add/Edit."

    Fig. 5-7-3-a Traffic Shaping interface


    Fig. 5-7-3-b Add a traffic-shaping rule

    Traffic shaping policies consist of a series of rules executed sequentially, similar to custom firewall rules. Each rule comprises two main components: the type of traffic to restrict or adjust and how to limit or adjust that traffic.

    Notes:

    1. Traffic forwarding priority for unmatched rules is medium.
    2. When Limit Bandwidth is set to 0, the system will not limit the bandwidth.
    3. The value of Reserved Bandwidth should not be greater than the Limit Bandwidth.

    5.8 Services

    5.8.1 Interface Management

    Users can configure local networks allowed through a specific interface and set the interface's speed in the "Services > Interface Management" function.

    Fig. 5-8-1-a Interface Management


    Fig. 5-8-1-b Edit the interface

    5.8.2 DHCP Server

    The DHCP (Dynamic Host Configuration Protocol) service operates in a client/server communication mode, where clients request IP addresses from servers, and servers respond to these requests by assigning IP addresses dynamically to clients.You can configure the DHCP server’s IP address pool using the "Services > DHCP Server" feature.

    Fig. 5-8-2-a DHCP Server Interface

    Notes:

    1. The device's DHCP service is generated based on the network information in the local network. If you remove a local subnet from the "Local Network List," the DHCP Server for that local subnet will also be deleted.
    2. Local network entries need to be set in “IP” mode for the DHCP server function to take effect. Networks in “VLAN Only” mode are not within the selectable range.

    5.8.3 DNS Server

    DNS (Domain Name System) servers are a crucial network component responsible for translating human-readable domain names (e.g., www.example.com) into computer-understandable IP addresses (e.g., 192.168.1.1). DNS servers act as the address book of the internet, helping computers and devices find the locations of other devices and ensuring that information can be correctly delivered across the network.
    When users don't set DNS server addresses in "Services > DNS Server," the DNS addresses obtained from the device's upstream interface will be used for domain name resolution. When users configure DNS server addresses, the configured DNS addresses will be used for domain name resolution.

    Fig. 5-8-3 Add a DNS server

    5.8.4 Fixed Address List

    Users can use the "Services > Fixed Address List" function to allocate a fixed IP address to a device based on its MAC address. This means that the device will consistently receive the same IP address every time it connects to the ER605.

    Fig. 5-8-4 Add a fixed IP address

    Cautions:

    1. The available addresses for allocation must fall within the address range of the local network in IP mode, or else the configuration will not take effect
    2. When the local network is deleted, all fixed address allocation rules within the local network's address range will be removed.

    5.8.5 Static Routes

    Users can configure static routing entries using the "Services > Static Routing" feature to enable data to be forwarded through specified paths and interfaces. The contents of the static routing table are manually created by users, and routing entries generated by other services, such as VPN functionality, will not be displayed in this table.

    Fig. 5-8-5 Add a static route

    Cautions:

    1. For static routes with the same destination address/network, the next-hop address, interface, or priority cannot be the same; otherwise, it will result in a non-functional route.
    2. When WAN2, Wi-Fi (STA), or L2TP Client VPN is deleted, the corresponding static routes using those interfaces will also be removed.

    5.8.6 Dynamic DNS

    Dynamic DNS (Dynamic Domain Name System) is used to automatically update the name server content in the domain system. According to internet domain rules, domain names are typically associated with fixed IP addresses. Dynamic DNS technology allows users with dynamic IP addresses to have a fixed name server. This enables external users to connect to the URL of users with dynamic IP addresses through regular updates.
    You can manually configure the Dynamic DNS server address under the "Services > Dynamic DNS" feature.

    Fig. 5-8-6 Add a Dynamic DNS service

    1. Service Provider: Provided by the Dynamic DNS service operator, you can choose from dyndns, 3322, oray, no-ip, or use a custom option (requires a URL).
    2. Hostname: Register for a hostname by clicking on the URL below the service provider.
    3. Username: Register for a username by clicking on the URL below the service provider.
    4. Password: The password set by the user during registration.

    5.8.7 Passthrough Settings

    Users can enable the IP Passthrough feature through "Service > Passthrough Settings." Once enabled, client devices can obtain the upstream interface address of the ER605.

    Fig. 5-8-7 Enable the IP Passthrough

    1. Passthrough MAC: Only clients bound to this MAC can obtain the upstream interface address of the device.

    Cautions:

    1. When the IP Passthrough mode is enabled, only one client can access the public network. : static routing, VPN,  policy-based routing, SD-WAN Overlay, and cloud connectivity.
    2. When accessing client devices, you need to release inbound rules.
    3. You can still access the router via the default subnet's IP address.

    5.9 System

    In the "System" menu, users can configure settings related to cloud management, remote access control, clock settings, device options, configuration management, device alerts, tools, and log servers, among other functions.

    5.9.1 Adm Management

    Please see the device nameplate for the username and password. To ensure the security of your device, it's recommended that you change the password. You can do this by clicking on "adm" in the top navigation bar and selecting "Change Password" from the dropdown menu.


    Fig. 5-9-1-a/b Modify the Password

    5.9.2 Cloud Management

    The InCloud Service (star.inhandcloud.com) is a cloud platform developed by InHand Networks to address the challenges faced by enterprise networks, such as slow deployment, complex operations, and poor user experiences. This platform is designed with a focus on user needs and integrates features like zero-touch deployment, intelligent operations and maintenance, security protection, and excellent user experience capabilities. Once devices are connected to the cloud platform, users can perform remote management, batch configuration, traffic monitoring, and other operations through the platform, making network device management more convenient and efficient.
    ER605 automatically connects to the InCloud Service after establishing an internet connection by default. If you do not wish to use the cloud management function, you can disable it manually in the "System > Cloud Management" function.

    Fig. 5-9-2 Enable the InCloud Service

    5.9.3 Remote Access Control

    You can configure whether to allow external access to the router's web configuration interface from the Internet through the "System > Remote Access Control" function. You can also set the service port for this purpose.

    Fig. 5-9-3 Set the parameters of remote access

    1. HTTPS: When enabled, users can access the router's web interface remotely by entering the public IP address and port number of the upstream interface in a web browser.
    2. SSH: When enabled, users can remotely log in to the router's backend using remote tools (such as CRT) by providing the public IP address, port number, username, and password.
    3. Ping: When enabled, the upstream interface allows external networks to initiate Ping requests.

    5.9.4 System Clock

    In network functionality, the clock function refers to the capability used to coordinate and synchronize the time between network devices. Clock functionality within a network is crucial for data transmission, log recording, security, coordination, and troubleshooting. It ensures that various devices in the network are operating with synchronized times, which is essential for efficient and secure network operations.
    You can use the "System > System Clock" function to select their current time zone and configure NTP (Network Time Protocol) server addresses to synchronize the device's system time with an NTP server.

    Fig. 5-9-4 Set the time zone and NTP server

    5.9.5 Device Options

    In the "System > Device Options" section, users can perform various device operations such as rebooting, upgrading firmware, and restoring factory settings.

    Fig. 5-9-5 Device Options

    Cautions:

    1. When performing a local firmware upgrade, it is essential to ensure that the firmware is obtained from a legitimate source to avoid rendering the device inoperable due to incorrect firmware imports.
    2. When a device is connected to the cloud platform, the platform will synchronize the previous configuration to the device again due to cloud-based configuration synchronization. The device will only clear historical data during the factory reset.

    5.9.6 Configuration Management

    Configuring backups and backup recovery are critical tasks in network management and maintenance. They involve saving the configuration information of network devices so that it can be quickly restored or transferred when needed.
    You can export device configurations to local storage in the "System > Configuration Management" menu. This backup can be imported into the device in case of configuration loss or when you need to overwrite the existing configuration.

    Fig. 5-9-6 Configuration Management interface

    5.9.7 Device Alarms

    You can choose to focus on specific events that may occur on the device by selecting the corresponding alarm events and configuring the email address for receiving alerts. When an alarm event occurs, the device will automatically send an email notification. It's important to note that even if a user doesn't select certain alarm options, related alarm events will still be recorded in the device's local logs.
    You can configure alarm event types and email addresses for alarm notifications in the "System > Device Alarms" menu.

    Fig. 5-9-7-a Alarm event types

    After configuring the outgoing email server address, port, username, and password, the device will use this email account to send alarm notifications. You can use the "Send Test Email" option to verify whether the outgoing email configuration is correct. This test email will help you ensure that the device can successfully send alarm notifications to the specified email address.

    Fig. 5-9-7-b Mail receiving settings

    5.9.8 Tools


    5.9.8.1 Ping

    You can use ICMP (Internet Control Message Protocol) to check the device's external network connectivity. In the "Target" field, enter any domain name or IP address you want to test the device's connectivity to, and then click "Start" to check the connectivity status between the device and the specified target. This can help you determine whether the device can reach the target over the internet.
    You can perform a network ping test on a target by going to "System > Tools > Ping." This allows to send ICMP echo requests to the specified target IP address or domain name and receive ICMP echo replies to check network connectivity and latency to that target.

    Fig. 5-9-8-1 Ping

    5.9.8.2 Traceroute

    Traceroute is a network diagnostic tool used to determine the network path that data packets take from the source to the destination, as well as the intermediate routers or hops along that path.You can enter the target host's IP address in "System > Tools > Traceroute," choose the outgoing interface for the traffic, click "Start," and check the device's connectivity to the target IP by tracing the route.

    Fig. 5-9-8-2 Tracerout 

    5.9.8.3 Capture

    Packet capturing is a network monitoring and analysis technique used to capture and record data packets transmitted over a computer network. Packet capture tools are typically used for network troubleshooting, network performance analysis, security auditing, and protocol analysis, among other purposes.
    You can capture packets passing through a specific interface in "System > Tools > Packet Capture." By selecting the "Output" option, users can choose to display the captured data within the interface or export it locally for further analysis.

    Fig. 5-9-8-3 Capture

    5.9.9 Scheduled Reboot

    Scheduled reboot is a network device management strategy that allows administrators to automatically restart a device at a specific time or under certain conditions to ensure the device's normal operation and performance.
    In practice, users can set up scheduled reboots in the "System > Scheduled Reboot" function based on their business requirements. The device supports scheduled reboots at fixed times daily, weekly, or monthly.In the case of monthly reboots, if the selected reboot day exceeds the actual number of days in the month, the device will reboot on the last day of the month. For example, if you choose to reboot on the 31st of every month, it will reboot on the 30th in a month with only 30 days.

    Fig. 5-9-9 Set the scheduled reboot time

    5.9.10 Log Server

    A log server is a dedicated server or software application used to collect, store, and manage log information generated by network devices, applications, and operating systems. These log records include events, warnings, errors, activities, and other relevant information and are crucial for monitoring, troubleshooting, and performance optimization.
    When users enable the log file server function in the "System > Log Server" feature, the device will periodically upload log files to the specified log server.

    Fig. 5-9-10 Set the log server address

    5.9.11 Other Settings

    5.9.11.1 Web Login Management

    When a user logs in to the local interface of the device through the web and the session remains active for a certain period, it will automatically log out or disconnect to protect the user's privacy and security.
    Users can configure the logout time in "System > Other Settings > Web Login Management." If the online time during a single login session on the device's web page exceeds the configured time, the system will automatically log the user out, and they will need to log in again to continue their operations.

    Fig. 5-9-11-1 Set the web page logout time

    5.9.11.2 Automatically Restarts

    This feature can be used to quickly forward packets, improving network performance. By default, it is turned off. When users enable this feature in "System > Other Settings > Fast Forward," the device's data forwarding rate will significantly increase.

    Fig. 5-9-11-2 Enable the Automatically

    5.9.11.3 SIP ALG

    It is typically used as a firewall and consists of two technologies: Session Initiation Protocol (SIP) and Application Layer Gateway (ALG). Users can enable this feature in "System > Other Settings > SIP ALG". Enabling this feature may impact VoIP telephone communication.

     

    Fig. 5-9-11-3 Enable the SIP ALG

    Note:

    1. If the connected device needs to engage in VoIP (Voice over Internet Protocol) phone communication, it is recommended to disable this function. 

    6.   Security Precautions

    1. Please use the original power adapter to avoid damaging the device due to mismatched power adapters.
    2. When installing the device, avoid placing it in an environment with strong electromagnetic interference, and keep it at a safe distance from high-power equipment. After installation, ensure that the device is stable to prevent accidental drops and potential damage.
    3. Ensure that the device's operating environment meets the temperature and humidity requirements specified in the user manual.
    4. Regularly inspect the device's cables, including Ethernet cables and power adapter connections. Keep the cables clean, and replace them if any damage is detected.
    5. When cleaning the device, avoid spraying chemical agents directly on the device's surface to prevent damage to the housing or internal components. Use a soft cloth for cleaning.
    6. Do not attempt to disassemble or modify the device on your own, as this can pose safety risks and may void the device's warranty.

     

    7.   FAQ

    1. What are the differences between ER routers and regular routers?

    1. Edge Router: Supports both wired and cellular mobile data connectivity (4G, 5G) for network access, providing more ways to connect to the network. The edge router is a 5G router that supports SD-WAN and allows for centralized management through a cloud platform.

    2. Regular Router: Typically relies on fixed broadband connections, such as DSL or fibre optics, and connects to the network through wired connections. Regular routers lack a unified management platform and advanced features like firewall and SD-WAN.

    2. Unable to Connect to 4G/5G Network?

    1. Physical Environment: Start by checking if the SIM card is inserted into the correct slot and ensure all cellular antennas are properly installed.

    2. APN Settings: Make sure that the APN configuration matches the information provided by your service provider.

    3. Check Device Connectivity: Log in to the device's local interface and use the built-in ICMP tool to ping 8.8.8.8 to test connectivity. If it can connect, then check the connectivity between your device (e.g., computer or smartphone) and the router.

    4. Check SIM Card: Take out the SIM card and insert it into a phone to see if it can connect to the internet.

    5. Restart: Try powering off the router, wait a few seconds, and then reconnect the power to retry the network connection.

    6. Factory Reset: Perform a factory reset on the router and then attempt to connect again.

    3. Is the cloud platform free of charge?

    InHand Networks has been committed to providing high-quality network services for small and medium-sized chain organizations. When users utilize the cloud platform services, they are required to purchase licenses for each device to access the extensive cloud-based features.

    4. How to add devices to the cloud platform?

    1. Start by registering for a Small Star Cloud Manager login account at https://star.inhandcloud.com/.

    2. Log in to the cloud platform using your registered account. Under the device menu, click "Add," and follow the prompts to enter the device's serial number and MAC address. This will complete the device addition process. When a device is added for the first time, it comes with a complimentary 1-year free Basic Edition license. Users can renew their licenses as needed in the future.

    5. Is it possible to use the device without the cloud platform?

    Yes, it is possible. Users can complete the ma ority of configuration tasks locally. However, for features like bulk configuration deployment, firmware upgrades, SD-WAN, Connector, and more, you would need to combine local device settings with the cloud platform.

    If you are unable to resolve the issue using the above steps or encounter any other problems, please contact InHand Networks for technical support. You can visit www.inhandnetworks.com for more information.

     












































































      • Related Articles

      • Edge Router 805 Product User Manual

        Declaration Thank you for choosing our company's product! Before use, please carefully read this user manual. By complying with the following statements, you will help maintain intellectual property rights and legal compliance, ensuring that your ...

      • Portable Router CR202-Pro Product User Manual

        Declaration Thank you for choosing our product. Before using the product, please read this manual carefully. The contents of this manual cannot be copied or reproduced in any form without the written permission of InHand. Due to continuous updating, ...

      • Portable Router CR202 Product User Manual

        Declaration Thank you for choosing our product. Before using the product, please read this manual carefully. The contents of this manual cannot be copied or reproduced in any form without the written permission of InHand. Due to continuous updating, ...

      • Cellular Router IR305 Product User Manual

        Declaration Thank you for choosing our product. Before using the product, read this manual carefully. The contents of this manual cannot be copied or reproduced in any form without the written permission of InHand. Due to continuous updating, InHand ...

      • Industrial Router IR305 Product User Manual

        Declaration Thank you for choosing our product. Before using the product, read this manual carefully. The contents of this manual cannot be copied or reproduced in any form without the written permission of InHand. Due to continuous updating, InHand ...