Declaration
Thank you for choosing our product. Before using the product, read this manual carefully.
The contents of this manual cannot be copied or reproduced in any form without the written permission of InHand.
Due to continuous updating, InHand cannot promise that the contents are consistent with the actual product information, and does not assume any disputes caused by the inconsistency of technical parameters. The information in this document is subject to change without notice. InHand reserves the right of final change and interpretation.
© 2020 InHand Networks. All rights reserved.
Conventions
Symbol |
Indication |
< > |
Content in angle brackets “<>” indicates a button name. For example, the <OK> button. |
"" |
'''' indicates a window name or menu name. For example, the pop-up window "New User." |
> |
A multi-level menu is separated by the double brackets ">". For example, the multi-level menu File > New > Folder indicates the menu item [Folder] under the sub-menu [New], which is under the menu [File]. |
Cautions |
Means reader be careful. Improper action may result in loss of data or device damage. |
Note |
Notes contain detailed descriptions and helpful suggestions. |
Add: 43671 Trade Center Place, Suite 100, Dulles, VA 20166 USA
E-mail: support@inhandneworks.com
T: +1 (703) 348-2988
URL: www.inhand.com
UL MARKINGS:
1.UL File:E364742、E509340.
2.Electrical ratings:Input: 9-36 V DC, 0.1-0.2A. (Optional)
3.Model number:IR302
5.Ambient temperature range:-20 ℃ to +70 ℃
6. Temperature class:T-5
UL INSTALLATION AND OPERATING INSTRUCTIONS:
1. These devices are open-type devices that are to be installed in an enclosure suitable for the environment and where the internal compartment is only accessible by the use of tool.
2. Warning - explosion hazard - do not disconnect equipment while the circuit is live or unless the area is known to be free of ignitable concentrations.
3. The unit shall be powered by a UL listed external AC adapter, output rated 9-36 VDC, MIN-MUM: 0.1-0.2A, marked LPS or CLASS 2
Integrating 3G, 4G LTE and advanced security, the InRouter302 is the next generation of industrial cellular router. With embedded hardware watchdog, link detection, auto-recovery and auto-reboot, the InRouter302 provides reliable communications to unattended sites. Reliable VPN technology secures sensitive data. The InRouter302 also utilizes remote management tools such as a CLI, a web interface and InHand Device Manager Cloud platform for batch configuration and monitoring.
InRouter302 is ideal for large-scale Internet of Things (IoT) and Machine-to-Machine (M2M) applications including ATM/Kiosks, Vending machines, Connected Retail, Medical equipment and Industrial control systems.
POWER |
STATUS |
Cellular |
Description |
(Red) |
(Green) |
(Yellow) | |
Off |
Off |
Off |
Powered off |
On |
Off |
Off |
System failure |
On |
On |
Off |
The module or SIM card is not recognized |
On |
On |
Blinking |
Dialing |
On |
On |
On |
Dialing succeed |
On |
Blinking |
On |
Upgrading |
On |
Blinking->On |
Off |
Reset |
Reset to factory settings: 1. When the device is powered on, press the reset button immediately and keep it for 10 seconds until the Status LED is steady on 2. Loosen the Reset button and the Status LED will off. 3. Immediately press and hold the Reset button, Status LED will flash, then loosen the Reset button. Then device will reset to default settings. |
Signal |
Red |
Signal 0~10 |
Yellow |
Signal 11~20 | |
Green |
Signal 21~30 | |
Wi-Fi(Green) |
Unable |
Off |
AP |
Blinking | |
STA |
Blinking |
|
Port |
Transmission |
Blinking |
Precautions:
Please be sure there is 3G/4G network coverage and there is no shield on site. 100-240V AC or 9~36V DC shall be provided on site. First installation shall be done under direction of the engineer recognized by InHand Networks.
InRouter302 uses pop-up card holder. Stab the hollow at the left of the card holder and the card holder will pop up. Then, install the SIM/UIM card and press the card holder back to the card slot.
Slightly rotate the movable part of metal SMA-J interface until it cannot be rotated (at this time, external thread of antenna cable cannot be seen). Do not forcibly screw the antenna by holding black rubber lining.
The specific steps are shown in below:
Step 1: Remove the grounding screw.
Step 2: Connect the grounding ring of the cabinet’s grounding wire onto the grounding screw.
Step 3: Tighten the grounding screw up.
Upon installation of the antenna, connect the device to 9~36V DC power and see if the Power LED on the panel of the device is on. If not, please contact technical support of InHand Networks immediately.
Upon installation of hardware, be sure the Ethernet card has been mounted in the supervisory PC prior to logging in the page of Web settings of the router.
I. Automatic Acquisition of IP Address (Recommended)
Please set the supervisory computer to "automatic acquisition of IP address" and "automatic acquisition of DNS server address" (default configuration of computer system) to let the device automatically assign IP address for supervisory computer.
II. Set a Static IP Address
Set the IP address of supervisory PC (such as 192. 168. 2. 2) and LAN interface of device in same network segment (initial IP address of LAN interface of device: 192. 168. 2. 1, subnet mask: 255. 255. 255. 0).
III. Cancel the Proxy Server
If the current supervisory PC uses a proxy server to access the Internet, it is required to cancel the proxy service. The operating steps are shown below: 1) In the browser window, select "tools>>Internet options"; 2) select "connection" page and click the button of LAN Settings to enter "LAN Settings" window interface. Please confirm if the option "Use a Proxy Server for LAN" is checked; if it is checked, please cancel and click the button <OK>.
IV. Log in/Exit Web Settings Page
Open IE or other browser and enter IP address of InRouter302, such as http://192.168.2.1 in address bar (default setting of InRouter302). Upon connection, log in from the login interface as Admin, i.e. enter username and password at the login interface (please check the nameplate for getting the default username and password).
The device need to be effectively configured before using. This chapter will introduce how to configure your router via Web.
Here, system and network state and system time of synchronizing device and PC can be checked and router WEB configuration interface language can be set as well as the name of mainframe of router can be customized.
Here, WEB configuration interface language can be set; name of mainframe of router can be customized.
From the navigation tree, select System >> Basic Setup, then enter the “Basic Setup” page.
Table 3-1-1 Basic Setup Parameters
Basic settings | ||
Function description: Select display language of the router configuration interface and set personalized name. | ||
Parameters |
Description |
Default |
Language |
Configure language of WEB configuration interface |
Chinese |
Host Name |
Set a name for the host or device connected to the router for viewing. |
Router |
To ensure the coordination between this device and other devices, user is required to set the system time in an accurate way since this function is used to configure and check system time as well as system time zone. System time is used to configure and view system time and system time zone. It aims to achieve time synchronization of all devices equipped with a clock on network so as to provide multiple applications based on synced time.
From the navigation tree, select System >> Time, then enter the “Time” webpage, as shown below. Click <Sync Time> to synchronize the time of the gateway with the system time of the host.
Table 3-1-2 Parameters of System Time
System Time | ||
Function description: Set local timezone and automatic updating time of NTP. | ||
Parameters |
Description |
Default |
Time of Router |
Display present time of router |
8:00:00 AM, 12/12/2015 |
PC Time |
Display present time of PC |
Present time |
Timezone |
Set time zone of router |
Custom |
Custom TZ String |
Set TZ string of router |
CST-8 |
Auto update Time |
Select whether to automatically update time, you may select when startup or every 1/2/...hours. |
On startup |
NTP Time Servers |
Set NTP server to sync time via network |
114.80.81.1 |
Admin services include HTTP, HTTPS, TELNET and SSHD.
HTTP
HTTP (Hypertext Transfer Protocol) is used for transferring web pages on Internet. After enabling HTTP service on device, users can log on via HTTP and access and control the device using a web browser.
HTTPS
HTTPS (Secure Hypertext Transfer Protocol) is the secure version of hypertext transfer protocol. As a HTTP protocol which supports SSL protocol, it is more secure.
TELNET
Telnet protocol provides telnet and virtual terminal functions through a network. Depending on Server/Client, Telnet Client could send request to Telnet server which provides Telnet services. The device supports Telnet Client and Telnet Server.
SSHD
SSH protocol provides security for remote login sessions and other network services. The SSHD service uses the SSH protocol, which has higher security than Telnet.
From the navigation tree, select System >> Admin Access, then enter “Admin Access” page.
Table3-1-3 Parameters of Admin Access
Admin Access | ||
Function description: 1. Modify username and password of router. 2. The router may be set by the following 5 ways, i.e. http, https, telnet, SSHD and console. 3. Set login timeout. | ||
Parameters |
Description |
Default |
Username/Password | ||
Username |
Set name of user who logs in WEB configuration |
adm |
Old Password |
Previous password access to WEB configuration |
N/A |
New Password |
New password access to WEB configuration |
N/A |
Confirm New Password |
Reconfirm the new password |
N/A |
Amin functions | ||
Service Port |
Service port of HTTP/HTTPS/TELNET/SSHD/Console |
80/443/23/22 |
Local Access |
Enable - Allow local LAN to administrate the router with corresponding service (e.g. HTTP) Disable - Local LAN cannot administrate the router with corresponding service (e.g. HTTP) |
Enable |
Remote Access |
Enable - Allow remote host to administrate the router with corresponding service (e.g. HTTP) Disable - Remote host cannot administrate the router with corresponding service (e.g. HTTP) |
Enable
|
Allowed Access from WAN (Optional) |
Set allowed access from WAN (only HTTP/HTTPS/TELNET/SSHD) |
The host controlling service at this moment can be set, e.g. 192.168.2.1/30 or 192.1682.1-192.1682.10 |
Description |
For recording significance of various parameters of admin functions (without influencing router configuration)
|
N/A |
Other Parameters | ||
Log Timeout |
Set login timeout (router will automatically disconnect the configuration interface after login timeout) |
500 seconds |
A remote log server can be set through “System Log”, and all system logs will be uploaded to the remote log server through the gateway. This makes remote log software, such as Kiwi Syslog Daemon, a necessity on the host.
Kiwi Syslog Daemon is free log server software for Windows. It can receive, record and display logs from host (such as gateway, exchange board and Unix host). After downloading and installing Kiwi Syslog Daemon, it must be configured through the menus “File >> Setup >> Input >> UDP.
From the navigation tree, select System >> System Log, then enter “System Log” page.
Table 3-1-4 Parameters of System Log
System Log | ||
Function description: Configure IP address and port number of remote log server which will record router log. | ||
Parameters |
Description |
Default |
Log to Remote System |
Enable log server |
Disable |
Log server address and port (UDP) |
Set address and port of remote log server |
N/A: 514 |
Log to Console |
Output device log by serial port |
Disable |
Here you can back up the configuration parameters, import the desired parameters backup and reset the router.
From the navigation tree, select System >> Config Management, then enter the “Config Management” page.
Table 3-1-5 Parameters of Configuration Management
Configuration Management | ||
Function description: Set parameters of configuration management. | ||
Parameters |
Description |
Default |
Browse |
Choose the configuration file |
N/A |
Import |
Import configuration file to router |
N/A |
Backup |
Backup configuration file to host |
N/A |
Restore default configuration |
Select to restore default configuration (effective after rebooting) |
N/A |
Modem drive program |
For configuring drive program of module |
N/A |
Network Provider (ISP) |
For configuring APN, username, password and other parameters of the network providers across the world |
N/A |
After this function is enabled, the device will reboot as the scheduled time. Scheduler function will take effect after router sync time.
From the navigation tree, select “System >> Schedule”, then enter “Schedule” page.
Table 3-1-6 Parameters of Scheduler
Scheduler | ||
Function description: set scheduler for system reboot | ||
Parameters |
Description |
Default |
Enable |
Enable/disable this function |
Disable |
Time |
Select the reboot time |
0:00 |
Days |
Reboot the router everyday |
Everyday |
Show advanced options |
Enable more detailed schedule rules, allow to set multiple rules to reboot the router in specific time or interval. Enable this feature will disable everyday reboot feature above. |
Disable |
Reboot after dialed |
Router will reboot after dial up successfully, will not take effort if this parameter is blank. |
N/A |
The upgrading process can be divided into two steps. In the first step, firmware will be written in backup file zone, in the second step: firmware in backup file zone will be copied to main firmware zone, which should be carried out during system restart. During software upgrading, any operation on web page is not allowed, otherwise software upgrading may be interrupted.
From the navigation tree, select “System >> Upgrade”, then enter the “Upgrade” page.
To upgrade the system, firstly, click <Browse> choose the upgrade file, secondly, click <Upgrade> and then click <OK> to begin upgrade; thirdly, upgrade firmware succeed, and click <Reboot> to restart the device.
Please save the configurations before reboot, otherwise the configurations that are not saved will be lost after reboot.
To reboot the system, please click the System>>Reboot, then click <OK>.
To logout, click System >> Logout, and then click <OK>.
Insert SIM card and dial to achieve the wireless network connection function of router.
Click the “Network>>Cellular” menu in the navigation tree to enter the “Dial Interface”.
Table3-2-1-1 Parameters of Dialup/Cellular
Dialup/Cellular Connection | ||
Function description: Configure parameters of PPP dialup. Generally, users only need to set basic configuration instead of advanced options. | ||
Parameters |
Description |
Default |
Enable |
Enable cellular dialup. |
Enable |
Time Schedule |
Set time schedule |
ALL |
Force Reboot |
Router will reboot if cannot dialup for a long time and reach the max retry time |
Enable |
Shared connection (NAT) |
Enable—Local device connected to Router can access to the Internet via Router. Disable—Local device connected to Router cannot access to the Internet via Router. |
Enable |
Default Route |
Enable default route |
Enable |
SIM1 Network Provider |
Select network provider profile for SIM1 |
Profile 1 |
Network Type |
Select network type, router will try 4G, 3G, 2G in proper order if select in Auto |
Auto |
Connection Mode |
Optional Always Online, Connect On Demand, Manual. It will support to configure Triggered by SMS if select Connect On Demand mode, |
Always Online |
Redial Interval |
Set the redialing time when login fails. |
30 s |
Show Advanced Options | ||
Dual SIM Enable |
Enable Dual SIM card |
Disable |
SIM2 Network Provider |
Select network provider for SIM2 card |
Profile 1 |
SIM2 Blinding ICCID |
Set ICCID of SIM2 |
N/A |
SIM2 PIN Code |
For setting SIM2 PIN code |
N/A |
SIM2 SIM Card Operator |
Set the ISP that SIM2 card connects to |
Auto |
Main SIM |
Set the SIM card that uses to dialup at first |
SIM1 |
Max Number of Dial |
Set max number of dial, if cannot dial up successfully after this number, router will switch SIM card |
5 |
CSQ Threshold |
Set threshold of signal, if current signal level is lower than this, router will switch SIM card |
0(Disable) |
Min Connect Time |
Set the min connect time for each try of dial up |
0(Disable) |
Initial Commands |
Set customize initial AT commands which will be operated at the beginning of dialing up |
AT |
Blinding ICCID |
Set ICCID of SIM |
N/A |
PIN Code |
For setting PIN code of SIM |
N/A |
MTU |
Set max transmission unit after enable |
1500 |
Use Peer DNS |
Click to receive peer DNS assigned by the ISP |
Enable |
Link detection interval |
Set link detection interval |
55 s |
Debug |
Enable debug mode, print debug log in system log |
Disable |
Debug Modem* |
Send modem debug data to console |
Disable |
ICMP Detection Mode |
Set ICMP detection mode, router will check the link connection status via ICMP packet. Ignore Traffic: Router will send ICMP packet no matter whether there is traffic in cellular interface. Monitor Traffic: Router will not send ICMP packet if there is traffic in cellular interface. |
Ignore Traffic |
ICMP Detection Server |
Set the ICMP Detection Server. N/A represents not to enable ICMP detection. |
N/A |
ICMP Detection Interval |
Set ICMP Detection Interval |
30 s |
ICMP Detection Timeout |
Set ICMP Detection Timeout (the link will be regarded as down if ICMP times out) |
20 s |
ICMP Detection Retries |
Set the max. number of retries if ICMP fails (router will redial if reaching max. times) |
5 |
Table3-2-1-2 Parameters of Dialup/Cellular - Schedule
Administration of dialup/Cellular - Schedule | ||
Function description: Online or offline based on the specified time. | ||
Parameters |
Description |
Default |
Name of Schedule |
schedule 1 |
schedule1 |
Sunday ~ Saturday |
Click to enable |
|
Time Range 1 |
Set time range 1 |
9:00-12:00 |
Time Range 2 |
Set time range 2 |
14::00-18:00 |
Time Range 3 |
Set time range 3 |
0:00-0:00 |
Description |
Set description content |
N/A |
WAN/LAN1 Port supports two types of work mode, include WAN and LAN.
Click the “Network>>WAN/LAN Switch” to set work mode
WAN supports three types of wired access including static IP, dynamic address (DHCP) and ADSL (PPPoE) dialing.
DHCP adopts Client/Server communication mode. Client sends configuration request to Server which feeds back corresponding configuration information, including distributed IP address to the Client to achieve the dynamic configuration of IP address and other information.
PPPoE is a point-to-point protocol over Ethernet. User has to install a PPPoE Client on the basis of original connection way. Through PPPoE, remote access devices could achieve the control and charging of each accessed user.
WAN/LAN1 is working as LAN by default.
Click the “Network>>WAN” menu in the navigation tree to enter the “WAN" Interface.
Table 3-2-2-1 Static IP Parameters of WAN
WAN - Static IP | ||
Function description: Access to Internet via wired lines with fixed IP. | ||
Parameters |
Description |
Default |
Shared connection (NAT) |
Enable—Local device connected to Router can access to the Internet via Router. Disable—Local device connected to Router cannot access to the Internet via Router. |
Enable |
Default route |
Enable default route |
Enable |
MAC Address |
MAC Address of the device |
Device’s MAC address |
IP Address |
Set IP address of WAN |
192.168.1.29 |
Subnet mask |
Set subnet mask of WAN |
255. 255. 255. 0 |
Gateway |
Set gateway of WAN |
192. 168. 1. 1 |
MTU |
Max. transmission unit, default/manual settings |
default (1500) |
Multiple IP support (at most 8 additional IP addresses can be set) | ||
IP Address |
Set additional IP address of LAN |
N/A |
Subnet mask |
Set subnet mask |
N/A |
Description |
For recording significance of additional IP address |
N/A |
Table 3-2-2-2 Dynamic Address (DHCP) Parameters of WAN
WAN - Dynamic Address (DHCP) | ||
Function description: Support DHCP and can automatically get the address allocated by other routers. | ||
Parameters |
Description |
Default |
Shared connection (NAT) |
Enable—Local device connected to Router can access to the Internet via Router. Disable—Local device connected to Router cannot access to the Internet via Router. |
Enable |
Default route |
Enable default route |
Enable |
MAC Address |
MAC Address of the device |
Device’s MAC address |
MTU |
Max. transmission unit, default/manual settings |
default (1500) |
Table 3-2-3-3 ADSL Dialing (PPPoE) Parameters of WAN
WAN - ADSL Dialing (PPPoE) | ||
Function description: Set ADSL dialing parameters. | ||
Parameters |
Description |
Default |
Shared connection |
Enable—Local device connected to Router can access to the Internet via Router. Disable—Local device connected to Router cannot access to the Internet via Router. |
Enable |
Default route |
Enable default route |
Enable |
MAC Address |
MAC Address of the device |
Device’s MAC address |
MTU |
Max. transmission unit, default/manual settings |
default (1492) |
WAN - ADSL Dialing (PPPoE) | ||
Username |
Set name of dialing user |
N/A |
Password |
Set dialing password |
N/A |
Static IP |
Click to enable static IP |
Disable |
Connection Mode |
Set dialing connection method (always online, dial on demand, manual dialing) |
Always online |
Parameters of Advanced Options | ||
Service Name |
Set service name |
N/A |
Set length of transmit queue. |
Set length of transmit queue. |
3 |
Enable IP header compression |
Click to enable IP header compression |
Disable |
Use Peer DNS |
Click to enable use peer DNS |
Enable |
Link detection interval |
Set link detection interval |
55 s |
Link detection Max. Retries |
Set link detection max. retries |
10 |
Enable Debug |
Click to enable debug |
Disable |
Expert Option |
Set expert options |
N/A |
ICMP Detection Server |
Set ICMP detection server |
N/A |
ICMP Detection Interval |
Set ICMP Detection Interval |
30 s |
ICMP Detection Timeout |
Set ICMP detection timeout |
20 s |
ICMP Detection Retries |
Set ICMP detection max. retries |
3 |
Click “Network >> LAN” to configure LAN interface of router and other devices can access to Internet via Ethernet cable in LAN.
Table 3-2-3 LAN Parameters
LAN – Static IP | ||
Function description: Devices in LAN use static IP to connect to network. | ||
Parameters |
Description |
Default |
MAC Address |
MAC Address of router’s LAN gateway |
Router’s LAN MAC address |
IP Address |
IP Address of router’s LAN gateway |
192.168.2.1 |
Netmask |
Subnet mask of LAN gateway |
255.255.255.0 |
MTU |
Max. transmission unit, default/manual settings |
default (1500) |
LAN Mode |
Set transport mode in LAN interface |
Auto Negotiation |
Multi-IP Settings (at most 8 additional IP addresses can be set) | ||
IP Address |
Set additional IP address of LAN |
N/A |
Subnet mask |
Set subnet mask |
N/A |
Description |
For recording significance of additional IP address |
N/A |
LAN Port Enable | ||
port1/port2 |
Enable corresponding LAN port |
Enable |
GARP | ||
Enable |
Router will send ARP broadcast to LAN devices automatically |
Disable |
Broadcast Count |
Set ARP broadcast times |
5 |
Broadcast Timeout |
Set ARP broadcast timeout time |
10 |
IR302-WLAN supports two types of WLAN mode: AP and STA.
Click the “Network>>Switch WLAN Mode” menu in the navigation tree to set WLAN mode of the router. After change and save the configuration, please reboot the device to make the configuration take effort.
When working in AP mode, IR302 WLAN will provide network access point for other wireless network devices. Please sure that IR302 has already connect to Internet via WAN or cellular.
Click the “Network>>WLAN” menu in the navigation tree to enter the “WLAN" interface.
Table 3-2-5 Parameters of WLAN Access Port
WLAN | ||
Function description: Support WiFi function and provide wireless LAN access on site and identity authentication of wireless user. | ||
Parameters |
Description |
Default |
SSID broadcast |
After turning on, use can search the WLAN via SSID name |
Enable |
Mode |
Six type for options: 802. 11g/n, 802. 11g, 802. 11n, 802. 11b, 802. 11b/g , 802. 11b/g/n |
802.11b/g/n |
Channel |
Select the channel |
11 |
SSID |
SSID name defined by user |
inhand |
Authentication method |
Support open type, shared type, auto selection of WEP, WPA-PSK, WPA, WPA2-PSK, WPA2, WPA/WPA2, WPAPSK/WPA2PSK |
Open type |
Encryption |
Support NONE, WEP |
NONE |
Wireless bandwidth |
Both 20MHz and 40MHz for selection |
20MHz |
Enable WDS |
Click to enable WDS |
Disable |
Default Route |
Click to enable Route |
Disable |
Bridged SSID |
Set bridged SSID |
None |
Bridged BSSID |
Set bridged BSSID |
None |
Scan |
Click “Scan” to scan the available AP nearby |
|
Auth Mode |
Open type, shared type, WPA-PSK, WPA2-PSK |
Open type |
Encryption Method |
Support NONE, WEP |
None |
When working in STA mode, the router can access the Internet by connecting to other AP.
Click the “Network>>WLAN Client” menu in the navigation tree to enter the “WLAN” interface. Select “Client” for the interface type and configure relevant parameters. (At this moment, the cellular interface in the "Network>>Cellular" should be closed.)
The SSID scan function is enabled only when Client is selected as WLAN interface. Click “Scan” button to get all available AP and status, select AP and configure corresponding parameter to connect. After configure WLAN Client, please configure access type in “Network>>WAN(STA)”.
Table 3-2-6 Parameters of WLAN Client
WLAN Client | ||
Function description: Support Wi-Fi function and access to wireless LAN as client. | ||
Parameters |
Description |
Default |
Mode |
Support many modes including 802.11b/g/n |
802.11b/g/n |
SSID |
Name of the SSID to be connected |
inhand |
Authentication method |
Keep consistent with the access point to be connected |
Open type |
Encryption |
Keep consistent with the access point to be connected |
NONE |
Click the “Network>>Link Backup” in the navigation tree to configuration interface.
Table 3-2-7-1 Parameters of Link Backup
Link Backup | ||
Function description: When the system runs, main link will first be enabled for communication. However, when the main link is disconnected, the system will automatically switch to the backup link to ensure communication. | ||
Parameters |
Description |
Default |
Enable |
Click to enable link backup |
Disable |
Backup mode |
Optional hot failover, cold failover or load balance |
Hot failover |
Main Link |
Optional WAN or dialing interface |
WAN |
ICMP Detection Server |
Set ICMP detection server |
N/A |
Backup Link |
Optional cellular or WAN |
Cellular 1 |
ICMP Detection Interval |
Set ICMP Detection Interval |
10 s |
ICMP Detection Timeout |
Set ICMP detection timeout |
3 s |
ICMP Detection Retries |
Set ICMP detection max. retries |
3 |
Restart Interface When ICMP Failed |
Restart main link when ICMP failed |
Disable |
Table 3-2-7-2 Parameters of Link Backup - Backup Mode
Link Backup - Backup Mode | |
Function description: Select the way of link backup. | |
Parameters |
Description |
Hot failover |
Main link and backup Link keep online at the same time, switch if current link is off |
Cold failover |
Backup line will only be online when the main link is disconnected. |
Load balance |
Transfer data via corresponding route after ICMP detect succeed |
VRRP (Virtual Router Redundancy Protocol) adds a set of routers that can undertake gateway function into a backup group to form a virtual router. The election mechanism of VRRP will decide which router to undertake the forwarding task and the host in LAN is only required to configure the default gateway for the virtual router.
VRRP will bring together a set of routers in LAN. It consists of multiple routers and is similar to a virtual router in respect of function. According to the VLAN interface IP of different network segments, it can be virtualized into multiple virtual routers. Each virtual router has an ID number and up to 255 can be virtualized.
VRRP has the following characteristics:
Monitor interface function of VRRP better expands backup function: the backup function can be offered when interface of a certain router has fault or other interfaces of the router are unavailable.
When interface connected with the uplink is at the state of Down or Removed, the router actively reduces its priority so that the priority of other routers in the backup group is higher and thus the router with highest priority becomes the gateway for the transmission task.
From navigation tree, select "Network >>VRRP" menu, then enter “VRRP” page.
Table 3-2-8 VRRP Parameters
VRRP | ||
Function description: Configure parameters of VRRP. | ||
Parameters |
Description |
Default |
Enable VRRP-I |
Click to enable VRRP function |
Disable |
Group ID |
Select ID of router group (range: 1-255) |
1 |
Priority |
Select a priority (range: 1-254) |
20 (the larger the numerical value, the higher the priority) |
Advertisement Interval |
Set an advertisement interval. |
60 s |
Virtual IP |
Set a virtual IP |
N/A |
Authentication method |
Select "None" or Password type |
None (a password is needed when password type is selected) |
Monitor |
Set monitor |
N/A |
VRRP-II |
Set as above |
Disable |
IP penetration function distributes the address obtained by WAN port to the device at the lower end of LAN port. When external access to the router downstream devices the router transmits data to the downstream device. Click "Network >>IP Passthrough" menu, then enter “IP Passthrough” page.
Table 3-2-9 IP Passthrough Parameters
IP Passthrough | ||
Function description: LAN port device to obtain WAN port address, used for external access to router downstream devices. | ||
Parameters |
Description |
Default |
IP Passthrough |
Enable IP Passthrough |
Disable |
IP Passthrough Mode |
Select work mode(DHCP Dynamic/DHCP fix MAC) |
DHCP Dynamic |
Fix MAC Address |
Set fix MAC address if in DHCP fix MAC mode |
00:00:00:00:00:00 |
DHCP lease |
Set DHCP lease time and reacquired after expiration |
120S |
Static route needs to be set manually, after which packets will be transferred to appointed routes.
To set static route, click the "Network >> Static Route" menu in the navigation tree, then enter “Static Route” interface.
Table 3-2-10 Static Route Parameters
Static Route | ||
Function description: Add/delete additional static rote of router. Generally, it's unnecessary for users to set it. | ||
Parameters |
Description |
Default |
Destination Address |
Set IP address of the destination |
0.0.0.0 |
Netmask |
Set subnet mask of the destination |
255.255.255.0 |
Gateway |
Set the gateway of the destination |
N/A |
Interface |
Select LAN/CELLULAR/WAN/WAN(STA) interface of the destination |
N/A |
Description |
For recording significance of static route address (not support Chinese characters) |
N/A |
DHCP adopts Client/Server communication mode. Client sends configuration request to Server which feeds back corresponding configuration information, including distributed IP address to the Client to achieve the dynamic configuration of IP address and other information.
To enable the DHCP server, find the navigation tree, select Services >> DHCP Service, then enter “DHCP Service” page.
Table 3-3-1 Parameters of DHCP Service
DHCP Service | ||
Function description: If the host connected with router chooses to obtain IP address automatically, then such service must be activated. Static designation of DHCH allocation could help certain host to obtain specified IP address. | ||
Parameters |
Description |
Default |
Enable DHCP |
Enable DHCP service and dynamically allocate IP address |
Enable |
IP Pool Starting Address |
Set starting IP address of dynamic allocation |
192.168. 2.2 |
IP Pool Ending Address |
Set ending IP address of dynamic allocation |
192.168.2.100 |
Lease |
Set lease of IP allocated dynamically |
60 minutes |
DNS |
Set DNS Server |
192.168.2.1 |
Windows Name Server |
Set windows name server. |
N/A |
Static designation of DHCH allocation (at most 20 DHCPs designated statically can be set) | ||
MAC Address |
Set a statically specified DHCP’s MAC address (different from other MACs to avoid confliction) |
N/A |
IP Address |
Set a statically specified IP address |
192.168.2.2 |
Host |
Set the hostname. |
N/A |
DNA (Domain Name System) is a DDB used in TCP/IP application programs, providing switch between domain name and IP address. Through DNS, user could directly use some meaningful domain name which could be memorized easily and DNS Server in network could resolve the domain name into correct IP address. The device makes analysis on dynamic domain name via DNS.
Manually set the DNS, use DNS via dialing if it is empty. Generally, it needs to set only when static IP is used on the WAN port.
Click the “Service>>Domain Name Service” menu in the navigation tree to enter the “Domain Name Service” interface.
Table 3-3-2 DNS Parameters
DNS (DNS Settings) | ||
Function description: Configure parameters of DNS. | ||
Parameters |
Description |
Default |
Primary DNS |
Set Primary DNS |
0. 0. 0. 0 |
Secondary DNS |
Set Secondary DNS |
0. 0. 0. 0 |
Disable local DNS server |
Not to transfer local DNS server address |
Disable |
IR302 works as a DNS Agent and relays DNS request and response message between DNS Client and DNS Server to carry out domain name resolution in lieu of DNS Client.
From navigation tree, select "Service>>DNS Relay" menu, then enter “DNS Relay” page.
Table 3-3-3 DNS Transfer Parameters
DNS Relay service | ||
Function description: If the host connected with router chooses to obtain DNS address automatically, then such service must be activated. | ||
Parameters |
Description |
Default |
Enable DNS Relay service |
Click to enable DNS service |
Enable (DNS will be available when DHCP service is enabled.) |
Designate [IP address <=> domain name] pair (20 IP address <=> domain name pairs can be designated) | ||
IP Address |
Set IP address of designated IP address <=> domain name |
N/A |
Host |
Domain Name |
N/A |
Description |
For recording significance of IP address <=> domain name |
N/A |
DDNS maps user's dynamic IP address to a fixed DNS service. When the user connects to the network, the client program will pass the host’s dynamic IP address to the server program on the service provider’s host through information passing. The server program is responsible for providing DNS service and realizing dynamic DNS. It means that DDNS captures user's each change of IP address and matches it with the domain name, so that other Internet users can communicate through the domain name. What end customers have to remember is the domain name assigned by the dynamic domain name registrar, regardless of how it is achieved.
DDNS serves as a client tool of DDNS and is required to coordinate with DDNS Server. Before the application of this function, a domain name shall be applied for and registered on a proper website such as www. 3322. org.
InRouter300-S DDNS service types include QDNS (3322)-Dynamic, QDNS(3322)-Static, DynDNS-Dynamic, DynDNS-Static, DynDNS-Custom and No-IP.com.
To set DDNS, click the "Service >> Dynamic Domain Name" menu in the navigation tree, then enter “Dynamic Domain Name” interface.
Table 3-3-4-1 Parameters of Dynamic Domain Name
Dynamic Domain Name | ||
Function description: Set dynamic domain name binding. | ||
Parameters |
Description |
Default |
Current Address |
Display present IP of router |
N/A |
Service Type |
Select the domain name service providers |
Disable |
Table 3-2-4-2 Main Parameters of Dynamic Domain Name
Enable function of dynamic domain name | ||
Function description: Set dynamic domain name binding. (Explain with the configuration of QDNS service type) | ||
Parameters |
Description |
Default |
Service Type |
QDNS (3322)-Dynamic |
Disable |
URL |
http://www. 3322. org/ |
http://www.3322.org/ |
Username |
User name assigned in the application for dynamic domain name |
N/A |
Password |
Password assigned in the application for dynamic domain name |
N/A |
Host Name |
Host name assigned in the application for dynamic domain name |
N/A |
Wildcard |
Enable wildcard character |
Disable |
MX |
Set MX |
N/A |
Backup MX |
Enable backup MX |
Disable |
Force Update |
Enable force update |
Disable |
InHand provides a software platform to manage devices. The device can be managed and operated via software platform. For instance, the operating status of device can be checked, device software can be upgraded, device can be restarted, configuration parameters can be sent down to device, and transmitting control or message query can be realized on device via Device Manager.
Click the "Service>>Device Manager" menu in the navigation tree to enter the "Device Manager" interface. It only supports three modes, i.e. “Device manager, InConnect Service, Custom”
DM: North American users should select Servicer address-----iot.inhandnetworks.com
Table 3-3-5 Device remote management platform
Device Manager | ||
Function description: Connect the router to the platform for cloud management | ||
Parameters |
Description |
Default |
Enable |
Enable Device Manager |
Disable |
Service Type |
Platform work mode: Device Manager, InConnect or Custom |
Device Manager |
Server |
Select cloud platform address, DM: iot.inhand.com.cn: China, iot.inhandnetworks.com: global InConnect: ics.inhandiot.com: China ics.inhandnetworks.com: global |
iot.inhandnetworks.com |
Secure Channel |
Use encryption protocol for security data transmission between router and platform |
Enable |
Registered Account |
Account registered in Device Manager |
N/A |
LBS info Upload Interval |
Cellular information upload interval |
1 Hour |
Series Info Upload Interval |
Traffic information upload interval |
1 Hour |
Channel Keepalive |
Keep alive packet interval |
30 Seconds |
Network devices are usually sparsely-located on a network. It is time-consuming for the administrator to configure and manage these network devices on site. In addition, if these devices are from different vendors, each of which provides a suite of independent management interfaces (for example, different command line interfaces), the workload of configuring the devices in batches is huge. In this situation, traditional manual configuration method has the deficiencies of high cost and low efficiency. The network administrator can use the Simple Network Management Protocol (SNMP) to remotely configure and manage the devices and perform real-time monitoring on them.
To run the SNMP protocol on a network, configure the NMS program on the management side and SNMP agent on the managed devices.
By using SNMP:
Currently, the SNMP agents support SNMPv1, SNMPv2c and SNMPv3. SNMPv1 and SNMPv2c use community names for authentication; SNMPv3 uses user names and passwords for authentication. Click "Service>>SNMP" menu to configure.
Table 3-3-6-1 SNMPv1 and SNMPv2c Parameters
Parameters |
Description |
Default |
Enable |
Enable/disable the SNMP function. |
Disabled |
Version |
Set the version of the SNMP protocol used to manage the router. The versions of SNMPv1, v2c, and v3 are available. SNMPv1 is applicable to small-sized networks with simple networking and low security requirements, or the secure and stable small networks, such as campus networks and small enterprise networks. SNMPv2c is applicable to the medium- and large-sized networks with low security requirements, or with good security (for example, VPNs) but running many services, which may lead to traffic congestion. SNMPv3 is applicable to networks of various sizes, especially the networks that have strict security requirements and can be managed only by authorized network administrators. For example, SNMPv3 can be used if data between the NMS and managed device is transmitted over a public network. |
v1 |
Contact Information |
Fill in the contact information. |
Empty |
Location Information |
Fill in the location. |
Empty |
Community Management | ||
Community Name |
User-defined community name. The community names of SNMPv1
and SNMPv2c are the passwords used by the NMS to read and write data on
agents. This parameter must be set the same on both agents and
NMS.
|
public and private |
Access limit includes the MIB objects that can be read only or read/written by the NMS. |
Read-Only | |
MIB View |
Select the MIB objects that can be monitored and managed by the NMS. Only the default view is supported currently. |
defaultView |
Table 3-3-6-2 SNMPv3 Parameters
Parameters |
Description |
Default |
User Group Management | ||
Groupname |
User-defined user group name. The length is 1 to 32 characters. |
None |
Security Level |
Select a security level for the group. The values include NoAuth/NoPriv, Auth/NoPriv, and Auth/Priv. |
NoAuth/NoPriv |
Read-only View |
Select the SNMP read-only view. Only the default view is supported currently. |
defaultView |
Read-write View |
Select the SNMP read-write view. Only the default view is supported currently. |
defaultView |
Inform View |
Select the SNMP inform view. Only the default view is supported currently. |
defaultView |
Usm Management | ||
Username |
User-defined user name. The length is 1 to 32 characters. |
None |
Groupname |
The group to which a user is added must have been configured in the user group management table. |
None |
Authentication |
Select an authentication mode. Three authentication modes are available: MD5, SHA, and None. If you select None, authentication is disabled. |
None |
Authentication Password |
This parameter is available only when the authentication mode is not None. The length is 8 to 32 characters. |
None |
Encryption |
Select the encryption mode. The values are None, AES, and DES. |
None |
Encryption Password |
This parameter is available only when the authentication mode is not None. The length is 8 to 32 characters. |
None |
SNMP trap is a type of entrance. When this entrance is reached, the SNMP managed devices actively notify the NMS, instead of waiting for the polling of NMS. On an SNMP-enabled network, the agents on managed devices can report errors to the NMS anytime, without the need of waiting for the polling of NMS. The errors are reported to the NMS through traps. Click "Service>>SNMP Trap" menu to configure.
Table 3-3-7 SNMP Trap Configuration Parameters
Parameters |
Description |
Default |
Trap SigLevel |
Set the trap signal threshold. When this threshold is reached, the agent outputs logs to the NMS. |
10 |
Destination Address |
Fill in the IP address of the NMS. |
None |
Security Name |
Fill in the community name for SNMPv1 or SNMPv2c, and fill in the user name for SNMPv3. The length is 1 to 32 characters. |
None |
UDP Port |
Fill in the UDP port number, ranging from 1 to 65535. |
162 |
Configure DTU function, device can transmit serial data to customer’s server.
IR302-S has 1 RS232 serial port.
Table 3-3-8 DTU RS232 Parameters
DTU RS232 | ||
Function Description: Transmit RS232/RS485 data to server. | ||
Parameters |
Description |
Default |
Enable |
Enable serial port |
Disable |
Serial Basic Config | ||
Serial type |
Serial port type, cannot change |
RS232 |
Baudrate |
Set serial port’s baudrate |
115200 |
Data Bits |
Set serial port’s data bits |
8 |
Parity |
Set parity of serial port |
None |
Stop Bit |
Set stop bit of serial port |
1 |
Software Flow Control |
Enable software flow control can avoid data flow lost |
Disable |
DTU Configuration | ||
Function Description: Configure the protocol of data transmission, take transparent transmission as example | ||
DTU Protocol |
Set the transmit protocol of DTU |
Transparent |
Protocol |
Configure type of protocol, TCP/UDP |
TCP |
Mode |
Set the connection mode between router and server |
Client |
Frame Interval |
Set frame interval of serial |
100 ms |
Serial Buffer Frames |
Set the number of serial buffer frames |
4 |
Keep alive Interval |
Set the interval to test the connectivity between router and server |
60 |
Keep alive Retry Time |
The number of times to retry when connection lose |
5 |
Multi-Server Policy |
The policy for multi server |
Parallel |
Min Reconnect Interval |
Set the min interval to reconnect |
15 |
Max Reconnect Interval |
Set the max interval to reconnect |
180 |
DTU ID |
The ID of router when connect to server |
|
Source IP |
The source IP router uses when connect to server, will use WAN IP if this parameter is blank |
|
Source port |
The source port router uses when connect to server, will use random port if this parameter is blank |
|
DTU ID Report Interval |
Set the interval to upload DTU ID |
0 |
Multi Server | ||
Function Description: Router can transmit data to multi servers, take transparent transmission as example | ||
Server Address |
Set the server address to receive data |
|
Server Port |
Set the server port to receive data |
|
Click “Service >> I/O” in the navigation menu to check and configure I/O and relay of the device.
Voltage range:
DI: 0~30V, 0~3V means low, 10~30V means high, and the max input voltage is 30V.
DO: Wet contact, low means 0V, high means 13V (pull up, cannot be used as power supply for other device directly).
Only IR302-IO supports this feature.
Table 3-3-9 I/O Parameters
I/O | ||
Function description: Configuration I/O mode and relay of the device. | ||
Parameters |
Description |
Default |
I/O mode |
Set I/O mode, input or output |
Output |
I/O default output level |
Set I/O output level when I/O mode is output, low or high |
low |
Dry/Wet contract |
Set I/O input type when I/O mode is input, Dry or Wet contact |
Dry |
Input triggered report |
Report when input triggers in some situation |
Disable |
Trigger edge |
Set trigger edge of the relay |
Falling edge |
SMS permits message-based reboot and manual dialing. Configure Permit to Phone Number and click <Apply and Save>. After that you can send “reboot” command to restart the device or send custom connection or disconnection command to redial or disconnect the device.
From navigation tree, select "Service>>SMS" menu, then enter “SMS” page.
Table 3-3-10 SMS Parameters
Short message | ||
Function description: Configuration SMS function to manage the router in the form of SMS. | ||
Parameters |
Description |
Default |
Enable |
Click to enable backup DTU function |
Disable |
Status Query |
Users define the English query instruction to inquire current working status of the router. |
N/A |
Reboot |
Users define the English query instruction to reboot the router. |
N/A |
SMS Access Control | ||
Default Policy |
Select the manner of access processing. |
Accept |
Phone Number |
Fill in accessible mobile number |
N/A |
Action |
Accept or block |
Accept |
Description |
Describe SMS control. |
|
This function is mainly used to count data traffic in cellular interface. If the threshold is 0, router will only count and the rules will not take effort. This function requires enabling NTP function.
Choose Services >> Traffic Manager to go to the "Traffic Manager" page.
Table 3-3-11 Traffic Manager - Basic Configuration Parameters
Traffic Manager | ||
Function: Monitor and manage the traffic use of the router. | ||
Parameters |
Description |
Default |
Enable |
Click to enable the traffic manager function. |
Disable |
Start Day |
The day to start counting data traffic every month |
1 |
Monthly Threshold |
Data traffic threshold every month |
0MB |
When Over Monthly Threshold |
Operation when data traffic used within a month reaches the threshold: Only Reporting, Block Except Management(will not influence DM and management requirement), Shutdown Interface |
Only Reporting |
Last 24-Hours Threshold |
Data traffic threshold in last 24 Hours |
0KB |
When Over 24-Hours Threshold |
Operation when data traffic used within 24 hours reaches the threshold |
Only Reporting |
Advance |
Custom statistics and operations last several hours |
Disable |
When an abnormality occurs, router will report alarm according to the settings. Currently router supports sending alarm in following situations: System Service Fault, Memory Low, WAN/LAN1 Link-Up/Down, LAN2 Link-Up/Down, Cellular Up/Down, Traffic Alarm, Traffic Disconnect Alarm, SIM/UIM Card Switch, Active Link Switch, SIM/UIM Card Fault, Signal Quality Fault.
In the Alarm Manager interface, you can perform the following operations:
Choose Services >> Alarm Manager to go to the "Alarm Manager" page.
InHand Networks’ User Experience Program is designed to improve the product user experience and customer service quality.
User can disable or enable User Experience Plan in “Services >> User Experience Plan”.
The firewall function of the router implements corresponding control to data flow at entry direction (from Internet to LAN) and exit direction (from LAN to Internet) according to the content features of message (such as: protocol style, source/destination IP address, etc. ) and ensures safe operation of router and host in local area network.
From the navigation tree, select Firewall >> Basic Setup, then enter the “Basic Setup” page.
Table 3-4-1 Firewall - Basic Setup Parameters
Basic Setup of Firewall | ||
Function description: Set basic firewall rules. | ||
Parameters |
Description |
Default |
Default Filter Policy |
Select accept/block |
Accept |
Filter PING detection from Internet |
Select to filter PING detection |
Disable |
Filter Multicast |
Select to filter multicast function |
Enable |
Defend DoS Attack |
Select to defend DoS attack |
Enable |
SIP ALG |
Select to enable SIP ALG |
Disable |
Filter the network data by customize rules to allow or prohibit the specified data flow forwarded by router.
To enable Access Control from the navigation tree, select Firewall >> Filtering, then enter “Filtering” page.
Table 3-4-2 Filtering Parameters
Access Control of Firewall | ||
Function description: Control the protocol, source/destination address and source/destination port passing through network packet of the router to provide a safe intranet. | ||
Parameters |
Description |
Default |
Enable |
Check to enable filtering. |
Enable |
Protocol |
Select all/TCP/UDP/ICMP |
ALL |
Source address |
Set source address of access control |
0.0.0. 0/0 |
Source Port |
Set source port of access control |
Not available |
Destination Address |
Set destination address |
N/A |
Destination Port |
Set destination port of access control |
Not available |
Action |
Select accept/block |
Accept |
Log |
Click to enable log and the log about access control will be recorded in the system. |
Disable |
Description |
Convenient for recording parameters of access control |
N/A |
Set customize rules to allow or prohibit data and access to the router.
From the navigation tree, select Firewall >> Device Access Filtering, then enter “Device Access Filtering” page.
Table 3-4-3 Device Access Filtering Parameters
Device Access Filtering | ||
Function description: Control the protocol, source/destination address and source/destination port to the router. | ||
Parameters |
Description |
Default |
Enable |
Check to enable device access filtering. |
Enable |
Protocol |
Select ALL/TCP/UDP/ICMP |
ALL |
Source |
Set source address of network access |
0.0.0.0/0 |
Source Port |
Set source port of network access |
Not available |
Destination |
Set destination address |
N/A |
Destination Port |
Set destination port of network access |
Not available |
Interface |
Set interface of network access |
All WANs |
Action |
Select Accept/Block |
Accept |
Log |
Click to enable log and the log about access control will be recorded in the system. |
Disable |
Description |
Convenient for recording parameters of access control |
N/A |
Set rules to disable access to specific URLs.
From navigation tree, select "Firewall>>Content Filtering" menu, then enter “Content Filtering” page.
Table 3-4-4 Content - Filtering Parameters
Filtering | ||
Function description: Set settings of firewall related to filtering and generally set forbidden URL. | ||
Parameters |
Description |
Default |
Enable |
Click to enable filtering |
Enable |
URL |
Set URL that needs to be filtered |
N/A |
Action |
Select accept/block |
Accept |
Log |
Click to write log and the log about filtering will be recorded in the system. |
Disable |
Description |
Record the meanings of various parameters of filtering |
N/A |
Port mapping is also called virtual server. Setting of port mapping can enable the host of extranet to access to specific port of host corresponding to IP address of intranet.
To configure port mapping, go into the navigation tree, select "Firewall >> Port Mapping", then enter “Port Mapping” page.
Table 3-4-5 Firewall - Port Mapping Parameters
Port Mapping (at most 50 port mappings can be set) | ||
Function description: Configure parameters of port mapping. | ||
Parameters |
Description |
Default |
Enable |
Check to enable port mapping. |
Enable |
Protocol |
Select TCP/UDP/ICMP |
TCP |
Source address |
Set source address of port mapping |
0.0.0.0/0 |
Service Port |
Set service port number of port mapping |
8080 |
Internal Address |
Set external address of port mapping |
N/A |
Internal Port |
Set internal address of port mapping |
8080 |
Log |
Click to enable log and the log about port mapping will be recorded in the system. |
Disable |
External address (optional) |
Set external address/tunnel name of port mapping |
N/A |
Description |
For recording significance of each port mapping rule |
N/A |
Both router and the IP address of the host of intranet can correspond with one virtual IP. Without changing IP allocation of intranet, the extranet can access to the host of intranet via virtual IP. This function is always used with VPN.
To configure virtual IP mapping, go into the navigation tree, select "Firewall >> Virtual IP Mapping".
Table 3-4-6 Firewall - Virtual IP Mapping Parameters
Virtual IP Address | ||
Function description: Configure parameters of virtual IP address. | ||
Parameters |
Description |
Default |
Virtual IP address of router |
Set virtual IP address of router |
N/A |
Range of source address |
Set range of the external source IP addresses. |
N/A |
Enable |
Click to enable virtual IP address |
Enable |
Virtual IP |
Set virtual IP address of virtual IP mapping |
N/A |
Real IP |
Set real IP address of virtual IP mapping |
N/A |
Log |
Click to enable log and the log about virtual IP address will be recorded in the system. |
Disable |
Description |
For recording significance of each virtual IP address rule |
N/A |
After mapping all ports, extranet PC can access to all ports of internal device by DMZ settings.
From the navigation tree, select Firewall >> DMZ, then enter the “DMZ” page.
Table 3-4-7 Firewall - DMZ Parameters
DMZ | ||
Function description: Configure DMZ settings. | ||
Parameters |
Description |
Default |
Enable DMZ |
Check to enable the DMZ. |
Disable |
DMZ Host |
Set address of DMZ Host |
N/A |
Range of Source Address |
Enter range of source address |
N/A |
Interface |
Select interface as DMZ: CELLULAR/WAN/VPN Interface |
N/A |
If the default filter policy in the basic setting of firewall is disabled, only hosts specified in MAC-IP Binding can have an access to outer net.
From the navigation tree, select Firewall >> MAC-IP Binding, then enter the “MAC-IP Binding” page.
Table 3-4-8 Firewall - MAC-IP Binding Parameters
MAC-IP Binding (at most 20 MAC-IP Bindings can be set) | ||
Function description: Configure MAC-IP parameters. | ||
Parameters |
Description |
Default |
MAC Address |
Set the binding MAC address |
00:00:00:00:00:00 |
IP Address |
Set the binding MAC address |
192. 168. 2. 2 |
Description |
For recording the significance of each MAC-IP binding configuration |
N/A |
NAT is the network address translation function, including source address translation (SNAT) and destination address translation (DNAT).
SNAT refers to the communication between the internal network and the external network when the destination address remains unchanged. DNAT refers to the translation of the destination address of the internal network into the external network without changing the source address when accessing the internal network.
Table 3-4-9 NAT Parameters
NAT | ||
Function description: Configure parameters of NAT | ||
Parameters |
Description |
Default |
Enable |
Enable NAT |
Enable |
Type |
Set convert type |
SNAT |
Proto |
Select protocol |
TCP |
Source IP |
Set source IP of the NAT rule |
0.0.0.0/0 |
Source Port |
Set source port of the NAT rule |
N/A |
Destination |
Set destination IP of the NAT rule |
0.0.0.0/0 |
Destination Port |
Set destination port of the NAT rule |
0.0.0.0/0 |
Interface |
Set interface of the NAT rule |
N/A |
Translated Address |
Translate the IP address if match the rule |
0.0.0.0 |
Translated Port |
Translate the port if match the rule |
N/A |
To ensure all LAN users can normally get access to network resources, IP traffic control function can limit the flow of specified host in LAN. QoS provides dedicated bandwidth and different service quality for different applications, greatly improving the network service capabilities.
Bandwidth control sets a limit on the upload and download speeds when accessing external networks.
From the navigation tree, select QoS >> Bandwidth Control, then enter the “Bandwidth Control” page.
Table 3-5-1 Parameters of Bandwidth Control
IP Bandwidth Limit | ||
Function description: Configure parameters of IP bandwidth limit. | ||
Parameters |
Description |
Default |
Enable |
Click to enable IP bandwidth limit |
Disable |
Download bandwidth |
Set download total bandwidth |
1000kbit/s |
Upload bandwidth |
Set upload total bandwidth |
1000kbit/s |
Control port of flow |
Select CELLULAR/WAN |
CELLULAR |
Host Download Bandwidth | ||
Enable |
Click to enable |
Enable |
IP Address |
Set IP address |
N/A |
Guaranteed Rate (kbit/s) |
Set rate |
1000kbit/s |
Priority |
Select priority |
Medium |
Description |
Describe IP bandwidth limit |
N/A |
VPN is for building a private dedicated network on a public network via the Internet. 'Virtuality" is a logical network.
Two Basic Features of VPN:
Build a credible and secure link by connecting remote users, company branches, partners to the network of the headquarters via VPN so as to realize secure transmission of data.
It is shown in the figure below:
Fundamental Principle of VPN
The fundamental principle of VPN indicates to enclose VPN message into tunnel with tunneling technology and to establish a private data transmission channel utilizing VPN Backbone so as to realize the transparent message transmission.
Tunneling technology encloses the other protocol message with one protocol. Also, encapsulation protocol itself can be enclosed or carried by other encapsulation protocols. To the users, tunnel is logical extension of PSTN/link of ISDN, which is similar to the operation of actual physical link.
VPN settings include IPSec settings, IPSec tunnels, GRE tunnels, L2TP client, PPTP client, OpenVPN, OpenVPN Advanced and certificate management.
A majority of data contents are Plaintext Transmission on the Internet, which has many potential dangers such as password and bank account information stolen and tampered, user identity imitated, suffering from malicious network attack, etc. After disposal of IPSec on the network, it can protect data transmission and reduce risk of information disclosure.
IPSec is a group of open network security protocol made by IETF, which can ensure the security of data transmission between two parties on the Internet via data origin authentication, data encryption, data integrity and anti-replay function on the IP level. It is able to reduce the risk of disclosure and guarantee data integrity and confidentiality and well as maintain security of service transmission of users.
IPSec, including AH, ESP and IKE, can protect one and more date flows between hosts, between host and gateway, and between gateways. The security protocols of AH and ESP can ensure security and IKE is used for cipher code exchange.
IPSec can establish bidirectional Security Alliance on the IPSec peer pairs to form a secure and interworking IPSec tunnel and to realize the secure transmission of data on the Internet.
From navigation tree, select VPN>>IPSec Settings, then enter “IPSec Settings” page.
Table 3-6-1 Parameters of IPSec Settings
IPSec settings | ||
Function description: Select the log level of IPSec. | ||
Parameters |
Description |
Default |
Log level |
Click to select log level. Normal: Only key log will be printed into system log. Debug: More log in debug level will be printed. Data: All log of IPSec will be printed. |
Normal |
From navigation tree, select VPN>>IPSec Tunnels, enter "IPSec Tunnels" and click <add>.
Table 3-6-2 Parameters of IPSec Tunnels
IPSec Tunnels | ||
Function description: Configure IPSec tunnels | ||
Parameters |
Description |
Default |
Show Advanced Options |
Click to enable advanced options |
Disable(open advanced options after enabling) |
Basic parameters | ||
Tunnel Name |
User defines tunnel name |
IPSec_tunnel_1 |
Destination Address |
Set destination IP address or domain name |
0. 0. 0. 0 |
IKE Version |
Set IKE version: IKEv1/IKEv2 |
IKEv1 |
Startup Modes |
Select Auto Activated/Triggered by Data/Passive/Manually Activated |
Auto Activated |
Restart WAN when failed |
Click to enable |
Enable |
Negotiation Mode (IKEv1) |
Select main mode or aggressive mode |
Main Mode |
IPSec Protocol (Advanced Option) |
Select ESP/AH |
ESP |
IPSec Mode (Advanced Option) |
Select tunnel mode/transmission mode |
Tunnel Mode |
VPN over IPSec (Advanced Option) |
Select L2TP over IPSec/GRE over IPSec/None |
None |
Tunnel Type |
Select Host-Host/Host-Subnet/Subnet-Host/Subnet-Subnet |
Subnet-Subnet |
Local subnet address |
Set local subnet IP address |
192. 168. 2. 1 |
Local Subnet Mask |
Set local subnet mask |
255. 255. 255. 0 |
Peer Subnet Address |
Set peer subnet IP address |
0. 0. 0. 0 |
Peer Subnet Mask |
Set remote netmask |
255. 255. 255. 0 |
Phase I Parameters | ||
IKE Strategy |
Multiple strategies available |
3DES-MD5-DH2 |
IKE Life Cycle |
Set IKE life cycle |
86400 s |
Local ID Type |
Select IP address/User FQDN/FQDN Fill in the ID according to the ID type (USERFQDN is standard email format) |
IP Address |
Peer ID Type |
Select IP address/User FQDN/FQDN |
IP Address |
Authentication method |
Select shared key/digital certificate |
Shared key |
Key |
Set IPSec VPN key |
N/A |
XAUTH Parameters (Advanced Option) | ||
XAUTH Mode |
Click to enable XAUTH mode |
Disable |
XATUTH username |
User defines XATUTH username |
N/A |
XATUTH password |
User defines XATUTH password |
N/A |
MODECFG |
Click to enable MODECFG |
Disable |
Phase II Parameters | ||
IPSec Strategy |
Multiple strategies available |
3DES-MD5-96 |
IPSec Life Cycle |
Set IPSec life cycle |
3600 s |
Perfect Forward Secrecy (PFS) (Advanced Option) |
Select disable/Group 1/Group 2/Group 5 |
Disable (this needs to match the server) |
Link Detection Parameters (Advanced Option) | ||
DPD Interval |
Set time interval. |
60 s |
DPD Timeout |
Set the timeout for dropped packets. |
180 s |
ICMP Detection Server |
Set ICMP detection server |
N/A |
ICMP Detection Local IP |
Set ICMP detection local IP |
N/A |
ICMP Detection Interval |
Set ICMP Detection Interval |
60 s |
ICMP Detection Timeout |
Set ICMP detection timeout |
5 s |
ICMP Detection Retries |
Set ICMP detection max. retries |
10 |
Generic Route Encapsulation (GRE) defines the encapsulation of any other network layer protocol on a network layer protocol. GRE could be used as the L3TP of VPN to provide a transparent transmission channel for VPN data. In simple terms, GRE is a tunneling technology which provides a channel through which encapsulated data message could be transmitted and encapsulation and decapsulation could be realized at both ends. GRE tunnel application networking shown as the following figure:
Along with the extensive application of IPv4, to have messages from some network layer protocol transmitted on IPv4 network, those messages could by encapsulated by GRE to solve the transmission problems between different networks.
In following circumstances GRE tunnel transmission is applied:
GRE application example: combined with IPSec to protect multicast data
GRE can encapsulate and transmit multicast data in GRE tunnel, but IPSec, currently, could only carry out encryption protection against unicast data. In case of multicast data requiring to be transmitted in IPSec tunnel, a GRE tunnel could be established first for GRE encapsulation of multicast data and then IPSec encryption of encapsulated message so as to achieve the encryption transmission of multicast data in IPSec tunnel. As shown below:
From navigation tree, select VPN>>GRE Tunnels and enter "GRE Tunnels".
Table 3-6-3 Parameters of GRE Tunnels
GRE Tunnels | ||
Function description: Configure GRE tunnels | ||
Parameters |
Description |
Default |
Enable |
Click to enable GRE |
Enable |
Name |
User defines name of GRE tunnel |
tun0 |
Local visual IP |
Set local virtual IP |
0. 0. 0. 0 |
Destination Address |
Set remote IP address |
0. 0. 0. 0 |
Peer visual IP |
Set peer virtual IP |
0. 0. 0. 0 |
Peer Subnet Address |
Set peer subnet IP address |
0. 0. 0. 0 |
Peer Subnet Mask |
Set remote netmask |
255. 255. 255. 0 |
Key |
Configure the key of GRE tunnel |
N/A |
NAT |
Click to enable NAT |
Disable |
Description |
For recording the significance of each GRE tunnel configuration |
N/A |
L2TP, one of VPDN TPs, has expanded the applications of PPP, known as a very important VPN technology for remote dial-in user to access the network of enterprise headquarters.
L2TP, through dial-up network (PSTN/ISDN), based on negotiation of PPP, and could establish a tunnel between enterprise branches and enterprise headquarters so that remote user has access to the network of enterprise headquarters. PPPoE is applicable in L2TP. Through the connection of Ethernet and Internet, a L2TP tunnel between remote mobile officers and enterprise headquarters could be established.
L2TP-Layer 2 Tunnel Protocol encapsulates private data from user network at the head of L2 PPP. No encryption mechanism is available, thus IPSes is required to ensure safety.
Main Purpose: branches in other places and employees on a business trip could access to the network of enterprise headquarter through a virtual tunnel by public network remotely.
Typical L2TP network diagram is shown below:
From navigation tree, select VPN>>L2TP Client, enter "L2TP Client" and click <add>.
Table 3-6-4 Parameters of L2TP Client
L2TP Client | ||
Function description: Configure parameters of L2TP client. | ||
Parameters |
Description |
Default |
Enable |
Click to enable L2TP client |
Disable |
Tunnel Name |
User defines tunnel name of L2TP client |
L2TP_tunnel_1 |
L2TP Server |
Set L2TP Server address |
N/A |
Username |
Set server's username |
N/A |
Password |
Set server's password |
N/A |
Server Name |
Set server name |
l2tpserver |
Startup Modes |
Select Auto Activated/Triggered by Data/Passive/Manually Activated/L2TPOverIPSec |
Auto Activated |
Authentication Method |
Select CHAP/PAP |
CHAP |
Enable Challenge secrets |
Click to enable challenge secrets |
Disable |
Challenge secret (after enabling) |
Set challenge secret |
N/A |
Local IP Address |
Set local IP address |
N/A |
Remote IP Address |
Set remote IP address |
N/A |
Remote Subnet |
Set remote subnet address |
N/A |
Remote Netmask |
Set remote subnet mask |
255. 255. 255. 0 |
Link Detection Interval |
Set link detection interval |
60 s |
Max. Retries for Link Detection |
Set the max. number of retries |
5 |
Enable NAT |
Click to enable NAT |
Disable |
MTU |
Set max. transmission unit |
1500 |
MRU |
Set max. receiving unit |
1500 |
Enable Debug |
Enable debug mode. |
Disable |
Expert Option (not recommended) |
Set expert option, not recommended |
N/A |
From navigation tree, select VPN>>PPTP Client, enter "PPTP Client" and click <add>.
Table 3-6-5 Parameters of PPTP Client
PPTP Client | ||
Function description: Configure parameters of PPTP client. | ||
Parameters |
Description |
Default |
Enable |
Click to enable PPTP client |
Disable |
Tunnel Name |
User defines tunnel name |
PPTP_tunnel_1 |
PPTP Server |
Set PPTP Server address |
N/A |
Username |
Set username of PPTP server |
N/A |
Password |
Set password of PPTP server |
N/A |
Startup Modes |
Select Auto Activated/Triggered by Data/Passive/Manually Activated |
Auto Activated |
Authentication method |
Select Auto/CHAP/PAP/MS-CHAPv1/MS-CHAPv2 |
Auto |
Local IP Address |
Set local IP address |
N/A |
Remote IP Address |
Set remote IP address |
N/A |
Remote Subnet |
Set remote subnet address |
N/A |
Remote Netmask |
Set remote subnet mask |
255. 255. 255. 0 |
Link Detection Interval |
Set link detection interval |
60 s |
Max. Retries for Link Detection |
Set the max. number of retries |
5 |
Enable NAT |
Click to enable NAT |
Disable |
Enable MPPE |
Click to enable MPPE |
Disable |
Enable MPPC |
Click to enable MPPC |
Disable |
MTU |
Set max. transmission unit |
1500 |
MRU |
Set max. receiving unit |
1500 |
Enable Debug |
Enable debug mode. |
Disable |
Set expert option (not recommended) |
Set expert option, not recommended |
N/A |
Single point participating in the establishment of VPN is allowed to carry out ID verification by preset private key, third-party certificate or username/password. OpenSSL encryption library and SSLv3/TLSv1 protocol are massively used.
In OpenVPN, if a user needs to access to a remote virtual address (address family matching virtual network card), then OS will send the data packet (TUN mode) or data frame (TAP mode) to the visual network card through routing mechanism. Upon the reception, service program will receive and process those data and send them out through outer net by SOCKET, owing to which, the remote service program will receive those data and carry out processing, then send them to the virtual network card, then application software receive and accomplish a complete unidirectional transmission, vice versa.
From navigation tree, select "VPN>>OpenVPN", then enter “OpenVPN” page, and click <Add>.
Table 3-6-6 IPSec Configuration Parameters
OpenVPN | ||
Function description: Configure OpenVPN parameters. | ||
Parameters |
Description |
Default |
Tunnel Name |
OpenVPN tunnel name, cannot be changed by the system |
OpenVPN_T_1 |
Enable |
Click to enable |
Enable |
Mode |
Client/server |
Client |
Protocol |
UDP/ICMP |
UDP |
Port |