InHand 5G ODU2x02 Series Cloud Managed 5G Outdoor Unit User Manual
- June 16, 2024
- Inhand
Table of Contents
InHandNetworks 5G ODU2x02 Series
User Manual
V1.3—2023.11
InHand Networks
Global Leader in Industrial loT
www.inhandnetworks.com
Declaration
Thank you for choosing our product. Before using this product, please read
this manual carefully.
The contents of this manual cannot be copied or reproduced in any form without
the written permission of InHand.
Due to continuous updating, InHand cannot promise that the contents are
consistent with the actual product information, and does not assume any
disputes caused by inconsistency of technical parameters. The information in
this document is subject to change without notice. InHand reserves the right
of final change and interpretation.
©2023 InHand Networks. All rights reserved.
Conventions
Symbol | Indication |
---|---|
11 | Button name, for example, ‘click Save button’. |
“” | Indicates a window name or menu name, for example, the pop-up window “New |
User”.
| A multi-level menu is separated by the double brackets “>>”. For example, the multi-level menu File >> New >> Folder indicates the menu item [Folder] under the sub-menu [New], which is under the menu [File].
Cautions| Please be careful of the contends under Cautions, improper action may result in loss of data or device damage.
Note| Note contain detailed descriptions and helpful suggestions.
Technical Support
Email: support@inhandnetworks.com
URL: www.inhandnetworks.com
Overview
5G cellular greatly enhances the flexibility and convenience of the network at
any time and anywhere, which means enterprises can easily build a 5G network
in just a few minutes to improve the competitiveness of digital business
development. The cloud-managed 5G ODU2x02 series, combined with InCloud
Manager SaaS service, provides global customers with high-speed, convenient,
and secure 5G efficient networks.
5G ODU is a key part of the cellular gateway series launched by InHand for
WAN, which can instantly deploy ultra-high speed 5G network by having gigabit
cellular uplink without waiting on broadband; supporting dual SIM card switch
network; adapting to the harsh environment. 5G ODU can provide a better and
more stable network.
Combined with InCloud Manager, 5G ODU forms a cloud-managed network solution,
providing global customers with high-speed and secure network access, and
simple and convenient network management services to empower your core
business Product model
description
5G ODU2x02 series includes the following models and these models have the same
hardware and software versions, but the application market is different.
ODU2002 | For business networking scenarios |
---|---|
ODU2102 | For enterprise network office |
ODU2302 | For factory digitalization |
ODU2602 | For smart parks |
ODU2902 | For scenes such as mines and |
seaports
Hardware
2.1 Indicator Description
0DU2002 Indicator Light | LED status and definition |
---|---|
System | Off — Power off |
Steady in red — System starting
Blink in red — System error
Steady in green — System working
Cellular| Off — Cellular disable
Steady in blue — 4G dialed up
Steady in green — 5G dialed up
Blink in red — Connection error
Signal| Off — Connection error
Steady in red — Signal value s9
Steady in blue — 10sSignal levels19
ctoativ in nrppn — Signal !pupil > 70
LAN| Off — Connection error
Steady in green — LAN port connected
Blink in green — LAN port data transmitting
WAN| Off — Connection error
Steady in green — WAN port connected
Blink in green — WAN port data transmitting
2.2 Restoring to Default Settings via
the Reset Button
To restore to default settings by the reset button, please perform the following steps:
- When the unit power ON, press and hold the reset button for 5-10 seconds.
- When System LED is steady on blue, release RESET button, system LED will blink in blue, and press the RESET button again.
- When System LED is steady on blue, release the RESET button. The unit has been restored to default settings and will start up normally later.
Default Settings
No. | Function | Default Settings |
---|---|---|
1 | Cellular | − SIM1 enabled. |
2 | Wi-Fi | − Wi-Fi 2.4G AP mode enabled, SSID: ODU2002-followed with the last 6 |
letters of the MAC address.
− Auth Method is WPA2-PSK.
− Password is the last 8 letters of serial number.
3| Ethernet| − PoE LAN1 enabled, IP address: 192.168.1.1, Netmask:
255.255.255.0. DHCP server enabled, 192.168.1.2~ 192.168.1.254.
− WAN/LAN2 enabled as WAN, DHCP client mode.
4| Management Services| − HTTPS(443) enabled.
− Disable HTTPS/SSH/ping from cellular/WAN interface.
5| Username and password| − adm/123456
Login and Access to Internet
Before power on, please insert the SIM card and connect the 5G antenna to the device. Or connect Ethernet cable to WAN/LAN2 interface.
4.1 Connect via Mobile Phone
Step 1: Install InCloud APP by scan following QR code in mobile phone.
https://star.inhandcloud.com/appdown/starcloudintl
Step 2: Click the “Device” directory below to enter the [Device] page, click the menu button in the upper right corner, and select [Add Device]. Scan the QR code on the ODU to add device.
Step 3: After scanning the code successfully, configure the name, serial
number, and description information of the device.
Step 4: If ODU cannot connect to Internet, click “Configure local device” in
[Device] page, scan the QR code on the device again and then configure the
device to connect to the Internet. Mobile phone will connect to ODU’s Wi-Fi
after scanning the QR code in “Configure local device”.
4.2 Connect via PC
Step 1: Connect PoE LAN1 interface on ODU and PC with Ethernet cable.
Step 2: Set the IP of the PC via DHCP or fixed IP address, the PC IP address
and ODU address should be in the same segment.
Use DHCP to obtain the address automatically (recommended). The DHCP server
function is enabled by default on the LAN port of ODU.
Use a fixed IP address, the PC and the device must be in the same segment. On PC side, the IP address needs to be configured as any address in 192.168.1.2~192.168.1.254, the gateway should be 192.168.1.1, the subnet mask should be 255.255.255.0, and the DNS server should be 8.8.8.8 or operator DNS server address.
Step 3: Open a browser and enter the device’s default address 192.168.1.1 in the browser address bar. After entering the username and password (default: adm/123456), enter the device’s WEB management interface. If the page prompts that the webpage is not secure, open the hidden or advanced options and select “Proceed to website”.
Step 4: Check the network status in the “Interface Status” in “Dashboard”. The
device connects to the Internet successfully if the “Cellular” or “WAN” icon
turns green. Click corresponding icon to view interface information such as
signal strength, IP address, and traffic consumption.
Step 5: If ODU cannot connect to network, click “Internet” on the left
navigation bar, click the edit button behind the “Cellular” or “WAN” to set up
network parameters. The device enables the dial-up function and WAN by
default, please wait for a few minutes to go online, and re-enable the dial-up
if it is not dialed.
Web Configuration
5.1 Dashboard
Click “Dashboard” in the left menu, and check Device Information, Interface
Status, Traffic Statistics and Wi-Fi information of the device.
Click interface icon in Interface Status, and check detailed information of the interface in the right menu.
5.2 Status
Click “Status” in the left menu, check link status, signal, log and other
information of the device.
5.2.1 Link Monitor
The Link Monitor page displays the health of each uplink, as well as the
throughput, latency and packetloss rate on each uplink interface.
5.2.2 Cellular Signal
The Cellular Signal page displays the SIM card signal strength on the cellular
interface, as well as other parameters such as RSSI, SINR, and RSRP.
5.2.3 Clients
The Clients page displays details about each client connected to ODU, such as
device name, IP address, MAC address, traffic statistics, and online duration.
5.2.4 VPN
Check the status and the traffic consume of the VPN in ODU in VPN page.
5.2.5 Events
ODU will record event log like user login, configuration changed, link
changed, reboot and other events in Events page, By selecting start data, end
date and event type, narrow the scope of retrieval and view a certain type of
event.
5.2.6 Logs
Check the logs recorded during operation of the device, which can be used for
trouble shooting when the ODU can not work properly.
Clear Logs: clear current running logs.
Download Logs: download running logs.
Download Diagnostic Logs: download log information for trouble shooting, it
contains system running logs, device information, and device configuration.
5.3 Internet
Click “Internet” in the left menu to check and configure the uplink interfaces
and multi-link work mode of ODU.
Please exercise caution when changing Internet settings and may cause network
interruption.
5.3.1 Uplink Table
Check and edit WAN and Cellular interface in Uplink Table. It supports to edit
cellular threshold policy in this page, and drag icons in the Priority column
to reprioritize the interfaces.
Notes:
If delete WAN interface in this page, WAN/LAN2 port will work as LAN.
WAN/LAN2 port will change back to WAN if add WAN interface again.
When delete WAN, all configuration on this interface like the static routes,
inbound and outbound rules, port forwarding etc. will be removed.
ODU supports three types of WAN interface:
DHCP: The DHCP service is enabled on the WAN interface by default.
Therefore, ODU can connect to the Internet immediately if connect WAN
interface to upstream network device which enables DHCP server.
Static IP: Manually assign an IP address obtained from the carrier or upstream
network device.
PPPoE: Set the PPPoE service on WAN so that ODU can dial up to the Internet through the broadband service.
5.3.2 Uplink Setting
Configure link detection items and optimal forwarding mode for uplink
interfaces.
Link detection is enabled by default. In the private network environment,
please manually configure the address in “Test Connectivity to” or disable
link detection function to prevent the cellular interface from working
abnormally.
If detection function is disabled, it will not display latency, jitter, packet
loss rate, or signal strength in Status page.
If the “Test Connectivity to” address is empty, system will detect the primary
DNS server address obtained by each interface, otherwise, system will use this
address as the detection address for all uplink interfaces.
In Link Backup mode, ODU will monitor enabled items and trigger a link switch
when any item exceeds the threshold. If there is no item enabled, link switch
will only be triggered based on priority and connectivity of the links.
In Load Balancing mode, ODU will distribute data traffic to all available
links.
5.4 Local Network
Check and configure LAN of the device in Local Network page.
Edit the network: Click the Edit button on the right to edit LAN IP, enable/disable DHCP server and change the range of DHCP address.
5.5 Wi-Fi
Configure ODU to serve as Wi-Fi AP to provide SSID for wireless network
access.
Edit Wi-Fi: Click Edit button on the right, configure SSID, password or other parameters of this Wi-Fi.
5.6 VPN
VPN is intended to establish a private network on the public network for
encrypted communication. A VPN router enables remote access by encrypting data
packets and converting the destination address of data packets. VPN can be
realized by a server, hardware, or software. Compared with the traditional DDN
private line or frame relay, VPN provides a more secure and convenient remote
access solution.
5.6.1 IPSec VPN
IPsec is a group of open network security protocols developed by IETF. At the
IP layer, data source authentication, data encryption, data integrity, and
anti-replay functions are used to ensure the security of data transmission
between communication parties on the Internet, which reduces the risk of
leakage and eavesdropping, ensures the integrity and confidentiality of data,
and the security of service transmission for users.
In IPSec VPN page, click Add button on the left to build a new IPSec tunnel.
The following parameters must
be set in IPSec tunnel
Name: specify the name of the IPSec VPN created on the device, which is used
for local VPN management.
IKE Version: specify the version of the IKE protocol used on ODU, IKEv1 or
IKEv2.
Pre-Shared Key: specify the authentication key for IKE negotiation, which must
be consistent on both sides.
Uplink Interface: specify the local uplink interface used to establish the
IPSec VPN tunnel.
Peer Address: specify the IP address of the peer device.
Notes: The peer IP address must be set to 0.0.0.0 if working as IPSec server.
Tunnel Mode: specify the IP packet encapsulation mode on the IPSec VPN tunnel,
which can be tunnel mode or transmission mode.
Local Subnet: specify the IP address segment of the traffic to be sent out by
the ODU through IPSec VPN tunnel.
Peer Subnet: specify the IP address segment used for communication on the
other end of the IPSecVPN tunnel.
IKE Policy:
Encryption: specify the encryption algorithm for IKE.
Authentication: specify the authentication algorithm for IKE.
DH Groups: specify the DH key exchange mode.
Lifetime: specify the lifetime of the IKE SA. The default value is 86400
seconds. IPSec Policy:
Security Protocol: specify the security protocol used for ERP.
Encryption: specify the encryption algorithm the ESP protocol.
Authentication: specify the authentication algorithm for ESP.
PFS Groups: specify the Perfect Forward Secrecy (PFS) mode, which
improves the communication security through an additional key exchange in
Phase 2 negotiation.
Lifetime: specify the lifetime of the IPSec SA. The default value is 86400
seconds.
5.6.2 L2TP VPN
Layer 2 Tunneling Protocol (L2TP) is a tunnel protocol for virtual private
dial networks (VPDNs). This protocol establishes a tunnel from a remote site
to the headquarters of an enterprise over a public switched telephone network
(PSTN)
or integrated services digital network (ISDN) through Point-to-Point Protocol
(PPP) negotiation. This tunnel allows remote users to connect to the intranet
of the enterprise in a secure way.
5.6.2.1Server
Generally, L2TP server is deployed at the headquarters of an enterprise to
provide remote access for employees. On the VPN page, choose L2TP VPN > Server
to display the L2TP server configuration.
Name: the name of the L2TP server, cannot be changed.
Status: enable or disable L2TP server. This function is disabled by default.
Uplink Interface: specify the uplink interface used to establish a tunnel from
L2TP server.
VPN Connection Address: specify the gateway address for the L2TP client.
IP Pool: System will assign an IP address to the L2TP client from the
specified IP address pool.
User Name/Password: specify the user name and password for L2TP negotiation,
which must be consistent on both ends of the tunnel.
Authentication Mode: specify the authentication mode for the L2TP tunnel.
Enable Tunnel Authentication: Please make sure both ends of the tunnel are
configured with the same user name and password if enable this option.
5.6.2.2Client
Click Add button on the left to configure L2TP client parameters and establish
a tunnel with remote L2TP server.
Name: specify the local name of L2TP client tunnel.
Status: enable or disable L2TP client tunnel.
NAT: enable or disable NAT for packets forwarded by the ODU for the LAN
device.
Uplink Interface: specify the uplink interface used to establish L2TP tunnel.
Server Address: specify the IP address used by the remote L2TP server.
User Name/Password: specify the user name and password for L2TP negotiation,
which must be consistent on both ends of the tunnel.
Authentication Mode: specify the authentication mode for the L2TP tunnel.
Enable Tunnel Verification: Please make sure both ends of the tunnel are
configured with the same server name and verification key if enable this
option.
5.7 Security
Click “Security” in the left menu to enter Security page, and configure
advanced security features including firewall, policy-basedrouting, and traffi
shaping.
5.7.1 Firewall
Set inbound or outbound rules, port forwarding and MAC address filter in
firewall.
5.7.1.1 Inbound/Outbound Rules
User can set rules to control data traffic based on interface. For example:
User can use inbound rules to forbid some of IP addresses to access to router
when under attack from such IP.
User can use outbound rules to forbid some client devices to access to public
network.
Outbound rules: Inside network access to outside network, allow all data by
default.
InBound rules: Outside network access to inside network, forbid all data by
default.
Click Add button in the left to add a new rule.
Name: set the local identifier of the inbound rule.
Status: enable or disable the rule.
Interface: set the traffic forwarding interface. For an outbound rule, select
the interface from which traffic is sent out. For an inbound rule, select the
interface on which traffic is received.
Protocol: set the protocol type of packets to be matched, supports Any, TCP,
UDP, ICMP, and Custom.
Source: set the source IP address of packets to be matched, supports IP
address or retain the default option Any.
Destination: set the destination IP address of packets to be matched, supports
entering an IP address or retain the default option Any.
5.7.1.2Port Forwarding
When outside network accesses to specific ports of the ODU, system will
transfer this data to corresponding ports of inside device according to
relevant port forwarding rules. So that the service deployed in LAN will be
available in public network, and the same public IP address can be used to
access to plenty of services by using multiple port forwarding rules.
For example, after set port forwarding rules like below, when users from
public network try to access to ODU’s port 2000 on WAN, system will transfer
request to 192.168.1.23:8080 in LAN.
Name: set the local identifier of the port forwarding rule.
Status: enable or disable the port forwarding rule.
Interface: set the uplink interface that provides port mapping for internal
clients. This interface must have a public IP address.
Protocol: set the protocol type to which port mapping is applied. TCP, UDP,
and TCP&UDP.
Public Port: set the protocol port on the uplink interface to be mapped.
Local Address: set the IP address of the target client that external users
need to access.
Local Port: set the protocol port that external users need to access on the
target client.
5.7.1.3MAC Address Filter
Configure MAC address filter rules for LAN devices to allow or forbid LAN
devices to access to Internet.
Blacklist: Devices in the
blacklist will not be able to access the Internet.
Whitelist: Only devices in the whitelist are allowed to access the Internet.
5.7.2 Policy-Based Routing
Policy-based routing (PBR) allows ODU to forward different data flows through
different links based on configured policies. This feature enables flexible
route selection and control, thus improving the link utilization and reducing
operational cost of the enterprise. Choose Security > Policy-based Routing and
click Add to add a PBR rule.
Notes : The source and destination addresses of the PBR cannot be set as Any at the same time.
5.7.3 Traffic Shaping
Create shaping policies to apply per-user controls on a per-protocol basis to
optimize the network. This function can also reduce bandwidth for recreational
traffic, and prioritize bandwidth for critical business traffics.
Choose Security > Traffic Shaping and click Edit to modify the bandwidth of
the uplink interfaces.
Click Add to create a new traffic shaping rule. Traffic shaping policies consist of a series of rules that are performed in order, which is similar to custom firewall rules. There are two main components to each rule: the type of traffic to be limited or shaped (rule definition), and how that traffic should be limited or shaped (rule actions).
Notes:
Traffic forwarding priority for unmatched rules is medium.
When Limit Bandwidth is set to 0, system will not limit the bandwidth.
The value of Reserved Bandwidth should not be greater than the Limit
Bandwidth.
5.8 Services
5.8.1 DHCP server
DHCP implements dynamic IP address allocation in a client/server model.
The LAN device sends a request to ODU, and ODU replies with an IP address
assigned to the client. 5.8.2 DNS
server
Set global DNS server for ODU. System will use DNS server in this page if the
original DNS server from uplink interface cannot work.
5.8.3 Fixed Address List
ODU is able to distribute IP address based on client device’s MAC address by using fixed address list. Distributed IP address should in the range of IP address of the local network.
5.8.4 Static Routes
Configure static routes to forward data by specific route or interface. This
list will only display the rules created by user, and will not show the routes
created automatically after modifying WAN or LAN interface.
Static routes to the same destination IP address or network cannot have the same next-hop address, outbound interface, or priority.
5.8.5 Passthrough Settings
Configure IP passthrough to transparently forward data from uplink interface
to one client device.
After the IP
Passthrough mode is enabled, only one client can access to Internet, and
Static routing, VPN, Port Forwarding and Policy-Based Routing functions will
not work.
The inbound rule needs to be released when accessing the client device.
5.9 System
5.9.1 Change the Password
The default username and password of ODU is adm/123456. Please change the
password for securiry after first login. Click “adm” on the top right of the
web page, click Modify Password in the menu to change the password.
5.9.2 Cloud Management
InCloud Manager (star.inhandcloud.com) is a cloud platform developed by InHand
to help enterprises accelerate network deployment, simplify network
maintenance, and improve service experience. This platform provides zero touch
deployment, intelligent maintenance and security features to create good
service experiencefor users. Users can log in to the platform to manage the
devices temotely, perform batch configuration, and monitor traffic on the
devices.
ODU connects to InCloud Manager automatically. User can select which InHand
platform to connect to in this page, and also disable InCloud Manager in this
page.
5.9.3 Remote Access
Control
User can allow or forbid public network to access to ODU and which port for
public network to access to ODU in this page. The rules in this page will not
influence LAN device to access to ODU. ODU supports HTTPS when access to its
web configuration page.
5.9.4 System Clock
Select a time zone for the system and enable the NTP server to synchronize time with the target NTP server.
5.9.5 Device Options
Reboot, upgrade firmware or reset ODU to default factory settings in this
page.
Notes:
Before upgrading the firmware, please make sure the new firmware is obtained
froman official source.
If the ODU is connected to InCloud Manager, the platform will synchronizes the
settings before restore to factory settings. The ODU will only clear
historical data.
5.9.6 Configuration Management
User can export system configuration to local PC as backup, and import the configuration to device to restore the configuration.
5.9.7 Device Alarms
When user needs to pay attention to some of events that may occur on the
device, user can select corresponding alarm events and set an email address
for alarm email. ODU will send out alarm if a selected event occurs, and
record unselected events in log.
ODU supports recording and alarming following events at present:
After configure mail server address, port, username and password, ODU will send alarm email through this email. Configure Receiving Email Address and send a test email to this address to check the correctness of the configuration above.
5.9.8 Tools
5.9.8.1Ping
Use ICMP protocol to check the connectivity between source address (ODU itself
if Source is blank) and other IP address or domain name in Target.
Enter IP address or domain name in Target, and click Start to start ping.
5.9.8.2Traceroute
Enter target IP address or domain name, select interface, and click “Start” to
test and trace the link situation from ODU to the target.
5.9.8.3Capture
User can use this feature to catch the data forwarding through specified
interfaces.
By selecting options in the Output drop-downlist, user can view information
about the captured data packets or export the information to PC.
5.9.9 Log Server
Set a remote log server and ODU will upload system logs to this remote log
server.
5.9.10 Other Settings
Set web login timeout, enable or disable accelerated forwarding and
configure other system settings in this page.
Notes:
Cellular forwarding speed will be significantly increased after enabling
Accelerated Forwarding, but other functions like traffic shaping or IPSec will
not take effort.
FCC STATEMENT
This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions:
(1) This device may not cause harmful interference, and
(2) this device must accept any interference received, including interference
that may causeundesired operation.
Note1: This equipment has been tested and found to comply with the limits for
a Class A digital device, pursuant to part 15 of the FCC Rules. These limits
are designed to provide reasonable protection against harmful interference
when the equipment is operated in a commercial environment. This equipment
generates, uses, and can radiate radio frequency energy and, if not installed
and used in accordance with the instruction manual, may cause harmful
interference to radio communications. Operation of this equipment in a
residential area is likely to cause harmful interference in which case the
user will be required to correct the interference at his own expense.
NOTE 2: Any changes or modifications to this unit not expressly approved by
the party responsible for compliance could void the user’s authority to
operate the equipment.
RF Exposure
The equipment complies with FCC radiation exposure limits set forth for an
uncontrolled environment. This device should be installed and operated with
minimum distance 20cm between the radiator & your body.
IC STATEMENT
This device complies with Industry Canada license-exempt RSS standard(s):
Operation is subject to the following Two conditions:
- this device may not cause interference, and
- This device must accept any interference, including interference that may cause undesired operation of the device.
CAN NMB-3 (B)
Radiation Exposure Statement:
This equipment complies with IC radiation exposure limits set forth for an
uncontrolled environment. This equipment should be installed and operated with
minimum distance 20cm between the radiator & your body.
This radio transmitter [11594A-ODU] has been approved by Innovation, Science
and Economic Development Canada to operate with the antenna types listed
below, with the maximum permissible gain indicated. Antenna types not included
in this list that have a gain greater than the maximum gain indicated for any
type listed are strictly prohibited for use with this device.
Antenna Requirements: The following antennae were approved with the prototype:
Operating Band| Frequency(MHz)| Description| Antenna impedance| Product Type|
Antenna Gain(dBi)
---|---|---|---|---|---
2.4Gwifi| 2412~2462| Fiberglass| 50Ω| BGS-065C(RB version)| 4.21
B48| 1850~1910| BGS-065A(RA version)| 3.01
The product is provided with an approved antenna. Use only supplied or approved antenna by Beijing InHand Networks Technology Co., Ltd. Any changes or modifications to the Antenna may void the regulatory approvals obtained for the product.