RG2I UR32 Economic 4G Modem Router User Guide

June 9, 2024
0 3 baby

UR32 Economic 4G Modem Router

Industrial Router Pro Series UR32
User Guide

Preface
Thanks for choosing Milesight UR32 industrial cellular router. The UR32 industrial cellular router delivers tenacious connection over network with full-featured design such as automated failover/failback, extended operating temperature, dual SIM cards, hardware watchdog, VPN, Fast Ethernet and beyond.
This guide describes how to configure and operate the UR32 industrial cellular router. You can refer to it for detailed functionality and router configuration.

Readers
This guide is mainly intended for the following users: – Network Planners – On-site technical support and maintenance personnel – Network administrators responsible for network configuration and maintenance
© 2011-2022 Xiamen Milesight IoT Co., Ltd. All rights reserved. All information in this user guide is protected by copyright law. Whereby, no organization or individual shall copy or reproduce the whole or part of this user guide by any means without written authorization from Xiamen Milesight Iot Co., Ltd.

Related Documents

Document UR32 Datasheet

Description Datasheet for the UR32 industrial cellular router.

UR32 Quick Start Guide Quick Installation guide for the UR32 industrial cellular router.

Declaration of Conformity
UR32 is in conformity with the essential requirements and other relevant provisions of the CE, FCC, and RoHS.

2

For assistance, please contact Milesight technical support: Email: iot.support@milesight.com Tel: 86-592-5085280 Fax: 86-592-5023065 Address: Building C09, Software Park III,
Xiamen 361024, China

Revision History
Date May. 16, 2019 Nov. 14, 2019 May 11, 2020 Dec. 9, 2020
Sept. 17, 2021

Doc Version V 1.1 V 1.2 V 1.3 V 2.0
V 2.1

Description Initial version Add Python, SMS, IP passthrough functions Web interfaces upgrade Layout replace 1. Cellular and ping detection support IPv6 2. Add WAN connection type: DHCPv6 client, DS-Lite 3. Add DHCPv6 Server feature 4. Add IPv6 static routing feature 5. Add Expert Option box in IPsec settings 6. Support SMS inbox and outbox record clear

3

Contents
Chapter 1 Product Introduction…………………………………………………………………………………………………………….8 1.1 Overview…………………………………………………………………………………………………………………………………. 8 1.2 Advantages…………………………………………………………………………………………………………………………….. 8 1.3 Specifications…………………………………………………………………………………………………………………………. 9 1.4 Dimensions (mm)…………………………………………………………………………………………………………………. 11
Chapter 2 Access to Web GUI……………………………………………………………………………………………………………. 12 Chapter 3 Web Configuration…………………………………………………………………………………………………………….. 14
3.1 Status…………………………………………………………………………………………………………………………………….14 3.1.1 Overview…………………………………………………………………………………………………………………….. 14 3.1.2 Cellular……………………………………………………………………………………………………………………….. 15 3.1.3 Network……………………………………………………………………………………………………………………….17 3.1.4 WLAN (Only Applicable to Wi-Fi Version)…………………………………………………………………….18 3.1.5 VPN……………………………………………………………………………………………………………………………..19 3.1.6 Routing……………………………………………………………………………………………………………………….. 20 3.1.7 Host List………………………………………………………………………………………………………………………20 3.1.8 GPS (Only Applicable to GPS Version)…………………………………………………………………………21
3.2 Network………………………………………………………………………………………………………………………………… 22 3.2.1 Interface………………………………………………………………………………………………………………………22 3.2.1.1 Link Failover………………………………………………………………………………………………………22 3.2.1.2 Cellular………………………………………………………………………………………………………………24 3.2.1.3 Port……………………………………………………………………………………………………………………26 3.2.1.4 WAN…………………………………………………………………………………………………………………. 27 3.2.1.5 Bridge………………………………………………………………………………………………………………..32 3.2.1.6 WLAN (Only Applicable to Wi-Fi Version)…………………………………………………………. 32 3.2.1.7 Switch………………………………………………………………………………………………………………. 35 3.2.1.8 Loopback…………………………………………………………………………………………………………..35 3.2.2 DHCP………………………………………………………………………………………………………………………….. 36 3.2.2.1 DHCP/DHCPv6 Server……………………………………………………………………………………….36 3.2.2.2 DHCP Relay………………………………………………………………………………………………………. 38 3.2.3 Firewall………………………………………………………………………………………………………………………..39 3.2.3.1 Security……………………………………………………………………………………………………………..39 3.2.3.2 ACL…………………………………………………………………………………………………………………… 40 3.2.3.3 Port Mapping……………………………………………………………………………………………………. 41 3.2.3.4 DMZ…………………………………………………………………………………………………………………..42 3.2.3.5 MAC Binding…………………………………………………………………………………………………….. 43 3.2.3.6 Custom Rules…………………………………………………………………………………………………… 43 3.2.3.7 SPI……………………………………………………………………………………………………………………. 44 3.2.4 QoS…………………………………………………………………………………………………………………………….. 45 3.2.5 VPN……………………………………………………………………………………………………………………………..46 3.2.5.1 DMVPN…………………………………………………………………………………………………………….. 46 3.2.5.2 IPSec Server………………………………………………………………………………………………………47 3.2.5.3 IPSec………………………………………………………………………………………………………………… 51
4

3.2.5.4 GRE……………………………………………………………………………………………………………………53 3.2.5.5 L2TP…………………………………………………………………………………………………………………. 54 3.2.5.6 PPTP………………………………………………………………………………………………………………… 56 3.2.5.7 OpenVPN Client…………………………………………………………………………………………………58 3.2.5.8 OpenVPN Server………………………………………………………………………………………………..60 3.2.5.9 Certifications……………………………………………………………………………………………………. 62 3.2.6 IP Passthrough…………………………………………………………………………………………………………… 64 3.2.7 Routing……………………………………………………………………………………………………………………….. 64 3.2.7.1 Static Routing…………………………………………………………………………………………………… 64 3.2.7.2 RIP……………………………………………………………………………………………………………………. 65 3.2.7.3 OSPF………………………………………………………………………………………………………………… 68 3.2.7.4 Routing Filtering……………………………………………………………………………………………….. 74 3.2.8 VRRP……………………………………………………………………………………………………………………………74 3.2.9 DDNS………………………………………………………………………………………………………………………….. 76 3.3 System…………………………………………………………………………………………………………………………………..78 3.3.1 General Settings…………………………………………………………………………………………………………. 78 3.3.1.1 General………………………………………………………………………………………………………………78 3.3.1.2 System Time……………………………………………………………………………………………………..79 3.3.1.3 Email………………………………………………………………………………………………………………… 81 3.3.1.4 Storage…………………………………………………………………………………………………………….. 82 3.3.2 Phone&SMS…………………………………………………………………………………………………………………83 3.3.2.1 Phone………………………………………………………………………………………………………………..83 3.3.2.2 SMS………………………………………………………………………………………………………………….. 84 3.3.3 User Management……………………………………………………………………………………………………….85 3.3.3.1 Account……………………………………………………………………………………………………………. 85 3.3.3.2 User Management……………………………………………………………………………………………. 86 3.3.4 SNMP…………………………………………………………………………………………………………………………. 87 3.3.4.1 SNMP……………………………………………………………………………………………………………….. 87 3.3.4.2 MIB View……………………………………………………………………………………………………………88 3.3.4.3 VACM……………………………………………………………………………………………………………….. 88 3.3.4.4 Trap………………………………………………………………………………………………………………….. 89 3.3.4.5 MIB…………………………………………………………………………………………………………………… 90 3.3.5 AAA……………………………………………………………………………………………………………………………..90 3.3.5.1 Radius………………………………………………………………………………………………………………. 90 3.3.5.2 TACACS+…………………………………………………………………………………………………………..91 3.3.5.3 LDAP………………………………………………………………………………………………………………… 92 3.3.5.4 Authentication………………………………………………………………………………………………….. 93 3.3.6 Device Management…………………………………………………………………………………………………… 93 3.3.6.1 DeviceHub………………………………………………………………………………………………………… 93 3.3.6.2 Milesight VPN……………………………………………………………………………………………………94 3.3.7 Events………………………………………………………………………………………………………………………….96 3.3.7.1 Events………………………………………………………………………………………………………………. 96 3.3.7.2 Events Settings………………………………………………………………………………………………….96 3.4 Industrial Interface……………………………………………………………………………………………………………….. 98
5

3.4.1 I/O………………………………………………………………………………………………………………………………. 99 3.4.1.1 DI……………………………………………………………………………………………………………………….99 3.4.1.2 DO……………………………………………………………………………………………………………………100
3.4.2 Serial Port………………………………………………………………………………………………………………….100 3.4.3 Modbus Slave…………………………………………………………………………………………………………… 104
3.4.3.1 Modbus TCP……………………………………………………………………………………………………104 3.4.3.2 Modbus RTU……………………………………………………………………………………………………105 3.4.3.3 Modbus RTU Over TCP…………………………………………………………………………………… 105 3.4.4 Modbus Master………………………………………………………………………………………………………… 106 3.4.4.1 Modbus Master……………………………………………………………………………………………….106 3.4.4.2 Channel………………………………………………………………………………………………………….. 107 3.4.5 GPS (Only Applicable to GPS Version)……………………………………………………………………… 109 3.4.5.1 GPS………………………………………………………………………………………………………………… 109 3.4.5.2 GPS IP Forwarding…………………………………………………………………………………………. 110 3.4.5.3 GPS Serial Forwarding……………………………………………………………………………………. 111 3.5 Maintenance………………………………………………………………………………………………………………………..112 3.5.1 Tools………………………………………………………………………………………………………………………… 112 3.5.1.1 Ping………………………………………………………………………………………………………………… 112 3.5.1.2 Traceroute……………………………………………………………………………………………………….112 3.5.1.3 Packet Analyzer……………………………………………………………………………………………… 113 3.5.1.4 Qxdmlog…………………………………………………………………………………………………………. 113 3.5.2 Debugger………………………………………………………………………………………………………………….. 114 3.5.2.1 Cellular Debugger…………………………………………………………………………………………… 114 3.5.2.2 Firewall Debugger……………………………………………………………………………………………114 3.5.3 Log…………………………………………………………………………………………………………………………….115 3.5.3.1 System Log…………………………………………………………………………………………………….. 115 3.5.3.2 Log Download………………………………………………………………………………………………… 116 3.5.3.3 Log Settings…………………………………………………………………………………………………….117 3.5.4 Upgrade……………………………………………………………………………………………………………………. 118 3.5.5 Backup and Restore…………………………………………………………………………………………………..118 3.5.6 Reboot……………………………………………………………………………………………………………………….119 3.6 APP…………………………………………………………………………………………………………………………………….. 120 3.6.1 Python………………………………………………………………………………………………………………………. 120 3.6.1.1 Python……………………………………………………………………………………………………………..120 3.6.1.2 App Manager Configuration…………………………………………………………………………….121 3.6.1.3 Python App…………………………………………………………………………………………………….. 121 Chapter 4 Application Examples……………………………………………………………………………………………………… 123 4.1 Restore Factory Defaults……………………………………………………………………………………………………..123 4.1.1 Via Web Interface………………………………………………………………………………………………………123 4.2.2 Via Hardware……………………………………………………………………………………………………………. 124 4.2 Firmware Upgrade……………………………………………………………………………………………………………….124 4.3 Events Application Example……………………………………………………………………………………………….. 125 4.4 SNMP Application Example…………………………………………………………………………………………………126 4.5 Network Connection…………………………………………………………………………………………………………… 129
6

4.5.1 Cellular Connection……………………………………………………………………………………………………129 4.5.2 Ethernet WAN Connection…………………………………………………………………………………………131 4.6 Wi-Fi Application Example (Only Applicable to Wi-Fi Version)……………………………………………..133 4.6.1 AP Mode…………………………………………………………………………………………………………………… 133 4.6.2 Client Mode………………………………………………………………………………………………………………. 134 4.7 VRRP Application Example…………………………………………………………………………………………………. 135 4.8 NAT Application Example…………………………………………………………………………………………………… 138 4.9 Access Control Application Example…………………………………………………………………………………..138 4.10 QoS Application Example…………………………………………………………………………………………………. 140 4.11 DTU Application Example…………………………………………………………………………………………………. 141 4.12 PPTP Application Example………………………………………………………………………………………………..144
7

Chapter 1 Product Introduction
1.1 Overview
UR32 is an industrial cellular router with embedded intelligent software features that are designed for multifarious M2M/IoT applications. Supporting global WCDMA and 4G LTE, UR32 provides drop-in connectivity for operators and makes a giant leap in maximizing uptime. Adopting high-performance and low- power consumption industrial grade CPU and wireless module, the UR32 is capable of providing wire-speed network with low power consumption and ultra- small package to ensure the extremely safe and reliable connection to the wireless network. Meanwhile, the UR32 also supports Fast Ethernet ports, serial port (RS232/RS485) and I/O (input/output), which enables you to scale up M2M application combining data and video in limited time and budget. UR32 is particularly ideal for smart grid, digital media installations, industrial automation, telemetry equipment, medical device, digital factory, finance, payment device, environment protection, water conservancy and so on. For details of hardware and installation, please check UR32 Quick Start Guide.
Figure 1-1
1.2 Advantages Benefits
– Built-in industrial strong NXP CPU, big memory – Fast Ethernets for fast data transmission – Dual SIM cards for backup between multiple carriers networking and global 2G/3G/LTE options
make it easy to get connected – Equipped with Ethernet, I/O, serial port, Wi- Fi, GPS for connecting diverse field assets – Embedded Python SDK for second development – Rugged enclosure, optimized for DIN rail or shelf mounting – 3-year warranty included
8

Security & Reliability – Automated failover/failback between Ethernet and Cellular (dual SIM) – Enable unit with security frameworks like IPsec/OpenVPN/GRE/L2TP/PPTP/ DMVPN – Embed hardware watchdog, automatically recovering from various failure, and ensuring highest
level of availability – Establish a secured mechanism on centralized authentication and authorization of device access
by supporting AAA (TACACS+, Radius, LDAP, local authentication) and multiple levels of user authority

Easy Maintenance – Milesight DeviceHub provides easy setup, mass configuration, and centralized management of
remote devices – The user-friendly web interface design and several upgrade options help administrator to manage
the device as easy as pie – Web GUI and CLI enable the admin to achieve simple management and quick configuration
among a large quantity of devices – Efficiently manage the remote routers on the existing platform through the industrial standard
SNMP

Capabilities – Link remote devices in an environment where communication technologies are constantly
changing – Industrial 32-bit ARM Cortex-A7 processor, high-performance operating up to 528MHz and 128
MB memory available to support more applications – Support rich protocols like SNMP, Modbus bridging, RIP, OSPF – Support wide operating temperature ranging from -40°C to 70°C/-40°F to 158°F

1.3 Specifications
Hardware System CPU Memory Storage Cellular Interfaces Connectors SIM Slots

528MHz, 32-bit ARM Cortex-A7 128 MB Flash, 128 MB DDR3 RAM 1 × Micro SD
2 × 50 SMA (Center pin: SMA Female) 2

9

Wi-Fi Interface (Optional)

Connectors

1 × 50 SMA (Center pin: RP-SMA Female)

Standards

IEEE 802.11 b/g/n

802.11b: 16 dBm +/-1.5 dBm (11 Mbps)

Tx Power

802.11g: 14 dBm +/-1.5 dBm (54 Mbps)

802.11n: 13 dBm +/-1.5 dBm (65 Mbps, HT20/40 MCS7)

Modes

Support AP and Client mode, multiple SSID

Security

WPA/WPA2 authentication, WEP/TKIP/AES encryption

GPS (Optional)

Connectors

1 × 50 SMA (Center pin: SMA Female)

Protocols

NMEA 0183, PMTK

Ethernet

Ports

2 × RJ-45 (PoE PSE Optional)

Physical Layer

10/100 Base-T (IEEE 802.3)

Data Rate

10/100 Mbps (auto-sensing)

Interface

Auto MDI/MDIX

Mode Serial Interface

Full or half duplex (auto-sensing)

Ports

1 × RS232 (RS485 Optional)

Connector

Terminal block

Baud Rate

300bps to 230400bps

IO

Connector

Terminal block

Digital

1 × DI + 1 × DO

Software

IPv4/IPv6, PPP, PPPoE, SNMP v1/v2c/v3, TCP, UDP, DHCP, RIPv1/v2,

Network Protocols

OSPF, DDNS, VRRP, HTTP, HTTPS, DNS, ARP, QoS, SNTP, Telnet, VLAN,

SSH, etc.

VPN Tunnel

DMVPN/IPsec/OpenVPN/PPTP/L2TP/GRE

Access Authentication CHAP/PAP/MS-CHAP/MS-CHAPV2

Firewall

ACL/DMZ/Port Mapping/MAC Binding/SPI/DoS&DDoS Protection /IP Passthrough

Management

Web, CLI, SMS, On-demand dial up, DeviceHub

AAA

Radius, TACACS+, LDAP, Local Authentication

10

Multilevel Authority

Multiple levels of user authority

Reliability

VRRP, WAN Failover, Dual SIM Backup

Serial Port

Transparent (TCP Client/Server, UDP), Modbus Gateway (Modbus RTU to Modbus TCP)

Power Supply and Consumption

Connector

2-pin with 5.08 mm terminal block

Input Voltage

9-48 VDC

Power Consumption

Typical 1.9 W, Max 2.4 W (In Non-PoE mode)

Power Output

2 × 802.3 af/at PoE output

Physical Characteristics

Ingress Protection

IP30

Housing & Weight

Metal, 271 g

Dimensions

108 x 90 x 26 mm (4.25 x 3.54 x 1.02 in)

Mounting

Desktop, wall or DIN rail mounting

Others

Reset Button

1 × RESET

LED Indicators

1 × POWER, 1 × SYSTEM, 1 × SIM, 3 × Signal strength

Built-in Environmental

Watchdog, Timer

-40°C to +70°C (-40°F to +158°F) Operating Temperature
Reduced cellular performance above 60°C

Storage Temperature -40°C to +85°C (-40°F to +185°F)

Ethernet Isolation

1.5 kV RMS

Relative Humidity

0% to 95% (non-condensing) at 25°C/77°F

1.4 Dimensions (mm)

Figure 1-2 11

Chapter 2 Access to Web GUI
This chapter explains how to access to Web GUI of the UR32 router. Connect PC to LAN port of UR32 router directly. The following steps are based on Windows 10 operating system for your reference. Username: admin Password: password IP Address: 192.168.1.1 1. Go to “Control Panel” “Network and Internet” “Network and Sharing Center”, then click “Ethernet” (May have different names).
2. Go to “Properties” “Internet Protocol Version 4(TCP/IPv4) “, select “Obtain an IP address automatically” or “Use the following IP address”, then assign a static IP manually within the same subnet of the device.
3. Open a Web browser on your PC (Chrome is recommended), type in the IP address 192.168.1.1, and press Enter on your keyboard. 4. Enter the username, password, and click “Login”.
12

If you enter the username or password incorrectly more than 5 times, the login page will be locked for 10 minutes. 5. When you login with the default username and password, you will be asked to modify the password. It’s suggested that you change the password for the sake of security. Click “Cancel” button if you want to modify it later.
6. After you login the Web GUI, you can view system information and perform configuration on the router.
13

Chapter 3 Web Configuration
3.1 Status 3.1.1 Overview
You can view the system information of the router on this page.

Figure 3-1-1-1

System Information

Item Model Serial Number

Description Show the model name of router. Show the serial number of router.

Firmware Version

Show the currently firmware version of router.

Hardware Version

Show the currently hardware version of router.

Table 3-1-1-1 System Information

System Status Item

Description

Local Time

Show the currently local time of system.

Uptime CPU Load

Show the information on how long the router has been running. Show the current CPU utilization of the router.

RAM (Available/Capacity) Show the RAM capacity and the available RAM memory. Flash (Available/Capacity) Show the Flash capacity and the available Flash memory.

Table 3-1-1-2 System Status

14

Cellular Item Status

Description Show the real-time status of the currently SIM card

Current SIM

Show the SIM card currently used for the data connection.

IPv4/IPv6

Show the IPv4/IPv6 address obtained from the mobile carrier.

Connection Duration Data Usage Monthly

Show the connection duration of the currently SIM card. Show the monthly data usage statistics of currently used SIM card.

Table 3-1-1-3 Cellular Status

WAN Item

Description

Status

Show the currently status of WAN port.

IPv4/IPv6

The IPv4/IPv6 address configured WAN port.

MAC Connection Duration

The MAC address of the Ethernet port. Show the connection duration of the WAN port.

Table 3-1-1-4 WAN Status

WLAN (Only applicable for Wi-Fi model)

Item

Description

Status

Show the currently status of WLAN.

IP

Show the WLAN mode (AP or client).

SSID

Show the SSID of the WLAN AP or client.

Connected Clients

Show the amount of connected devices when mode is AP.

Table 3-1-1-5 WLAN Status

LAN Item

Description

IP4/IPv6 Connected Devices

Show the IP4/IPv6 address of the LAN port. Number of devices that connected to the router’s LAN.

Table 3-1-1-6 LAN Status

3.1.2 Cellular You can view the cellular network status of router on this page.

15

Figure 3-1-2-1

Modem Information

Item Status Version

Description Show corresponding detection status of module and SIM card. Show the cellular module firmware version.

Current SIM

Show the current SIM card used.

Signal Level

Show the cellular signal level.

Register Status IMEI IMSI

Show the registration status of SIM card. Show the IMEI of the module. Show IMSI of the SIM card.

ICCID

Show ICCID of the SIM card.

ISP Network Type PLMN ID LAC

Show the network provider which the SIM card registers on. Show the connected network type, such as LTE, 3G, etc. Show the current PLMN ID, including MCC, MNC, LAC and Cell ID. Show the location area code of the SIM card.

Cell ID

Show the Cell ID of the SIM card location.

Table 3-1-2-1 Modem Information

Network

Item

Description

Status

Show the connection status of cellular network.

IPv4/IPv6 Address IPv4/IPv6 Gateway IPv4/IPv6 DNS

Show the IPv4/IPv6 address and netmask of cellular network. Show the IPv4/IPv6 gateway and netmask of cellular network. Show the IPv4/IPv6 DNS of cellular network.

Show information on how long the cellular network has been Connection Duration
connected.

Table 3-1-2-2 Network Status

Data Usage Monthly

Item

Description

SIM-1

Show the monthly data usage statistics of SIM-1.

SIM-2

Show the monthly data usage statistics of SIM-2.

16

Table 3-1-2-3 Data Usage Information
3.1.3 Network On this page you can check the WAN and LAN status of the router.

WAN Status Item Port
Status
Type IPv4/IPv6 Gateway DNS Connection Duration

Figure 3-1-3-1
Description Show the name of WAN port. Show the status of WAN port. “up” refers to a status that WAN is enabled and Ethernet cable is connected. “down” means Ethernet cable is disconnected or WAN function is disabled. Show the dial-up connection type of WAN port. Show the IPv4 address with netmask or IPv6 address with prefix-length of WAN port. Show the gateway of WAN port. Show the DNS of WAN port. Show the information on how long the Ethernet cable has been connected on WAN port when WAN function is enabled. Once WAN function is disabled or Ethernet connection is disconnected, the duration will stop.
Table 3-1-3-1 WAN Status

Bridge Item Name STP IPv4/IPv6 Netmask Members

Figure 3-1-3-2
Description Show the name of the bridge interface. Show if STP is enabled. Show the IPv4/IPv6 address and netmask of the bridge interface. Show the Netmask of the bridge interface. Show the members of the bridge interface.
Table 3-1-3-2 Bridge Status

17

3.1.4 WLAN (Only Applicable to Wi-Fi Version) You can check Wi-Fi status on this page, including the information of access point and client.

WLAN Status Item WLAN Status Name Status Type SSID
IP Address
Netmask Associated Stations SSID
MAC Address
IP Address
Connection Duration

Figure 3-1-4-1
Description
Show the name of the Wi-Fi interface . Show the status of the Wi-Fi interface. Show the Wi-Fi interface type. Show the SSID of the router when the interface type is AP. Show the SSID of AP which the router connected to when the interface type is Client. Show the IP address of the router when the interface type is AP. Show the IP address of AP which the router connected to when the interface type is Client. Show the netmask of the router when the interface type is AP. Show the netmask of AP which the router connected to when the interface type is Client.
Show the SSID of the router when the interface type is AP. Show the SSID of AP which the router connected to when the interface type is Client. Show the MAC address of the client which connected to the router when the interface type is AP. Show the MAC address of the AP which the router connected to when the interface type is Client. Show the IP address of the client which connected to the router when the interface type is AP. Show the IP address of the AP which the router connected to when the interface type is Client. Show the connection duration between client device and router when the interface type is AP. Show the connection duration between router and the AP when the interface type is Client.
Table 3-1-4-1 WLAN Status

18

3.1.5 VPN You can check VPN status on this page, including PPTP, L2TP, IPsec, OpenVPN and DMVPN.

VPN Status Item Clients Name
Status
Local IP Remote IP Server Name Status Connected List Server Type Client IP
Duration

Figure 3-1-5-1
Description
Show the name of the enabled VPN clients. Show the status of client. “Connected” refers to a status that client is connected to the server. “Disconnected” means client is disconnected to the server. Show the local IP address of the tunnel. Show the real remote IP address of the tunnel.
Show the name of the enabled VPN Server. Show the status of Server.
Show the type of the server. Show the IP address of the client which connected to the server. Show the information about how long the client has been connected to this server when the server is enabled. Once the server is disabled or connection is disconnected, the duration will stop counting.
Table 3-1-5-1 VPN Status

19

3.1.6 Routing You can check routing status on this page, including the routing table and ARP cache.

Item Routing Table Destination Netmask/Prefix Length Gateway Interface Metric ARP Cache IP MAC Interface

Description

Figure 3-1-6-1

Show the IP address of destination host or destination network. Show the netmask or prefix length of destination host or destination network. Show the IP address of the gateway. Show the outbound interface of the route. Show the metric of the route.

Show the IP address of ARP pool. Show the IP address’s corresponding MAC address. Show the binding interface of ARP.
Table 3-1-6-1 Routing Information

3.1.7 Host List You can view the host information on this page.

20

Host List Item DHCP Leases IP Address MAC/DUID Lease Time Remaining MAC Binding
IP & MAC

Figure 3-1-7-1
Description
Show IP address of DHCP client Show MAC address of DHCPv4 client or DUID of DHCPv6 client. Show the remaining lease time of DHCP client.
Show the IP address and MAC address set in the Static IP list of DHCP service.
Table 3-1-7-1 Host List Description

3.1.8 GPS (Only Applicable to GPS Version) When GPS function is enabled and the GPS information is obtained successfully, you can view the latest GPS information including GPS Time, Latitude, Longitude and Speed on this page.

Figure 3-1-8-1
21

GPS Status Item Status Time for Locating Satellites In Use Satellites In View Latitude Longitude Altitude Speed

Description Show the status of GPS. Show the time for locating. Show the quantity of satellites in use. Show the quantity of satellites in view. Show the Latitude of the location. Show the Longitude of the location. Show the Altitude of the location. Show the speed of movement.
Table 3-1-8-1 GPS Status Description

3.2 Network
3.2.1 Interface
3.2.1.1 Link Failover This section describes how to configure link failover strategies, their priority and the ping settings, each rule owns its own ping rules by default. Router will follow the priority to choose the next available interface to access the internet, make sure you have enable the full interface that you need to use here. If priority 1 can only use IPv4, UR32 will select a second link which IPv6 works as main IPv6 link and vice versa.

Link Failover Item Link Priority Priority
Enable Rule

Figure 3-2-1-1
Description
Display the priority of each interface, you can modify it by the operation’s up and down button. If enabled, the router will choose this interface into its switching rule. For the Cellular interface, if it’s not enabled here, the interface will be disabled as well.

22

Link In Use Interface Connection type IP Operation Settings Revert Interval Emergency Reboot

Mark whether this interface is in use with Green color Display the name of the interface. Display how to obtain the IP address in this interface, like static IP or DHCP. Display the IP address of the interface. You can change the priority of the rules and configure the ping detection rules here.
Specify the number of seconds to waiting for switching to the link with higher priority, 0 means disable the function. Enable to reboot the device if no link is available.
Table 3-2-1-1 Link Failover Parameters

Ping Detection Item
Enable
IPv4/IPv6 Primary Server
IPv4/IPv6 Secondary Server Interval
Retry Interval
Timeout

Figure 3-2-1-2
Description If enabled, the router will periodically detect the connection status of the link. The router will send ICMP packet to the IPv4/IPv6 address or hostname to determine whether the Internet connection is still available or not. The router will try to ping the secondary server name if primary server is not available. Time interval (in seconds) between two Pings. Set the ping retry interval. When ping failed, the router will ping again in every retry interval. The maximum amount of time the router will wait for a

23

Max Ping Retries

response to a ping request. If it does not receive a response for the amount of time defined in this field, the ping request will be considered to have failed. The retry times of the router sending ping request until determining that the connection has failed.
Table 3-2-1-2 Ping Detection Parameters

3.2.1.2 Cellular This section explains how to set the related parameters for cellular network. The UR32 cellular router has two cellular interfaces, namely SIM1 and SIM2. Only one cellular interface is active at one time. If both cellular interfaces are enabled, it will follow the priority rule configured in `Link Failover’ page.

Cellular Settings Item Protocol
APN

Figure 3-2-1-3
Description Select from “IPv4”, “IPv6” and “IPv4/IPv6”. Enter the Access Point Name for cellular dial-up connection provided by local ISP.

24

Username Password PIN Code Access Number Authentication Type
Network Type
PPP Preferred SMS Center Enable NAT Roaming Data Limit
Billing Day

Enter the username for cellular dial-up connection provided by local ISP. Enter the password for cellular dial-up connection provided by local ISP. Enter a 4-8 characters PIN code to unlock the SIM. Enter the dial-up center NO. For cellular dial-up connection provided by local ISP. Select from “Auto”, “PAP”, “CHAP”, “MS-CHAP”, and “MS-CHAPv2”. Select from “Auto”, “4G Only”, “3G Only”, and “2G Only”. Auto: connect to the network with the strongest signal automatically. 4G Only: connect to 4G network only. And so on. The PPP dial-up method is preferred. Enter the local SMS center number for storing, forwarding, converting and delivering SMS message. Enable or disable NAT function. Enable or disable roaming. When you reach the specified data usage limit, the data connection of currently used SIM card will be disabled. 0 means disable the function. Choose the billing day of the SIM card, the router will reset the data used to 0.
Table 3-2-1-3 Cellular Parameters

Connection Setting Item Connection Mode Re-dial Interval(s)

Figure 3-2-1-4
Description Select from “Always Online” and “Connect on Demand”. Set the interval to dial into ISP when it lost connection, the default value is

25

Max Idle Times Triggered by Call Call Group
Triggered by SMS
SMS Group SMS Text Triggered by IO

5s. Set the maximum duration of router when current link is under idle status. Range: 10-3600 The router will switch from offline mode to cellular network mode automatically when it receives a call from the specific phone number. Select a call group for call trigger. Go to “System > Phone&SMS > Phone” to set up phone group. The router will switch from offline mode to cellular network mode automatically when it receives a specific SMS from the specific mobile phone. Select an SMS group for trigger. Go to “System > Phone&SMS > SMS” to set up SMS group. Fill in the SMS content for triggering. The router will switch from offline mode to cellular network mode automatically when the DI status is changed. Go to “Industrial > I/O > DI” to configure trigger condition.
Table 3-2-1-4 Cellular Parameters

Related Topics Cellular Network Connection Phone Group DI Setting

3.2.1.3 Port
This section describes how to configure the Ethernet port parameters. UR32 cellular router supports 2 Fast Ethernet ports.

Port Setting Item Port
Status
Property Speed

Figure 3-2-1-5
Description Users can define the Ethernet ports according to their needs. Set the status of Ethernet port; select “up” to enable and “down” to disable. Show the Ethernet port’s type, as a WAN port or a LAN port. Set the Ethernet port’s speed. The options are “auto”, “100 Mbps”,

26

Duplex

and “10 Mbps”. Set the Ethernet port’s mode. The options are “auto”, “full”, and “half”.
Table 3-2-1-5 Port Parameters

3.2.1.4 WAN
WAN port can be connected with Ethernet cable to get Internet access. It supports 5 connection types. – Static IP: configure IP address, netmask and gateway for Ethernet WAN interface. – DHCP Client: configure Ethernet WAN interface as DHCP Client to obtain IP address automatically. – PPPoE: configure Ethernet WAN interface as PPPoE Client. – DHCPv6 Client: configure Ethernet WAN interface as DHCP Client to obtain IPv6 address automatically. – Dual-Stack Lite: use IPv4-in-IPv6 tunneling to send terminal device’s IPv4 packet through a tunnel on
the IPv6 access network to the ISP.

WAN Setting Item Enable Port

Figure 3-2-1-6
Description Enable WAN function. The port that is currently set as WAN port.

Default Enable WAN

27

Connection Type
MTU IPv4 Primary DNS IPv4 Secondary DNS IPv6 Primary DNS IPv6 Secondary DNS
Enable NAT

Select from “Static IP”, “DHCP Client”, “DHCPv6 Client” , “Dual-Stack Lite” and “PPPoE”. Set the maximum transmission unit. Set the primary IPv4 DNS server.
Set the secondary IPv4 DNS server.
Set the primary IPv6 DNS server.
Set the secondary IPv6 DNS server. Enable or disable NAT function. When enabled, a private IP can be translated to a public IP.
Table 3-2-1-6 WAN Parameters

Static IP 1500 8.8.8.8 — — — -Enable

1. Static IP Configuration If the external network assigns a fixed IP for the WAN interface, user can select “Static IP” mode.

Static IP Item IPv4 Address Netmask

Figure 3-2-1-7
Description Set the IPv4 address of the WAN port. Set the Netmask for WAN port.

Default 192.168.0.1 255.255.255.0
28

IPv4 Gateway IPv6 Address
Prefix-length
IPv6 Gateway

Set the gateway for WAN port’s IPv4 address.
Set the IPv6 address which can access Internet.
Set the IPv6 prefix length to identify how many bits of a Global Unicast IPv6 address are there in network part. For example, in 2001:0DB8:0000:000b::/64, the number 64 is used to identify that the first 64 bits are in network part. Set the gateway for WAN port’s IPv6 address. E.g.2001:DB8:ACAD:4::2.

Multiple IP Address

Set the multiple IP addresses for WAN port.

Table 3-2-1-7 Static Parameters

192.168.0.2 Generated from Mac address
64
-Null

2. DHCP Client/DHCPv6 Client If the external network has DHCP server enabled and has assigned IP addresses to the Ethernet WAN interface, user can select “DHCP client” mode to obtain IP address automatically.

Figure 3-2-1-8

Figure 3-2-1-9
29

DHCP Client Item Use Peer DNS DHCPv6 Client
Request IPv6-address
Request prefix length of IPv6

Description Obtain peer DNS automatically during PPP dialing. DNS is necessary when visiting domain name.
Choose the ways to obtain the IPv6 address from the DHCP Server. Select from try, force, none. Try: The DHCP Server will assign specific address in priority. Force: The DHCP Server assigns specific address only. None: The DHCP Server will randomly assign address.The specific address is relevant to the prefix length of IPv6 address you set. Set the prefix length of IPv6 address which router is expected to obtain from DHCP Server.
Table 3-2-1-8 DHCP Client Parameters

3. PPPoE PPPoE refers to a point to point protocol over Ethernet. User has to install a PPPoE client on the basis of original connection way. With PPPoE, remote access devices can get control of each user.

PPPoE Item Username

Figure 3-2-1-10
Description Enter the username provided by your Internet Service Provider (ISP).

30

Password Link Detection Interval (s) Max Retries
Use Peer DNS

Enter the password provided by your Internet Service Provider (ISP).
Set the heartbeat interval for link detection. Range: 1-600.
Set the maximum retry times after it fails to dial up. Range: 0-9. Obtain peer DNS automatically during PPP dialing. DNS is necessary when visiting domain name.
Table 3-2-1-9 PPPoE Parameters

4. Dual-Stack Lite Dual-Stack Lite (DS-Lite) uses IPv4-in-IPv6 tunneling to send a subscriber’s IPv4 packet through a tunnel on the IPv6 access network to the ISP. The IPv6 packet is decapsulated to recover the subscriber’s IPv4 packet and is then sent to the Internet after NAT address and port translation and other LSN related processing. The response packets traverse through the same path to the subscriber.

Dual-Stack Lite Item IPv6 Gateway DS-Lite AFTR Address Local IPv6 Address

Figure 3-2-1-11
Description Set the gateway for WAN port’s IPv6 address. Set the DS-Lite AFTR server address. Set the WAN port IPv6 address which use the same subnet as IPv6 gateway.
Table 3-2-1-10 Dual-Stack Lite Parameters

31

Related Configuration Example Ethernet WAN Connection
3.2.1.5 Bridge Bridge setting is used for managing local area network devices which are connected to LAN ports of the UR32, allowing each of them to access the Internet.

Bridge Item
Name
STP IP Address

Figure 3-2-1-12
Description Show the name of bridge. “Bridge0” is set by default and cannot be changed. Enable/disable STP. Set the IP address for bridge.

Netmask

Set the Netmask for bridge.

IPv6 Address MTU Multiple IP Address

Set the IPv6 address for bridge. Set the maximum transmission unit. Range: 68-1500. Set the multiple IP addresses for bridge.
Table 3-2-1-11 Bridge Settings

Default
Bridge0
Disable 192.168.1.1 255.255.255. 0 2004::1/64 1500 Null

3.2.1.6 WLAN (Only Applicable to Wi-Fi Version) This section explains how to set the related parameters for Wi-Fi network. UR32 supports 802.11 b/g/n, as AP or client mode.

32

WLAN Item Enable Work Mode
Encryption Mode
BSSID
SSID Client Mode Scan SSID Channel Signal BSSID

Figure 3-2-1-13
Description Enable/disable WLAN. Select router’s work mode. The options are “Client” or “AP”. Select encryption mode. The options are “No Encryption”, “WEP Open System” , “WEP Shared Key”, “WPA-PSK”, “WPA2-PSK” and “WPA- PSK/WPA2-PSK”. Fill in the MAC address of the access point. Either SSID or BSSID can be filled to joint the network. Fill in the SSID of the access point.
Click “Scan” button to search the nearby access point. Show SSID. Show wireless channel. Show wireless signal. Show the MAC address of the access point.

33

Cipher Security

Show the cipher of the access point. Show the encryption mode.

Frequency Show the frequency of radio.

Join Network AP Mode
Radio Type
Channel Cipher Key Bandwidth
SSID Broadcast
AP Isolation
Guest Mode Max Client Number IP Setting Protocol IP Address Netmask Gateway

Click the button to join the wireless network.
Select Radio type. The options are “802.11b (2.4 GHz)”, “802.11g (2.4 GHz)”, “802.11n (2.4 GHz)”. Select wireless channel. The options are “Auto”, “1”, “2”……”11″. Select cipher. The options are “Auto”, “AES”, “TKIP” and “AES/TKIP”. Fill the pre-shared key of WPA encryption. Select bandwidth. The options are “20MHz” and “40MHz”. When SSID broadcast is disabled, other wireless devices can’t not find the SSID, and users have to enter the SSID manually to access to the wireless network. When AP isolation is enabled, all users which access to the AP are isolated without communication with each other. The internal network is not allowed to visit if the guest mode is enabled. Set the maximum number of client to access when the router is configured as AP.
Set the IP address in wireless network. Set the IP address in wireless network. Set the netmask in wireless network. Set the gateway in wireless network.
Table 3-2-1-12 WLAN Parameters

MAC Filtering Item Type
Allow and block the rest

Figure 3-2-1-14
Description In this mode, you can choose the rule according to your security policy, which is Allow and Block the Rest’ andBlock and Allow the Rest’, the default value is Disabled. Only the listed MAC addresses are allowed to connect to the router’s wireless access point.

34

Block and allow the rest
Related Topic Wi-Fi Application Example

The listed MAC addresses are not allowed to connect to the router’s wireless access point.
Table 3-2-1-13 MAC Filtering Parameters

3.2.1.7 Switch VLAN is a kind of new data exchange technology that realizes virtual work groups by logically dividing the LAN device into network segments.

Figure 3-2-1-15

Switch

Item

Description

LAN Settings

Name

Set interface name of VLAN.

VLAN ID

Select VLAN ID of the interface.

IP Address Set IP address of LAN port.

Netmask

Set Netmask of LAN port.

MTU

Set the maximum transmission unit of LAN port. Range: 68-1500.

VLAN Settings

VLAN ID

Set the label ID of the VLAN. Range: 1-4094.

LAN 1/2

Make the VLAN bind with the corresponding ports and select status from “Tagged”, “Untagged” and “Close” for Ethernet frame on trunk link.

CPU

Control communication between VLAN and other networks.

Table 3-2-1-14 VLAN Trunk Parameters

3.2.1.8 Loopback

Loopback interface is used for replacing router’s ID as long as it is activated. When the interface is DOWN, the ID of the router has to be selected again which leads to long convergence time of OSPF. Therefore, Loopback interface is generally recommended as the ID of the router. Loopback interface is a logic and virtual interface on router. Under default conditions, there’s no loopback interface on router, but it can be created as required.

35

Loopback Item IP Address Netmask Multiple IP Addresses

Figure 3-2-1-16
Description Unalterable Unalterable Apart from the IP above, user can configure other IP addresses.
Table 3-2-1-15 Loopback Parameters

Default 127.0.0.1 255.0.0.0
Null

3.2.2 DHCP DHCP adopts Client/Server communication mode. The Client sends configuration request to the Server which feeds back corresponding configuration information and distributes IP address to the Client so as to achieve the dynamic configuration of IP address and other information.
3.2.2.1 DHCP Server/DHCPv6 Server UR32 can be set as a DHCP server or DHCPv6 server to distribute IP address when a host logs on and ensures each host is supplied with different IP addresses. DHCP Server has simplified some previous network management tasks requiring manual operations to the largest extent. UR32 only supports stateful DHCPv6 when working as DHCPv6 server.

36

Figure 3-2-2-1

DHCP Server Item Enable Interface Start Address
End Address
Netmask

Figure 3-2-2-2

Description Enable or disable DHCP server. Select interface. Define the beginning of the pool of IP addresses which will be leased to DHCP clients. Define the end of the pool of IP addresses which will be leased to DHCP clients. Define the subnet mask of IPv4 address obtained by DHCP clients from DHCP server.

Default Enable Bridge0 192.168.1.1 00 192.168.1.1 99 255.255.255 .0

37

Prefix Length
Lease Time (Min) Primary DNS Server Secondary DNS Server Windows Name Server Static IP
MAC Address
DUID
IP Address

Set the IPv6 prefix length of IPv6 address obtained by DHCP clients from DHCP server. Set the lease time on which the client can use the IP address obtained from DHCP server. Range: 1-10080. Set the primary DNS server.

64 1440 192.168.1.1

Set the secondary DNS server.

Null

Define the Windows Internet Naming Service obtained by DHCP clients from DHCP sever. Generally you can leave it Null blank.

Set a static and specific MAC address for the DHCP client

(it should be different from other MACs so as to avoid

Null

conflict).

Set a static and specific DUID for the DHCPv6 client (it Null
should be different from other DUID so as to avoid conflict).

Set a static and specific IP address for the DHCP client (it should be outside of the DHCP range).

Null

Table 3-2-2-1 DHCP Server Parameters

3.2.2.2 DHCP Relay

UR32 can be set as DHCP Relay to provide a relay tunnel to solve the problem that DHCP Client and DHCP Server are not in the same subnet.

DHCP Relay Item Enable
DHCP Server

Figure 3-2-2-3
Description Enable or disable DHCP relay. Set DHCP server, up to 10 servers can be configured; separate them by blank space or “,”.
Table 3-2-2-2 DHCP Relay Parameters

38

3.2.3 Firewall
This section describes how to set the firewall parameters, including security, ACL, DMZ, Port Mapping, MAC Binding and SPI. The firewall implements corresponding control of data flow at entry direction (from Internet to local area network) and exit direction (from local area network to Internet) according to the content features of packets, such as protocol style, source/destination IP address, etc. It ensures that the router operate in a safe environment and host in local area network.
3.2.3.1 Security

Figure 3-2-3-1

Item

Description

Prevent Attack

DoS/DDoS Protection Enable/disable Prevent DoS/DDoS Attack.

Access Service Control

Port

Set port number of the services. Range: 1-65535.

Local

Access the router locally.

Remote

Access the router remotely.

HTTP

Users can log in the device locally via HTTP to

Default
Disable
-Enable Disable 80

39

HTTPS
TELNET SSH FTP Website Blocking URL Blocking Keyword Blocking

access and control it through Web after the option

is checked.

Users can log in the device locally and remotely

via HTTPS to access and control it through Web 443

after option is checked.

Users can log in the device locally and remotely

23

via Telnet after the option is checked.

Users can log in the device locally and remotely 22
via SSH after the option is checked.

Users can log in the device locally and remotely 21
via FTP after the option is checked.

Enter the HTTP address which you want to block. You can block specific website by entering keyword. The maximum number of character allowed is 64.
Table 3-2-3-1 Security Parameters

3.2.3.2 ACL
Access control list, also called ACL, implements permission or prohibition of access for specified network traffic (such as the source IP address) by configuring a series of matching rules so as to filter the network interface traffic. When router receives packet, the field will be analyzed according to the ACL rule applied to the current interface. After the special packet is identified, the permission or prohibition of corresponding packet will be implemented according to preset strategy. The data package matching rules defined by ACL can also be used by other functions requiring flow distinction.

Item ACL Setting

Figure 3-2-3-2
Description

40

Default Filter Policy
Access Control List Type ID Action Protocol Source IP Source Wildcard Mask Destination IP Destination Wildcard Mask Description ICMP Type ICMP Code Source Port Type Source Port Start Source Port End Source Port
Destination Port Type
Destination Port Start Destination Port End Destination Port More Details Interface List Interface In ACL Out ACL

Select from “Accept” and “Deny”. The packets which are not included in the access control list will be processed by the default filter policy.
Select type from “Extended” and “Standard”. User-defined ACL number. Range: 1-199. Select from “Permit” and “Deny”. Select protocol from “ip”, “icmp”, “tcp”, “udp”, and “1-255”. Source network address (leaving it blank means all). Wildcard mask of the source network address. Destination network address (0.0.0.0 means all).
Wildcard mask of destination address.
Fill in a description for the groups with the same ID. Enter the type of ICMP packet. Range: 0-255. Enter the code of ICMP packet. Range: 0-255. Select source port type, such as specified port, port range, etc. Set source port number. Range: 1-65535. Set start source port number. Range: 1-65535. Set end source port number. Range: 1-65535. Select destination port type, such as specified port, port range, etc. Set destination port number. Range: 1-65535. Set start destination port number. Range: 1-65535. Set end destination port number. Range: 1-65535. Show information of the port.
Select network interface for access control. Select a rule for incoming traffic from ACL ID. Select a rule for outgoing traffic from ACL ID.
Table 3-2-3-2 ACL Parameters

Related Configuration Example Access Control Application Example

3.2.3.3 Port Mapping Port mapping is an application of network address translation (NAT) that redirects a communication request from the combination of an address and port number to another while the packets are traversing a network gateway such as a router or firewall.
Click to add a new port mapping rules.

41

Port Mapping Item Source IP
Source Port
Destination IP
Destination Port Protocol Description

Figure 3-2-3-3
Description Specify the host or network which can access local IP address. 0.0.0.0/0 means all. Enter the TCP or UDP port from which incoming packets are forwarded. Range: 1-65535. Enter the IP address that packets are forwarded to after being received on the incoming interface. Enter the TCP or UDP port that packets are forwarded to after being received on the incoming port(s). Range: 1-65535. Select from “TCP” and “UDP” as your application required. The description of this rule.
Table 3-2-3-3 Port Mapping Parameters

Related Configuration Example NAT Application Example

3.2.3.4 DMZ DMZ is a host within the internal network that has all ports exposed, except those forwarded ports in port mapping.

Figure 3-2-3-4
42

DMZ Item Enable DMZ Host
Source Address

Description Enable or disable DMZ. Enter the IP address of the DMZ host on the internal network. Set the source IP address which can access to DMZ host. “0.0.0.0/0” means any address.
Table 3-2-3-4 DMZ Parameters

3.2.3.5 MAC Binding MAC Binding is used for specifying hosts by matching MAC addresses and IP addresses that are in the list of allowed outer network access.

MAC Binding List Item MAC Address IP Address
Description

Figure 3-2-3-5
Description Set the binding MAC address. Set the binding IP address. Fill in a description for convenience of recording the meaning of the binding rule for each piece of MAC-IP.
Table 3-2-3-5 MAC Binding Parameters

3.2.3.6 Custom Rules

In this page, you can configure your own custom firewall iptables rules.

Figure 3-2-3-6
43

Custom Rules Item
Rule
Description

Description Specify an iptables rule like the example shows. Tips: You must reboot the device to take effect after modifying or deleting the iptables rules. Enter the description of the rule.

Table 3-2-3-6 Custom Rules Parameters

3.2.3.7 SPI

SPI Firewall Item Enable Filter Proxy
Filter Cookies
Filter ActiveX Filter Java Applets Filter Multicast Filter IDENT(port 113) Block WAN SNMP access
Filter WAN NAT Redirection
Block Anonymous WAN Requests

Figure 3-2-3-7
Description Enable/disable SPI firewall. Blocks HTTP requests containing the “Host”: string. Identifies HTTP requests that contain “Cookie”: String and mangle the cookie. Attempts to stop cookies from being used. Blocks HTTP requests of the URL that ends in “.ocx” or “.cab”. Blocks HTTP requests of the URL that ends in “.js” or “.class”. Prevent multicast packets from reaching the LAN. Prevent WAN access to Port 113. Block SNMP requests from the WAN. Prevent hosts on LAN from using WAN address of router to connect servers on the LAN (which have been configured using port redirection).
Stop the router from responding to “pings” from the WAN.
Table 3-2-3-7 SPI Parameters

44

3.2.4 QoS Quality of service (QoS) refers to traffic prioritization and resource reservation control mechanisms rather than the achieved service quality. QoS is engineered to provide different priority for different applications, users, data flows, or to guarantee a certain level of performance to a data flow.

QoS Item Download/Upload Enable Default Category Download/Upload Bandwidth Capacity Service Category Name Percent (%)
Max BW(kbps)
Min BW(kbps)
Service Category Rules Item

Figure 3-2-4-1
Description
Enable or disable QoS. Select the default category from Service Category list. The download/upload bandwidth capacity of the network that the router is connected with, in kbps. Range: 1-8000000.
You can use characters such digits, letters and “-“. Set percent for the service category. Range: 0-100. The maximum bandwidth that this category is allowed to consume, in kbps. The value should be less than the “Download/Upload Bandwidth Capacity” when the traffic is blocked. The minimum bandwidth that can be guaranteed for the category, in kbps.The value should be less than the “MAX BW” value.
Description

45

Name

Give the rule a descriptive name.

Source IP

Source address of flow control (leaving it blank means any).

Source Port Destination IP Destination Port

Source port of flow control. Range: 0-65535 (leaving it blank means any). Destination address of flow control (leaving it blank means any). Destination port of flow control. Range: 0-65535 (leaving it blank means any).

Protocol

Select protocol from “ANY”, “TCP”, “UDP”, “ICMP”, and “GRE”.

Service Category

Set service category for the rule.

Table 3-2-4-1 QoS (Download/Upload) Parameters

Related Configuration Example

QoS Application Example

3.2.5 VPN
Virtual Private Networks, also called VPNs, are used to securely connect two private networks together so that devices can connect from one network to the other network via secure channels. The UR32 supports DMVPN, IPsec, GRE, L2TP, PPTP, OpenVPN, as well as GRE over IPsec and L2TP over IPsec.
3.2.5.1 DMVPN
A dynamic multi-point virtual private network (DMVPN), combining mGRE and IPsec, is a secure network that exchanges data between sites without passing traffic through an organization’s headquarter VPN server or router.

46

DMVPN Item Enable Hub Address Local IP address GRE Hub IP Address GRE Local IP Address GRE Netmask GRE Key Negotiation Mode Authentication Algorithm Encryption Algorithm
DH Group
Key Local ID Type IKE Life Time (s)
SA Algorithm
PFS Group
Life Time (s) DPD Interval Time (s) DPD Timeout (s) Cisco Secret NHRP Holdtime (s)

Figure 3-2-5-1
Description Enable or disable DMVPN. The IP address or domain name of DMVPN Hub. DMVPN local tunnel IP address. GRE Hub tunnel IP address. GRE local tunnel IP address. GRE local tunnel netmask. GRE tunnel key. Select from “Main” and “Aggressive”. Select from “DES”, “3DES”, “AES128”, “AES192” and “AES256”. Select from “MD5” and “SHA1”. Select from “MODP768_1”, “MODP1024_2” and “MODP1536_5”. Enter the preshared key. Select from “Default”, “ID”, “FQDN”, and “User FQDN” Set the lifetime in IKE negotiation. Range: 60-86400. Select from “DES_MD5”, “DES_SHA1”, “3DES_MD5”, “3DES_SHA1”, “AES128_MD5”, “AES128_SHA1”, “AES192_MD5”, “AES192_SHA1”, “AES256_MD5” and “AES256_SHA1”. Select from “NULL”, “MODP768_1”, “MODP1024_2” and “MODP1536-5”. Set the lifetime of IPsec SA. Range: 60-86400. Set DPD interval time Set DPD timeout. Cisco Nhrp key. The holdtime of NHRP protocol.
Table 3-2-5-1 DMVPN Parameters

3.2.5.2 IPSec Server
IPsec is especially useful for implementing virtual private networks and for remote user access through dial-up connection to private networks. A big advantage of IPsec is that security arrangements can be handled without requiring changes to individual user computers. IPsec provides three choices of security service: Authentication Header (AH), Encapsulating Security Payload (ESP), and Internet Key Exchange (IKE). AH essentially allows authentication of the senders’ data. ESP supports both authentication of the sender and data encryption. IKE is used for cipher code exchange. All of them can protect one and more data flows between hosts, between host and gateway, and between gateways.

47

IPsec Server Item Enable IPsec Mode IPsec Protocol Local Subnet Local Subnet Netmask Local ID Type Remote Subnet Remote Subnet Mask Remote ID type

Figure 3-2-5-2
Description Enable IPsec tunnel. A maximum of 3 tunnels is allowed. Select from “Tunnel” and “Transport”. Select from “ESP” and “AH”. Enter the local subnet IP address that IPsec protects. Enter the local netmask that IPsec protects. Select from “Default”, “ID”, “FQDN”, and “User FQDN”. Enter the remote subnet IP address that IPsec protects. Enter the remote netmask that IPsec protects. Select from “Default”, “ID”, “FQDN”, and “User FQDN”.
Table 3-2-5-2 IPsec Parameters

48

Figure 3-2-5-3

IKE Parameter Item IKE Version Negotiation Mode Encryption Algorithm Authentication Algorithm DH Group Local Authentication

Figure 3-2-5-4
Description Select from “IKEv1” and “IKEv2”. Select from “Main” and “Aggressive”. Select from “DES”, “3DES”, “AES128”, “AES192” and “AES256”. Select from “MD5″ and ” SHA1″ Select from “MODP768_1”, “MODP1024_2” and “MODP1536_5”. Select from “PSK” and “CA”.

49

XAUTH Lifetime (s) XAUTH List Username Password PSK List Selector PSK SA Parameter
SA Algorithm
PFS Group
Lifetime (s) DPD Interval Time(s) DPD Timeout(s) IPsec Advanced Enable Compression
VPN Over IPsec Type
Expert Options

Enter XAUTH username and password after XAUTH is enabled. Set the lifetime in IKE negotiation. Range: 60-86400.
Enter the username used for the xauth authentication. Enter the password used for the xauth authentication.
Enter the corresponding identification number for PSK authentication. Enter the pre-shared key.
Select from “DES_MD5”, “DES_SHA1”, “3DES_MD5”, “3DES_SHA1”, “AES128_MD5”, “AES128_SHA1”, “AES192_MD5”, “AES192_SHA1”, “AES256_MD5” and “AES256_SHA1”. Select from “NULL”, “MODP768_1” , “MODP1024_2” and “MODP1536_5”. Set the lifetime of IPsec SA. Range: 60-86400. Set DPD interval time to detect if the remote side fails. Set DPD timeout. Range: 10-3600.
The head of IP packet will be compressed after it’s enabled. Select from “NONE”, “GRE” and “L2TP” to enable VPN over IPsec function. User can enter some other initialization strings in this field and separate the strings with “;”. For example, if more local or remote subnet need to be added, users can add contents here.
Table 3-2-5-3 IPsec Server Parameters

50

3.2.5.3 IPSec

IPsec Item Enable
IPsec Gateway Address
IPsec Mode IPsec Protocol Local Subnet Local Subnet Netmask Local ID Type Remote Subnet Remote Subnet Mask Remote ID type

Figure 3-2-5-5
Description Enable IPsec tunnel. A maximum of 3 tunnels is allowed. Enter the IP address or domain name of remote IPsec server. Select from “Tunnel” and “Transport”. Select from “ESP” and “AH”. Enter the local subnet IP address that IPsec protects. Enter the local netmask that IPsec protects. Select from “Default”, “ID”, “FQDN”, and “User FQDN”. Enter the remote subnet IP address that IPsec protects. Enter the remote netmask that IPsec protects. Select from “Default”, “ID”, “FQDN”, and “User FQDN”.
Table 3-2-5-4 IPsec Parameters

51

IKE Parameter Item IKE Version Negotiation Mode Encryption Algorithm Authentication Algorithm DH Group Local Authentication Local Secrets XAUTH Lifetime (s) SA Parameter
SA Algorithm

Figure 3-2-5-6
Description Select from “IKEv1” and “IKEv2”. Select from “Main” and “Aggressive”. Select from “DES”, “3DES”, “AES128”, “AES192” and “AES256”. Select from “MD5″ and ” SHA1″ Select from “MODP768_1”, “MODP1024_2” and “MODP1536_5”. Select from “PSK” and “CA”. Enter the pre-shared key. Enter XAUTH username and password after XAUTH is enabled. Set the lifetime in IKE negotiation. Range: 60-86400.
Select from “DES_MD5”, “DES_SHA1”, “3DES_MD5”, “3DES_SHA1”, “AES128_MD5”, “AES128_SHA1”, “AES192_MD5”, “AES192_SHA1”, “AES256_MD5” and “AES256_SHA1”.

52

PFS Group Lifetime (s) DPD Interval Time(s) DPD Timeout(s) IPsec Advanced Enable Compression VPN Over IPsec Type
Expert Option

Select from “NULL”, “MODP768_1” , “MODP1024_2” and “MODP1536_5”. Set the lifetime of IPsec SA. Range: 60-86400. Set DPD interval time to detect if the remote side fails. Set DPD timeout. Range: 10-3600.
The head of IP packet will be compressed after it’s enabled. Select from “NONE”, “GRE” and “L2TP” to enable VPN over IPsec function. User can enter some other initialization strings in this field and separate the strings with “;”. For example, if more local or remote subnet need to be added, users can add contents here.
Table 3-2-5-5 IPsec Parameters

3.2.5.4 GRE
Generic Routing Encapsulation (GRE) is a protocol that encapsulates packets in order to route other protocols over IP networks. It’s a tunneling technology that provides a channel through which encapsulated data message could be transmitted and encapsulation and decapsulation could be realized at both ends. In the following circumstances the GRE tunnel transmission can be applied: – GRE tunnel could transmit multicast data packets as if it were a true network interface. Single use
of IPSec cannot achieve the encryption of multicast. – A certain protocol adopted cannot be routed. – A network of different IP addresses shall be required to connect other two similar networks.

53

GRE Item Enable Remote IP Address Local IP Address Local Virtual IP Address Netmask Peer Virtual IP Address Global Traffic Forwarding Remote Subnet Remote Netmask MTU Key Enable NAT

Figure 3-2-5-7
Description Check to enable GRE function. Enter the real remote IP address of GRE tunnel. Set the local IP address.
Set the local tunnel IP address of GRE tunnel.
Set the local netmask. Enter remote tunnel IP address of GRE tunnel. All the data traffic will be sent out via GRE tunnel when this function is enabled. Enter the remote subnet IP address of GRE tunnel. Enter the remote netmask of GRE tunnel. Enter the maximum transmission unit. Range: 64-1500. Set GRE tunnel key. Enable NAT traversal function.
Table 3-2-5-6 GRE Parameters

3.2.5.5 L2TP
Layer Two Tunneling Protocol (L2TP) is an extension of the Point-to-Point Tunneling Protocol (PPTP) used by an Internet service provider (ISP) to enable the operation of a virtual private network (VPN) over the Internet.

Figure 3-2-5-8
54

L2TP Item Enable Remote IP Address Username Password
Authentication
Global Traffic Forwarding Remote Subnet Remote Subnet Mask Key

Description Check to enable L2TP function. Enter the public IP address or domain name of L2TP server. Enter the username that L2TP server provides. Enter the password that L2TP server provides. Select from “Auto”, “PAP”, “CHAP”, “MS-CHAPv1” and “MS-CHAPv2”. All of the data traffic will be sent out via L2TP tunnel after this function is enabled. Enter the remote IP address that L2TP protects. Enter the remote netmask that L2TP protects. Enter the password of L2TP tunnel.
Table 3-2-5-7 L2TP Parameters

Advanced Settings Item
Local IP Address
Peer IP Address Enable NAT Enable MPPE

Figure 3-2-5-9
Description Set tunnel IP address of L2TP client. Client will obtain tunnel IP address automatically from the server when it’s null. Enter tunnel IP address of L2TP server. Enable NAT traversal function. Enable MPPE encryption.

55

Address/Control Compression Protocol Field Compression Asyncmap Value MRU MTU Link Detection Interval (s)
Max Retries
Expert Options

For PPP initialization. User can keep the default option.
For PPP initialization. User can keep the default option.
One of the PPP protocol initialization strings. User can keep the default value. Range: 0-ffffffff. Set the maximum receive unit. Range: 64-1500. Set the maximum transmission unit. Range: 64-1500 Set the link detection interval time to ensure tunnel connection. Range: 0-600. Set the maximum times of retry to detect the L2TP connection failure. Range: 0-10. User can enter some other PPP initialization strings in this field and separate the strings with blank space.
Table 3-2-5-8 L2TP Parameters

3.2.5.6 PPTP

Point-to-Point Tunneling Protocol (PPTP) is a protocol that allows corporations to extend their own corporate network through private “tunnels” over the public Internet. Effectively, a corporation uses a wide-area network as a single large local area network.

Figure 3-2-5-10
56

PPTP Item Enable
Remote IP Address
Username Password
Authentication
Global Traffic Forwarding Remote Subnet Remote Subnet Mask

Description Enable PPTP client. A maximum of 3 tunnels is allowed. Enter the public IP address or domain name of PPTP server. Enter the username that PPTP server provides. Enter the password that PPTP server provides. Select from “Auto”, “PAP”, “CHAP”, “MS-CHAPv1”, and “MS-CHAPv2”. All of the data traffic will be sent out via PPTP tunnel once enable this function. Set the peer subnet of PPTP. Set the netmask of peer PPTP server.
Table 3-2-5-9 PPTP Parameters

Figure 3-2-5-11

PPTP Advanced Settings

Item

Description

Local IP Address

Set IP address of PPTP client.

Peer IP Address

Enter tunnel IP address of PPTP server.

Enable NAT

Enable the NAT faction of PPTP.

Enable MPPE

Enable MPPE encryption.

Address/Control Compression

For PPP initialization. User can keep the default option.

Protocol Field

For PPP initialization. User can keep the default option.

57

Compression Asyncmap Value MRU MTU Link Detection Interval (s) Max Retries
Expert Options

One of the PPP protocol initialization strings. User can keep the default value. Range: 0-ffffffff. Enter the maximum receive unit. Range: 0-1500. Enter the maximum transmission unit. Range: 0-1500. Set the link detection interval time to ensure tunnel connection. Range: 0-600. Set the maximum times of retrying to detect the PPTP connection failure. Range: 0-10. User can enter some other PPP initialization strings in this field and separate the strings with blank space.
Table 3-2-5-10 PPTP Parameters

Related Configuration Example PPTP Application Example

3.2.5.7 OpenVPN Client
OpenVPN is an open source virtual private network (VPN) product that offers a simplified security framework, modular network design, and cross-platform portability. Advantages of OpenVPN include: – Security provisions that function against both active and passive attacks. – Compatibility with all major operating systems. – High speed (1.4 megabytes per second typically). – Ability to configure multiple servers to handle numerous connections simultaneously. – All encryption and authentication features of the OpenSSL library. – Advanced bandwidth management. – A variety of tunneling options. – Compatibility with smart cards that support the Windows Crypt application program interface
(API).

58

OpenVPN Client Item Enable Protocol Remote IP Address
Port
Interface
Authentication
Local Tunnel IP Remote Tunnel IP
Global Traffic Forwarding
Enable TLS Authentication Username Password

Figure 3-2-5-12
Description Enable OpenVPN client. A maximum of 3 tunnels is allowed. Select from “UDP” and “TCP”. Enter remote OpenVPN server’s IP address or domain name. Enter the listening port number of remote OpenVPN server. Range: 1-65535. Select from “tun” and “tap”. Select from “None”, “Pre-shared”, “Username/Password”, “X.509 cert”, and “X.509 cert+user”. Set local tunnel address. Enter remote tunnel address. All the data traffic will be sent out via OpenVPN tunnel when this function is enabled. Check to enable TLS authentication. Enter username provided by OpenVPN server. Enter password provided by OpenVPN server.

59

Enable NAT Compression Link Detection Interval (s)
Link Detection Timeout (s)
Cipher MTU Max Frame Size Verbose Level Expert Options Local Route Subnet Subnet Mask

Enable NAT traversal function. Select LZO to compress data. Set link detection interval time to ensure tunnel connection. Range: 10-1800. Set link detection timeout. OpenVPN will be reestablished after timeout. Range: 60-3600. Select from “NONE”, “BF-CBC”, “DE-CBC”, “DES-EDE3-CBC”, “AES-128-CBC”, “AES-192-CBC” and “AES-256-CBC”. Enter the maximum transmission unit. Range: 128-1500. Set the maximum frame size. Range: 128-1500. Select from “ERROR”, “WARING”, “NOTICE” and “DEBUG”. User can enter some other PPP initialization strings in this field and separate the strings with blank space.
Set the local route’s IP address. Set the local route’s netmask.
Table 3-2-5-11 OpenVPN Client Parameters

3.2.5.8 OpenVPN Server

The UR32 supports OpenVPN server to create secure point-to-point or site-to- site connections in routed or bridged configurations and remote access facilities.

Figure 3-2-5-13
60

OpenVPN Server Item Enable Protocol Port
Listening IP
Interface
Authentication
Local Virtual IP Remote Virtual IP Client Subnet Client Netmask Renegotiation Interval(s) Max Clients Enable CRL Enable Client to Client Enable Dup Client Enable NAT Compression
Link Detection Interval
Cipher
MTU Max Frame Size Verbose Level
Expert Options
Local Route Subnet Netmask

Figure 3-2-5-14
Description Enable/disable OpenVPN server. Select from TCP and UDP. Fill in listening port number. Range: 1-65535. Enter WAN IP address or LAN IP address. Leaving it blank refers to all active WAN IP and LAN IP address. Select from ” tun” and “tap”. Select from “None”, “Pre-shared”, “Username/Password”, “X.509 cert” and “X. 509 cert +user”. The local tunnel address of OpenVPN’s tunnel. The remote tunnel address of OpenVPN’s tunnel. Local subnet IP address of OpenVPN client. Local netmask of OpenVPN client.
Set interval for renegotiation. Range: 0-86400.
Maximum OpenVPN client number. Range: 1-128. Enable CRL Allow access between different OpenVPN clients. Allow multiple users to use the same certification. Check to enable the NAT traversal function. Select “LZO” to compress data. Set link detection interval time to ensure tunnel connection. Range: 10-1800. Select from “NONE”, “BF-CBC”, “DES-CBC”, “DES-EDE3-CBC”, “AES-128-CBC”, “AES-192-CBC” and “AES-256-CBC”. Enter the maximum transmission unit. Range: 64-1500. Set the maximum frame size. Range: 64-1500. Select from “ERROR”, “WARING”, “NOTICE” and “DEBUG”. User can enter some other PPP initialization strings in this field and separate the strings with blank space.
The real local IP address of OpenVPN client. The real local netmask of OpenVPN client.

61

Account Username & Password

Set username and password for OpenVPN client.
Table 3-2-5-12 OpenVPN Server Parameters

3.2.5.9 Certifications User can import/export certificate and key files for OpenVPN and IPsec on this page.

OpenVPN Client Item CA Public Key Private Key TA Preshared Key PKCS12

Figure 3-2-5-15
Description Import/Export CA certificate file. Import/Export public key file. Import/Export private key file. Import/Export TA key file. Import/Export static key file. Import/Export PKCS12 certificate file.
Table 3-2-5-13 OpenVPN Client Certification Parameters

Figure 3-2-5-16
62

OpenVPN Server Item CA Public Key Private Key DH TA CRL Preshared Key

Description Import/Export CA certificate file. Import/Export public key file. Import/Export private key file. Import/Export DH key file. Import/Export TA key file. Import/Export CRL. Import/Export static key file.
Table 3-2-5-14 OpenVPN Server Parameters

IPsec Item CA Client Key Server Key Private Key CRL

Figure 3-2-5-17
Description Import/Export CA certificate. Import/Export client key. Import/Export server key. Import/Export private key. Import/Export certificate recovery list.
Table 3-2-5-15 IPsec Parameters

Figure 3-2-5-18
63

IPsec Server Item CA Local Certificate Private Key CRL

Description Import/Export CA certificate. Import/Export Local Certificate file. Import/Export private key. Import/Export certificate recovery list.
Table 3-2-5-16 IPsec Server Parameters

3.2.6 IP Passthrough IP Passthrough mode shares or “passes” the Internet providers assigned IP address to a single LAN client device connected to the router.

IP Passthrough Item Enable
Passthrough Mode
MAC

Figure 3-2-6-1
Description Enable or disable IP Passthrough. Select passthrough mode from “DHCPS-Fixed” and “DHCPS-Dynamic”. Set MAC address.
Table 3-2-6-1 IP Passthrough Parameters

3.2.7 Routing
3.2.7.1 Static Routing A static routing is a manually configured routing entry. Information about the routing is manually entered rather than obtained from dynamic routing traffic. After setting static routing, the package for the specified destination will be forwarded to the path designated by user.

64

Static Routing Item Destination Netmask/Prefix Length Interface
Gateway
Distance

Figure 3-2-7-1
Description Enter the destination IP address. Enter the subnet mask or prefix length of destination address. The interface through which the data can reach the destination address. IP address of the next router that will be passed by before the input data reaches the destination address. Priority, smaller value refers to higher priority. Range: 1-255.
Table 3-2-7-1 Static Routing Parameters

3.2.7.2 RIP RIP is mainly designed for small networks. RIP uses Hop Count to measure the distance to the destination address, which is called Metric. In RIP, the hop count from the router to its directly connected network is 0 and the hop count of network to be reached through a router is 1 and so on. In order to limit the convergence time, the specified metric of RIP is an integer in the range of 0 – 15 and the hop count larger than or equal to 16 is defined as infinity, which means that the destination network or host is unreachable. Because of this limitation, the RIP is not suitable for large-scale networks. To improve performance and prevent routing loops, RIP supports split horizon function. RIP also introduces routing obtained by other routing protocols. Each router that runs RIP manages a routing database, which contains routing entries to reach all reachable destinations.

65

Figure 3-2-7-2

RIP

Item

Description

Enable

Enable or disable RIP.

Update Timer Timeout Timer
Garbage Collection Timer

It defines the interval to send routing updates. Range: 5-2147483647, in seconds. It defines the routing aging time. If no update package on a routing is received within the aging time, the routing’s Routing Cost in the routing table will be set to 16. Range: 5-2147483647, in seconds. It defines the period from the routing cost of a routing becomes 16 to it is deleted from the routing table. In the time of Garbage-Collection, RIP uses 16 as the routing cost for sending routing updates. If Garbage Collection times out and the routing still has not been updated, the routing will be completely removed from the routing table. Range: 5-2147483647, in seconds.

Version

RIP version. The options are v1 and v2.

Advanced Settings

Default Information Originate Default information will be released when this function is enabled.

Default Metric

The default cost for the router to reach destination. Range: 0-16

Redistribute Connected

Check to enable.

66

Metric Redistribute Static Metric Redistribute OSPF Metric

Set metric after “Redistribute Connected” is enabled. Range: 0-16. Check to enable. Set metric after “Redistribute Static” is enabled. Range: 0-16. Check to enable. Set metric after “Redistribute OSPF” is enabled. Range: 0-16.
Table 3-2-7-2 RIP Parameters

Figure 3-2-7-3

Item

Description

Distance/Metric Management

Distance

Set the administrative distance that a RIP route learns. Range:

67

IP Address Netmask ACL Name
Metric
Policy in/out Interface ACL Name Filter Policy Policy Type Policy Name Policy in/out Interface Passive Interface Passive Interface Interface Interface Send Version Receive Version Split-Horizon Authentication Mode Authentication String Authentication Key-chain Neighbor IP Address Network IP Address Netmask

1-255. Set the IP address of RIP route. Set the netmask of RIP route. Set ACL name of RIP route. The metric of received route or sent route from the interface. Range: 0-16. Select from “in” and “out”. Select interface of the route. Access control list name of the route strategy.
Select from “access-list” and “prefix-list”. User-defined prefix-list name. Select from “in” and “out”. Select interface from “cellular0”, “LAN1/WAN” and “Bridge0”.
Select interface from “cellular0” and “LAN1/WAN”, “Bridge0”.
Select interface from “cellular0”, “LAN1/WAN” and “Bridge0”. Select from “default”, “v1” and “v2”. Select from “default”, “v1” and “v2”. Select from “enable” and “disable”. Select from “text” and “md5”. The authentication key for package interaction in RIPV2. The authentication key-chain for package interaction in RIPV2.
Set RIP neighbor’s IP address manually.
The IP address of interface for RIP publishing. The netmask of interface for RIP publishing.
Table 3-2-7-3

3.2.7.3 OSPF
OSPF, short for Open Shortest Path First, is a link status based on interior gateway protocol developed by IETF. If a router wants to run the OSPF protocol, there should be a Router ID that can be manually configured. If no Router ID configured, the system will automatically select an IP address of interface

68

as the Router ID. The selection order is as follows: – If a Loopback interface address is configured, then the last configured IP address of Loopback
interface will be used as the Router ID; – If no Loopback interface address is configured, the system will choose the interface with the
biggest IP address as the Router ID.
Five types of packets of OSPF: – Hello packet – DD packet (Database Description Packet) – LSR packet (Link-State Request Packet) – LSU packet (Link-State Update Packet) – LSAck packet (Link-Sate Acknowledgment Packet)
Neighbor and Neighboring After OSPF router starts up, it will send out Hello Packets through the OSPF interface. Upon receipt of Hello packet, OSPF router will check the parameters defined in the packet. If it’s consistent, a neighbor relationship will be formed. Not all matched sides in neighbor relationship can form the adjacency relationship. It is determined by the network type. Only when both sides successfully exchange DD packets and LSDB synchronization is achieved, the adjacency in the true sense can be formed. LSA describes the network topology around a router, LSDB describes entire network topology.

OSPF Item Enable

Figure 3-2-7-4
Description Enable or disable OSPF.

69

Router ID ABR Type RFC1583 Compatibility
OSPF Opaque-LSA
SPF Delay Time SPF Initial-holdtime SPF Max-holdtime Reference Bandwidth

Router ID (IP address) of the originating LSA.
Select from cisco, ibm, standard and shortcut.
Enable/Disable. Enable/Disable LSA: a basic communication means of the OSPF routing protocol for the Internet Protocol (IP). Set the delay time for OSPF SPF calculations. Range: 0-6000000, in milliseconds. Set the initialization time of OSPF SPF. Range: 0-6000000, in milliseconds. Set the maximum time of OSPF SPF. Range: 0-6000000, in milliseconds. Range: 1-4294967, in Mbit.
Table 3-2-7-4 OSPF Parameters

Item Interface Interface Hello Interval (s)
Dead Interval (s)
Retransmit Interval (s) Transmit Delay (s)

Description

Figure 3-2-7-5

Select interface from “cellular0”,”WAN”and “Bridge0”. Send interval of Hello packet. If the Hello time between two adjacent routers is different, the neighbour relationship cannot be established. Range: 1-65535. Dead Time. If no Hello packet is received from the neighbours within the dead time, then the neighbour is considered failed. If dead times of two adjacent routers are different, the neighbour relationship cannot be established. When the router notifies an LSA to its neighbour, it is required to make acknowledgement. If no acknowledgement packet is received within the retransmission interval, this LSA will be retransmitted to the neighbour. Range: 3-65535. It will take time to transmit OSPF packets on the link. So a certain delay

70

time should be increased before transmission the aging time of LSA. This

configuration needs to be further considered on the low-speed link.

Range: 1-65535.

Interface Advanced Options

Interface

Select interface.

Network

Select OSPF network type.

Cost

Set the cost of running OSPF on an interface. Range: 1-65535.

Priority

Set the OSPF priority of interface. Range: 0-255.

Set the authentication mode that will be used by the OSPF area.

Authentication

Simple: a simple authentication password should be configured and confirmed again.

MD5: MD5 key & password should be configured and confirmed again.

Key ID

It only takes effect when MD5 is selected. Range 1-255.

Key

The authentication key for OSPF packet interaction.

Table 3-2-7-5 OSPF Parameters

Item Passive Interface Passive Interface Network IP Address Netmask Area ID Area Area ID
Area

Description

Figure 3-2-7-6

Select interface from “cellular0”, “LAN1/WAN” and “Bridge0”.

The IP address of local network. The netmask of local network. The area ID of original LSA’s router.

Set the ID of the OSPF area (IP address). Select from “Stub” and “NSSA”. The backbone area (area ID 0.0.0.0) cannot be set as “Stub” or “NSSA”.

71

No Summary Authentication

Forbid route summarization. Select authentication from “simple” and “md5”.
Table 3-2–7-6 OSPF Parameters

Figure 3-2-7-7

Area Advanced Options

Item

Description

Area Range Area ID IP Address Netmask No Advertise Cost Area Filter Area ID Filter Type

The area ID of the interface when it runs OSPF (IP address). Set the IP address. Set the netmask. Forbid the route information to be advertised among different areas. Range: 0-16777215
Select an Area ID for Area Filter. Select from “import”, “export”, “filter- in”, and “filter-out”.

ACL Name

Enter an ACL name which is set on “Routing > Routing Filtering” webpage.

Area Virtual Link Area ID ABR Address Authentication Key ID Key
Hello Interval
Dead Interval

Set the ID number of OSPF area. ABR is the router connected to multiple outer areas. Select from “simple” and “md5”. It only takes effect when MD5 is selected. Range 1-15. The authentication key for OSPF packet interaction. Set the interval time for sending Hello packets through the interface. Range: 1-65535. The dead interval time for sending Hello packets through the interface. Range: 1-65535.

Retransmit

The retransmission interval time for re-sending LSA. Range: 1-65535.

72

Interval Transmit Delay

The delay time for LSA transmission. Range: 1-65535.
Table 3-2-7-7 OSPF Parameters

Figure 3-2-7-8

Item

Description

Redistribution Redistribution Type Metric Metric Type Route Map

Select from “connected”, “static” and “rip”. The metric of redistribution router. Range: 0-16777214. Select Metric type from “1” and “2”. Mainly used to manage route for redistribution.

Redistribution Advanced Options

Always Redistribute Default Route

Send redistribution default route after starting up.

Redistribute Default Route Metric Redistribute Default Route Metric Type

Send redistribution default route metric. Range: 0-16777214. Select from “0”, “1” and “2”.

Distance Management

Area Type Distance

Select from “intra-area”, “inter-area” and “external”. Set the OSPF routing distance for area learning. Range: 1-255.

Table 3-2-7-8 OSPF Parameters

73

3.2.7.4 Routing Filtering

Figure 3-2-7-9

Routing Filtering

Item

Description

Access Control List

Name

User-defined name, need to start with a letter. Only letters, digits and underline (_) are allowed.

Action

Select from “permit” and “deny”.

Match Any

No need to set IP address and subnet mask.

IP Address User-defined.

Netmask

User-defined.

IP Prefix-List

Name

User-defined name, need to start with a letter. Only letters, digits and underline (_) are allowed.

Sequence

A prefix name list can be matched with multiple rules. One rule is matched with

Number

one sequence number. Range: 1-4294967295.

Action

Select from “permit” and “deny”.

Match Any

No need to set IP address, subnet mask, FE Length, and LE Length.

IP Address User-defined.

Netmask

User-defined.

FE Length

Specify the minimum number of mask bits that must be matched. Range: 0-32.

LE Length

Specify the maximum number of mask bits that must be matched. Range: 0-32.

Table 3-2-7-9 Routing Filtering Parameters

3.2.8 VRRP
The Virtual Router Redundancy Protocol (VRRP) is a computer networking protocol that provides automatic assignment of available Internet Protocol (IP) routers for participating hosts. This increases the availability and reliability of routing paths via automatic default gateway selections in

74

an IP sub-network. Increasing the number of exit gateway is a common method for improving system reliability. VRRP adds a group of routers that undertake gateway function into a backup group so as to form a virtual router. The election mechanism of VRRP will decide which router undertakes the forwarding task, and the host in LAN is only required to configure the default gateway for the virtual router. In VRRP, routers need to be aware of failures in the virtual master router. To achieve this, the virtual master router sends out multicast “alive” announcements to the virtual backup routers in the same VRRP group. The VRRP router who has the highest number will become the virtual master router. The VRRP router number ranges from 1 to 255 and usually we use 255 for the highest priority and 100 for backup. If the current virtual master router receives an announcement from a group member (Router ID) with a higher priority, then the latter will pre-empt and become the virtual master router. VRRP has the following characteristics: – The virtual router with an IP address is known as the Virtual IP address. For the host in LAN, it is
only required to know the IP address of virtual router, and set it as the address of the next hop of the default route. – The network Host communicates with the external network through this virtual router. – A router will be selected from the set of routers based on its priority to undertake the gateway function. Other routers will be used as backup routers to perform the duties of gateway for the gateway router in the case of any malfunction, so as to guarantee uninterrupted communication between the host and external network. When interface connected with the uplink is at the state of Down or Removed, the router actively lowers its priority so that priority of other routers in the backup group will be higher. Thus the router with the highest priority becomes the gateway for the transmission task.
Figure 3-2-8-1
75

VRRP Item Enable Interface Virtual Router ID Virtual IP Priority Advertisement Interval (s)
Preemption Mode
IPV4 Primary Server
IPV4 Secondary Server Interval Retry Interval
Timeout
Max Ping Retries

Description Enable or disable VRRP. Select the interface of Virtual Router. User-defined Virtual Router ID. Range: 1-255. Set the IP address of Virtual Router. The VRRP priority range is 1-254 (a bigger number indicates a higher priority). The router with higher priority will be more likely to become the gateway router. Heartbeat package transmission time interval between routers in the virtual ip group. Range: 1-255. If the router works in the preemption mode, once it finds that its own priority is higher than that of the current gateway router, it will send VRRP notification package, resulting in re- election of gateway router and eventually replacing the original gateway router. Accordingly, the original gateway router will become a Backup router. The router will send ICMP packet to the IP address or hostn ame to determine whether the Internet connection is still av ailable or not. The router will try to ping the secondary server name if prim ary server is not available. Time interval (in seconds) between two Pings. Set the ping retry interval. When ping failed, the router will pi ng again every retry interval. The maximum amount of time the router will wait for a resp onse to a ping request. If it does not receive a response for the amount of time defined in this field, the ping request will be considered as failure. The retry times of the router sending ping request until dete rmining that the connection has failed.

Default Disable None None None 100
1
Disable
8.8.8.8 114.114. 114.114 300 5
3
3

Table 3-2-8-1 VRRP Parameters

Related Configuration Example VRRP Application Example

3.2.9 DDNS
Dynamic DNS (DDNS) is a method that automatically updates a name server in the Domain Name System, which allows user to alias a dynamic IP address to a static domain name. DDNS serves as a client tool and needs to coordinate with DDNS server. Before starting configuration, user shall register on a website of proper domain name provider and apply for a domain name.

76

DDNS Item Enable Name Interface Service Type Username User ID Password Server Server Path Hostname Append IP

Figure 3-2-9-1
Description Enable/disable DDNS. Give the DDNS a descriptive name. Set interface bundled with the DDNS. Select the DDNS service provider. Enter the username for DDNS register. Enter User ID of the custom DDNS server. Enter the password for DDNS register. Enter the name of DDNS server. By default the hostname is appended to the path. Enter the hostname for DDNS. Append your current IP to the DDNS server update path.

77

Use HTTPS

Enable HTTPS for some DDNS providers.
Table 3-2-9-1 DDNS Parameters

3.3 System
This section describes how to configure general settings, such as administration account, access service, system time, common user management, SNMP, AAA, event alarms, etc. 3.3.1 General Settings
3.3.1.1 General General settings include system info and HTTPS certificates.

General Item System Hostname Web Login Timeout (s) Encrypting Cleartext Passwords HTTPS Certificates
Certificate
Key

Figure 3-3-1-1

Description

Default

User-defined router name, needs to start with a letter.
You need to log in again if it times out. Range: 100-3600.
This function will encrypt all of cleartext passwords into ciphertext passwords.

ROUTER 1800 Enable

Click “Browse” button, choose certificate file on the PC, and then click “Import” button to upload the file into
-router. Click “Export” button will export the file to the PC. Click “Delete” button will delete the file. Click “Browse” button, choose key file on the PC, and then —

78

click “Import” button to upload the file into router. Click “Export” button will export file to the PC. Click “Delete” button will delete the file.
Table 3-3-1-1 General Setting Parameters
3.3.1.2 System Time This section explains how to set the system time including time zone and time synchronization type. Note: to ensure that the router runs with the correct time, it’s recommended that you set the system time when configuring the router.
Figure 3-3-1-2
Figure 3-3-1-3
79

Figure 3-3-1-4

System Time Item Current Time Time Zone Sync Type Sync with Browser Browser Time Set up Manually GPS Time Synchronization Primary NTP Server Secondary NTP Server NTP Server

Figure 3-3-1-5
Description Show the current system time. Click the drop down list to select the time zone you are in. Click the drop down list to select the time synchronization type. Synchronize time with browser. Show the current time of browser. Manually configure the system time.
Synchronize time with GPS.
Enter primary NTP Server’s IP address or domain name. Enter secondary NTP Server’s IP address or domain name.

80

Enable NTP Server

NTP client on the network can achieve time synchronization with router after “Enable NTP Server” option is checked.
Table 3-3-1-2 System Time Parameters

3.3.1.3 Email
SMTP, short for Simple Mail Transfer Protocol, is a TCP/IP protocol used in sending and receiving e-mail. This section describes how to configure email settings and add email groups for alarms and events.

SMTP Client Settings Item Enable Email Address Password SMTP Server Address Port
Encryption

Figure 3-3-1-6
Description Enable or disable SMTP client function. Enter the sender’s email account. Enter the sender’s email password. Enter SMTP server’s domain name. Enter SMTP server port. Range: 1-65535. Select from: None, TLS/SSL, STARTTLS. None: No encryption. The default port is 25. STARTTLS: STARTTLS is a way to take an existing insecure connection and upgrade it to a secure connection by using SSL/TLS. The default port is 587. TLS/SSL: SSL and TLS both provide a way to encrypt a communication channel between two computers (e.g. your computer and our server). TLS is the successor to SSL and the terms SSL and TLS are used interchangeably unless you’re referring to a specific version of the protocol.The default port is 465.
Table 3-3-1-3 SMTP Setting

81

Figure 3-3-1-7

Item Email List Email Address Description Email Group List Group ID Description List Selected

Description
Enter the Email address. The description of the Email address.
Set number for email group. Range: 1-100. The description of the Email group. Show the Email address list. Show the selected Email address.
Table 3-3-1-4 Email Settings

Related Topics DI Setting Events Setting Events Application Example

3.3.1.4 Storage You can view Micro SD card information on this page.

82

Storage Item Status Storage (Capacity/Available) Format

Figure 3-3-1-8
Description Show the status of Micro SD card, such as “Available” or “Not Inserted”. The total capacity of the Micro SD Card. Format the Micro SD card.
Table 3-3-1-5 Storage Information

3.3.2 Phone&SMS 3.3.2.1 Phone Phone settings involve in call/SMS trigger, SMS control and SMS alarm for events.

Phone Item Phone Number List Number

Figure 3-3-2-1
Description Enter the telephone number. Digits, “+” and “-” are allowed.

83

Description Phone Group List Group ID Description List Selected
Related Topic Connect on Demand

The description of the telephone number.
Set number for phone group. Range: 1-100. The description of the phone group. Show the phone list. Show the selected phone number.
Table 3-3-2-1 Phone Settings

3.3.2.2 SMS SMS settings involve in remote SMS control, sending SMS and SMS receiving and sending status.

SMS Settings Item SMS Mode SMS Remote Control
Authentication Type
Password
Phone Group

Figure 3-3-2-2
Description Select SMS mode from “TEXT” and “PDU”.
Enable/disable SMS Remote Control.
You can choose “phone number” or “password + phone number”. Phone number: Use phone number for authentication. Password + phone number: Use both “”Password”” and “”Phone number”” for authentication. Set password for authentication. Select the Phone group which used for remote control. User can click the Phone Group and set phone number.
Table 3-3-2-2 SMS Remote Control Parameters

84

SMS Item Send SMS Phone Number Content Inbox/Outbox Sender Recipient From To Search Clear All

Figure 3-3-2-3
Description
Enter the number to receive the SMS. SMS content.
SMS sender from outside. SMS recipient which UR32 send to. Select the start date. Select the end date. Search for SMS record. Clear all SMS records in web GUI.
Table 3-3-2-3 SMS Settings

3.3.3 User Management
3.3.3.1 Account Here you can change the login username and password of the administrator. Note: it is strongly recommended that you modify them for the sake of security.

85

Figure 3-3-3-1

Account Item
Username
Old Password New Password Confirm New Password

Description Enter a new username. You can use characters such as a-z, 0-9, “_”, “-“, “$”. The first character can’t be a digit. Enter the old password. Enter a new password. Enter the new password again.
Table 3-3-3-1 Account Settings

3.3.3.2 User Management
This section describes how to create common user accounts. The common user permission includes Read-Only and Read-Write.

Figure 3-3-3-2

User Management

Item Username

Description Enter a new username. You can use characters such as a-z, 0-9, “_”, “-“, “$”. The first character can’t be a digit.

Password

Set password.

Permission

Select user permission from “Read-Only” and “Read-Write”. – Read-Only: users can only view the configuration of router in this level. – Read-Write: users can view and set the configuration of router in this level.

Table 3-3-3-2 User Management

86

3.3.4 SNMP SNMP is widely used in network management for network monitoring. SNMP exposes management data with variables form in managed system. The system is organized in a management information base (MIB) which describes the system status and configuration. These variables can be remotely queried by managing applications. Configuring SNMP in networking, NMS, and a management program of SNMP should be set up at the Manager. Configuration steps are listed as below for achieving query from NMS: 1. Enable SNMP setting. 2. Download MIB file and load it into NMS. 3. Configure MIB View. 4. Configure VCAM.
Related Configuration Example SNMP Application Example
3.3.4.1 SNMP UR32 supports SNMPv1, SNMPv2c and SNMPv3 version. SNMPv1 and SNMPv2c employ community name authentication. SNMPv3 employs authentication encryption by username and password.

SNMP Settings Item Enable
Port
SNMP Version Location Information

Figure 3-3-4-1
Description Enable or disable SNMP function. Set SNMP listened port. Range: 1-65535. The default port is 161. Select SNMP version; support SNMP v1/v2c/v3. Fill in the location information.

87

Contact Information

Fill in the contact information.
Table 3-3-4-1 SNMP Parameters

3.3.4.2 MIB View This section explains how to configure MIB view for the objects.

MIB View Item View Name View Filter View OID Included Excluded

Figure 3-3-4-2
Description Set MIB view’s name. Select from “Included” and “Excluded”. Enter the OID number. You can query all nodes within the specified MIB node. You can query all nodes except for the specified MIB node.
Table 3-3-4-2 MIB View Parameters

3.3.4.3 VACM This section describes how to configure VCAM parameters.

Figure 3-3-4-3

VACM Item SNMP v1 & v2 User List

Description

Community Permission

Set the community name. Select from “Read-Only” and “Read-Write”.

88

MIB View Network Read-Write

Select an MIB view to set permissions from the MIB view list. The IP address and bits of the external network accessing the MIB view. The permission of the specified MIB node is read and write.

Read-Only

The permission of the specified MIB node is read only.

SNMP v3 User Group

Group Name Security Level Read-Only View

Set the name of SNMPv3 group. Select from “NoAuth/NoPriv”, “Auth/NoPriv”, and ” Auth/Priv”. Select an MIB view to set permission as “Read-only” from the MIB view list.

Read-Write View Select an MIB view to set permission as “Read-write” from the MIB view list.

Inform View

Select an MIB view to set permission as “Inform” from the MIB view list.

SNMP v3 User List

Username

Set the name of SNMPv3 user.

Group Name

Select a user group to be configured from the user group.

Authentication Authentication Password

Select from “MD5”, “SHA”, and “None”. The password should be filled in if authentication is “MD5” and “SHA”.

Encryption

Select from “AES”, “DES”, and “None”.

Encryption Password

The password should be filled in if encryption is “AES” and “DES”.

Table 3-3-4-3 VACM Parameters

3.3.4.4 Trap

This section explains how to enable network monitoring by SNMP trap.

SNMP Trap Item Enable SNMP Version Server Address Port
Name

Figure 3-3-3-4
Description Enable or disable SNMP Trap function. Select SNMP version; support SNMP v1/v2c/v3. Fill in NMS’s IP address or domain name. Fill in UDP port. Port range is 1-65535. The default port is 162. Fill in the group name when using SNMP v1/v2c; fill in the username when using SNMP v3.

89

Auth/Priv Mode Select from “NoAuth & No Priv”, “Auth & NoPriv”, and “Auth & Priv”.
Table 3-3-4-4 Trap Parameters
3.3.4.5 MIB This section describes how to download MIB files. The last MIB file “LTE-ROUTER-MIB.txt” is for the UR32 router.

MIB Item MIB File Download

Figure 3-3-4-5
Description Select the MIB file you need. Click “Download” button to download the MIB file to PC.
Table 3-3-4-5 MIB Download

3.3.5 AAA AAA access control is used for visitors control and the available corresponding services once access is allowed. It adopts the same method to configure three independent safety functions. It provides modularization methods for following services: – Authentication: verify if the user is qualified to access to the network. – Authorization: authorize related services available for the user. – Charging: record the utilization of network resources.
3.3.5.1 Radius Using UDP for its transport, Radius is generally applied in various network environments with higher requirements of security and permission of remote user access.

90

Radius Item Enable Server IP Address Server Port
Key

Figure 3-3-5-1
Description Enable or disable Radius. Fill in the Radius server IP address/domain name. Fill in the Radius server port. Range: 1-65535. Fill in the key consistent with that of Radius server in order to get connected with Radius server.
Table 3-3-5-1 Radius Parameters

3.3.5.2 TACACS+
Using TCP for its transport, TACACS+ is mainly used for authentication, authorization and charging of the access users and terminal users by adopting PPP and VPDN.

Figure 3-3-5-2
91

TACACS+ Item Enable Server IP Address Server Port
Key

Description Enable or disable TACACS+. Fill in the TACACS+ server IP address/domain name. Fill in the TACACS+ server port. Range: 1-65535. Fill in the key consistent with that of TACACS+ server in order to get connected with TACACS+ server.
Table 3-3-5-2 TACACS+ Parameters

3.3.5.3 LDAP
A common usage of LDAP is to provide a central place to store usernames and passwords. This allows many different applications and services to connect the LDAP server to validate users.
LDAP is based on a simpler subset of the standards contained within the X.500 standard. Because of this relationship, LDAP is sometimes called X.500-lite as well.

LDAP Item Enable
Server IP Address
Server Port Base DN Security

Figure 3-3-5-3
Description Enable or Disable LDAP. Fill in the LDAP server’s IP address/domain name. The maximum count is 10. Fill in the LDAP server’s port. Range: 1-65535 The top of LDAP directory tree. Select secure method from “None”, “StartTLS” and “SSL”.

92

Username Password

Enter the username to access the server. Enter the password to access the server.
Table 3-3-5-3 LDAP Parameters

3.3.5.4 Authentication
AAA supports the following authentication ways: – None: uses no authentication, generally not recommended. – Local: uses the local username database for authentication.
Advantages: rapidness, cost reduction. Disadvantages: storage capacity limited by hardware. – Remote: has user’s information stored on authentication server. Radius, TACACS+ and LDAP supported for remote authentication. When radius, TACACS+, and local are configured at the same time, the priority level is: 1

2 >3.

Authentication Item Console Web Telnet SSH

Figure 3-3-5-4
Description Select authentication for Console access. Select authentication for Web access. Select authentication for Telnet access. Select authentication for SSH access.
Table 3-3-5-4 Authentication Parameters

3.3.6 Device Management

3.3.6.1 DeviceHub
You can connect the device to the Milesight DeviceHub on this page so as to manage the router centrally and remotely. For more details please refer to DeviceHub User Guide.

93

DeviceHub Item Status
Disconnected Server Address
Activation Method
Authentication Code Account name Password

Figure 3-3-6-1
Description Show the connection status between the router and the DeviceHub. Click this button to disconnect the router from the DeviceHub. IP address or domain of the device management server. Select activation method to connect the router to the DeviceHub server, options are “By Authentication Code” and “By Account name”. Fill in the authentication code generated from the DeviceHub. Fill in the registered DeviceHub account (email) and password.
Table 3-3-6-1

3.3.6.2 Milesight VPN
You can connect the device to the Milesight VPN on this page so as to manage the router and connected devices centrally and remotely. For more details please refer to MilesightVPN User Guide.

94

Figure 3-3-6-2

Milesight VPN

Item

Description

Milesight VPN Settings

Server

Enter the IP address or domain name of Milesight VPN.

Port

Enter the HTTPS port number.

Authorization code Enter the authorization code which generated by Milesight VPN.

Device Name

Enter the name of the device.

Milesight VPN Status

Status

Show the connection information about whether the router is connected to the Milesight VPN.

Local IP

Show the virtual IP of the router.

Remote IP

Show the virtual IP of the Milesight VPN.

Duration

Show the information on how long the router has been connected to the Milesight VPN.

Table 3-3-6-2

95

3.3.7 Events Event feature is capable of sending alerts by Email when certain system events occur. 3.3.7.1 Events You can view alarm messages on this page.

Events Item Mark as Read Delete Mark All as Read Delete All Alarms
Status
Type Time Message

Figure 3-3-7-1
Description Mark the selected event alarm as read. Delete the selected event alarm. Mark all event alarms as read. Delete all event alarms. Show the reading status of the event alarms, such as “Read” and “Unread”. Show the event type that should be alarmed. Show the alarm time. Show the alarm content.
Table 3-3-7-1 Events Parameters

3.3.7.2 Events Settings
In this section, you can decide what events to record and whether you want to receive email and SMS notifications when any change occurs.

96

Figure 3-3-7-2

Event Settings Item Enable Phone Group List Email Group List
Record
Email

Figure 3-3-7-3
Description Check to enable “Events Settings”. Select phone group to receive SMS alarm. Select email group to receive alarm. The relevant content of event alarm will be recorded on “Event” page if this option is checked. The relevant content of event alarm will be sent out via email if this option is checked.

97

Email Setting
SMS
SMS Setting
VPN Up VPN Down WAN Up WAN Down Link Switch Weak Signal Cellular Up Cellular Down Cellular Data Stats Clear Cellular Data Traffic is running out Cellular Data Traffic Over Flow WLAN Up(AP) WLAN Down(AP) WLAN Up(Client) WLAN Down(Client)
Related Topics Email Setting Events Application Example

Click and you will be redirected to the page “Email” to configure email group list. The relevant content of event alarm will be sent out via SMS if this option is checked. Click and you will be redirected to the page of “Phone” to configure phone group list. VPN is connected. VPN is disconnected. Ethernet cable is connected to WAN port. Ethernet cable is disconnected to WAN port. Switch to use other interface for Internet access. The signal level of cellular is low. Cellular network is connected. Cellular network is disconnected.
Zero out the data usage of the main SIM card.
The main SIM card is reaching the data usage limit.
The main SIM card has exceeded the data usage plan.
The WLAN(AP) is enabled. The WLAN(AP) has stopped working. The WLAN(Client) is enabled. The WLAN(Client) has stopped working.
Table 4-3-7-2 Events Parameters

3.4 Industrial Interface
UR32 router is capable of connecting with terminals through industrial interfaces so as to realize wireless communication between terminals and remote data center. There are two types of the router’s industrial interface: serial port (RS232 and RS485) and I/O (digital input and digital output). RS232 adopts full-duplex communication. It’s generally used for communication within 20m. RS485 adopts half-duplex communication to achieve transmission of serial communication data with distance up to 120m. Digital input of I/O interface is a logical variable or switch variable with only two values of 0 and 1. “0” refers to low level and “1” refers to high level .

98

3.4.1 I/O
3.4.1.1 DI This section explains how to configure monitoring condition on digital input, and take certain actions once the condition is reached.

Figure 3-4-1-1

DI Item Enable Mode Duration (ms) Condition
Low->High
High->Low
Counter
Action
SMS Phone Group SMS Content Email Email Group Email Content DO Cellular UP

Description Enable or disable DI. Options are “High Level”, “Low Level”, and “Counter”. Set the duration of high/low level in digital input. Range: 1-10000. Select from “Low->High”, and “High-> Low”. The counter value will increase by 1 if digital input’s status changes from low level to high level. The counter value will increase by 1 if digital input’s status changes from high level to low level. The system will take actions accordingly when the counter value reach the preset one, and then reset the counter value to 0. Range: 1-100. Select the corresponding actions that the system will take when digital input mode meets the preset condition or duration. Check to enable SMS alarm. Set phone group to receive SMS alarm. Set the content of SMS alarm. Check to enable Email alarm. Set phone group to receive email alarm. Set the content of email alarm. Control output status of DO. Trigger the router to switch from offline mode to cellular network mode.

Table 3-4-1-1 DI Parameters

Related Topics

DO Setting

99

Email Setting Connect on Demand
3.4.1.2 DO This section describes how to configure digital output mode.

DO Item Enable Mode
Duration (10ms)
Initial Status Duration of High Level (
10ms) Duration of Low Level (*10ms) The Number of Pulse
Phone Group
Related Topics DI Setting

Figure 3-4-1-2
Description Enable or disable DO. Select from “High Level”, “Low Level”, “Pulse” and “Custom” . Set duration of high/low level on digital output. Range: 1-10000. Select high level or low level as the initial status of the pulse.
Set the duration of pulse’s high level. Range: 1-10000.
Set the duration of pulse’s low level. Range: 1-10000.
Set the quantity of pulse. Range: 1-100. Select phone group which will be used for I/O configuration. User can click the Phone Group and set phone number.
Table 3-4-1-2 DO Settings

3.4.2 Serial Port
This section explains how to configure serial port parameters to achieve communication with serial terminals, and configure work mode to achieve communication with the remote data center, so as to achieve two-way communication between serial terminals and remote data center.

100

Serial Settings Item Enable Serial Type Baud Rate
Data Bits
Stop Bits
Parity Software Flow Control Serial Mode
DTU Mode
GPS
Modbus Master
Modbus Slave

Figure 3-4-2-1

Description Enable or disable serial port function. RS232 or RS485. Range is 300-230400. Same with the baud rate of the connected terminal device. Options are “8” and “7”. Same with the data bits of the connected terminal device. Options are “1” and “2”. Same with the stop bits of the connected terminal device. Options are “None”, “Odd” and “Even”. Same with the parity of the connected terminal device.

Default Disable -9600
8
1
None

Enable or disable software flow control.

Disable

Select work mode of the serial port. Options are “DTU Mode” , “Modbus Master”, “Modbus Slave” and “GPS”. In DTU mode, the serial port can establish communication with the remote server/client. In GPS mode, go to “Industrial > GPS > GPS Serial Forwarding” to select corresponding Serial Type, then GPS data will be forwarded to this serial port. In Modbus Master mode, go to “Industrial > Modbus Master” to configure basic parameters and channels. In Modbus Slave mode, go to “Industrial > Modbus Slave” to configure basic parameters.
Table 3-4-2-1 Serial Parameters

Disable —

101

DTU Mode Item
DTU Protocol
TCP/UDP Server Listening port Keepalive Interval Keepalive Retry Times Packet Size Serial Frame Interval

Figure 3-4-2-2
Description Select from “None”, “Transparent”, “Modbus”, “UDP server” and “TCP server”. – Transparent: the routed is used as TCP client/UDP and transmits
data transparently. – TCP server: the router is used as TCP server and transmits data
transparently. – UDP server: the router is used as UDP server and transmits data
transparently. – Modbus: the router will be used as TCP server with modbus
gateway function, which can achieve conversion between Modbus RTU and Modbus TCP.
Set the router listening port. Range: 1-65535. After TCP connection is established, client will send heartbeat packet regularly by TCP to keep alive. The interval range is 1-3600 in seconds. When TCP heartbeat times out, router will resend heartbeat. After it reaches the preset retry times, TCP connection will be reestablished. The retry times range is 1-16. Set the size of the serial data frame. Packet will be sent out when preset frame size is reached. The size range is 1-1024. The unit is byte. The interval that the router sends out real serial data stored in the buffer area to public network. The range is 10-65535, in

Default

502 75 9 1024 100

102

milliseconds. Note: data will be sent out to public network when real serial data size reaches the preset packet size, even though it’s within the serial frame interval.

Table 3-4-2-2 DTU Parameters

Item

Description

Default

Transparent

Protocol

Select “TCP” or “UDP” protocol.

TCP

After TCP client is connected with TCP server, the client will send

Keepalive Interval

heartbeat packet by TCP regularly to keep alive. The interval range 75

(s)

is 1-3600, in seconds.

Keepalive Retry Times

When TCP heartbeat times out, the router will resend heartbeat. After it reaches the preset retry times, router will reconnect to TCP 9 server. The range is 1-16.

Packet Size
Serial Frame Interval
Reconnect Interval

Set the size of the serial data frame. Packet will be sent out when preset frame size is reached. The range is 1-1024. The unit is byte. The interval that the router sends out real serial data stored in the buffer area to public network. The range is 10-65535, in milliseconds. Note: data will be sent out to public network when real serial data size reaches the preset packet size, even though it’s within the serial frame interval. After connection failure, router will reconnect to the server at the preset interval, in seconds. The range is 10-60.

1024 100 10

Specific Protocol By Specific Protocol, the router will be able to connect to the

TCP2COM software.

Heartbeat Interval

By Specific Protocol, the router will send heartbeat packet to the

server regularly to keep alive. The interval range is 1-3600, in

30

seconds.

ID

Define unique ID of each router. No longer than 63 characters without space character.

Register String Define register string for connection with the server.

Null

Server Address Fill in the TCP or UDP server address (IP/domain name).

Null

Server Port

Fill in the TCP or UDP server port. Range: 1-65535.

Null

Status

Show the connection status between the router and the server.

Modbus

Local Port Maximum TCP Clients

Set the router listening port. Range: 1-65535.

502

Specify the maximum number of TCP clients allowed to connect th 32
e router which act as a TCP server.

Connection Timeout

If the TCP server does not receive any data from the slave device w ithin the connection timeout period, the TCP connection will be bro 60 ken.

Reading Interval Set the interval for reading remote channels. When a read cycle end 100

103

Response Timeout
Maximum Retries

s, the new read cycle begins until this interval expires. If it is set to 0, the device will restart the new read cycle after all channels have been read. Set the maximum response time that the router waits for the respo nse to the command. If the device does not get a response after th e maximum response time, it’s determined that the command has ti med out. Set the maximum retry times after it fails to read.

3000 3

Table 3-4-2-3 DTU Parameters

Related Configuration Example

DTU Application Example

3.4.3 Modbus Slave This section describes how to achieve I/O status via Modbus TCP, Modbus RTU and Modbus RTU over TCP.
3.4.3.1 Modbus TCP You can define the address of the DI and DO ports so as to poll DI’s status and control DO’s status via Modbus TCP protocol.

Modbus TCP Item Enable Port DI Address DO Address

Figure 3-4-3-1
Description Enable/disable Modbus TCP. Set the router listening port. Range: 1-65535. Define the address of DI, range: 0-255. Define the address of DO, range: 0, 2-255.
Table 3-4-3-1 Modbus TCP Parameters

Default Disable 502 0 0

104

3.4.3.2 Modbus RTU
You can define the address of the DI and DO ports so as to poll DI’s status and control DO’s status via Modbus RTU protocol.

Modbus RTU Item Enable Serial Port
Slave ID
DI Address DO Address

Figure 3-4-3-2
Description Enable/disable Modbus RTU. Select the corresponding serial port. Set slave ID is used for distinguishing different devices on the same link. Define the address of DI, range: 0-255. Define the address of DO, range: 0, 2-255.
Table 3-4-3-2 Modbus RTU Parameters

Default Disable serial
1
0 0

3.4.3.3 Modbus RTU Over TCP
You can define the address of the DI and DO ports so as to poll DI’s status and control DO’s status via Modbus RTU over TCP.

105

Figure 3-4-3-3

Modbus RTU Over TCP

Item

Description

Default

Enable Slave ID

Enable/disable Modbus RTU over TCP function. Set slave ID is used for distinguishing different devices on the same link.

Disable 1

Device ID
Reconnection Interval

Set device ID. The server will get the device ID to the server for identifying identity so that the server can -manage multiple devices. The reconnection interval when the device and the server fails to establish connection or disconnected. 10

DI Address

Define the address of DI, range: 0-255.

0

DO Address

Define the address of DO, range: 0, 2-255.

0

Server List

IP

Enter the IP address of the server.

Port Status

Enter the port of the server.Range: 0-65535. Show the connection status between the router and the server.

Table 3-4-3-3 Modbus RTU Over TCP Parameters

3.4.4 Modbus Master UR32 router can be set as Modbus Master to poll the remote Modbus Slave and send alarm according to the response.
3.4.4.1 Modbus Master You can configure Modbus Master’s parameters on this page.

106

Figure 3-4-4-1

Modbus Master

Item

Description

Enable
Read Interval/s

Enable/disable Modbus master. Set the interval for reading remote channels. When the read cycle ends, the commands which haven’t been sent out will be discard, and the new read cycle begins. If it is set to 0, the device will restart the new read cycle after all channels have been read. Range: 0-600.

Max. Retries Set the maximum retry times after it fails to read, range: 0-5.

Max. Response Time/ms

Set the maximum response time that the router waits for the response to the command. If the device does not get a response after the maximum response time, it’s determined that the command has timed out. Range: 10-1000.

Execution Interval/ms Channel Name

The execution interval between each command. Range: 10-1000.
Select a readable channel form the channel list.

Table 3-4-4-1

Default —
0
3 500
50 —

3.4.4.2 Channel
You can add the channels and configure alarm setting on this page, so as to connect the router to the remote Modbus Slave to poll the address on this page and receive alarms from the router in different conditions.

Figure 3-4-4-2

Channel Setting

Item

Description

Name

Set the name to identify the remote channel. It cannot be blank.

Slave ID

Set Modbus slave ID.

Address

The starting address for reading.

Number

The address number for reading.

Type

Read command, options are “Coil”, “Discrete”, “Holding Register (INT16)”, “Input Register (INT16)”, “Holding Register (INT32)” and “Holding Register (Float)”.

107

Link IP address Port Sign
Decimal Place

Select TCP for transportation. Fill in the IP address of the remote Modbus device. Fill in the port of the remote Modbus device. To identify whether this channel is signed. Default: Unsigned. Used to indicate a dot in the read into the position of the channel. For example: read the channel value is 1234, and a Decimal Place is equal to 2, the

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>

Related Manuals