RG2I UR32 Economic 4G Modem Router User Guide
- June 9, 2024
- 0 3 baby
Table of Contents
UR32 Economic 4G Modem Router
Industrial Router Pro Series UR32
User Guide
Preface
Thanks for choosing Milesight UR32 industrial cellular router. The UR32
industrial cellular router delivers tenacious connection over network with
full-featured design such as automated failover/failback, extended operating
temperature, dual SIM cards, hardware watchdog, VPN, Fast Ethernet and beyond.
This guide describes how to configure and operate the UR32 industrial cellular
router. You can refer to it for detailed functionality and router
configuration.
Readers
This guide is mainly intended for the following users: – Network Planners –
On-site technical support and maintenance personnel – Network administrators
responsible for network configuration and maintenance
© 2011-2022 Xiamen Milesight IoT Co., Ltd. All rights reserved. All
information in this user guide is protected by copyright law. Whereby, no
organization or individual shall copy or reproduce the whole or part of this
user guide by any means without written authorization from Xiamen Milesight
Iot Co., Ltd.
Related Documents
Document UR32 Datasheet
Description Datasheet for the UR32 industrial cellular router.
UR32 Quick Start Guide Quick Installation guide for the UR32 industrial cellular router.
Declaration of Conformity
UR32 is in conformity with the essential requirements and other relevant
provisions of the CE, FCC, and RoHS.
2
For assistance, please contact Milesight technical support: Email:
iot.support@milesight.com Tel: 86-592-5085280 Fax: 86-592-5023065 Address:
Building C09, Software Park III,
Xiamen 361024, China
Revision History
Date May. 16, 2019 Nov. 14, 2019 May 11, 2020 Dec. 9, 2020
Sept. 17, 2021
Doc Version V 1.1 V 1.2 V 1.3 V 2.0
V 2.1
Description Initial version Add Python, SMS, IP passthrough functions Web interfaces upgrade Layout replace 1. Cellular and ping detection support IPv6 2. Add WAN connection type: DHCPv6 client, DS-Lite 3. Add DHCPv6 Server feature 4. Add IPv6 static routing feature 5. Add Expert Option box in IPsec settings 6. Support SMS inbox and outbox record clear
3
Contents
Chapter 1 Product Introduction…………………………………………………………………………………………………………….8 1.1
Overview…………………………………………………………………………………………………………………………………. 8 1.2
Advantages…………………………………………………………………………………………………………………………….. 8 1.3
Specifications…………………………………………………………………………………………………………………………. 9 1.4 Dimensions
(mm)…………………………………………………………………………………………………………………. 11
Chapter 2 Access to Web GUI……………………………………………………………………………………………………………. 12
Chapter 3 Web Configuration…………………………………………………………………………………………………………….. 14
3.1 Status…………………………………………………………………………………………………………………………………….14 3.1.1
Overview…………………………………………………………………………………………………………………….. 14 3.1.2
Cellular……………………………………………………………………………………………………………………….. 15 3.1.3
Network……………………………………………………………………………………………………………………….17 3.1.4 WLAN (Only
Applicable to Wi-Fi Version)…………………………………………………………………….18 3.1.5
VPN……………………………………………………………………………………………………………………………..19 3.1.6
Routing……………………………………………………………………………………………………………………….. 20 3.1.7 Host
List………………………………………………………………………………………………………………………20 3.1.8 GPS (Only Applicable
to GPS Version)…………………………………………………………………………21
3.2 Network………………………………………………………………………………………………………………………………… 22 3.2.1
Interface………………………………………………………………………………………………………………………22 3.2.1.1 Link
Failover………………………………………………………………………………………………………22 3.2.1.2
Cellular………………………………………………………………………………………………………………24 3.2.1.3
Port……………………………………………………………………………………………………………………26 3.2.1.4
WAN…………………………………………………………………………………………………………………. 27 3.2.1.5
Bridge………………………………………………………………………………………………………………..32 3.2.1.6 WLAN (Only
Applicable to Wi-Fi Version)…………………………………………………………. 32 3.2.1.7
Switch………………………………………………………………………………………………………………. 35 3.2.1.8
Loopback…………………………………………………………………………………………………………..35 3.2.2
DHCP………………………………………………………………………………………………………………………….. 36 3.2.2.1 DHCP/DHCPv6
Server……………………………………………………………………………………….36 3.2.2.2 DHCP
Relay………………………………………………………………………………………………………. 38 3.2.3
Firewall………………………………………………………………………………………………………………………..39 3.2.3.1
Security……………………………………………………………………………………………………………..39 3.2.3.2
ACL…………………………………………………………………………………………………………………… 40 3.2.3.3 Port
Mapping……………………………………………………………………………………………………. 41 3.2.3.4
DMZ…………………………………………………………………………………………………………………..42 3.2.3.5 MAC
Binding…………………………………………………………………………………………………….. 43 3.2.3.6 Custom
Rules…………………………………………………………………………………………………… 43 3.2.3.7
SPI……………………………………………………………………………………………………………………. 44 3.2.4
QoS…………………………………………………………………………………………………………………………….. 45 3.2.5
VPN……………………………………………………………………………………………………………………………..46 3.2.5.1
DMVPN…………………………………………………………………………………………………………….. 46 3.2.5.2 IPSec
Server………………………………………………………………………………………………………47 3.2.5.3
IPSec………………………………………………………………………………………………………………… 51
4
3.2.5.4 GRE……………………………………………………………………………………………………………………53 3.2.5.5
L2TP…………………………………………………………………………………………………………………. 54 3.2.5.6
PPTP………………………………………………………………………………………………………………… 56 3.2.5.7 OpenVPN
Client…………………………………………………………………………………………………58 3.2.5.8 OpenVPN
Server………………………………………………………………………………………………..60 3.2.5.9
Certifications……………………………………………………………………………………………………. 62 3.2.6 IP
Passthrough…………………………………………………………………………………………………………… 64 3.2.7
Routing……………………………………………………………………………………………………………………….. 64 3.2.7.1 Static
Routing…………………………………………………………………………………………………… 64 3.2.7.2
RIP……………………………………………………………………………………………………………………. 65 3.2.7.3
OSPF………………………………………………………………………………………………………………… 68 3.2.7.4 Routing
Filtering……………………………………………………………………………………………….. 74 3.2.8
VRRP……………………………………………………………………………………………………………………………74 3.2.9
DDNS………………………………………………………………………………………………………………………….. 76 3.3
System…………………………………………………………………………………………………………………………………..78 3.3.1 General
Settings…………………………………………………………………………………………………………. 78 3.3.1.1
General………………………………………………………………………………………………………………78 3.3.1.2 System
Time……………………………………………………………………………………………………..79 3.3.1.3
Email………………………………………………………………………………………………………………… 81 3.3.1.4
Storage…………………………………………………………………………………………………………….. 82 3.3.2
Phone&SMS…………………………………………………………………………………………………………………83 3.3.2.1
Phone………………………………………………………………………………………………………………..83 3.3.2.2
SMS………………………………………………………………………………………………………………….. 84 3.3.3 User
Management……………………………………………………………………………………………………….85 3.3.3.1
Account……………………………………………………………………………………………………………. 85 3.3.3.2 User
Management……………………………………………………………………………………………. 86 3.3.4
SNMP…………………………………………………………………………………………………………………………. 87 3.3.4.1
SNMP……………………………………………………………………………………………………………….. 87 3.3.4.2 MIB
View……………………………………………………………………………………………………………88 3.3.4.3
VACM……………………………………………………………………………………………………………….. 88 3.3.4.4
Trap………………………………………………………………………………………………………………….. 89 3.3.4.5
MIB…………………………………………………………………………………………………………………… 90 3.3.5
AAA……………………………………………………………………………………………………………………………..90 3.3.5.1
Radius………………………………………………………………………………………………………………. 90 3.3.5.2
TACACS+…………………………………………………………………………………………………………..91 3.3.5.3
LDAP………………………………………………………………………………………………………………… 92 3.3.5.4
Authentication………………………………………………………………………………………………….. 93 3.3.6 Device
Management…………………………………………………………………………………………………… 93 3.3.6.1
DeviceHub………………………………………………………………………………………………………… 93 3.3.6.2 Milesight
VPN……………………………………………………………………………………………………94 3.3.7
Events………………………………………………………………………………………………………………………….96 3.3.7.1
Events………………………………………………………………………………………………………………. 96 3.3.7.2 Events
Settings………………………………………………………………………………………………….96 3.4 Industrial
Interface……………………………………………………………………………………………………………….. 98
5
3.4.1 I/O………………………………………………………………………………………………………………………………. 99 3.4.1.1
DI……………………………………………………………………………………………………………………….99 3.4.1.2
DO……………………………………………………………………………………………………………………100
3.4.2 Serial Port………………………………………………………………………………………………………………….100 3.4.3 Modbus
Slave…………………………………………………………………………………………………………… 104
3.4.3.1 Modbus TCP……………………………………………………………………………………………………104 3.4.3.2 Modbus
RTU……………………………………………………………………………………………………105 3.4.3.3 Modbus RTU Over
TCP…………………………………………………………………………………… 105 3.4.4 Modbus
Master………………………………………………………………………………………………………… 106 3.4.4.1 Modbus
Master……………………………………………………………………………………………….106 3.4.4.2
Channel………………………………………………………………………………………………………….. 107 3.4.5 GPS (Only
Applicable to GPS Version)……………………………………………………………………… 109 3.4.5.1
GPS………………………………………………………………………………………………………………… 109 3.4.5.2 GPS IP
Forwarding…………………………………………………………………………………………. 110 3.4.5.3 GPS Serial
Forwarding……………………………………………………………………………………. 111 3.5
Maintenance………………………………………………………………………………………………………………………..112 3.5.1
Tools………………………………………………………………………………………………………………………… 112 3.5.1.1
Ping………………………………………………………………………………………………………………… 112 3.5.1.2
Traceroute……………………………………………………………………………………………………….112 3.5.1.3 Packet
Analyzer……………………………………………………………………………………………… 113 3.5.1.4
Qxdmlog…………………………………………………………………………………………………………. 113 3.5.2
Debugger………………………………………………………………………………………………………………….. 114 3.5.2.1 Cellular
Debugger…………………………………………………………………………………………… 114 3.5.2.2 Firewall
Debugger……………………………………………………………………………………………114 3.5.3
Log…………………………………………………………………………………………………………………………….115 3.5.3.1 System
Log…………………………………………………………………………………………………….. 115 3.5.3.2 Log
Download………………………………………………………………………………………………… 116 3.5.3.3 Log
Settings…………………………………………………………………………………………………….117 3.5.4
Upgrade……………………………………………………………………………………………………………………. 118 3.5.5 Backup and
Restore…………………………………………………………………………………………………..118 3.5.6
Reboot……………………………………………………………………………………………………………………….119 3.6
APP…………………………………………………………………………………………………………………………………….. 120 3.6.1
Python………………………………………………………………………………………………………………………. 120 3.6.1.1
Python……………………………………………………………………………………………………………..120 3.6.1.2 App Manager
Configuration…………………………………………………………………………….121 3.6.1.3 Python
App…………………………………………………………………………………………………….. 121 Chapter 4 Application
Examples……………………………………………………………………………………………………… 123 4.1 Restore Factory
Defaults……………………………………………………………………………………………………..123 4.1.1 Via Web
Interface………………………………………………………………………………………………………123 4.2.2 Via
Hardware……………………………………………………………………………………………………………. 124 4.2 Firmware
Upgrade……………………………………………………………………………………………………………….124 4.3 Events Application
Example……………………………………………………………………………………………….. 125 4.4 SNMP Application
Example…………………………………………………………………………………………………126 4.5 Network
Connection…………………………………………………………………………………………………………… 129
6
4.5.1 Cellular Connection……………………………………………………………………………………………………129 4.5.2
Ethernet WAN Connection…………………………………………………………………………………………131 4.6 Wi-Fi
Application Example (Only Applicable to Wi-Fi Version)……………………………………………..133
4.6.1 AP Mode…………………………………………………………………………………………………………………… 133 4.6.2 Client
Mode………………………………………………………………………………………………………………. 134 4.7 VRRP Application
Example…………………………………………………………………………………………………. 135 4.8 NAT Application
Example…………………………………………………………………………………………………… 138 4.9 Access Control
Application Example…………………………………………………………………………………..138 4.10 QoS Application
Example…………………………………………………………………………………………………. 140 4.11 DTU Application
Example…………………………………………………………………………………………………. 141 4.12 PPTP Application
Example………………………………………………………………………………………………..144
7
Chapter 1 Product Introduction
1.1 Overview
UR32 is an industrial cellular router with embedded intelligent software
features that are designed for multifarious M2M/IoT applications. Supporting
global WCDMA and 4G LTE, UR32 provides drop-in connectivity for operators and
makes a giant leap in maximizing uptime. Adopting high-performance and low-
power consumption industrial grade CPU and wireless module, the UR32 is
capable of providing wire-speed network with low power consumption and ultra-
small package to ensure the extremely safe and reliable connection to the
wireless network. Meanwhile, the UR32 also supports Fast Ethernet ports,
serial port (RS232/RS485) and I/O (input/output), which enables you to scale
up M2M application combining data and video in limited time and budget. UR32
is particularly ideal for smart grid, digital media installations, industrial
automation, telemetry equipment, medical device, digital factory, finance,
payment device, environment protection, water conservancy and so on. For
details of hardware and installation, please check UR32 Quick Start Guide.
Figure 1-1
1.2 Advantages Benefits
– Built-in industrial strong NXP CPU, big memory – Fast Ethernets for fast
data transmission – Dual SIM cards for backup between multiple carriers
networking and global 2G/3G/LTE options
make it easy to get connected – Equipped with Ethernet, I/O, serial port, Wi-
Fi, GPS for connecting diverse field assets – Embedded Python SDK for second
development – Rugged enclosure, optimized for DIN rail or shelf mounting –
3-year warranty included
8
Security & Reliability – Automated failover/failback between Ethernet and
Cellular (dual SIM) – Enable unit with security frameworks like
IPsec/OpenVPN/GRE/L2TP/PPTP/ DMVPN – Embed hardware watchdog, automatically
recovering from various failure, and ensuring highest
level of availability – Establish a secured mechanism on centralized
authentication and authorization of device access
by supporting AAA (TACACS+, Radius, LDAP, local authentication) and multiple
levels of user authority
Easy Maintenance – Milesight DeviceHub provides easy setup, mass
configuration, and centralized management of
remote devices – The user-friendly web interface design and several upgrade
options help administrator to manage
the device as easy as pie – Web GUI and CLI enable the admin to achieve simple
management and quick configuration
among a large quantity of devices – Efficiently manage the remote routers on
the existing platform through the industrial standard
SNMP
Capabilities – Link remote devices in an environment where communication
technologies are constantly
changing – Industrial 32-bit ARM Cortex-A7 processor, high-performance
operating up to 528MHz and 128
MB memory available to support more applications – Support rich protocols like
SNMP, Modbus bridging, RIP, OSPF – Support wide operating temperature ranging
from -40°C to 70°C/-40°F to 158°F
1.3 Specifications
Hardware System CPU Memory Storage Cellular Interfaces Connectors SIM Slots
528MHz, 32-bit ARM Cortex-A7 128 MB Flash, 128 MB DDR3 RAM 1 × Micro SD
2 × 50 SMA (Center pin: SMA Female) 2
9
Wi-Fi Interface (Optional)
Connectors
1 × 50 SMA (Center pin: RP-SMA Female)
Standards
IEEE 802.11 b/g/n
802.11b: 16 dBm +/-1.5 dBm (11 Mbps)
Tx Power
802.11g: 14 dBm +/-1.5 dBm (54 Mbps)
802.11n: 13 dBm +/-1.5 dBm (65 Mbps, HT20/40 MCS7)
Modes
Support AP and Client mode, multiple SSID
Security
WPA/WPA2 authentication, WEP/TKIP/AES encryption
GPS (Optional)
Connectors
1 × 50 SMA (Center pin: SMA Female)
Protocols
NMEA 0183, PMTK
Ethernet
Ports
2 × RJ-45 (PoE PSE Optional)
Physical Layer
10/100 Base-T (IEEE 802.3)
Data Rate
10/100 Mbps (auto-sensing)
Interface
Auto MDI/MDIX
Mode Serial Interface
Full or half duplex (auto-sensing)
Ports
1 × RS232 (RS485 Optional)
Connector
Terminal block
Baud Rate
300bps to 230400bps
IO
Connector
Terminal block
Digital
1 × DI + 1 × DO
Software
IPv4/IPv6, PPP, PPPoE, SNMP v1/v2c/v3, TCP, UDP, DHCP, RIPv1/v2,
Network Protocols
OSPF, DDNS, VRRP, HTTP, HTTPS, DNS, ARP, QoS, SNTP, Telnet, VLAN,
SSH, etc.
VPN Tunnel
DMVPN/IPsec/OpenVPN/PPTP/L2TP/GRE
Access Authentication CHAP/PAP/MS-CHAP/MS-CHAPV2
Firewall
ACL/DMZ/Port Mapping/MAC Binding/SPI/DoS&DDoS Protection /IP Passthrough
Management
Web, CLI, SMS, On-demand dial up, DeviceHub
AAA
Radius, TACACS+, LDAP, Local Authentication
10
Multilevel Authority
Multiple levels of user authority
Reliability
VRRP, WAN Failover, Dual SIM Backup
Serial Port
Transparent (TCP Client/Server, UDP), Modbus Gateway (Modbus RTU to Modbus TCP)
Power Supply and Consumption
Connector
2-pin with 5.08 mm terminal block
Input Voltage
9-48 VDC
Power Consumption
Typical 1.9 W, Max 2.4 W (In Non-PoE mode)
Power Output
2 × 802.3 af/at PoE output
Physical Characteristics
Ingress Protection
IP30
Housing & Weight
Metal, 271 g
Dimensions
108 x 90 x 26 mm (4.25 x 3.54 x 1.02 in)
Mounting
Desktop, wall or DIN rail mounting
Others
Reset Button
1 × RESET
LED Indicators
1 × POWER, 1 × SYSTEM, 1 × SIM, 3 × Signal strength
Built-in Environmental
Watchdog, Timer
-40°C to +70°C (-40°F to +158°F) Operating Temperature
Reduced cellular performance above 60°C
Storage Temperature -40°C to +85°C (-40°F to +185°F)
Ethernet Isolation
1.5 kV RMS
Relative Humidity
0% to 95% (non-condensing) at 25°C/77°F
1.4 Dimensions (mm)
Figure 1-2 11
Chapter 2 Access to Web GUI
This chapter explains how to access to Web GUI of the UR32 router. Connect PC
to LAN port of UR32 router directly. The following steps are based on Windows
10 operating system for your reference. Username: admin Password: password IP
Address: 192.168.1.1 1. Go to “Control Panel” “Network and Internet” “Network
and Sharing Center”, then click “Ethernet” (May have different names).
2. Go to “Properties” “Internet Protocol Version 4(TCP/IPv4) “, select
“Obtain an IP address automatically” or “Use the following IP address”, then
assign a static IP manually within the same subnet of the device.
3. Open a Web browser on your PC (Chrome is recommended), type in the IP
address 192.168.1.1, and press Enter on your keyboard. 4. Enter the username,
password, and click “Login”.
12
If you enter the username or password incorrectly more than 5 times, the login
page will be locked for 10 minutes. 5. When you login with the default
username and password, you will be asked to modify the password. It’s
suggested that you change the password for the sake of security. Click
“Cancel” button if you want to modify it later.
6. After you login the Web GUI, you can view system information and perform
configuration on the router.
13
Chapter 3 Web Configuration
3.1 Status 3.1.1 Overview
You can view the system information of the router on this page.
Figure 3-1-1-1
System Information
Item Model Serial Number
Description Show the model name of router. Show the serial number of router.
Firmware Version
Show the currently firmware version of router.
Hardware Version
Show the currently hardware version of router.
Table 3-1-1-1 System Information
System Status Item
Description
Local Time
Show the currently local time of system.
Uptime CPU Load
Show the information on how long the router has been running. Show the current CPU utilization of the router.
RAM (Available/Capacity) Show the RAM capacity and the available RAM memory. Flash (Available/Capacity) Show the Flash capacity and the available Flash memory.
Table 3-1-1-2 System Status
14
Cellular Item Status
Description Show the real-time status of the currently SIM card
Current SIM
Show the SIM card currently used for the data connection.
IPv4/IPv6
Show the IPv4/IPv6 address obtained from the mobile carrier.
Connection Duration Data Usage Monthly
Show the connection duration of the currently SIM card. Show the monthly data usage statistics of currently used SIM card.
Table 3-1-1-3 Cellular Status
WAN Item
Description
Status
Show the currently status of WAN port.
IPv4/IPv6
The IPv4/IPv6 address configured WAN port.
MAC Connection Duration
The MAC address of the Ethernet port. Show the connection duration of the WAN port.
Table 3-1-1-4 WAN Status
WLAN (Only applicable for Wi-Fi model)
Item
Description
Status
Show the currently status of WLAN.
IP
Show the WLAN mode (AP or client).
SSID
Show the SSID of the WLAN AP or client.
Connected Clients
Show the amount of connected devices when mode is AP.
Table 3-1-1-5 WLAN Status
LAN Item
Description
IP4/IPv6 Connected Devices
Show the IP4/IPv6 address of the LAN port. Number of devices that connected to the router’s LAN.
Table 3-1-1-6 LAN Status
3.1.2 Cellular You can view the cellular network status of router on this page.
15
Figure 3-1-2-1
Modem Information
Item Status Version
Description Show corresponding detection status of module and SIM card. Show the cellular module firmware version.
Current SIM
Show the current SIM card used.
Signal Level
Show the cellular signal level.
Register Status IMEI IMSI
Show the registration status of SIM card. Show the IMEI of the module. Show IMSI of the SIM card.
ICCID
Show ICCID of the SIM card.
ISP Network Type PLMN ID LAC
Show the network provider which the SIM card registers on. Show the connected network type, such as LTE, 3G, etc. Show the current PLMN ID, including MCC, MNC, LAC and Cell ID. Show the location area code of the SIM card.
Cell ID
Show the Cell ID of the SIM card location.
Table 3-1-2-1 Modem Information
Network
Item
Description
Status
Show the connection status of cellular network.
IPv4/IPv6 Address IPv4/IPv6 Gateway IPv4/IPv6 DNS
Show the IPv4/IPv6 address and netmask of cellular network. Show the IPv4/IPv6 gateway and netmask of cellular network. Show the IPv4/IPv6 DNS of cellular network.
Show information on how long the cellular network has been Connection Duration
connected.
Table 3-1-2-2 Network Status
Data Usage Monthly
Item
Description
SIM-1
Show the monthly data usage statistics of SIM-1.
SIM-2
Show the monthly data usage statistics of SIM-2.
16
Table 3-1-2-3 Data Usage Information
3.1.3 Network On this page you can check the WAN and LAN status of the router.
WAN Status Item Port
Status
Type IPv4/IPv6 Gateway DNS Connection Duration
Figure 3-1-3-1
Description Show the name of WAN port. Show the status of WAN port. “up”
refers to a status that WAN is enabled and Ethernet cable is connected. “down”
means Ethernet cable is disconnected or WAN function is disabled. Show the
dial-up connection type of WAN port. Show the IPv4 address with netmask or
IPv6 address with prefix-length of WAN port. Show the gateway of WAN port.
Show the DNS of WAN port. Show the information on how long the Ethernet cable
has been connected on WAN port when WAN function is enabled. Once WAN function
is disabled or Ethernet connection is disconnected, the duration will stop.
Table 3-1-3-1 WAN Status
Bridge Item Name STP IPv4/IPv6 Netmask Members
Figure 3-1-3-2
Description Show the name of the bridge interface. Show if STP is enabled.
Show the IPv4/IPv6 address and netmask of the bridge interface. Show the
Netmask of the bridge interface. Show the members of the bridge interface.
Table 3-1-3-2 Bridge Status
17
3.1.4 WLAN (Only Applicable to Wi-Fi Version) You can check Wi-Fi status on this page, including the information of access point and client.
WLAN Status Item WLAN Status Name Status Type SSID
IP Address
Netmask Associated Stations SSID
MAC Address
IP Address
Connection Duration
Figure 3-1-4-1
Description
Show the name of the Wi-Fi interface . Show the status of the Wi-Fi interface.
Show the Wi-Fi interface type. Show the SSID of the router when the interface
type is AP. Show the SSID of AP which the router connected to when the
interface type is Client. Show the IP address of the router when the interface
type is AP. Show the IP address of AP which the router connected to when the
interface type is Client. Show the netmask of the router when the interface
type is AP. Show the netmask of AP which the router connected to when the
interface type is Client.
Show the SSID of the router when the interface type is AP. Show the SSID of AP
which the router connected to when the interface type is Client. Show the MAC
address of the client which connected to the router when the interface type is
AP. Show the MAC address of the AP which the router connected to when the
interface type is Client. Show the IP address of the client which connected to
the router when the interface type is AP. Show the IP address of the AP which
the router connected to when the interface type is Client. Show the connection
duration between client device and router when the interface type is AP. Show
the connection duration between router and the AP when the interface type is
Client.
Table 3-1-4-1 WLAN Status
18
3.1.5 VPN You can check VPN status on this page, including PPTP, L2TP, IPsec, OpenVPN and DMVPN.
VPN Status Item Clients Name
Status
Local IP Remote IP Server Name Status Connected List Server Type Client IP
Duration
Figure 3-1-5-1
Description
Show the name of the enabled VPN clients. Show the status of client.
“Connected” refers to a status that client is connected to the server.
“Disconnected” means client is disconnected to the server. Show the local IP
address of the tunnel. Show the real remote IP address of the tunnel.
Show the name of the enabled VPN Server. Show the status of Server.
Show the type of the server. Show the IP address of the client which connected
to the server. Show the information about how long the client has been
connected to this server when the server is enabled. Once the server is
disabled or connection is disconnected, the duration will stop counting.
Table 3-1-5-1 VPN Status
19
3.1.6 Routing You can check routing status on this page, including the routing table and ARP cache.
Item Routing Table Destination Netmask/Prefix Length Gateway Interface Metric ARP Cache IP MAC Interface
Description
Figure 3-1-6-1
Show the IP address of destination host or destination network. Show the netmask or prefix length of destination host or destination network. Show the IP address of the gateway. Show the outbound interface of the route. Show the metric of the route.
Show the IP address of ARP pool. Show the IP address’s corresponding MAC
address. Show the binding interface of ARP.
Table 3-1-6-1 Routing Information
3.1.7 Host List You can view the host information on this page.
20
Host List Item DHCP Leases IP Address MAC/DUID Lease Time Remaining MAC
Binding
IP & MAC
Figure 3-1-7-1
Description
Show IP address of DHCP client Show MAC address of DHCPv4 client or DUID of
DHCPv6 client. Show the remaining lease time of DHCP client.
Show the IP address and MAC address set in the Static IP list of DHCP service.
Table 3-1-7-1 Host List Description
3.1.8 GPS (Only Applicable to GPS Version) When GPS function is enabled and the GPS information is obtained successfully, you can view the latest GPS information including GPS Time, Latitude, Longitude and Speed on this page.
Figure 3-1-8-1
21
GPS Status Item Status Time for Locating Satellites In Use Satellites In View Latitude Longitude Altitude Speed
Description Show the status of GPS. Show the time for locating. Show the
quantity of satellites in use. Show the quantity of satellites in view. Show
the Latitude of the location. Show the Longitude of the location. Show the
Altitude of the location. Show the speed of movement.
Table 3-1-8-1 GPS Status Description
3.2 Network
3.2.1 Interface
3.2.1.1 Link Failover This section describes how to configure link failover
strategies, their priority and the ping settings, each rule owns its own ping
rules by default. Router will follow the priority to choose the next available
interface to access the internet, make sure you have enable the full interface
that you need to use here. If priority 1 can only use IPv4, UR32 will select a
second link which IPv6 works as main IPv6 link and vice versa.
Link Failover Item Link Priority Priority
Enable Rule
Figure 3-2-1-1
Description
Display the priority of each interface, you can modify it by the operation’s
up and down button. If enabled, the router will choose this interface into its
switching rule. For the Cellular interface, if it’s not enabled here, the
interface will be disabled as well.
22
Link In Use Interface Connection type IP Operation Settings Revert Interval Emergency Reboot
Mark whether this interface is in use with Green color Display the name of the
interface. Display how to obtain the IP address in this interface, like static
IP or DHCP. Display the IP address of the interface. You can change the
priority of the rules and configure the ping detection rules here.
Specify the number of seconds to waiting for switching to the link with higher
priority, 0 means disable the function. Enable to reboot the device if no link
is available.
Table 3-2-1-1 Link Failover Parameters
Ping Detection Item
Enable
IPv4/IPv6 Primary Server
IPv4/IPv6 Secondary Server Interval
Retry Interval
Timeout
Figure 3-2-1-2
Description If enabled, the router will periodically detect the connection
status of the link. The router will send ICMP packet to the IPv4/IPv6 address
or hostname to determine whether the Internet connection is still available or
not. The router will try to ping the secondary server name if primary server
is not available. Time interval (in seconds) between two Pings. Set the ping
retry interval. When ping failed, the router will ping again in every retry
interval. The maximum amount of time the router will wait for a
23
Max Ping Retries
response to a ping request. If it does not receive a response for the amount
of time defined in this field, the ping request will be considered to have
failed. The retry times of the router sending ping request until determining
that the connection has failed.
Table 3-2-1-2 Ping Detection Parameters
3.2.1.2 Cellular This section explains how to set the related parameters for cellular network. The UR32 cellular router has two cellular interfaces, namely SIM1 and SIM2. Only one cellular interface is active at one time. If both cellular interfaces are enabled, it will follow the priority rule configured in `Link Failover’ page.
Cellular Settings Item Protocol
APN
Figure 3-2-1-3
Description Select from “IPv4”, “IPv6” and “IPv4/IPv6”. Enter the Access Point
Name for cellular dial-up connection provided by local ISP.
24
Username Password PIN Code Access Number Authentication Type
Network Type
PPP Preferred SMS Center Enable NAT Roaming Data Limit
Billing Day
Enter the username for cellular dial-up connection provided by local ISP.
Enter the password for cellular dial-up connection provided by local ISP.
Enter a 4-8 characters PIN code to unlock the SIM. Enter the dial-up center
NO. For cellular dial-up connection provided by local ISP. Select from “Auto”,
“PAP”, “CHAP”, “MS-CHAP”, and “MS-CHAPv2”. Select from “Auto”, “4G Only”, “3G
Only”, and “2G Only”. Auto: connect to the network with the strongest signal
automatically. 4G Only: connect to 4G network only. And so on. The PPP dial-up
method is preferred. Enter the local SMS center number for storing,
forwarding, converting and delivering SMS message. Enable or disable NAT
function. Enable or disable roaming. When you reach the specified data usage
limit, the data connection of currently used SIM card will be disabled. 0
means disable the function. Choose the billing day of the SIM card, the router
will reset the data used to 0.
Table 3-2-1-3 Cellular Parameters
Connection Setting Item Connection Mode Re-dial Interval(s)
Figure 3-2-1-4
Description Select from “Always Online” and “Connect on Demand”. Set the
interval to dial into ISP when it lost connection, the default value is
25
Max Idle Times Triggered by Call Call Group
Triggered by SMS
SMS Group SMS Text Triggered by IO
5s. Set the maximum duration of router when current link is under idle status.
Range: 10-3600 The router will switch from offline mode to cellular network
mode automatically when it receives a call from the specific phone number.
Select a call group for call trigger. Go to “System > Phone&SMS > Phone” to
set up phone group. The router will switch from offline mode to cellular
network mode automatically when it receives a specific SMS from the specific
mobile phone. Select an SMS group for trigger. Go to “System > Phone&SMS >
SMS” to set up SMS group. Fill in the SMS content for triggering. The router
will switch from offline mode to cellular network mode automatically when the
DI status is changed. Go to “Industrial > I/O > DI” to configure trigger
condition.
Table 3-2-1-4 Cellular Parameters
Related Topics Cellular Network Connection Phone Group DI Setting
3.2.1.3 Port
This section describes how to configure the Ethernet port parameters. UR32
cellular router supports 2 Fast Ethernet ports.
Port Setting Item Port
Status
Property Speed
Figure 3-2-1-5
Description Users can define the Ethernet ports according to their needs. Set
the status of Ethernet port; select “up” to enable and “down” to disable. Show
the Ethernet port’s type, as a WAN port or a LAN port. Set the Ethernet port’s
speed. The options are “auto”, “100 Mbps”,
26
Duplex
and “10 Mbps”. Set the Ethernet port’s mode. The options are “auto”, “full”,
and “half”.
Table 3-2-1-5 Port Parameters
3.2.1.4 WAN
WAN port can be connected with Ethernet cable to get Internet access. It
supports 5 connection types. – Static IP: configure IP address, netmask and
gateway for Ethernet WAN interface. – DHCP Client: configure Ethernet WAN
interface as DHCP Client to obtain IP address automatically. – PPPoE:
configure Ethernet WAN interface as PPPoE Client. – DHCPv6 Client: configure
Ethernet WAN interface as DHCP Client to obtain IPv6 address automatically. –
Dual-Stack Lite: use IPv4-in-IPv6 tunneling to send terminal device’s IPv4
packet through a tunnel on
the IPv6 access network to the ISP.
WAN Setting Item Enable Port
Figure 3-2-1-6
Description Enable WAN function. The port that is currently set as WAN port.
Default Enable WAN
27
Connection Type
MTU IPv4 Primary DNS IPv4 Secondary DNS IPv6 Primary DNS IPv6 Secondary DNS
Enable NAT
Select from “Static IP”, “DHCP Client”, “DHCPv6 Client” , “Dual-Stack Lite”
and “PPPoE”. Set the maximum transmission unit. Set the primary IPv4 DNS
server.
Set the secondary IPv4 DNS server.
Set the primary IPv6 DNS server.
Set the secondary IPv6 DNS server. Enable or disable NAT function. When
enabled, a private IP can be translated to a public IP.
Table 3-2-1-6 WAN Parameters
Static IP 1500 8.8.8.8 — — — -Enable
1. Static IP Configuration If the external network assigns a fixed IP for the WAN interface, user can select “Static IP” mode.
Static IP Item IPv4 Address Netmask
Figure 3-2-1-7
Description Set the IPv4 address of the WAN port. Set the Netmask for WAN
port.
Default 192.168.0.1 255.255.255.0
28
IPv4 Gateway IPv6 Address
Prefix-length
IPv6 Gateway
Set the gateway for WAN port’s IPv4 address.
Set the IPv6 address which can access Internet.
Set the IPv6 prefix length to identify how many bits of a Global Unicast IPv6
address are there in network part. For example, in 2001:0DB8:0000:000b::/64,
the number 64 is used to identify that the first 64 bits are in network part.
Set the gateway for WAN port’s IPv6 address. E.g.2001:DB8:ACAD:4::2.
Multiple IP Address
Set the multiple IP addresses for WAN port.
Table 3-2-1-7 Static Parameters
192.168.0.2 Generated from Mac address
64
-Null
2. DHCP Client/DHCPv6 Client If the external network has DHCP server enabled and has assigned IP addresses to the Ethernet WAN interface, user can select “DHCP client” mode to obtain IP address automatically.
Figure 3-2-1-8
Figure 3-2-1-9
29
DHCP Client Item Use Peer DNS DHCPv6 Client
Request IPv6-address
Request prefix length of IPv6
Description Obtain peer DNS automatically during PPP dialing. DNS is necessary
when visiting domain name.
Choose the ways to obtain the IPv6 address from the DHCP Server. Select from
try, force, none. Try: The DHCP Server will assign specific address in
priority. Force: The DHCP Server assigns specific address only. None: The DHCP
Server will randomly assign address.The specific address is relevant to the
prefix length of IPv6 address you set. Set the prefix length of IPv6 address
which router is expected to obtain from DHCP Server.
Table 3-2-1-8 DHCP Client Parameters
3. PPPoE PPPoE refers to a point to point protocol over Ethernet. User has to install a PPPoE client on the basis of original connection way. With PPPoE, remote access devices can get control of each user.
PPPoE Item Username
Figure 3-2-1-10
Description Enter the username provided by your Internet Service Provider
(ISP).
30
Password Link Detection Interval (s) Max Retries
Use Peer DNS
Enter the password provided by your Internet Service Provider (ISP).
Set the heartbeat interval for link detection. Range: 1-600.
Set the maximum retry times after it fails to dial up. Range: 0-9. Obtain peer
DNS automatically during PPP dialing. DNS is necessary when visiting domain
name.
Table 3-2-1-9 PPPoE Parameters
4. Dual-Stack Lite Dual-Stack Lite (DS-Lite) uses IPv4-in-IPv6 tunneling to send a subscriber’s IPv4 packet through a tunnel on the IPv6 access network to the ISP. The IPv6 packet is decapsulated to recover the subscriber’s IPv4 packet and is then sent to the Internet after NAT address and port translation and other LSN related processing. The response packets traverse through the same path to the subscriber.
Dual-Stack Lite Item IPv6 Gateway DS-Lite AFTR Address Local IPv6 Address
Figure 3-2-1-11
Description Set the gateway for WAN port’s IPv6 address. Set the DS-Lite AFTR
server address. Set the WAN port IPv6 address which use the same subnet as
IPv6 gateway.
Table 3-2-1-10 Dual-Stack Lite Parameters
31
Related Configuration Example Ethernet WAN Connection
3.2.1.5 Bridge Bridge setting is used for managing local area network devices
which are connected to LAN ports of the UR32, allowing each of them to access
the Internet.
Bridge Item
Name
STP IP Address
Figure 3-2-1-12
Description Show the name of bridge. “Bridge0” is set by default and cannot be
changed. Enable/disable STP. Set the IP address for bridge.
Netmask
Set the Netmask for bridge.
IPv6 Address MTU Multiple IP Address
Set the IPv6 address for bridge. Set the maximum transmission unit. Range:
68-1500. Set the multiple IP addresses for bridge.
Table 3-2-1-11 Bridge Settings
Default
Bridge0
Disable 192.168.1.1 255.255.255. 0 2004::1/64 1500 Null
3.2.1.6 WLAN (Only Applicable to Wi-Fi Version) This section explains how to set the related parameters for Wi-Fi network. UR32 supports 802.11 b/g/n, as AP or client mode.
32
WLAN Item Enable Work Mode
Encryption Mode
BSSID
SSID Client Mode Scan SSID Channel Signal BSSID
Figure 3-2-1-13
Description Enable/disable WLAN. Select router’s work mode. The options are
“Client” or “AP”. Select encryption mode. The options are “No Encryption”,
“WEP Open System” , “WEP Shared Key”, “WPA-PSK”, “WPA2-PSK” and “WPA-
PSK/WPA2-PSK”. Fill in the MAC address of the access point. Either SSID or
BSSID can be filled to joint the network. Fill in the SSID of the access
point.
Click “Scan” button to search the nearby access point. Show SSID. Show
wireless channel. Show wireless signal. Show the MAC address of the access
point.
33
Cipher Security
Show the cipher of the access point. Show the encryption mode.
Frequency Show the frequency of radio.
Join Network AP Mode
Radio Type
Channel Cipher Key Bandwidth
SSID Broadcast
AP Isolation
Guest Mode Max Client Number IP Setting Protocol IP Address Netmask Gateway
Click the button to join the wireless network.
Select Radio type. The options are “802.11b (2.4 GHz)”, “802.11g (2.4 GHz)”,
“802.11n (2.4 GHz)”. Select wireless channel. The options are “Auto”, “1”,
“2”……”11″. Select cipher. The options are “Auto”, “AES”, “TKIP” and
“AES/TKIP”. Fill the pre-shared key of WPA encryption. Select bandwidth. The
options are “20MHz” and “40MHz”. When SSID broadcast is disabled, other
wireless devices can’t not find the SSID, and users have to enter the SSID
manually to access to the wireless network. When AP isolation is enabled, all
users which access to the AP are isolated without communication with each
other. The internal network is not allowed to visit if the guest mode is
enabled. Set the maximum number of client to access when the router is
configured as AP.
Set the IP address in wireless network. Set the IP address in wireless
network. Set the netmask in wireless network. Set the gateway in wireless
network.
Table 3-2-1-12 WLAN Parameters
MAC Filtering Item Type
Allow and block the rest
Figure 3-2-1-14
Description In this mode, you can choose the rule according to your security
policy, which is Allow and Block the Rest’ andBlock and Allow the Rest’,
the default value is Disabled. Only the listed MAC addresses are allowed to
connect to the router’s wireless access point.
34
Block and allow the rest
Related Topic Wi-Fi Application Example
The listed MAC addresses are not allowed to connect to the router’s wireless
access point.
Table 3-2-1-13 MAC Filtering Parameters
3.2.1.7 Switch VLAN is a kind of new data exchange technology that realizes virtual work groups by logically dividing the LAN device into network segments.
Figure 3-2-1-15
Switch
Item
Description
LAN Settings
Name
Set interface name of VLAN.
VLAN ID
Select VLAN ID of the interface.
IP Address Set IP address of LAN port.
Netmask
Set Netmask of LAN port.
MTU
Set the maximum transmission unit of LAN port. Range: 68-1500.
VLAN Settings
VLAN ID
Set the label ID of the VLAN. Range: 1-4094.
LAN 1/2
Make the VLAN bind with the corresponding ports and select status from “Tagged”, “Untagged” and “Close” for Ethernet frame on trunk link.
CPU
Control communication between VLAN and other networks.
Table 3-2-1-14 VLAN Trunk Parameters
3.2.1.8 Loopback
Loopback interface is used for replacing router’s ID as long as it is activated. When the interface is DOWN, the ID of the router has to be selected again which leads to long convergence time of OSPF. Therefore, Loopback interface is generally recommended as the ID of the router. Loopback interface is a logic and virtual interface on router. Under default conditions, there’s no loopback interface on router, but it can be created as required.
35
Loopback Item IP Address Netmask Multiple IP Addresses
Figure 3-2-1-16
Description Unalterable Unalterable Apart from the IP above, user can
configure other IP addresses.
Table 3-2-1-15 Loopback Parameters
Default 127.0.0.1 255.0.0.0
Null
3.2.2 DHCP DHCP adopts Client/Server communication mode. The Client sends
configuration request to the Server which feeds back corresponding
configuration information and distributes IP address to the Client so as to
achieve the dynamic configuration of IP address and other information.
3.2.2.1 DHCP Server/DHCPv6 Server UR32 can be set as a DHCP server or DHCPv6
server to distribute IP address when a host logs on and ensures each host is
supplied with different IP addresses. DHCP Server has simplified some previous
network management tasks requiring manual operations to the largest extent.
UR32 only supports stateful DHCPv6 when working as DHCPv6 server.
36
Figure 3-2-2-1
DHCP Server Item Enable Interface Start Address
End Address
Netmask
Figure 3-2-2-2
Description Enable or disable DHCP server. Select interface. Define the beginning of the pool of IP addresses which will be leased to DHCP clients. Define the end of the pool of IP addresses which will be leased to DHCP clients. Define the subnet mask of IPv4 address obtained by DHCP clients from DHCP server.
Default Enable Bridge0 192.168.1.1 00 192.168.1.1 99 255.255.255 .0
37
Prefix Length
Lease Time (Min) Primary DNS Server Secondary DNS Server Windows Name Server
Static IP
MAC Address
DUID
IP Address
Set the IPv6 prefix length of IPv6 address obtained by DHCP clients from DHCP server. Set the lease time on which the client can use the IP address obtained from DHCP server. Range: 1-10080. Set the primary DNS server.
64 1440 192.168.1.1
Set the secondary DNS server.
Null
Define the Windows Internet Naming Service obtained by DHCP clients from DHCP sever. Generally you can leave it Null blank.
Set a static and specific MAC address for the DHCP client
(it should be different from other MACs so as to avoid
Null
conflict).
Set a static and specific DUID for the DHCPv6 client (it Null
should be different from other DUID so as to avoid conflict).
Set a static and specific IP address for the DHCP client (it should be outside of the DHCP range).
Null
Table 3-2-2-1 DHCP Server Parameters
3.2.2.2 DHCP Relay
UR32 can be set as DHCP Relay to provide a relay tunnel to solve the problem that DHCP Client and DHCP Server are not in the same subnet.
DHCP Relay Item Enable
DHCP Server
Figure 3-2-2-3
Description Enable or disable DHCP relay. Set DHCP server, up to 10 servers
can be configured; separate them by blank space or “,”.
Table 3-2-2-2 DHCP Relay Parameters
38
3.2.3 Firewall
This section describes how to set the firewall parameters, including security,
ACL, DMZ, Port Mapping, MAC Binding and SPI. The firewall implements
corresponding control of data flow at entry direction (from Internet to local
area network) and exit direction (from local area network to Internet)
according to the content features of packets, such as protocol style,
source/destination IP address, etc. It ensures that the router operate in a
safe environment and host in local area network.
3.2.3.1 Security
Figure 3-2-3-1
Item
Description
Prevent Attack
DoS/DDoS Protection Enable/disable Prevent DoS/DDoS Attack.
Access Service Control
Port
Set port number of the services. Range: 1-65535.
Local
Access the router locally.
Remote
Access the router remotely.
HTTP
Users can log in the device locally via HTTP to
Default
Disable
-Enable Disable 80
39
HTTPS
TELNET SSH FTP Website Blocking URL Blocking Keyword Blocking
access and control it through Web after the option
is checked.
Users can log in the device locally and remotely
via HTTPS to access and control it through Web 443
after option is checked.
Users can log in the device locally and remotely
23
via Telnet after the option is checked.
Users can log in the device locally and remotely 22
via SSH after the option is checked.
Users can log in the device locally and remotely 21
via FTP after the option is checked.
Enter the HTTP address which you want to block. You can block specific website
by entering keyword. The maximum number of character allowed is 64.
Table 3-2-3-1 Security Parameters
3.2.3.2 ACL
Access control list, also called ACL, implements permission or prohibition of
access for specified network traffic (such as the source IP address) by
configuring a series of matching rules so as to filter the network interface
traffic. When router receives packet, the field will be analyzed according to
the ACL rule applied to the current interface. After the special packet is
identified, the permission or prohibition of corresponding packet will be
implemented according to preset strategy. The data package matching rules
defined by ACL can also be used by other functions requiring flow distinction.
Item ACL Setting
Figure 3-2-3-2
Description
40
Default Filter Policy
Access Control List Type ID Action Protocol Source IP Source Wildcard Mask
Destination IP Destination Wildcard Mask Description ICMP Type ICMP Code
Source Port Type Source Port Start Source Port End Source Port
Destination Port Type
Destination Port Start Destination Port End Destination Port More Details
Interface List Interface In ACL Out ACL
Select from “Accept” and “Deny”. The packets which are not included in the
access control list will be processed by the default filter policy.
Select type from “Extended” and “Standard”. User-defined ACL number. Range:
1-199. Select from “Permit” and “Deny”. Select protocol from “ip”, “icmp”,
“tcp”, “udp”, and “1-255”. Source network address (leaving it blank means
all). Wildcard mask of the source network address. Destination network address
(0.0.0.0 means all).
Wildcard mask of destination address.
Fill in a description for the groups with the same ID. Enter the type of ICMP
packet. Range: 0-255. Enter the code of ICMP packet. Range: 0-255. Select
source port type, such as specified port, port range, etc. Set source port
number. Range: 1-65535. Set start source port number. Range: 1-65535. Set end
source port number. Range: 1-65535. Select destination port type, such as
specified port, port range, etc. Set destination port number. Range: 1-65535.
Set start destination port number. Range: 1-65535. Set end destination port
number. Range: 1-65535. Show information of the port.
Select network interface for access control. Select a rule for incoming
traffic from ACL ID. Select a rule for outgoing traffic from ACL ID.
Table 3-2-3-2 ACL Parameters
Related Configuration Example Access Control Application Example
3.2.3.3 Port Mapping Port mapping is an application of network address
translation (NAT) that redirects a communication request from the combination
of an address and port number to another while the packets are traversing a
network gateway such as a router or firewall.
Click to add a new port mapping rules.
41
Port Mapping Item Source IP
Source Port
Destination IP
Destination Port Protocol Description
Figure 3-2-3-3
Description Specify the host or network which can access local IP address.
0.0.0.0/0 means all. Enter the TCP or UDP port from which incoming packets are
forwarded. Range: 1-65535. Enter the IP address that packets are forwarded to
after being received on the incoming interface. Enter the TCP or UDP port that
packets are forwarded to after being received on the incoming port(s). Range:
1-65535. Select from “TCP” and “UDP” as your application required. The
description of this rule.
Table 3-2-3-3 Port Mapping Parameters
Related Configuration Example NAT Application Example
3.2.3.4 DMZ DMZ is a host within the internal network that has all ports exposed, except those forwarded ports in port mapping.
Figure 3-2-3-4
42
DMZ Item Enable DMZ Host
Source Address
Description Enable or disable DMZ. Enter the IP address of the DMZ host on the
internal network. Set the source IP address which can access to DMZ host.
“0.0.0.0/0” means any address.
Table 3-2-3-4 DMZ Parameters
3.2.3.5 MAC Binding MAC Binding is used for specifying hosts by matching MAC addresses and IP addresses that are in the list of allowed outer network access.
MAC Binding List Item MAC Address IP Address
Description
Figure 3-2-3-5
Description Set the binding MAC address. Set the binding IP address. Fill in a
description for convenience of recording the meaning of the binding rule for
each piece of MAC-IP.
Table 3-2-3-5 MAC Binding Parameters
3.2.3.6 Custom Rules
In this page, you can configure your own custom firewall iptables rules.
Figure 3-2-3-6
43
Custom Rules Item
Rule
Description
Description Specify an iptables rule like the example shows. Tips: You must reboot the device to take effect after modifying or deleting the iptables rules. Enter the description of the rule.
Table 3-2-3-6 Custom Rules Parameters
3.2.3.7 SPI
SPI Firewall Item Enable Filter Proxy
Filter Cookies
Filter ActiveX Filter Java Applets Filter Multicast Filter IDENT(port 113)
Block WAN SNMP access
Filter WAN NAT Redirection
Block Anonymous WAN Requests
Figure 3-2-3-7
Description Enable/disable SPI firewall. Blocks HTTP requests containing the
“Host”: string. Identifies HTTP requests that contain “Cookie”: String and
mangle the cookie. Attempts to stop cookies from being used. Blocks HTTP
requests of the URL that ends in “.ocx” or “.cab”. Blocks HTTP requests of the
URL that ends in “.js” or “.class”. Prevent multicast packets from reaching
the LAN. Prevent WAN access to Port 113. Block SNMP requests from the WAN.
Prevent hosts on LAN from using WAN address of router to connect servers on
the LAN (which have been configured using port redirection).
Stop the router from responding to “pings” from the WAN.
Table 3-2-3-7 SPI Parameters
44
3.2.4 QoS Quality of service (QoS) refers to traffic prioritization and resource reservation control mechanisms rather than the achieved service quality. QoS is engineered to provide different priority for different applications, users, data flows, or to guarantee a certain level of performance to a data flow.
QoS Item Download/Upload Enable Default Category Download/Upload Bandwidth
Capacity Service Category Name Percent (%)
Max BW(kbps)
Min BW(kbps)
Service Category Rules Item
Figure 3-2-4-1
Description
Enable or disable QoS. Select the default category from Service Category list.
The download/upload bandwidth capacity of the network that the router is
connected with, in kbps. Range: 1-8000000.
You can use characters such digits, letters and “-“. Set percent for the
service category. Range: 0-100. The maximum bandwidth that this category is
allowed to consume, in kbps. The value should be less than the
“Download/Upload Bandwidth Capacity” when the traffic is blocked. The minimum
bandwidth that can be guaranteed for the category, in kbps.The value should be
less than the “MAX BW” value.
Description
45
Name
Give the rule a descriptive name.
Source IP
Source address of flow control (leaving it blank means any).
Source Port Destination IP Destination Port
Source port of flow control. Range: 0-65535 (leaving it blank means any). Destination address of flow control (leaving it blank means any). Destination port of flow control. Range: 0-65535 (leaving it blank means any).
Protocol
Select protocol from “ANY”, “TCP”, “UDP”, “ICMP”, and “GRE”.
Service Category
Set service category for the rule.
Table 3-2-4-1 QoS (Download/Upload) Parameters
Related Configuration Example
QoS Application Example
3.2.5 VPN
Virtual Private Networks, also called VPNs, are used to securely connect two
private networks together so that devices can connect from one network to the
other network via secure channels. The UR32 supports DMVPN, IPsec, GRE, L2TP,
PPTP, OpenVPN, as well as GRE over IPsec and L2TP over IPsec.
3.2.5.1 DMVPN
A dynamic multi-point virtual private network (DMVPN), combining mGRE and
IPsec, is a secure network that exchanges data between sites without passing
traffic through an organization’s headquarter VPN server or router.
46
DMVPN Item Enable Hub Address Local IP address GRE Hub IP Address GRE Local IP
Address GRE Netmask GRE Key Negotiation Mode Authentication Algorithm
Encryption Algorithm
DH Group
Key Local ID Type IKE Life Time (s)
SA Algorithm
PFS Group
Life Time (s) DPD Interval Time (s) DPD Timeout (s) Cisco Secret NHRP Holdtime
(s)
Figure 3-2-5-1
Description Enable or disable DMVPN. The IP address or domain name of DMVPN
Hub. DMVPN local tunnel IP address. GRE Hub tunnel IP address. GRE local
tunnel IP address. GRE local tunnel netmask. GRE tunnel key. Select from
“Main” and “Aggressive”. Select from “DES”, “3DES”, “AES128”, “AES192” and
“AES256”. Select from “MD5” and “SHA1”. Select from “MODP768_1”, “MODP1024_2”
and “MODP1536_5”. Enter the preshared key. Select from “Default”, “ID”,
“FQDN”, and “User FQDN” Set the lifetime in IKE negotiation. Range: 60-86400.
Select from “DES_MD5”, “DES_SHA1”, “3DES_MD5”, “3DES_SHA1”, “AES128_MD5”,
“AES128_SHA1”, “AES192_MD5”, “AES192_SHA1”, “AES256_MD5” and “AES256_SHA1”.
Select from “NULL”, “MODP768_1”, “MODP1024_2” and “MODP1536-5”. Set the
lifetime of IPsec SA. Range: 60-86400. Set DPD interval time Set DPD timeout.
Cisco Nhrp key. The holdtime of NHRP protocol.
Table 3-2-5-1 DMVPN Parameters
3.2.5.2 IPSec Server
IPsec is especially useful for implementing virtual private networks and for
remote user access through dial-up connection to private networks. A big
advantage of IPsec is that security arrangements can be handled without
requiring changes to individual user computers. IPsec provides three choices
of security service: Authentication Header (AH), Encapsulating Security
Payload (ESP), and Internet Key Exchange (IKE). AH essentially allows
authentication of the senders’ data. ESP supports both authentication of the
sender and data encryption. IKE is used for cipher code exchange. All of them
can protect one and more data flows between hosts, between host and gateway,
and between gateways.
47
IPsec Server Item Enable IPsec Mode IPsec Protocol Local Subnet Local Subnet Netmask Local ID Type Remote Subnet Remote Subnet Mask Remote ID type
Figure 3-2-5-2
Description Enable IPsec tunnel. A maximum of 3 tunnels is allowed. Select
from “Tunnel” and “Transport”. Select from “ESP” and “AH”. Enter the local
subnet IP address that IPsec protects. Enter the local netmask that IPsec
protects. Select from “Default”, “ID”, “FQDN”, and “User FQDN”. Enter the
remote subnet IP address that IPsec protects. Enter the remote netmask that
IPsec protects. Select from “Default”, “ID”, “FQDN”, and “User FQDN”.
Table 3-2-5-2 IPsec Parameters
48
Figure 3-2-5-3
IKE Parameter Item IKE Version Negotiation Mode Encryption Algorithm Authentication Algorithm DH Group Local Authentication
Figure 3-2-5-4
Description Select from “IKEv1” and “IKEv2”. Select from “Main” and
“Aggressive”. Select from “DES”, “3DES”, “AES128”, “AES192” and “AES256”.
Select from “MD5″ and ” SHA1″ Select from “MODP768_1”, “MODP1024_2” and
“MODP1536_5”. Select from “PSK” and “CA”.
49
XAUTH Lifetime (s) XAUTH List Username Password PSK List Selector PSK SA
Parameter
SA Algorithm
PFS Group
Lifetime (s) DPD Interval Time(s) DPD Timeout(s) IPsec Advanced Enable
Compression
VPN Over IPsec Type
Expert Options
Enter XAUTH username and password after XAUTH is enabled. Set the lifetime in
IKE negotiation. Range: 60-86400.
Enter the username used for the xauth authentication. Enter the password used
for the xauth authentication.
Enter the corresponding identification number for PSK authentication. Enter
the pre-shared key.
Select from “DES_MD5”, “DES_SHA1”, “3DES_MD5”, “3DES_SHA1”, “AES128_MD5”,
“AES128_SHA1”, “AES192_MD5”, “AES192_SHA1”, “AES256_MD5” and “AES256_SHA1”.
Select from “NULL”, “MODP768_1” , “MODP1024_2” and “MODP1536_5”. Set the
lifetime of IPsec SA. Range: 60-86400. Set DPD interval time to detect if the
remote side fails. Set DPD timeout. Range: 10-3600.
The head of IP packet will be compressed after it’s enabled. Select from
“NONE”, “GRE” and “L2TP” to enable VPN over IPsec function. User can enter
some other initialization strings in this field and separate the strings with
“;”. For example, if more local or remote subnet need to be added, users can
add contents here.
Table 3-2-5-3 IPsec Server Parameters
50
3.2.5.3 IPSec
IPsec Item Enable
IPsec Gateway Address
IPsec Mode IPsec Protocol Local Subnet Local Subnet Netmask Local ID Type
Remote Subnet Remote Subnet Mask Remote ID type
Figure 3-2-5-5
Description Enable IPsec tunnel. A maximum of 3 tunnels is allowed. Enter the
IP address or domain name of remote IPsec server. Select from “Tunnel” and
“Transport”. Select from “ESP” and “AH”. Enter the local subnet IP address
that IPsec protects. Enter the local netmask that IPsec protects. Select from
“Default”, “ID”, “FQDN”, and “User FQDN”. Enter the remote subnet IP address
that IPsec protects. Enter the remote netmask that IPsec protects. Select from
“Default”, “ID”, “FQDN”, and “User FQDN”.
Table 3-2-5-4 IPsec Parameters
51
IKE Parameter Item IKE Version Negotiation Mode Encryption Algorithm
Authentication Algorithm DH Group Local Authentication Local Secrets XAUTH
Lifetime (s) SA Parameter
SA Algorithm
Figure 3-2-5-6
Description Select from “IKEv1” and “IKEv2”. Select from “Main” and
“Aggressive”. Select from “DES”, “3DES”, “AES128”, “AES192” and “AES256”.
Select from “MD5″ and ” SHA1″ Select from “MODP768_1”, “MODP1024_2” and
“MODP1536_5”. Select from “PSK” and “CA”. Enter the pre-shared key. Enter
XAUTH username and password after XAUTH is enabled. Set the lifetime in IKE
negotiation. Range: 60-86400.
Select from “DES_MD5”, “DES_SHA1”, “3DES_MD5”, “3DES_SHA1”, “AES128_MD5”,
“AES128_SHA1”, “AES192_MD5”, “AES192_SHA1”, “AES256_MD5” and “AES256_SHA1”.
52
PFS Group Lifetime (s) DPD Interval Time(s) DPD Timeout(s) IPsec Advanced
Enable Compression VPN Over IPsec Type
Expert Option
Select from “NULL”, “MODP768_1” , “MODP1024_2” and “MODP1536_5”. Set the
lifetime of IPsec SA. Range: 60-86400. Set DPD interval time to detect if the
remote side fails. Set DPD timeout. Range: 10-3600.
The head of IP packet will be compressed after it’s enabled. Select from
“NONE”, “GRE” and “L2TP” to enable VPN over IPsec function. User can enter
some other initialization strings in this field and separate the strings with
“;”. For example, if more local or remote subnet need to be added, users can
add contents here.
Table 3-2-5-5 IPsec Parameters
3.2.5.4 GRE
Generic Routing Encapsulation (GRE) is a protocol that encapsulates packets in
order to route other protocols over IP networks. It’s a tunneling technology
that provides a channel through which encapsulated data message could be
transmitted and encapsulation and decapsulation could be realized at both
ends. In the following circumstances the GRE tunnel transmission can be
applied: – GRE tunnel could transmit multicast data packets as if it were a
true network interface. Single use
of IPSec cannot achieve the encryption of multicast. – A certain protocol
adopted cannot be routed. – A network of different IP addresses shall be
required to connect other two similar networks.
53
GRE Item Enable Remote IP Address Local IP Address Local Virtual IP Address Netmask Peer Virtual IP Address Global Traffic Forwarding Remote Subnet Remote Netmask MTU Key Enable NAT
Figure 3-2-5-7
Description Check to enable GRE function. Enter the real remote IP address of
GRE tunnel. Set the local IP address.
Set the local tunnel IP address of GRE tunnel.
Set the local netmask. Enter remote tunnel IP address of GRE tunnel. All the
data traffic will be sent out via GRE tunnel when this function is enabled.
Enter the remote subnet IP address of GRE tunnel. Enter the remote netmask of
GRE tunnel. Enter the maximum transmission unit. Range: 64-1500. Set GRE
tunnel key. Enable NAT traversal function.
Table 3-2-5-6 GRE Parameters
3.2.5.5 L2TP
Layer Two Tunneling Protocol (L2TP) is an extension of the Point-to-Point
Tunneling Protocol (PPTP) used by an Internet service provider (ISP) to enable
the operation of a virtual private network (VPN) over the Internet.
Figure 3-2-5-8
54
L2TP Item Enable Remote IP Address Username Password
Authentication
Global Traffic Forwarding Remote Subnet Remote Subnet Mask Key
Description Check to enable L2TP function. Enter the public IP address or
domain name of L2TP server. Enter the username that L2TP server provides.
Enter the password that L2TP server provides. Select from “Auto”, “PAP”,
“CHAP”, “MS-CHAPv1” and “MS-CHAPv2”. All of the data traffic will be sent out
via L2TP tunnel after this function is enabled. Enter the remote IP address
that L2TP protects. Enter the remote netmask that L2TP protects. Enter the
password of L2TP tunnel.
Table 3-2-5-7 L2TP Parameters
Advanced Settings Item
Local IP Address
Peer IP Address Enable NAT Enable MPPE
Figure 3-2-5-9
Description Set tunnel IP address of L2TP client. Client will obtain tunnel IP
address automatically from the server when it’s null. Enter tunnel IP address
of L2TP server. Enable NAT traversal function. Enable MPPE encryption.
55
Address/Control Compression Protocol Field Compression Asyncmap Value MRU MTU
Link Detection Interval (s)
Max Retries
Expert Options
For PPP initialization. User can keep the default option.
For PPP initialization. User can keep the default option.
One of the PPP protocol initialization strings. User can keep the default
value. Range: 0-ffffffff. Set the maximum receive unit. Range: 64-1500. Set
the maximum transmission unit. Range: 64-1500 Set the link detection interval
time to ensure tunnel connection. Range: 0-600. Set the maximum times of retry
to detect the L2TP connection failure. Range: 0-10. User can enter some other
PPP initialization strings in this field and separate the strings with blank
space.
Table 3-2-5-8 L2TP Parameters
3.2.5.6 PPTP
Point-to-Point Tunneling Protocol (PPTP) is a protocol that allows corporations to extend their own corporate network through private “tunnels” over the public Internet. Effectively, a corporation uses a wide-area network as a single large local area network.
Figure 3-2-5-10
56
PPTP Item Enable
Remote IP Address
Username Password
Authentication
Global Traffic Forwarding Remote Subnet Remote Subnet Mask
Description Enable PPTP client. A maximum of 3 tunnels is allowed. Enter the
public IP address or domain name of PPTP server. Enter the username that PPTP
server provides. Enter the password that PPTP server provides. Select from
“Auto”, “PAP”, “CHAP”, “MS-CHAPv1”, and “MS-CHAPv2”. All of the data traffic
will be sent out via PPTP tunnel once enable this function. Set the peer
subnet of PPTP. Set the netmask of peer PPTP server.
Table 3-2-5-9 PPTP Parameters
Figure 3-2-5-11
PPTP Advanced Settings
Item
Description
Local IP Address
Set IP address of PPTP client.
Peer IP Address
Enter tunnel IP address of PPTP server.
Enable NAT
Enable the NAT faction of PPTP.
Enable MPPE
Enable MPPE encryption.
Address/Control Compression
For PPP initialization. User can keep the default option.
Protocol Field
For PPP initialization. User can keep the default option.
57
Compression Asyncmap Value MRU MTU Link Detection Interval (s) Max Retries
Expert Options
One of the PPP protocol initialization strings. User can keep the default
value. Range: 0-ffffffff. Enter the maximum receive unit. Range: 0-1500. Enter
the maximum transmission unit. Range: 0-1500. Set the link detection interval
time to ensure tunnel connection. Range: 0-600. Set the maximum times of
retrying to detect the PPTP connection failure. Range: 0-10. User can enter
some other PPP initialization strings in this field and separate the strings
with blank space.
Table 3-2-5-10 PPTP Parameters
Related Configuration Example PPTP Application Example
3.2.5.7 OpenVPN Client
OpenVPN is an open source virtual private network (VPN) product that offers a
simplified security framework, modular network design, and cross-platform
portability. Advantages of OpenVPN include: – Security provisions that
function against both active and passive attacks. – Compatibility with all
major operating systems. – High speed (1.4 megabytes per second typically). –
Ability to configure multiple servers to handle numerous connections
simultaneously. – All encryption and authentication features of the OpenSSL
library. – Advanced bandwidth management. – A variety of tunneling options. –
Compatibility with smart cards that support the Windows Crypt application
program interface
(API).
58
OpenVPN Client Item Enable Protocol Remote IP Address
Port
Interface
Authentication
Local Tunnel IP Remote Tunnel IP
Global Traffic Forwarding
Enable TLS Authentication Username Password
Figure 3-2-5-12
Description Enable OpenVPN client. A maximum of 3 tunnels is allowed. Select
from “UDP” and “TCP”. Enter remote OpenVPN server’s IP address or domain name.
Enter the listening port number of remote OpenVPN server. Range: 1-65535.
Select from “tun” and “tap”. Select from “None”, “Pre-shared”,
“Username/Password”, “X.509 cert”, and “X.509 cert+user”. Set local tunnel
address. Enter remote tunnel address. All the data traffic will be sent out
via OpenVPN tunnel when this function is enabled. Check to enable TLS
authentication. Enter username provided by OpenVPN server. Enter password
provided by OpenVPN server.
59
Enable NAT Compression Link Detection Interval (s)
Link Detection Timeout (s)
Cipher MTU Max Frame Size Verbose Level Expert Options Local Route Subnet
Subnet Mask
Enable NAT traversal function. Select LZO to compress data. Set link detection
interval time to ensure tunnel connection. Range: 10-1800. Set link detection
timeout. OpenVPN will be reestablished after timeout. Range: 60-3600. Select
from “NONE”, “BF-CBC”, “DE-CBC”, “DES-EDE3-CBC”, “AES-128-CBC”, “AES-192-CBC”
and “AES-256-CBC”. Enter the maximum transmission unit. Range: 128-1500. Set
the maximum frame size. Range: 128-1500. Select from “ERROR”, “WARING”,
“NOTICE” and “DEBUG”. User can enter some other PPP initialization strings in
this field and separate the strings with blank space.
Set the local route’s IP address. Set the local route’s netmask.
Table 3-2-5-11 OpenVPN Client Parameters
3.2.5.8 OpenVPN Server
The UR32 supports OpenVPN server to create secure point-to-point or site-to- site connections in routed or bridged configurations and remote access facilities.
Figure 3-2-5-13
60
OpenVPN Server Item Enable Protocol Port
Listening IP
Interface
Authentication
Local Virtual IP Remote Virtual IP Client Subnet Client Netmask Renegotiation
Interval(s) Max Clients Enable CRL Enable Client to Client Enable Dup Client
Enable NAT Compression
Link Detection Interval
Cipher
MTU Max Frame Size Verbose Level
Expert Options
Local Route Subnet Netmask
Figure 3-2-5-14
Description Enable/disable OpenVPN server. Select from TCP and UDP. Fill in
listening port number. Range: 1-65535. Enter WAN IP address or LAN IP address.
Leaving it blank refers to all active WAN IP and LAN IP address. Select from ”
tun” and “tap”. Select from “None”, “Pre-shared”, “Username/Password”, “X.509
cert” and “X. 509 cert +user”. The local tunnel address of OpenVPN’s tunnel.
The remote tunnel address of OpenVPN’s tunnel. Local subnet IP address of
OpenVPN client. Local netmask of OpenVPN client.
Set interval for renegotiation. Range: 0-86400.
Maximum OpenVPN client number. Range: 1-128. Enable CRL Allow access between
different OpenVPN clients. Allow multiple users to use the same certification.
Check to enable the NAT traversal function. Select “LZO” to compress data. Set
link detection interval time to ensure tunnel connection. Range: 10-1800.
Select from “NONE”, “BF-CBC”, “DES-CBC”, “DES-EDE3-CBC”, “AES-128-CBC”,
“AES-192-CBC” and “AES-256-CBC”. Enter the maximum transmission unit. Range:
64-1500. Set the maximum frame size. Range: 64-1500. Select from “ERROR”,
“WARING”, “NOTICE” and “DEBUG”. User can enter some other PPP initialization
strings in this field and separate the strings with blank space.
The real local IP address of OpenVPN client. The real local netmask of OpenVPN
client.
61
Account Username & Password
Set username and password for OpenVPN client.
Table 3-2-5-12 OpenVPN Server Parameters
3.2.5.9 Certifications User can import/export certificate and key files for OpenVPN and IPsec on this page.
OpenVPN Client Item CA Public Key Private Key TA Preshared Key PKCS12
Figure 3-2-5-15
Description Import/Export CA certificate file. Import/Export public key file.
Import/Export private key file. Import/Export TA key file. Import/Export
static key file. Import/Export PKCS12 certificate file.
Table 3-2-5-13 OpenVPN Client Certification Parameters
Figure 3-2-5-16
62
OpenVPN Server Item CA Public Key Private Key DH TA CRL Preshared Key
Description Import/Export CA certificate file. Import/Export public key file.
Import/Export private key file. Import/Export DH key file. Import/Export TA
key file. Import/Export CRL. Import/Export static key file.
Table 3-2-5-14 OpenVPN Server Parameters
IPsec Item CA Client Key Server Key Private Key CRL
Figure 3-2-5-17
Description Import/Export CA certificate. Import/Export client key.
Import/Export server key. Import/Export private key. Import/Export certificate
recovery list.
Table 3-2-5-15 IPsec Parameters
Figure 3-2-5-18
63
IPsec Server Item CA Local Certificate Private Key CRL
Description Import/Export CA certificate. Import/Export Local Certificate
file. Import/Export private key. Import/Export certificate recovery list.
Table 3-2-5-16 IPsec Server Parameters
3.2.6 IP Passthrough IP Passthrough mode shares or “passes” the Internet providers assigned IP address to a single LAN client device connected to the router.
IP Passthrough Item Enable
Passthrough Mode
MAC
Figure 3-2-6-1
Description Enable or disable IP Passthrough. Select passthrough mode from
“DHCPS-Fixed” and “DHCPS-Dynamic”. Set MAC address.
Table 3-2-6-1 IP Passthrough Parameters
3.2.7 Routing
3.2.7.1 Static Routing A static routing is a manually configured routing
entry. Information about the routing is manually entered rather than obtained
from dynamic routing traffic. After setting static routing, the package for
the specified destination will be forwarded to the path designated by user.
64
Static Routing Item Destination Netmask/Prefix Length Interface
Gateway
Distance
Figure 3-2-7-1
Description Enter the destination IP address. Enter the subnet mask or prefix
length of destination address. The interface through which the data can reach
the destination address. IP address of the next router that will be passed by
before the input data reaches the destination address. Priority, smaller value
refers to higher priority. Range: 1-255.
Table 3-2-7-1 Static Routing Parameters
3.2.7.2 RIP RIP is mainly designed for small networks. RIP uses Hop Count to measure the distance to the destination address, which is called Metric. In RIP, the hop count from the router to its directly connected network is 0 and the hop count of network to be reached through a router is 1 and so on. In order to limit the convergence time, the specified metric of RIP is an integer in the range of 0 – 15 and the hop count larger than or equal to 16 is defined as infinity, which means that the destination network or host is unreachable. Because of this limitation, the RIP is not suitable for large-scale networks. To improve performance and prevent routing loops, RIP supports split horizon function. RIP also introduces routing obtained by other routing protocols. Each router that runs RIP manages a routing database, which contains routing entries to reach all reachable destinations.
65
Figure 3-2-7-2
RIP
Item
Description
Enable
Enable or disable RIP.
Update Timer Timeout Timer
Garbage Collection Timer
It defines the interval to send routing updates. Range: 5-2147483647, in seconds. It defines the routing aging time. If no update package on a routing is received within the aging time, the routing’s Routing Cost in the routing table will be set to 16. Range: 5-2147483647, in seconds. It defines the period from the routing cost of a routing becomes 16 to it is deleted from the routing table. In the time of Garbage-Collection, RIP uses 16 as the routing cost for sending routing updates. If Garbage Collection times out and the routing still has not been updated, the routing will be completely removed from the routing table. Range: 5-2147483647, in seconds.
Version
RIP version. The options are v1 and v2.
Advanced Settings
Default Information Originate Default information will be released when this function is enabled.
Default Metric
The default cost for the router to reach destination. Range: 0-16
Redistribute Connected
Check to enable.
66
Metric Redistribute Static Metric Redistribute OSPF Metric
Set metric after “Redistribute Connected” is enabled. Range: 0-16. Check to
enable. Set metric after “Redistribute Static” is enabled. Range: 0-16. Check
to enable. Set metric after “Redistribute OSPF” is enabled. Range: 0-16.
Table 3-2-7-2 RIP Parameters
Figure 3-2-7-3
Item
Description
Distance/Metric Management
Distance
Set the administrative distance that a RIP route learns. Range:
67
IP Address Netmask ACL Name
Metric
Policy in/out Interface ACL Name Filter Policy Policy Type Policy Name Policy
in/out Interface Passive Interface Passive Interface Interface Interface Send
Version Receive Version Split-Horizon Authentication Mode Authentication
String Authentication Key-chain Neighbor IP Address Network IP Address Netmask
1-255. Set the IP address of RIP route. Set the netmask of RIP route. Set ACL
name of RIP route. The metric of received route or sent route from the
interface. Range: 0-16. Select from “in” and “out”. Select interface of the
route. Access control list name of the route strategy.
Select from “access-list” and “prefix-list”. User-defined prefix-list name.
Select from “in” and “out”. Select interface from “cellular0”, “LAN1/WAN” and
“Bridge0”.
Select interface from “cellular0” and “LAN1/WAN”, “Bridge0”.
Select interface from “cellular0”, “LAN1/WAN” and “Bridge0”. Select from
“default”, “v1” and “v2”. Select from “default”, “v1” and “v2”. Select from
“enable” and “disable”. Select from “text” and “md5”. The authentication key
for package interaction in RIPV2. The authentication key-chain for package
interaction in RIPV2.
Set RIP neighbor’s IP address manually.
The IP address of interface for RIP publishing. The netmask of interface for
RIP publishing.
Table 3-2-7-3
3.2.7.3 OSPF
OSPF, short for Open Shortest Path First, is a link status based on interior
gateway protocol developed by IETF. If a router wants to run the OSPF
protocol, there should be a Router ID that can be manually configured. If no
Router ID configured, the system will automatically select an IP address of
interface
68
as the Router ID. The selection order is as follows: – If a Loopback interface
address is configured, then the last configured IP address of Loopback
interface will be used as the Router ID; – If no Loopback interface address is
configured, the system will choose the interface with the
biggest IP address as the Router ID.
Five types of packets of OSPF: – Hello packet – DD packet (Database
Description Packet) – LSR packet (Link-State Request Packet) – LSU packet
(Link-State Update Packet) – LSAck packet (Link-Sate Acknowledgment Packet)
Neighbor and Neighboring After OSPF router starts up, it will send out Hello
Packets through the OSPF interface. Upon receipt of Hello packet, OSPF router
will check the parameters defined in the packet. If it’s consistent, a
neighbor relationship will be formed. Not all matched sides in neighbor
relationship can form the adjacency relationship. It is determined by the
network type. Only when both sides successfully exchange DD packets and LSDB
synchronization is achieved, the adjacency in the true sense can be formed.
LSA describes the network topology around a router, LSDB describes entire
network topology.
OSPF Item Enable
Figure 3-2-7-4
Description Enable or disable OSPF.
69
Router ID ABR Type RFC1583 Compatibility
OSPF Opaque-LSA
SPF Delay Time SPF Initial-holdtime SPF Max-holdtime Reference Bandwidth
Router ID (IP address) of the originating LSA.
Select from cisco, ibm, standard and shortcut.
Enable/Disable. Enable/Disable LSA: a basic communication means of the OSPF
routing protocol for the Internet Protocol (IP). Set the delay time for OSPF
SPF calculations. Range: 0-6000000, in milliseconds. Set the initialization
time of OSPF SPF. Range: 0-6000000, in milliseconds. Set the maximum time of
OSPF SPF. Range: 0-6000000, in milliseconds. Range: 1-4294967, in Mbit.
Table 3-2-7-4 OSPF Parameters
Item Interface Interface Hello Interval (s)
Dead Interval (s)
Retransmit Interval (s) Transmit Delay (s)
Description
Figure 3-2-7-5
Select interface from “cellular0”,”WAN”and “Bridge0”. Send interval of Hello packet. If the Hello time between two adjacent routers is different, the neighbour relationship cannot be established. Range: 1-65535. Dead Time. If no Hello packet is received from the neighbours within the dead time, then the neighbour is considered failed. If dead times of two adjacent routers are different, the neighbour relationship cannot be established. When the router notifies an LSA to its neighbour, it is required to make acknowledgement. If no acknowledgement packet is received within the retransmission interval, this LSA will be retransmitted to the neighbour. Range: 3-65535. It will take time to transmit OSPF packets on the link. So a certain delay
70
time should be increased before transmission the aging time of LSA. This
configuration needs to be further considered on the low-speed link.
Range: 1-65535.
Interface Advanced Options
Interface
Select interface.
Network
Select OSPF network type.
Cost
Set the cost of running OSPF on an interface. Range: 1-65535.
Priority
Set the OSPF priority of interface. Range: 0-255.
Set the authentication mode that will be used by the OSPF area.
Authentication
Simple: a simple authentication password should be configured and confirmed again.
MD5: MD5 key & password should be configured and confirmed again.
Key ID
It only takes effect when MD5 is selected. Range 1-255.
Key
The authentication key for OSPF packet interaction.
Table 3-2-7-5 OSPF Parameters
Item Passive Interface Passive Interface Network IP Address Netmask Area ID
Area Area ID
Area
Description
Figure 3-2-7-6
Select interface from “cellular0”, “LAN1/WAN” and “Bridge0”.
The IP address of local network. The netmask of local network. The area ID of original LSA’s router.
Set the ID of the OSPF area (IP address). Select from “Stub” and “NSSA”. The backbone area (area ID 0.0.0.0) cannot be set as “Stub” or “NSSA”.
71
No Summary Authentication
Forbid route summarization. Select authentication from “simple” and “md5”.
Table 3-2–7-6 OSPF Parameters
Figure 3-2-7-7
Area Advanced Options
Item
Description
Area Range Area ID IP Address Netmask No Advertise Cost Area Filter Area ID Filter Type
The area ID of the interface when it runs OSPF (IP address). Set the IP
address. Set the netmask. Forbid the route information to be advertised among
different areas. Range: 0-16777215
Select an Area ID for Area Filter. Select from “import”, “export”, “filter-
in”, and “filter-out”.
ACL Name
Enter an ACL name which is set on “Routing > Routing Filtering” webpage.
Area Virtual Link Area ID ABR Address Authentication Key ID Key
Hello Interval
Dead Interval
Set the ID number of OSPF area. ABR is the router connected to multiple outer areas. Select from “simple” and “md5”. It only takes effect when MD5 is selected. Range 1-15. The authentication key for OSPF packet interaction. Set the interval time for sending Hello packets through the interface. Range: 1-65535. The dead interval time for sending Hello packets through the interface. Range: 1-65535.
Retransmit
The retransmission interval time for re-sending LSA. Range: 1-65535.
72
Interval Transmit Delay
The delay time for LSA transmission. Range: 1-65535.
Table 3-2-7-7 OSPF Parameters
Figure 3-2-7-8
Item
Description
Redistribution Redistribution Type Metric Metric Type Route Map
Select from “connected”, “static” and “rip”. The metric of redistribution router. Range: 0-16777214. Select Metric type from “1” and “2”. Mainly used to manage route for redistribution.
Redistribution Advanced Options
Always Redistribute Default Route
Send redistribution default route after starting up.
Redistribute Default Route Metric Redistribute Default Route Metric Type
Send redistribution default route metric. Range: 0-16777214. Select from “0”, “1” and “2”.
Distance Management
Area Type Distance
Select from “intra-area”, “inter-area” and “external”. Set the OSPF routing distance for area learning. Range: 1-255.
Table 3-2-7-8 OSPF Parameters
73
3.2.7.4 Routing Filtering
Figure 3-2-7-9
Routing Filtering
Item
Description
Access Control List
Name
User-defined name, need to start with a letter. Only letters, digits and underline (_) are allowed.
Action
Select from “permit” and “deny”.
Match Any
No need to set IP address and subnet mask.
IP Address User-defined.
Netmask
User-defined.
IP Prefix-List
Name
User-defined name, need to start with a letter. Only letters, digits and underline (_) are allowed.
Sequence
A prefix name list can be matched with multiple rules. One rule is matched with
Number
one sequence number. Range: 1-4294967295.
Action
Select from “permit” and “deny”.
Match Any
No need to set IP address, subnet mask, FE Length, and LE Length.
IP Address User-defined.
Netmask
User-defined.
FE Length
Specify the minimum number of mask bits that must be matched. Range: 0-32.
LE Length
Specify the maximum number of mask bits that must be matched. Range: 0-32.
Table 3-2-7-9 Routing Filtering Parameters
3.2.8 VRRP
The Virtual Router Redundancy Protocol (VRRP) is a computer networking
protocol that provides automatic assignment of available Internet Protocol
(IP) routers for participating hosts. This increases the availability and
reliability of routing paths via automatic default gateway selections in
74
an IP sub-network. Increasing the number of exit gateway is a common method
for improving system reliability. VRRP adds a group of routers that undertake
gateway function into a backup group so as to form a virtual router. The
election mechanism of VRRP will decide which router undertakes the forwarding
task, and the host in LAN is only required to configure the default gateway
for the virtual router. In VRRP, routers need to be aware of failures in the
virtual master router. To achieve this, the virtual master router sends out
multicast “alive” announcements to the virtual backup routers in the same VRRP
group. The VRRP router who has the highest number will become the virtual
master router. The VRRP router number ranges from 1 to 255 and usually we use
255 for the highest priority and 100 for backup. If the current virtual master
router receives an announcement from a group member (Router ID) with a higher
priority, then the latter will pre-empt and become the virtual master router.
VRRP has the following characteristics: – The virtual router with an IP
address is known as the Virtual IP address. For the host in LAN, it is
only required to know the IP address of virtual router, and set it as the
address of the next hop of the default route. – The network Host communicates
with the external network through this virtual router. – A router will be
selected from the set of routers based on its priority to undertake the
gateway function. Other routers will be used as backup routers to perform the
duties of gateway for the gateway router in the case of any malfunction, so as
to guarantee uninterrupted communication between the host and external
network. When interface connected with the uplink is at the state of Down or
Removed, the router actively lowers its priority so that priority of other
routers in the backup group will be higher. Thus the router with the highest
priority becomes the gateway for the transmission task.
Figure 3-2-8-1
75
VRRP Item Enable Interface Virtual Router ID Virtual IP Priority Advertisement
Interval (s)
Preemption Mode
IPV4 Primary Server
IPV4 Secondary Server Interval Retry Interval
Timeout
Max Ping Retries
Description Enable or disable VRRP. Select the interface of Virtual Router. User-defined Virtual Router ID. Range: 1-255. Set the IP address of Virtual Router. The VRRP priority range is 1-254 (a bigger number indicates a higher priority). The router with higher priority will be more likely to become the gateway router. Heartbeat package transmission time interval between routers in the virtual ip group. Range: 1-255. If the router works in the preemption mode, once it finds that its own priority is higher than that of the current gateway router, it will send VRRP notification package, resulting in re- election of gateway router and eventually replacing the original gateway router. Accordingly, the original gateway router will become a Backup router. The router will send ICMP packet to the IP address or hostn ame to determine whether the Internet connection is still av ailable or not. The router will try to ping the secondary server name if prim ary server is not available. Time interval (in seconds) between two Pings. Set the ping retry interval. When ping failed, the router will pi ng again every retry interval. The maximum amount of time the router will wait for a resp onse to a ping request. If it does not receive a response for the amount of time defined in this field, the ping request will be considered as failure. The retry times of the router sending ping request until dete rmining that the connection has failed.
Default Disable None None None 100
1
Disable
8.8.8.8 114.114. 114.114 300 5
3
3
Table 3-2-8-1 VRRP Parameters
Related Configuration Example VRRP Application Example
3.2.9 DDNS
Dynamic DNS (DDNS) is a method that automatically updates a name server in the
Domain Name System, which allows user to alias a dynamic IP address to a
static domain name. DDNS serves as a client tool and needs to coordinate with
DDNS server. Before starting configuration, user shall register on a website
of proper domain name provider and apply for a domain name.
76
DDNS Item Enable Name Interface Service Type Username User ID Password Server Server Path Hostname Append IP
Figure 3-2-9-1
Description Enable/disable DDNS. Give the DDNS a descriptive name. Set
interface bundled with the DDNS. Select the DDNS service provider. Enter the
username for DDNS register. Enter User ID of the custom DDNS server. Enter the
password for DDNS register. Enter the name of DDNS server. By default the
hostname is appended to the path. Enter the hostname for DDNS. Append your
current IP to the DDNS server update path.
77
Use HTTPS
Enable HTTPS for some DDNS providers.
Table 3-2-9-1 DDNS Parameters
3.3 System
This section describes how to configure general settings, such as
administration account, access service, system time, common user management,
SNMP, AAA, event alarms, etc. 3.3.1 General Settings
3.3.1.1 General General settings include system info and HTTPS certificates.
General Item System Hostname Web Login Timeout (s) Encrypting Cleartext
Passwords HTTPS Certificates
Certificate
Key
Figure 3-3-1-1
Description
Default
User-defined router name, needs to start with a letter.
You need to log in again if it times out. Range: 100-3600.
This function will encrypt all of cleartext passwords into ciphertext
passwords.
ROUTER 1800 Enable
Click “Browse” button, choose certificate file on the PC, and then click
“Import” button to upload the file into
-router. Click “Export” button will export the file to the PC. Click “Delete” button will delete the file. Click “Browse” button, choose key file on the PC, and then —
78
click “Import” button to upload the file into router. Click “Export” button
will export file to the PC. Click “Delete” button will delete the file.
Table 3-3-1-1 General Setting Parameters
3.3.1.2 System Time This section explains how to set the system time including
time zone and time synchronization type. Note: to ensure that the router runs
with the correct time, it’s recommended that you set the system time when
configuring the router.
Figure 3-3-1-2
Figure 3-3-1-3
79
Figure 3-3-1-4
System Time Item Current Time Time Zone Sync Type Sync with Browser Browser Time Set up Manually GPS Time Synchronization Primary NTP Server Secondary NTP Server NTP Server
Figure 3-3-1-5
Description Show the current system time. Click the drop down list to select
the time zone you are in. Click the drop down list to select the time
synchronization type. Synchronize time with browser. Show the current time of
browser. Manually configure the system time.
Synchronize time with GPS.
Enter primary NTP Server’s IP address or domain name. Enter secondary NTP
Server’s IP address or domain name.
80
Enable NTP Server
NTP client on the network can achieve time synchronization with router after
“Enable NTP Server” option is checked.
Table 3-3-1-2 System Time Parameters
3.3.1.3 Email
SMTP, short for Simple Mail Transfer Protocol, is a TCP/IP protocol used in
sending and receiving e-mail. This section describes how to configure email
settings and add email groups for alarms and events.
SMTP Client Settings Item Enable Email Address Password SMTP Server Address
Port
Encryption
Figure 3-3-1-6
Description Enable or disable SMTP client function. Enter the sender’s email
account. Enter the sender’s email password. Enter SMTP server’s domain name.
Enter SMTP server port. Range: 1-65535. Select from: None, TLS/SSL, STARTTLS.
None: No encryption. The default port is 25. STARTTLS: STARTTLS is a way to
take an existing insecure connection and upgrade it to a secure connection by
using SSL/TLS. The default port is 587. TLS/SSL: SSL and TLS both provide a
way to encrypt a communication channel between two computers (e.g. your
computer and our server). TLS is the successor to SSL and the terms SSL and
TLS are used interchangeably unless you’re referring to a specific version of
the protocol.The default port is 465.
Table 3-3-1-3 SMTP Setting
81
Figure 3-3-1-7
Item Email List Email Address Description Email Group List Group ID Description List Selected
Description
Enter the Email address. The description of the Email address.
Set number for email group. Range: 1-100. The description of the Email group.
Show the Email address list. Show the selected Email address.
Table 3-3-1-4 Email Settings
Related Topics DI Setting Events Setting Events Application Example
3.3.1.4 Storage You can view Micro SD card information on this page.
82
Storage Item Status Storage (Capacity/Available) Format
Figure 3-3-1-8
Description Show the status of Micro SD card, such as “Available” or “Not
Inserted”. The total capacity of the Micro SD Card. Format the Micro SD card.
Table 3-3-1-5 Storage Information
3.3.2 Phone&SMS 3.3.2.1 Phone Phone settings involve in call/SMS trigger, SMS control and SMS alarm for events.
Phone Item Phone Number List Number
Figure 3-3-2-1
Description Enter the telephone number. Digits, “+” and “-” are allowed.
83
Description Phone Group List Group ID Description List Selected
Related Topic Connect on Demand
The description of the telephone number.
Set number for phone group. Range: 1-100. The description of the phone group.
Show the phone list. Show the selected phone number.
Table 3-3-2-1 Phone Settings
3.3.2.2 SMS SMS settings involve in remote SMS control, sending SMS and SMS receiving and sending status.
SMS Settings Item SMS Mode SMS Remote Control
Authentication Type
Password
Phone Group
Figure 3-3-2-2
Description Select SMS mode from “TEXT” and “PDU”.
Enable/disable SMS Remote Control.
You can choose “phone number” or “password + phone number”. Phone number: Use
phone number for authentication. Password + phone number: Use both
“”Password”” and “”Phone number”” for authentication. Set password for
authentication. Select the Phone group which used for remote control. User can
click the Phone Group and set phone number.
Table 3-3-2-2 SMS Remote Control Parameters
84
SMS Item Send SMS Phone Number Content Inbox/Outbox Sender Recipient From To Search Clear All
Figure 3-3-2-3
Description
Enter the number to receive the SMS. SMS content.
SMS sender from outside. SMS recipient which UR32 send to. Select the start
date. Select the end date. Search for SMS record. Clear all SMS records in web
GUI.
Table 3-3-2-3 SMS Settings
3.3.3 User Management
3.3.3.1 Account Here you can change the login username and password of the
administrator. Note: it is strongly recommended that you modify them for the
sake of security.
85
Figure 3-3-3-1
Account Item
Username
Old Password New Password Confirm New Password
Description Enter a new username. You can use characters such as a-z, 0-9,
“_”, “-“, “$”. The first character can’t be a digit. Enter the old password.
Enter a new password. Enter the new password again.
Table 3-3-3-1 Account Settings
3.3.3.2 User Management
This section describes how to create common user accounts. The common user
permission includes Read-Only and Read-Write.
Figure 3-3-3-2
User Management
Item Username
Description Enter a new username. You can use characters such as a-z, 0-9, “_”, “-“, “$”. The first character can’t be a digit.
Password
Set password.
Permission
Select user permission from “Read-Only” and “Read-Write”. – Read-Only: users can only view the configuration of router in this level. – Read-Write: users can view and set the configuration of router in this level.
Table 3-3-3-2 User Management
86
3.3.4 SNMP SNMP is widely used in network management for network monitoring.
SNMP exposes management data with variables form in managed system. The system
is organized in a management information base (MIB) which describes the system
status and configuration. These variables can be remotely queried by managing
applications. Configuring SNMP in networking, NMS, and a management program of
SNMP should be set up at the Manager. Configuration steps are listed as below
for achieving query from NMS: 1. Enable SNMP setting. 2. Download MIB file and
load it into NMS. 3. Configure MIB View. 4. Configure VCAM.
Related Configuration Example SNMP Application Example
3.3.4.1 SNMP UR32 supports SNMPv1, SNMPv2c and SNMPv3 version. SNMPv1 and
SNMPv2c employ community name authentication. SNMPv3 employs authentication
encryption by username and password.
SNMP Settings Item Enable
Port
SNMP Version Location Information
Figure 3-3-4-1
Description Enable or disable SNMP function. Set SNMP listened port. Range:
1-65535. The default port is 161. Select SNMP version; support SNMP v1/v2c/v3.
Fill in the location information.
87
Contact Information
Fill in the contact information.
Table 3-3-4-1 SNMP Parameters
3.3.4.2 MIB View This section explains how to configure MIB view for the objects.
MIB View Item View Name View Filter View OID Included Excluded
Figure 3-3-4-2
Description Set MIB view’s name. Select from “Included” and “Excluded”. Enter
the OID number. You can query all nodes within the specified MIB node. You can
query all nodes except for the specified MIB node.
Table 3-3-4-2 MIB View Parameters
3.3.4.3 VACM This section describes how to configure VCAM parameters.
Figure 3-3-4-3
VACM Item SNMP v1 & v2 User List
Description
Community Permission
Set the community name. Select from “Read-Only” and “Read-Write”.
88
MIB View Network Read-Write
Select an MIB view to set permissions from the MIB view list. The IP address and bits of the external network accessing the MIB view. The permission of the specified MIB node is read and write.
Read-Only
The permission of the specified MIB node is read only.
SNMP v3 User Group
Group Name Security Level Read-Only View
Set the name of SNMPv3 group. Select from “NoAuth/NoPriv”, “Auth/NoPriv”, and ” Auth/Priv”. Select an MIB view to set permission as “Read-only” from the MIB view list.
Read-Write View Select an MIB view to set permission as “Read-write” from the MIB view list.
Inform View
Select an MIB view to set permission as “Inform” from the MIB view list.
SNMP v3 User List
Username
Set the name of SNMPv3 user.
Group Name
Select a user group to be configured from the user group.
Authentication Authentication Password
Select from “MD5”, “SHA”, and “None”. The password should be filled in if authentication is “MD5” and “SHA”.
Encryption
Select from “AES”, “DES”, and “None”.
Encryption Password
The password should be filled in if encryption is “AES” and “DES”.
Table 3-3-4-3 VACM Parameters
3.3.4.4 Trap
This section explains how to enable network monitoring by SNMP trap.
SNMP Trap Item Enable SNMP Version Server Address Port
Name
Figure 3-3-3-4
Description Enable or disable SNMP Trap function. Select SNMP version; support
SNMP v1/v2c/v3. Fill in NMS’s IP address or domain name. Fill in UDP port.
Port range is 1-65535. The default port is 162. Fill in the group name when
using SNMP v1/v2c; fill in the username when using SNMP v3.
89
Auth/Priv Mode Select from “NoAuth & No Priv”, “Auth & NoPriv”, and “Auth &
Priv”.
Table 3-3-4-4 Trap Parameters
3.3.4.5 MIB This section describes how to download MIB files. The last MIB
file “LTE-ROUTER-MIB.txt” is for the UR32 router.
MIB Item MIB File Download
Figure 3-3-4-5
Description Select the MIB file you need. Click “Download” button to download
the MIB file to PC.
Table 3-3-4-5 MIB Download
3.3.5 AAA AAA access control is used for visitors control and the available
corresponding services once access is allowed. It adopts the same method to
configure three independent safety functions. It provides modularization
methods for following services: – Authentication: verify if the user is
qualified to access to the network. – Authorization: authorize related
services available for the user. – Charging: record the utilization of network
resources.
3.3.5.1 Radius Using UDP for its transport, Radius is generally applied in
various network environments with higher requirements of security and
permission of remote user access.
90
Radius Item Enable Server IP Address Server Port
Key
Figure 3-3-5-1
Description Enable or disable Radius. Fill in the Radius server IP
address/domain name. Fill in the Radius server port. Range: 1-65535. Fill in
the key consistent with that of Radius server in order to get connected with
Radius server.
Table 3-3-5-1 Radius Parameters
3.3.5.2 TACACS+
Using TCP for its transport, TACACS+ is mainly used for authentication,
authorization and charging of the access users and terminal users by adopting
PPP and VPDN.
Figure 3-3-5-2
91
TACACS+ Item Enable Server IP Address Server Port
Key
Description Enable or disable TACACS+. Fill in the TACACS+ server IP
address/domain name. Fill in the TACACS+ server port. Range: 1-65535. Fill in
the key consistent with that of TACACS+ server in order to get connected with
TACACS+ server.
Table 3-3-5-2 TACACS+ Parameters
3.3.5.3 LDAP
A common usage of LDAP is to provide a central place to store usernames and
passwords. This allows many different applications and services to connect the
LDAP server to validate users.
LDAP is based on a simpler subset of the standards contained within the X.500
standard. Because of this relationship, LDAP is sometimes called X.500-lite as
well.
LDAP Item Enable
Server IP Address
Server Port Base DN Security
Figure 3-3-5-3
Description Enable or Disable LDAP. Fill in the LDAP server’s IP
address/domain name. The maximum count is 10. Fill in the LDAP server’s port.
Range: 1-65535 The top of LDAP directory tree. Select secure method from
“None”, “StartTLS” and “SSL”.
92
Username Password
Enter the username to access the server. Enter the password to access the
server.
Table 3-3-5-3 LDAP Parameters
3.3.5.4 Authentication
AAA supports the following authentication ways: – None: uses no
authentication, generally not recommended. – Local: uses the local username
database for authentication.
Advantages: rapidness, cost reduction. Disadvantages: storage capacity limited
by hardware. – Remote: has user’s information stored on authentication server.
Radius, TACACS+ and LDAP supported for remote authentication. When radius,
TACACS+, and local are configured at the same time, the priority level is: 1
2 >3.
Authentication Item Console Web Telnet SSH
Figure 3-3-5-4
Description Select authentication for Console access. Select authentication
for Web access. Select authentication for Telnet access. Select authentication
for SSH access.
Table 3-3-5-4 Authentication Parameters
3.3.6 Device Management
3.3.6.1 DeviceHub
You can connect the device to the Milesight DeviceHub on this page so as to
manage the router centrally and remotely. For more details please refer to
DeviceHub User Guide.
93
DeviceHub Item Status
Disconnected Server Address
Activation Method
Authentication Code Account name Password
Figure 3-3-6-1
Description Show the connection status between the router and the DeviceHub.
Click this button to disconnect the router from the DeviceHub. IP address or
domain of the device management server. Select activation method to connect
the router to the DeviceHub server, options are “By Authentication Code” and
“By Account name”. Fill in the authentication code generated from the
DeviceHub. Fill in the registered DeviceHub account (email) and password.
Table 3-3-6-1
3.3.6.2 Milesight VPN
You can connect the device to the Milesight VPN on this page so as to manage
the router and connected devices centrally and remotely. For more details
please refer to MilesightVPN User Guide.
94
Figure 3-3-6-2
Milesight VPN
Item
Description
Milesight VPN Settings
Server
Enter the IP address or domain name of Milesight VPN.
Port
Enter the HTTPS port number.
Authorization code Enter the authorization code which generated by Milesight VPN.
Device Name
Enter the name of the device.
Milesight VPN Status
Status
Show the connection information about whether the router is connected to the Milesight VPN.
Local IP
Show the virtual IP of the router.
Remote IP
Show the virtual IP of the Milesight VPN.
Duration
Show the information on how long the router has been connected to the Milesight VPN.
Table 3-3-6-2
95
3.3.7 Events Event feature is capable of sending alerts by Email when certain system events occur. 3.3.7.1 Events You can view alarm messages on this page.
Events Item Mark as Read Delete Mark All as Read Delete All Alarms
Status
Type Time Message
Figure 3-3-7-1
Description Mark the selected event alarm as read. Delete the selected event
alarm. Mark all event alarms as read. Delete all event alarms. Show the
reading status of the event alarms, such as “Read” and “Unread”. Show the
event type that should be alarmed. Show the alarm time. Show the alarm
content.
Table 3-3-7-1 Events Parameters
3.3.7.2 Events Settings
In this section, you can decide what events to record and whether you want to
receive email and SMS notifications when any change occurs.
96
Figure 3-3-7-2
Event Settings Item Enable Phone Group List Email Group List
Record
Email
Figure 3-3-7-3
Description Check to enable “Events Settings”. Select phone group to receive
SMS alarm. Select email group to receive alarm. The relevant content of event
alarm will be recorded on “Event” page if this option is checked. The relevant
content of event alarm will be sent out via email if this option is checked.
97
Email Setting
SMS
SMS Setting
VPN Up VPN Down WAN Up WAN Down Link Switch Weak Signal Cellular Up Cellular
Down Cellular Data Stats Clear Cellular Data Traffic is running out Cellular
Data Traffic Over Flow WLAN Up(AP) WLAN Down(AP) WLAN Up(Client) WLAN
Down(Client)
Related Topics Email Setting Events Application Example
Click and you will be redirected to the page “Email” to configure email group
list. The relevant content of event alarm will be sent out via SMS if this
option is checked. Click and you will be redirected to the page of “Phone” to
configure phone group list. VPN is connected. VPN is disconnected. Ethernet
cable is connected to WAN port. Ethernet cable is disconnected to WAN port.
Switch to use other interface for Internet access. The signal level of
cellular is low. Cellular network is connected. Cellular network is
disconnected.
Zero out the data usage of the main SIM card.
The main SIM card is reaching the data usage limit.
The main SIM card has exceeded the data usage plan.
The WLAN(AP) is enabled. The WLAN(AP) has stopped working. The WLAN(Client) is
enabled. The WLAN(Client) has stopped working.
Table 4-3-7-2 Events Parameters
3.4 Industrial Interface
UR32 router is capable of connecting with terminals through industrial
interfaces so as to realize wireless communication between terminals and
remote data center. There are two types of the router’s industrial interface:
serial port (RS232 and RS485) and I/O (digital input and digital output).
RS232 adopts full-duplex communication. It’s generally used for communication
within 20m. RS485 adopts half-duplex communication to achieve transmission of
serial communication data with distance up to 120m. Digital input of I/O
interface is a logical variable or switch variable with only two values of 0
and 1. “0” refers to low level and “1” refers to high level .
98
3.4.1 I/O
3.4.1.1 DI This section explains how to configure monitoring condition on
digital input, and take certain actions once the condition is reached.
Figure 3-4-1-1
DI Item Enable Mode Duration (ms) Condition
Low->High
High->Low
Counter
Action
SMS Phone Group SMS Content Email Email Group Email Content DO Cellular UP
Description Enable or disable DI. Options are “High Level”, “Low Level”, and “Counter”. Set the duration of high/low level in digital input. Range: 1-10000. Select from “Low->High”, and “High-> Low”. The counter value will increase by 1 if digital input’s status changes from low level to high level. The counter value will increase by 1 if digital input’s status changes from high level to low level. The system will take actions accordingly when the counter value reach the preset one, and then reset the counter value to 0. Range: 1-100. Select the corresponding actions that the system will take when digital input mode meets the preset condition or duration. Check to enable SMS alarm. Set phone group to receive SMS alarm. Set the content of SMS alarm. Check to enable Email alarm. Set phone group to receive email alarm. Set the content of email alarm. Control output status of DO. Trigger the router to switch from offline mode to cellular network mode.
Table 3-4-1-1 DI Parameters
Related Topics
DO Setting
99
Email Setting Connect on Demand
3.4.1.2 DO This section describes how to configure digital output mode.
DO Item Enable Mode
Duration (10ms)
Initial Status Duration of High Level (10ms) Duration of Low Level (*10ms)
The Number of Pulse
Phone Group
Related Topics DI Setting
Figure 3-4-1-2
Description Enable or disable DO. Select from “High Level”, “Low Level”,
“Pulse” and “Custom” . Set duration of high/low level on digital output.
Range: 1-10000. Select high level or low level as the initial status of the
pulse.
Set the duration of pulse’s high level. Range: 1-10000.
Set the duration of pulse’s low level. Range: 1-10000.
Set the quantity of pulse. Range: 1-100. Select phone group which will be used
for I/O configuration. User can click the Phone Group and set phone number.
Table 3-4-1-2 DO Settings
3.4.2 Serial Port
This section explains how to configure serial port parameters to achieve
communication with serial terminals, and configure work mode to achieve
communication with the remote data center, so as to achieve two-way
communication between serial terminals and remote data center.
100
Serial Settings Item Enable Serial Type Baud Rate
Data Bits
Stop Bits
Parity Software Flow Control Serial Mode
DTU Mode
GPS
Modbus Master
Modbus Slave
Figure 3-4-2-1
Description Enable or disable serial port function. RS232 or RS485. Range is 300-230400. Same with the baud rate of the connected terminal device. Options are “8” and “7”. Same with the data bits of the connected terminal device. Options are “1” and “2”. Same with the stop bits of the connected terminal device. Options are “None”, “Odd” and “Even”. Same with the parity of the connected terminal device.
Default Disable -9600
8
1
None
Enable or disable software flow control.
Disable
Select work mode of the serial port. Options are “DTU Mode” , “Modbus Master”,
“Modbus Slave” and “GPS”. In DTU mode, the serial port can establish
communication with the remote server/client. In GPS mode, go to “Industrial >
GPS > GPS Serial Forwarding” to select corresponding Serial Type, then GPS
data will be forwarded to this serial port. In Modbus Master mode, go to
“Industrial > Modbus Master” to configure basic parameters and channels. In
Modbus Slave mode, go to “Industrial > Modbus Slave” to configure basic
parameters.
Table 3-4-2-1 Serial Parameters
Disable —
—
101
DTU Mode Item
DTU Protocol
TCP/UDP Server Listening port Keepalive Interval Keepalive Retry Times Packet
Size Serial Frame Interval
Figure 3-4-2-2
Description Select from “None”, “Transparent”, “Modbus”, “UDP server” and “TCP
server”. – Transparent: the routed is used as TCP client/UDP and transmits
data transparently. – TCP server: the router is used as TCP server and
transmits data
transparently. – UDP server: the router is used as UDP server and transmits
data
transparently. – Modbus: the router will be used as TCP server with modbus
gateway function, which can achieve conversion between Modbus RTU and Modbus
TCP.
Set the router listening port. Range: 1-65535. After TCP connection is
established, client will send heartbeat packet regularly by TCP to keep alive.
The interval range is 1-3600 in seconds. When TCP heartbeat times out, router
will resend heartbeat. After it reaches the preset retry times, TCP connection
will be reestablished. The retry times range is 1-16. Set the size of the
serial data frame. Packet will be sent out when preset frame size is reached.
The size range is 1-1024. The unit is byte. The interval that the router sends
out real serial data stored in the buffer area to public network. The range is
10-65535, in
Default
—
502 75 9 1024 100
102
milliseconds. Note: data will be sent out to public network when real serial data size reaches the preset packet size, even though it’s within the serial frame interval.
Table 3-4-2-2 DTU Parameters
Item
Description
Default
Transparent
Protocol
Select “TCP” or “UDP” protocol.
TCP
After TCP client is connected with TCP server, the client will send
Keepalive Interval
heartbeat packet by TCP regularly to keep alive. The interval range 75
(s)
is 1-3600, in seconds.
Keepalive Retry Times
When TCP heartbeat times out, the router will resend heartbeat. After it reaches the preset retry times, router will reconnect to TCP 9 server. The range is 1-16.
Packet Size
Serial Frame Interval
Reconnect Interval
Set the size of the serial data frame. Packet will be sent out when preset frame size is reached. The range is 1-1024. The unit is byte. The interval that the router sends out real serial data stored in the buffer area to public network. The range is 10-65535, in milliseconds. Note: data will be sent out to public network when real serial data size reaches the preset packet size, even though it’s within the serial frame interval. After connection failure, router will reconnect to the server at the preset interval, in seconds. The range is 10-60.
1024 100 10
Specific Protocol By Specific Protocol, the router will be able to connect to the
—
TCP2COM software.
Heartbeat Interval
By Specific Protocol, the router will send heartbeat packet to the
server regularly to keep alive. The interval range is 1-3600, in
30
seconds.
ID
Define unique ID of each router. No longer than 63 characters without space character.
—
Register String Define register string for connection with the server.
Null
Server Address Fill in the TCP or UDP server address (IP/domain name).
Null
Server Port
Fill in the TCP or UDP server port. Range: 1-65535.
Null
Status
Show the connection status between the router and the server.
—
Modbus
Local Port Maximum TCP Clients
Set the router listening port. Range: 1-65535.
502
Specify the maximum number of TCP clients allowed to connect th 32
e router which act as a TCP server.
Connection Timeout
If the TCP server does not receive any data from the slave device w ithin the connection timeout period, the TCP connection will be bro 60 ken.
Reading Interval Set the interval for reading remote channels. When a read cycle end 100
103
Response Timeout
Maximum Retries
s, the new read cycle begins until this interval expires. If it is set to 0, the device will restart the new read cycle after all channels have been read. Set the maximum response time that the router waits for the respo nse to the command. If the device does not get a response after th e maximum response time, it’s determined that the command has ti med out. Set the maximum retry times after it fails to read.
3000 3
Table 3-4-2-3 DTU Parameters
Related Configuration Example
DTU Application Example
3.4.3 Modbus Slave This section describes how to achieve I/O status via Modbus
TCP, Modbus RTU and Modbus RTU over TCP.
3.4.3.1 Modbus TCP You can define the address of the DI and DO ports so as to
poll DI’s status and control DO’s status via Modbus TCP protocol.
Modbus TCP Item Enable Port DI Address DO Address
Figure 3-4-3-1
Description Enable/disable Modbus TCP. Set the router listening port. Range:
1-65535. Define the address of DI, range: 0-255. Define the address of DO,
range: 0, 2-255.
Table 3-4-3-1 Modbus TCP Parameters
Default Disable 502 0 0
104
3.4.3.2 Modbus RTU
You can define the address of the DI and DO ports so as to poll DI’s status
and control DO’s status via Modbus RTU protocol.
Modbus RTU Item Enable Serial Port
Slave ID
DI Address DO Address
Figure 3-4-3-2
Description Enable/disable Modbus RTU. Select the corresponding serial port.
Set slave ID is used for distinguishing different devices on the same link.
Define the address of DI, range: 0-255. Define the address of DO, range: 0,
2-255.
Table 3-4-3-2 Modbus RTU Parameters
Default Disable serial
1
0 0
3.4.3.3 Modbus RTU Over TCP
You can define the address of the DI and DO ports so as to poll DI’s status
and control DO’s status via Modbus RTU over TCP.
105
Figure 3-4-3-3
Modbus RTU Over TCP
Item
Description
Default
Enable Slave ID
Enable/disable Modbus RTU over TCP function. Set slave ID is used for distinguishing different devices on the same link.
Disable 1
Device ID
Reconnection Interval
Set device ID. The server will get the device ID to the server for identifying identity so that the server can -manage multiple devices. The reconnection interval when the device and the server fails to establish connection or disconnected. 10
DI Address
Define the address of DI, range: 0-255.
0
DO Address
Define the address of DO, range: 0, 2-255.
0
Server List
IP
Enter the IP address of the server.
Port Status
Enter the port of the server.Range: 0-65535. Show the connection status between the router and the server.
Table 3-4-3-3 Modbus RTU Over TCP Parameters
3.4.4 Modbus Master UR32 router can be set as Modbus Master to poll the remote
Modbus Slave and send alarm according to the response.
3.4.4.1 Modbus Master You can configure Modbus Master’s parameters on this
page.
106
Figure 3-4-4-1
Modbus Master
Item
Description
Enable
Read Interval/s
Enable/disable Modbus master. Set the interval for reading remote channels. When the read cycle ends, the commands which haven’t been sent out will be discard, and the new read cycle begins. If it is set to 0, the device will restart the new read cycle after all channels have been read. Range: 0-600.
Max. Retries Set the maximum retry times after it fails to read, range: 0-5.
Max. Response Time/ms
Set the maximum response time that the router waits for the response to the command. If the device does not get a response after the maximum response time, it’s determined that the command has timed out. Range: 10-1000.
Execution Interval/ms Channel Name
The execution interval between each command. Range: 10-1000.
Select a readable channel form the channel list.
Table 3-4-4-1
Default —
0
3 500
50 —
3.4.4.2 Channel
You can add the channels and configure alarm setting on this page, so as to
connect the router to the remote Modbus Slave to poll the address on this page
and receive alarms from the router in different conditions.
Figure 3-4-4-2
Channel Setting
Item
Description
Name
Set the name to identify the remote channel. It cannot be blank.
Slave ID
Set Modbus slave ID.
Address
The starting address for reading.
Number
The address number for reading.
Type
Read command, options are “Coil”, “Discrete”, “Holding Register (INT16)”, “Input Register (INT16)”, “Holding Register (INT32)” and “Holding Register (Float)”.
107
Link IP address Port Sign
Decimal Place
Select TCP for transportation. Fill in the IP address of the remote Modbus device. Fill in the port of the remote Modbus device. To identify whether this channel is signed. Default: Unsigned. Used to indicate a dot in the read into the position of the channel. For example: read the channel value is 1234, and a Decimal Place is equal to 2, the