Grandstream Networks GWN7000 Enterprise Router & Wireless Access Point Manager User Manual YZZGWN7000 rev01

Grandstream Networks, Inc. Enterprise Router & Wireless Access Point Manager YZZGWN7000 rev01

UserManual.wiki >

Grandstream Networks >

GWN7000 User Manual >

Contents

1. User Manual
2. User manual

User Manual

Grandstream Networks, Inc.GWN7000Enterprise Router & Access Point ManagerUser Manual

GWN7000 Enterprise Router & Access Point ManagerUser ManualFCC Caution Any Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment. This device complies with part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation.Note: This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:- Reorient or relocate the receiving antenna.- Increase the separation between the equipment and receiver.- Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.- Consult the dealer or an experienced radio/TV technician for help. CE Compliance: Hereby㸪Grandstream declares that this device is in compliance with the essential requirements and other relevant provisions of Directive 2014/30/EU. Page |2

GWN7000 Enterprise Router & Access Point ManagerUser ManualGNU GPL INFORMATION GWN7000 firmware contains third-party software licensed under the GNU General Public License (GPL). Grandstream uses software under the specific terms of the GPL. Please see the GNU General Public License (GPL) for the exact terms and conditions of the license. Grandstream GNU GPL related source code can be downloaded from Grandstream web site from:http://www.grandstream.com/sites/default/files/Resources/gwn7xxx_gpl.zipPage |3

GWN7000 Enterprise Router & Access Point ManagerUser ManualDOCUMENT PURPOSE This document describes how to configure the GWN7000 via CLI and Web GUI to fully manipulate router'sfeatures. The intended audiences of this document are Network administrators. Please visit http://www.grandstream.com/support to download the latest “GWN7000 User Manual”.This guide covers following topics:xProduct OverviewxInstallationxGetting StartedxRouter ConfigurationxSetting up a Wireless NetworkxClients ConfigurationxVPNxUpgrading and ProvisioningxExperiencing the GWN7000 VPN RouterPage |8

GWN7000 Enterprise Router & Access Point ManagerUser ManualCHANGE LOG This section documents significant changes from previous versions of the GWN7000 user manuals. Only major new features or major document updates are listed here. Minor updates for corrections or editing are not documented here.FIRMWARE VERSION 1.0.0.8 xThis is the initial version.Page |9

GWN7000 Enterprise Router & Access Point ManagerUser ManualWELCOME The GWN7000 is a powerful enterprise-grade router and controller for wireless access points. Ideal for enterprises, office buildings, retail stores, shopping centers, hospitals, hotels, convention centers and more, the GWN7000 allows businesses to build comprehensive VPN networks with up to 500 wireless access points that can be shared across many different physical locations. This enterprise router provides reliable internet access with WAN port load balancing and dual WAN ports to offer a backup connection. Thanks to robust network features, easy web-based configuration and real-time status monitoring tools, the GWN7000 is the ideal router and wireless access point controller for large and multi-site deployments.--------------------------------------------------------------------------------------------------------------------------------------------Caution:Changes or modifications to this product not expressly approved by Grandstream, or operation of this product in any way other than as detailed by this User Manual, could void your manufacturer warranty.Warning:Please do not use a different power adaptor with the GWN7000 as it may cause damage to the products and void the manufacturer warranty.--------------------------------------------------------------------------------------------------------------------------------------------Page |10The GWN7000 is a powerful enterprise-grade router. Ideal for enterprises, office buildings, retail stores, shopping centers, hospitals, hotels, convention centers and more. This enterprise router provides reliable internet access with WAN port load balancing and dual WAN ports to offer a backup connection. Thanks to robust network features, easy web-based configuration and real-time status monitoring tools, the GWN7000 is the ideal router for large and multi-site deployments.

GWN7000 Enterprise Router & Access Point ManagerUser ManualPRODUCT OVERVIEW TECHNICAL SPECIFICATIONS Table 1: GWN7000 Technical SpecificationsNetwork Interfaces x2 x autosensing 10/100/1000 Base-T WAN Portsx1 x auto-sensing 10/100/1000 Base-T configurable NET Port x4 x auto-sensing 10/100/1000 Base-T LAN PortsWAN Features xDHCPxStatic IP xPPPoE xLoad balance & failover xRule based routingLAN Features xDHCP server xDNS Cache xMultiple zones xVLANAuxiliary Ports x2 x USB 2.0 portsx1 x Reset PinholeRouting Performance Up to 1Mpps with packet size with 64-byte packet sizeUSB x3G/4G/LTE as WAN xPrinter sharing xFile sharingNetwork Protocols xIPv4, IPv6 (pending), 802.1Q, 802.1p, 802.1x, LLDPVPN xProtocols: PPTP, L2TP/IPSec, OpenVPN (Client, Server or pass through)xPerformance up to 300MbpsLED 8 green-color LEDs for device tracking and status indicationMounting Indoor wall mount, DesktopQoS VLAN, TOSFirewall NAT, DMZ, Port Forwarding, SPI, UPnPDPI Yes (pending)Access Points Up to 500 GWN76xx series APsManagement Web, CLI, SNMP (pending)Power x802.3at PoE+ xOptional Power Supply: 12V/2AxMax power consumption: 16WEnvironmental xOperation: 0°C to 40°CPage |11

GWN7000 Enterprise Router & Access Point ManagerUser ManualxStorage: -10°C to 60°CxHumidity: 10% to 90% Non-condensingPackage Content xGWN7000 Enterprise Routerx12V/2A Power AdapterxQuick Installation GuidexGPL LicenseCompliance FCC, CE, ICPage |12

GWN7000 Enterprise Router & Access Point ManagerUser ManualINSTALLATION Before deploying and configuring the GWN7000, the device needs to be properly powered up and connected to network. This section describes detailed information on installation, connection and warranty policy of the GWN7000.EQUIPMENT PACKAGING Table 2: GWN7000 Equipment PackagingMain Case Yes (1)Power adaptor Yes (1)Quick Installation Guide Yes (1)GPL License Yes (1)CONNECT YOUR GWN7000 Figure 1: GWN7000 Front ViewPage |13

GWN7000 Enterprise Router & Access Point ManagerUser ManualFigure 2: GWN7000 Back ViewTo set up the GWN7000, follow the steps below:1. Connect one end of an RJ-45 Ethernet cable into the WAN1 or/and WAN2 port(s) of the GWN7000.2. Connect the other end of the Ethernet cable(s) into a DSL modem or router(s).3. Connect the 12V DC power adapter into the power jack on the back of the GWN7000. Insert the main plug of the power adapter into a surge-protected power outlet.4. Wait for the GWN7000 to boot up and connect to internet/network. In the front of the GWN7000 the Power LED will be in solid green, and the WAN LED will flash in green.5. Connect one of the LAN ports to your computer, the associated LED ports will flash in green.6. (Optional) Connect LAN ports to your GWN7610 access points or/and other devices, the associated LED ports will flash in green.SAFETY COMPLIANCES The GWN7000 VPN Router complies with FCC/CE and various safety standards. The GWN7000 power adapter is compliant with the UL standard. Use the universal power adapter provided with the GWN7000 package only. The manufacturer’s warranty does not cover damages to the device caused by unsupported power adapters.WARRANTY If the GWN7000 VPN Router was purchased from a reseller, please contact the company where the device was purchased for replacement, repair or refund. If the device was purchased directly from Grandstream, contact our Technical Support Team for a RMA (Return Materials Authorization) number before the product is returned. Grandstream reserves the right to remedy warranty policy without prior notification.Page |14

GWN7000 Enterprise Router & Access Point ManagerUser ManualGETTING STARTED The GWN7000 VPN Router provides an intuitive web GUI configuration interface for easy management in addition to CLI Interface via SSH to give users access to all the configurations and options for GWN7000 VPN Router setup.This section provides step-by-step instructions on how to read LED indicators, use CLI Interface and Web GUI of the GWN7000.LED INDICATORS The front panel of the GWN7000 has LED indicators for power and interfaces activities, the table below describes the LED indicators status. Table 3: LED IndicatorsLED Status IndicationPOWER OFF GWN700 is powered off or abnormal power supply.Solid green GWN7000 is powered on correctly.WANs(1,2) Flashing green GWN7000 is connected as a client to another network and data is transferring.Solid green GWN7000 is connected as a client to another network and there is no activity.LANs(1,2,3,4,5) Flashing green A device is connected to the corresponding LAN port and data is transferring.Solid green A device is connected to the corresponding LAN port and there is no activity.Page |15

GWN7000 Enterprise Router & Access Point ManagerUser ManualUSE THE WEB GUI ACCESS WEB GUI The GWN7000 embedded Web server responds to HTTPS GET/POST requests. Embedded HTML pages allow users to configure the device through a Web browser such as Microsoft IE, Mozilla Firefox, Google Chrome and etc.Figure 3: GWN7000 Web GUI Login PageTo access the Web GUI:1. Connect a computer to a LAN Port of the GWN7000.2. Ensure the device is properly powered up, and the Power, LAN port LEDs light up in green.3. Open a Web browser on the computer and enter the web GUI URL in the following format:https://192.168.1.14. Enter the administrator’s login and password to access the Web Configuration Menu. The default administrator's username and password are "admin" and "admin". It is highly recommended to change the default password after login for the first time.Page |17

GWN7000 Enterprise Router & Access Point ManagerUser ManualFigure 4: GWN7000 Home MenuWEB GUI CONFIGURATIONS There are 6 main sections in the Web GUI for users to view the connection status, configure and manage the Router. xStatus: Displays interface status.xRouter: To configure WAN Ports settings, check general status of the Router, and Maintenance for upgrade/provisioningxDevices: To add Access points, discover automatically and pair by one click.xClients: Shows the list of the clients connected to LAN ports of the GWN7000 and wireless clients connected to zones via GWN7610 access points.xVPN: To configure VPN tunnels.xZone: To add and manage zones for the access points via VLANs.WEB GUI LANGUAGES Currently the GWN7000 series web GUI supports English and Simplified Chinese.Page |18

GWN7000 Enterprise Router & Access Point ManagerUser ManualUsers can select the displayed language at the upper right of the web GUI either before or after logging in.Figure 5: GWN7000 Web GUI LanguageFigure 6: GWN7000 Web GUI LanguagePage |19

GWN7000 Enterprise Router & Access Point ManagerUser ManualSAVE AND APPLY CHANGES When clicking on "Save" button after configuring or changing any option on the web GUI pages. Amessage mentioning the number of changes will appear on the upper menu (See Figure 7).Figure 7: Save ChangesFigure 8: View ChangesUsers need to click on that message to view changed configuration (See Figure 8), and click on "OK" button to apply changes.Page |20

GWN7000 Enterprise Router & Access Point ManagerUser ManualROUTER CONFIGURATION This section explains configurations for network settings, user privileges, and router parameters on the GWN7000 via Web GUI.STATUS INTERFACE STATUS AND DASHBOARD The Interface status shows the connection stability for WAN Ports, access points and status for LAN, USB ports and VPN tunnel.Figure 9: Status PageROUTER STATUS Beside Interface status, users can also view Device status to check MAC address, Part Number, Firmware version and Uptime for the Router.Page |21

GWN7000 Enterprise Router & Access Point ManagerUser ManualWAN status shows the uptime, current throughput, aggregate usage, and IP addresses for each WAN port.Router’s Status can be accessed from Web GUI->Router->Status.Figure 10: Router's StatusWAN PORTS The GWN7000 has 2 WAN ports configured as DHCP clients by default to be connected with DSL modem or routers, Users can also set static IPv4/IPv6 address, and configure PPPoE for each WAN port.Connect to GWN7000’s Web GUI from a computer connected to a LAN port and go to Router->Port page to configure WAN settings.WAN PORTS CONFIGURATION SETTINGS Please refer to the following table for basic network configuration parameters on WAN ports for GWN7000.Table 4: GWN7000 WEB GUI -> Router ->Port -> WAN Port(1,2)WAN Address TypeSelect "DHCP", "Static" or "PPPoE" mode on the WAN interfaces of GWN7000.The default setting is "DHCP".xDHCPWhen selected on a WAN port, it will act as a DHCP client and acquire an IP automatically from the DHCP server. xStaticWhen selected the user will have to set a static IPv4 address, Subnet Mask Page |22

GWN7000 Enterprise Router & Access Point ManagerUser Manualand IPv4 Gateway, or set IPv6 address, Prefix and Prefix Length if Enable IPv6 is checked. xPPPoEWhen selected the user will have to set the PPPoE account and password, PPPoE Keep alive interval and Inter-Key Timeout in seconds.Preferred DNS Enter the preferred DNS server address. If Preferred DNS is set, GWN7000 will use it in priority.Alternate DNS Enter the Alternate DNS server address. If Preferred DNS is set, GWN7000 will use it in when the Preferred DNS fails.GLOBAL SETTINGS This sections describes global settings tab for WAN Ports, that will be used for enabling/disabling Failover and Load Balancing on WAN ports.The following table shows the configuration parameters for WAN Ports global settings Table 5: GWN7000 WEB GUI->Router->Port->Global SettingsFailover Enabled If checked failover will be enabled for both WAN ports, forbid login after x attempts ? Default is disabled.Load Balance EnabledIf checked Load Balance will be used on both ports to optimize the ressource utilization. Please note that for this feature to work, WAN ports should be connected to different networks. Default is disabled.Page |23

GWN7000 Enterprise Router & Access Point ManagerUser ManualFigure 11: WAN Ports Global SettingsCONNECTING DEVICES TO LAN PORTS GWN7000 VPN Router with its DHCP server enabled on LAN ports level, will assign automatically an IP address to the devices connected to its LAN ports like a computer or GWN7610 access points.Please make sure that the device is configured as DHCP client so it can take an address, the GWN7000 will assign 192.168.1.x/24 address to its clients connected to its LAN ports.DHCP settings on LAN (Lease time, set static IP for devices, addresses range, IPv4/IPv6 type to assign like Zone and WAN ?)USER MANAGEMENT The GWN7000 has two users level (Administrator and user) privileges ? user’s usernamePage |24

GWN7000 Enterprise Router & Access Point ManagerUser ManualFigure 12: Admin and UserTIME&DATE SETTINGS The GWN7000 supports configuring date and time settings format as well as configuring it with multiple NTP servers via WAN (how many ?).Connect to the GWN7000 Web GUI and go to Router->Maintenance. User can change the Date Display Format, three options are possible YYYY/MM/DD, MM/DD/YYYY and DD/MM/YYYYPage |25

GWN7000 Enterprise Router & Access Point ManagerUser ManualCONFIGURING NTP SERVER Figure 13: Add an NTP serverDEVICE ROLE(MASTER/SLAVE) Figure 14: Master SlavePage |26

GWN7000 Enterprise Router & Access Point ManagerUser ManualVPN OVERVIEW Only VPN client, No Server ?VPN allows the GWN7000 to be connected to a remote VPN server using PPTP, L2TP and OpenVPN protocols, users can access VPN page from the GWN7000 Web GUI -> VPN.xTo add a VPN tunnel users need to click on xTo edit a VPN tunnel users need to click on xTo delete a VPN tunnel users need to click on Refer to the below tables depending on which VPN type has been selected.1.1.1.4 OpenVPNTable 12: OpenVPNEnabled If checked the VPN tunnel will be enabled.VPN Name Set the VPN’s name.Zone Set the Zone that will be using the VPN tunnel.NAT Enable If checked NAT will be enabled.Port Forwarding RulesPort Trigger RulesOpenVPN ModeLocal Host Set the local host IP address. Default is 0.0.0.0Remote OpenVPN Server:Port Set the remote OpenVPN server’s IP/FQDN and its port.Protocol Select UDP or TCP for protocol.Device Type Select TUN or TAP for the virtual network kernel device.Allow Peer to Change IP If checked, a device using the tunnel will still take control of the session if its IP changes.LZO Compression Select Adaptive, Yes or No for LZO compression speed.Fragment Set the fragment value.Mssfix Set Mssfix value. Default is 1450.Inactive Timeout Set the inactivity timeout value (in unit) for restarting the connection.CA Certificate Click on to upload CA certificate.Page |37

GWN7000 Enterprise Router & Access Point ManagerUser ManualClient Certificate Click on to upload client certificate.Client Private Key Click on to upload private key.1.1.1.5 L2TPTable 13: L2TPEnabled If checked the VPN tunnel will be enabled.VPN Name Set the VPN’s name.Zone Set the Zone that will be using the VPN tunnel.NAT Enable If checked NAT will be enabled.Port Forwarding RulesPort Trigger Rules1.1.1.6 PPTPTable 14: PPTPEnabled If checked the VPN tunnel will be enabled.VPN Name Set the VPN’s name.Zone Set the Zone that will be using the VPN tunnel.NAT Enable If checked NAT will be enabled.Port Forwarding RulesPort Trigger RulesRemote PPTP Server Set the remote PPTP server’s IP/FQDN.Username Set the client’s username.Password Set the client’s password.Use Tunnel as Default Route If checked the VPN will be used as default tunnel for all connected devices to the zone.Use DNS from Server If checked, all connected devices to the zone will be using DNS from the PPTP server.Number of Attempts to Reconnect Set the number of attempts to reconnect to the server if it fails.Use Built-in IPv6-managment If checked the tunnel will be used IPv6 addressing.Page |38

GWN7000 Enterprise Router & Access Point ManagerUser ManualUPGRADING AND PROVISIONING UPGRADING FIRMWARE The GWN7000 can be upgraded to a new firmware version remotely or locally. This section describes how to upgrade your GWN7000 via network or local upload.UPGRADING VIA WEB GUI The GWN7000 can be upgraded via TFTP/HTTP/HTTPS by configuring the URL/IP Address for the TFTP/HTTP/HTTPS server and selecting a download method. Configure a valid URL for TFTP, HTTP or HTTPS; the server name can be FQDN or IP address.Examples of valid URLs:firmware.grandstream.com/BETA192.168.5.87The upgrading configuration can be accessed via Web GUI->Router->Maintenance.Table 15: Network Upgrade ConfigurationUpgrade Via Allow users to choose the firmware upgrade method: TFTP, HTTP or HTTPS.Firmware Server Define the server path for the firmware server.Check Update on Boot If checked, the device will check if there is a firmware from the configured firmware server at boot.Automatic Upgrade check interval(m) Set the value for automatic upgrade check in minutes.Upgrade NowClick on button to begin the upgrade. Note that the device will reboot after downloading the firmware.UPGRADING VIA CLI --------------------------------------------------------------------------------------------------------------------------------------------Note:Please do not interrupt or power cycle the GWN7000 during upgrading process.Page |39

GWN7000 Enterprise Router & Access Point ManagerUser Manual--------------------------------------------------------------------------------------------------------------------------------------------Service providers should maintain their own firmware upgrade servers. For users who do not have TFTP/HTTP/HTTPS server, some free windows version TFTP servers are available for download from http://www.solarwinds.com/products/freetools/free_tftp_server.aspxhttp://tftpd32.jounin.netPlease check our website at http://www.grandstream.com/support/firmware for latest firmware.Instructions for local firmware upgrade via TFTP:1. Unzip the firmware files and put all of them in the root directory of the TFTP server;2. Connect the PC running the TFTP server and the GWN7000 to the same LAN segment;3. Launch the TFTP server and go to the File menu->Configure->Security to change the TFTP server's default setting from "Receive Only" to "Transmit Only" for the firmware upgrade;4. Start the TFTP server and configure the TFTP server in the GWN7000 web configuration interface;5. Configure the Firmware Server to the IP address of the PC;6. Update the changes and reboot the GWN7000.End users can also choose to download a free HTTP server from http://httpd.apache.org/ or useMicrosoft IIS web server.PROVISIONING AND BACKUP The GWN7000 configuration can be backed up locally or via network. The backup file will be used to restore the configuration on GWN7000 when necessary.DOWNLOAD CONFIGURATION Users can download the GWN7000 configurations for restore purpose under Web GUI->Router->MaintenanceClick on to download locally the configuration file.Page |40

GWN7000 Enterprise Router & Access Point ManagerUser ManualCONFIGURATION SERVER Users can download and provision the GWN7000 by putting the config file on a TFTP/HTTP or HTTPS server, and set Config Server to the TFTP/HTTP or HTTPS server used in order for the GWN7000 to be provisioned with that config server file.RESET AND REBOOT Users could perform a reboot under Web GUI->Router->Maintenance by clicking on button.Factory ResetSYSLOG On the GWN7000, users could dump the syslog information to a remote server under Web GUI->Router->Maintenance. Enter the syslog server hostname or IP address and select the level for the syslog information. Five levels of syslog are available: None, Debug, Info, Warning, and Error.Page |41

GWN7000 Enterprise Router & Access Point ManagerUser ManualEXPERIENCING THE GWN7000 VPN ROUTER Please visit our website: http://www.grandstream.com to receive the most up- to-date updates on firmware releases, additional features, FAQs, documentation and news on new products. We encourage you to browse our product related documentation, FAQs and User and Developer Forumfor answers to your general questions. If you have purchased our products through a Grandstream Certified Partner or Reseller, please contact them directly for immediate support.Our technical support staff is trained and ready to answer all of your questions. Contact a technical support member or submit a trouble ticket online to receive in-depth support.Thank you again for purchasing Grandstream GWN7000 Enterprise Router, it will be sure to bring convenience and color to both your business and personal lifePage |42

END OF USER’S MANUAL