United Bus Tech WIFUN1050 Vehicle Wi-Fi Media Server User Manual UBT

Download:
Mirror Download [FCC.gov]
Document ID	2812872
Application ID	SNfAzPp3UIC2mOQg1DIaWg==
Document Description	User Manual
Short Term Confidential	No
Permanent Confidential	No
Supercede	No
Document Type	User Manual
Display Format	Adobe Acrobat PDF - pdf
Filesize	291.76kB (3647060 bits)
Date Submitted	2015-11-16 00:00:00
Date Available	2015-11-17 00:00:00
Creation Date	2015-11-12 10:20:26
Producing Software	Acrobat Distiller 9.0.0 (Windows)
Document Lastmod	2015-11-12 10:20:26
Document Title	Microsoft Word - UBT
Document Creator	PScript5.dll Version 5.2.2
Document Author:	Tina

WIFUN1050 Vehicle Wi‐Fi Media Server
User’s Manual
© 2015 UBT Inc. All rights reserved.
Republication without permission is prohibited.
WIFUN1050 User’s Manual
Copyright Notice
Copyright © 2015 UBT Inc.
All rights reserved.
Reproduction without permission is prohibited.
Trademarks
UBT is a registered trademark of United Bus Tech. Other registered marks cited in this manual
represented their respective companies.
Disclaimer
Information in this document is subject to change without notice and does not represent an
obligation on the part of United Bus Tech.
This user manual may include intentional technical or typographical errors. Changes are
periodically made to the manual to correct such errors, and these changes are not informed in
new editions.
Technical Support Contact Information
United Bus Technology
info@ubt.io
Table of Contents
WIFUN1050 USER’S MANUAL ................................................................................................... 2
1. WIFUN1050 INTRODUCTION.......................................................................................................... 6
1.1 Overview ............................................................................................................................. 6
1.2 Features ............................................................................................................................... 6
2. ESTABLISH NETWORK CONNECTION................................................................................................... 9
2.1 Establish Network Connection ............................................................................................ 9
2.1.1 Automatic acquisition of IP address (recommended) .................................................. 9
2.1.2 Set a static IP address ................................................................................................. 12
2.2 Confirm that the network between the supervisory PC and router is connected ............ 13
2.3 Cancel the Proxy Server .................................................................................................... 15
3. WEB CONFIGURATION .................................................................................................................. 17
3.1 Login the Web Setting Page of Router .............................................................................. 17
3.2 Management ..................................................................................................................... 18
3.2.1 System ........................................................................................................................ 18
3.2.1.1 System Status ...................................................................................................... 18
3.2.1.2 Basic Settings....................................................................................................... 19
3.2.2 System Time ............................................................................................................... 19
3.2.2.1 System Time ........................................................................................................ 20
3.2.2.2 SNTP Client Port .................................................................................................. 20
3.2.3 Admin Access ............................................................................................................. 22
3.2.3.1 Create a user ....................................................................................................... 22
3.2.3.2 Modify a User ...................................................................................................... 23
3.2.3.3 Remove Users ...................................................................................................... 23
3.2.3.4 Management Service .......................................................................................... 24
3.2.4 AAA ............................................................................................................................. 26
3.2.4.1 Radius .................................................................................................................. 27
3.2.4.2 Tacacs+ ................................................................................................................ 28
3.2.4.3 LDAP .................................................................................................................... 29
3.2.4.4 AAA Settings ........................................................................................................ 30
3.2.5 Configuration Management ....................................................................................... 32
3.2.6 SNMP .......................................................................................................................... 33
3.2.6.1 SNMP ................................................................................................................... 35
3.2.6.2 SnmpTrap ............................................................................................................ 37
3.2.7 Alarm .......................................................................................................................... 37
3.2.7.1 Alarm Status ........................................................................................................ 38
3.2.7.2 Alarm Input ......................................................................................................... 39
3.2.7.3 Alarm Output ...................................................................................................... 39
3.2.7.4 Alarm Map........................................................................................................... 41
3.2.8 System Log ................................................................................................................. 41
3.2.8.1 System Log .......................................................................................................... 41
3.2.8.2 System Log Settings ............................................................................................. 42
3.2.8.3 Kiwi Syslog Daemon ............................................................................................ 43
3.2.9 System Upgrading ....................................................................................................... 43
3.2.10 Reboot ...................................................................................................................... 44
3.2.11 Cloud Platform ......................................................................................................... 44
3.2.11.1 Cloud Platform .................................................................................................. 44
3.2.11.2 MOTT Client ...................................................................................................... 45
3.2.12 Scheduled Tasks ........................................................................................................ 46
3.3 Network............................................................................................................................. 46
3.3.1 Cellular ....................................................................................................................... 46
3.3.1.1 Status................................................................................................................... 47
3.3.1.2 Cellular ................................................................................................................ 47
3.3.2 WLAN Interface（2.4G）........................................................................................... 50
3.3.2.1 Status................................................................................................................... 50
3.3.2.2 WLAN (2.4G) ....................................................................................................... 50
3.3.2.3 IP Setup ............................................................................................................... 53
3.3.2.4 SSID Scan ............................................................................................................. 53
3.3.3WLAN Interface（5.8G） ........................................................................................... 53
3.3.3.1 Status................................................................................................................... 53
3.3.3.2 WLAN（5.8G） ................................................................................................... 54
3.3.3.3 IP Setup ............................................................................................................... 56
3.3.3.4 SSID Scan ............................................................................................................. 57
3.3.4 Captive Portal ............................................................................................................. 57
3.3.5 DHCP service .............................................................................................................. 59
3.3.5.1 Status................................................................................................................... 60
3.3.5.2 DHCP Server ........................................................................................................ 60
3.3.5.3 DHCP Relay .......................................................................................................... 62
3.3.5.4 DHCP Client ......................................................................................................... 62
3.3.6 DNS Services ............................................................................................................... 63
3.3.6.1 DNS Server .......................................................................................................... 64
3.3.6.2 DNS Relay ............................................................................................................ 64
3.3.7 SMS ............................................................................................................................ 65
3.3.8 VLAN Interface ........................................................................................................... 66
3.3.8.1 VLAN Configuration ............................................................................................. 66
3.3.8.2 VLAN Aggregation ............................................................................................... 67
3.3.9 ADSL Dialup（PPPoE） .............................................................................................. 68
3.3.10 Loopback Interface ................................................................................................... 69
3.3.11 Dynamic Domain Name ........................................................................................... 71
3.3.12 Bridge Interface ........................................................................................................ 72
3.4 Link Backup ....................................................................................................................... 73
3.4.1 SLA.............................................................................................................................. 73
3.4.2 Track Module .............................................................................................................. 74
3.4.3 VRRP ........................................................................................................................... 76
3.4.4 Interface Backup......................................................................................................... 79
3.5 Routing .............................................................................................................................. 80
3.5.1 Static Route ................................................................................................................ 80
3.5.1.1 Routing Status ..................................................................................................... 81
3.5.1.2 Static Routing ...................................................................................................... 81
3.5.2 Dynamic Routing ........................................................................................................ 82
3.5.2.1 Routing Status ..................................................................................................... 83
3.5.2.2 RIP ....................................................................................................................... 83
3.5.2.3 OSPF .................................................................................................................... 87
3.5.2.4 Filtering Route ..................................................................................................... 89
3.5.3 Multicast Routing ....................................................................................................... 90
3.5.3.1 Basic Settings....................................................................................................... 90
3.5.3.2 IGMP.................................................................................................................... 91
3.6 Tools .................................................................................................................................. 93
3.6.1 PING ........................................................................................................................... 93
3.6.2 Routing Detection ...................................................................................................... 94
3.6.3 Link Speed Test ........................................................................................................... 94
3.7 Installation Guide .............................................................................................................. 95
3.7.1 New Dial ..................................................................................................................... 95
3.7.2 New IPSec Tunnel ....................................................................................................... 96
3.8 Personalization Features ................................................................................................... 97
3.8.1 Nginx Server ............................................................................................................... 97
3.8.2 File Synchronization ................................................................................................... 98
3.8.3 GPS Location Information .......................................................................................... 99
3.8.4 Roaming Management ............................................................................................. 100
3.8.4.1 Roaming Management ...................................................................................... 100
3.8.4.2 Upgrade from AP ............................................................................................... 100
3.9 Firewall ............................................................................................................................ 101
3.9.1 Access Control（ACL） ............................................................................................ 101
3.9.2 NAT ........................................................................................................................... 103
3.10 QoS ................................................................................................................................ 106
3.11 VPN................................................................................................................................ 108
3.11.1 IPSec ....................................................................................................................... 108
3.11.1.1 IPSec Phase 1................................................................................................... 109
3.11.1.2 IPSec Phase 2................................................................................................... 112
3.11.1.3 IPSec Configuration ......................................................................................... 113
3.11.1.4 IPSec VPN Configuration Example ................................................................... 114
3.11.2 GRE ......................................................................................................................... 118
3.11.3 L2TP ........................................................................................................................ 120
3.11.4 OPENVPN ............................................................................................................... 122
3.11.5 Certificate Management ........................................................................................ 124
3.12 Configuration Wizard .................................................................................................... 126
4. APPLICATION SCENARIOS ............................................................................................................. 128
APPENDIX 1 TROUBLESHOOTING .......................................................................................... 129
APPENDIX 2 INSTRUCTION OF COMMAND LINE .................................................................... 132
1. WIFUN1050 Introduction
This Chapter includes:

Overview

Features
1.1 Overview
WIFUN1050 is a dedicated vehicle Wi‐Fi Media Server with embedded NGINX web server
and local storage SSD. With WIFUN1050 and the Rainbow Wi‐Fi cloud, motor coach operators
may easily setup an advanced Wi‐Fi operating system which provides device management,
content management, vehicle location management, visitor management, statistical reports, and
other features. Travelers simply connect to the Wi‐Fi hotspot provided by WIFUN1050 to surf
Internet, and to enjoy local services such as VOD movies and interactive games provided by
operators. By deploying the Rainbow Wi‐Fi cloud, motor coach operators may easily remotely
manage thousands of WIFUN1050 devices, no matter changing visitor policy or updating media
content deployed in WIFUN1050.
The WIFUN1050 is a portal into the mobile internet and a step forward in providing
value‐added services to travelers.
1.2 Features

Advanced Wi‐Fi

Support dual band 2.4GHz and 5.8GH, fully compliance with IEEE802.11 ac/a/b/g/n
standards.

With 2X2 MIMO technology enabled, Wi‐Fi connection bandwidth can reach as high as
1.2Gbps, brings amazing multi‐user performance.

High‐speed 4G Access

Integrating up to two 4G cellular modules, WIFUN1050provides reliable
TD‐LTE/FDD‐LTE access, with 100Mbps uplink and 50Mbps downlink.

Quad Band LTE: 700/850/AWS (1700/2100)/1900 MHz; FDD‐Band (17,5,4,2); Tri Band
UMTS (WCDMA): 850/AWS (1700/2100)/1900 MHz; FDD‐Band (5,4,2) Quad Band
GSM/GPRS/EDGE: 850/900/1800/1900 MHz

GPS

With GPS enabled, WIFUN1050 provides vehicle location, speed/course over ground
and track information.

Powerful Web Portal

When visitors connect to the Wi‐Fi hotspot provided by WIFUN1050, a greeting splash
page pops up, providing local media services and user authentication.


Built‐in Web Server

Embed reliable NGINX web server, enabling local media services.

Support PHP, enabling dynamic page content.
Local Storage

Support SSD up to 1TB, tolerating vibration from vehicle.

Local storage may be used to store local web content, movies, music, apps, etc. to
accelerate local access and to save internet bandwidth.


Content Update Mechanism

Inremote synchronization mode, locally stored contents may sync with the cloud.

Inlocal synchronization mode, content may be updated via SD card or FTP.

Both modes may be hybrid to enable even more flexible operation.
Visitor Behavior Management

Support visitor authentication by SMS or social accounts.

Support QoS to limit per‐user bandwidth and traffic, preventing overages and
protecting latency‐sensitive traffic.


Support web sites blacklist and whitelist.
Cloud Management

Support the Rainbow Wi‐Fi cloud, enabling device management, content management,
vehicle location management, visitor management, statistical reports, and other
features.


Support CLI, web UI and SNMPv3.
High Reliability

With dedicated vehicle power module inside, WIFUN1050 tolerates power voltage dips,
overruns, short and other failures. Support automatically power control with ACC
signal to protect SSD and vehicle battery.


Fanless cooling design to simplify installation.

Support link quality inspection and auto‐recovery to ensure reliable LTE access.
Robust Security

Support IPSec VPN, DMVPN, L2TP, SSL VPN, and CA certification to ensure data
security.

Support powerful firewall functions such as Stateful Packet Inspection (SPI), Access
Control List (ACLs), DoS attack prevention, etc.

Support AAA, TACACS, Radius, local authentication, and multi levels user authority to
ensure secure management.
2. Establish Network Connection
This chapter mainly contains the following contents:

Establish Network Connection

Confirm that the connection between supervisory PC and router

Cancel the Proxy Server
After completing the hardware installation, before to log in the Web set‐up page, you need to
ensure that the management of the Ethernet card installed on your computer.
2.1 Establish Network Connection
2.1.1 Automatic acquisition of IP address (recommended)
Please set the supervisory computer to "automatic acquisition of IP address" and "automatic
acquisition of DNS server address" (default configuration of computer system) to let the router
automatically assign IP address for supervisory computer.
1)
Open “Control Panel”, double click “Network and Internet” icon, enter “Network and Sharing
Centers”
2)
Click the button  to enter the window of "Local Connection Status”
3)
Click to enter the window of "Local Connection Properties”, as shown below.
4) Select “Internet Portocol Version 4(TCP/IPv4)”, click  to enter “Internet Portocol
Version 4 (TCP/IPv4)Properties” page. Select “Obtain an IP address automatically” and “Obtain
DNS Server address automatically”, then click  to finish setting, as shown below.
2.1.2 Set a static IP address
Set computer management IP address and deviece FE port IP address on the same network
segment (device FE port initial IP address: 192.168.2.1, Subnet Mask: 255.255.255.0). The
following FE1/1 port connected to a computer and management provided in Windows XP system
described as an example.
Enter “Internet Portocol (TCP/IP) Properties” page, select “Use the following IP address”, type IP
address (arbitrary value between 192.168.2.2～192.168.2.254), Subnet Mask (255.255.255.0),
and Defafult Gateway (192.168.2.1), then click to finish setting, as shown Figure 2‐5.
Figure 2‐5 Internet Portocol (TCP/IP) Properties
2.2 Confirm that the network between the supervisory PC and router is connected
1) Click the lower left corner of the screen  button to enter the "Start" menu, select "Run"
pop‐up "Run" dialog box, shown in Figure 2‐6.
Figure 2‐6 Run
2) Enter "ping 192.168.2.1 (IP address of router; it is the default IP address), and click the button
. If the pop‐up dialog box shows the response returned from the router side, it indicates
that the network is connected; otherwise, check the network connection, shown in Figure 2‐7.
Figure 2‐7 Command Prompt
2.3 Cancel the Proxy Server
If the current supervisory computer uses a proxy server to access the Internet, it is required to
cancel the proxy service and the operating steps are as follows:
1)
Select [Tools/Internet OPtions] in the browser to enter the window of [Internet Options],
shown in Figure 2‐8.
Figure 2‐8 Internet OPtions
2）Select the tab”Connect” and click the button to enter the page of “LAN
Setting”.Please confirm if the option”Use a Proxy Server for
checked,please cancel and click the button, shown in Figure 2‐9.
LAN” is checked;if it is
Figure 2‐9 LAN Setting
3. Web Configuration
This chapter includes the following parts:

Login/out Web Configuration Page

Management

Network

Link Backup

Routing

Tools

Installation Guide

Personalization Features

Firewall

Qos

VPN
3.1 Login the Web Setting Page of Router
Run the Web browser, enter “http://192.168.2.1:8080” in the address bar, and press Enter to skip
to the Web login page, as shown in Figure 3‐1. Enter the “User Name” (default: adm) and
“Password” (default: 123456), and click button  or directly press Enter to enter the Web
setting page.
Figure 3‐1 Login Router
After entering the Web Setting page, click the "Advanced Configuration" web interface, the
pop‐up dialog box, enter "User Name" (default: adm) again and "Password" (default: 123456),
then enter the parameter configuration interface start parameter settings. Advanced
configuration is shown in 3.2~3.11.

At the same time, the router allows up to four users to manage through the Web setting
page. When multi‐user management is implemented for the router, it is suggested not to
conduct configuration operation for the router at the same time; otherwise it may lead to
inconsistent data configuration.

For security, you are suggested to modify the default login password after the first login
and safe keep the password information.
3.2 Management
3.2.1 System
3.2.1.1 System Status
From the left navigation panel, select Administration/System, then enter “System Status” page.
On this page you can check system status and network status, as shown in Figure 3‐2. In system
status, by clicking you can make the time of router synchronized with the system
time of the host. Click the “Set” on network status to enter into the configuration screen directly.
For configuration methods, refer to Section 3.3.2.
Figure 3‐2 System Status
3.2.1.2 Basic Settings
Select Administration/System, then enter “Basic Setup” page. You can set the language of Web
Configuration Page and define Router Name, as shown in Figure 3‐3.
Figure 3‐3 Basic Settings
3.2.2 System Time
To ensure the coordination between this device and other devices, user is required to set the
system time in an accurate way since this function is used to configure and check system time as
well as system time zone.
The device supports manual setting of system time and the time to pass self‐synchronistic SNTP
server.
3.2.2.1 System Time
Time synchronization of router with connected host could be set up manually in system time
configuration part while system time is allowed to be set as any expected value after Year 2000
manually.
From the left navigation panel, select Administration/System Time, then enter “System Time”
page, as shown in Figure 3‐4.
By clicking you can make the time of router synchronized with the system time of the
host. Select the expected parameters in Year/Month/Date and Hour: Min: Sec Colum, then click
. The router will immediately set the system time into expected value.
Figure 3‐4 System Time
3.2.2.2 SNTP Client Port
SNTP, namely Simple Network Time Protocol, is a system for synchronizing the clocks of
networked computers. In most places of the Internet today, SNTP provides accuracies of 1‐50ms
depending on the characteristics of the synchronization source and network paths.
The purpose of using SNTP is to achieve time synchronization of all devices equipped with a clock
on network so as to provide multiple applications based on uniform time.
From the left navigation panel, select Administration/System Time, then enter “SNTP Client”
page, as shown in Figure 3‐5.
Figure 3‐5 SNTP Client Port
Page description is shown in Table 3‐1.
Table 3‐1 SNTP Client Port Page Description
Parameter
Source IP
Description
The corresponding IP of source interface
Default
None
SNTP Servers List
Server Address
SNTP server address (domain name /IP), maximum to
set10 SNTP server
None
Port
The service port of SNTP server
123

Before setting a SNTP server, should ensure SNTP server reachable. Especially when the IP
address of SNTP server is domain, should ensure DNS server has been configured
correctly.

If you configure a source interface and then cannot configure the source address. the
opposite is also true.
When setting multiple SNTP server, system will poll all SNTP servers until find an available SNTP
server.
3.2.3 Admin Access
Admin Access allows the management of users which are categorized into superuser and
common user.

Superuser: only one automatically created by the system, allocated with the user name
of adm and granted with all access rights to the router.

Common user: created by superuser with the right to check rather then modify router
configuration.
3.2.3.1 Create a user
Click navigation panel/Admin Access, enter “Create a user” page, Wherein the user permissions
value, the higher the privilege, shown in Figure 3‐6.
Figure 3‐6 Create a user
3.2.3.2 Modify a User
From the left navigation panel, select Administration/Admin Access, then enter “Modify a User”
page, as shown in Figure 3‐7.Press the user that needs to modify in “User Summary”, after the
background turns blue, enter new information in “Modify a User”.
Figure 3‐7 Modify a User
3.2.3.3 Remove Users
From the left navigation panel, select Administration/Admin Access, then enter “Remove Users”
page, as shown in Figure 3‐8.
Press the user that needs to remove in”User Summary”. After the background turns blue, press
 to remove the user.
Figure 3‐8 Remove Users
The super user (adm) can neither be modified nor deleted. But super user’s password can be
modified.
3.2.3.4 Management Service
HTTP
HTTP, shortened form of Hypertext Transfer Protocol, is used to transmit Web page information
on Internet. HTTP is located as the application layer in TCP/IP protocol stack.
Through HTTP, user could log on the device to access and control it through Web.
HTTPS
HTTPS (Hypertext Transfer Protocol Secure) supports HTTP in SSL (Security Socket Layer).
HTTPS, depending on SSL, is able to improve the device’s security through following aspects:

Distinguish legal clients from illegal clients through SSL and Disable illegal clients to
access the device;

Encrypt the data exchanged between client and device to guarantee security and
integrality of data transmission so as to achieve the safe management of device;

An access control strategy based on certificate attributions is established for further
control of client’s access authority so as to further avoid attack for illegal clients.
TELNET
Telnet is an application layer protocol in TCP/IP protocol family, providing telnet and VT functions
through Web. Depending on Server/Client, Telnet Client could send request to Telnet server
which provides Telnet services. The device supports Telnet Client and Telnet Server.
SSH
In comparison with Telnet, STelnet (Secure Telnet), based on SSH2, allows the Client to negotiate
with Server so as to establish secure connection. Client could log on Server just as operation of
Telnet.
Through following measures SSH will realize the secure telnet on insecure network:

Support RAS authentication.

Support encryption algorithms such as DES, 3DES and AES128 to encrypt
username password and data transmission.

Local connection. A SSH channel could be established between SSH Client and SSH
Server to achieve local connection. Following is a figure showing the
establishment of a SSH channel in LAN:

WAN connection. A SSH channel could be established between SSH Client and SSH
Server to achieve WAN connection. Following is a figure showing the establishment of a
SSH channel in WAN:
From the left navigation panel, select Administration/Admin Access, then enter “Management
Service” page, as shown in Figure 3‐9.
Figure 3‐9 Management Service
3.2.4 AAA
AAA access control is used to control visitors and corresponding services available as long as
access is allowed. Same method is adopted to configure three independent safety functions. It
provides modularization methods for following services:

Authentication: verify whether the user is qualified to access to the network.

Authorization: related with services available.

Charging: records of the utilization of network resources.。
User may only use one or two safety services provided by AAA. For example, the company just
wants identity authentication when employees are accessing to some specified resources, then
network administrator only needs to configure authentication server.
But if recording of the
utilization of network is required, then, a charging server shall be configured.
Commonly AAA adopts “Client—Server” structure which is featured by favorable expandability
and facilitates centralized management of users’ information, as the following figure shows:
3.2.4.1 Radius
Remote Authentication Dial‐in User Service (RADIUS), an information exchange protocol with a
distributive Client/Server structure, could prevent the network from any disturbance from
unauthorized access and is generally applied in various network environments with higher
requirements on security and that permit remote user access. The protocol has defined the
Radius frame format based on UDP and information transmission mechanism, confirmed UDP
Port 1812 as the authentication port. Radius Server generally runs on central computer or
workstation; Radius Client generally is located on NAS.
Initially Radius is designed and developed against AAA protocol of dial‐in users. Along with the
diversified development of user access ways, Radius also adapts itself to such changes, including
Ethernet access and ADSL access. Access service is rendered through authentication and
authorization.
Message flow between Radius Client and Server is shown as follows:

User name and passport will be sent to the NAS when the user logs on it;

Radius Client on NAS receives username and password and then sends an
authentication request to Radius Server;

Upon the reception of legal request, Radius Server executes authentication and feeds
back required user authorization information to Client; For illegal request, Radius
Server will feed back Authentication Failed to Client.
From the left navigation panel, select Administration/AAA, then enter “Radius” page, as shown in
Figure 3‐10.
Figure 3‐10 Radius
Page description is shown in Table 3‐2.
Table 3‐2 Radius Description
Parameter
Description
Default
Server Address
Server address (domain name / IP)
None
Port
Consistent with the server port
1812
Key
Consistent with the server authentication key
None
3.2.4.2 Tacacs+
Tacacs+, or Terminal Access Controller Access Control System, similar to Radius, adopts
Client/Server mode to achieve the communication between NAS and Tacacs+ Server. But, Tacacs+
adopts TCP while Radius adopts UDP.
Tacacs+ ismainly used for authentication, authorization and charging of access users and terminal
users adopting PPP and VPDN. Its typical application is authentication, authorization and charging
for terminal users requiring logging on the device to carry out operation. As the Client, the device
will have username and password sent to Tacacs+ Server for verification. So long as user
verification passed and authorization obtained, logging and operation on the device are allowed.
From the left navigation panel, select Administration/AAA, then enter “Tacacs+” page, as shown
in Figure 3‐11.
Figure 3‐11 Tacacs+
Page description is shown in Table 3‐3.
Table 3‐3 Tacacs+ Description
Parameters
Description
Default
Server Address
Server address (domain name / IP)
None
Port
Consistent with the server port
49
Key
Consistent with the server authentication key
None
3.2.4.3 LDAP
One of the great advantages of LDAP is rapid response to users’ searching request. For instance,
user’s authentication which may general a large amount of information sent as the same time. If
database is adopted for this purpose, since it is divided into many tables, each time to meet such
a simple requirement, the whole database has to be searched, integrated and filtered slowly and
disadvantageously. LDAP, simple as a table, only requires username and command and something
else. Authentication is met from efficiency and structure.
From the left navigation panel, select Administration/AAA, then enter “LDAP” page, as shown in
Figure 3‐12.
Figure 3‐12 LDAP
Page description is shown in Table 3‐4.
Table 3‐4 LDAP Description
Parameters
Description
Default
Name
Define server name
None
Server Address
Server address (domain name / IP)
None
Port
Consistent with the server port
None
Base DN
The top of LDAPdirectory tree
None
Username
Username accessing the server
None
Password
Password accessing the server
None
Security
Encryption mod: None,SSL,StartTLS
None
Verify Peer
Verify Peer
Unopened
3.2.4.4 AAA Settings
AAA supports following authentication ways:

None: with great confidence to users, legal check omitted, generally not recommended.

Local: Have user’s information stored on NAS. Advantages: rapidness, cost reduction.
Disadvantages: storage capacity limited by hardware.

Remote: Have user’s information stored on authentication server. Radius, Tacacs+ and
LDAP supported for remote authentication.
AAA supports following authorization ways:

None: authorization rejected.

Local: authorization based on relevant attributions configured by NAS for local user’s
account.

Tacacs+: authorization done by Tacacs+ Server.

Radius Authentication Based: authentication bonded with authorization, authorization
only by Radius not allowed.

LDAP Authorization.
From the left navigation panel, select Administration/AAA, then enter “AAA Setting” page, as
shown in Figure 3‐13.
Figure 3‐13 AAA authentication
Page description is shown in Table 3‐5.
Table 3‐5 AAA Settings Key Items
Key Items
Description
radius
Authentication and Authorization Server
tacacs+
Authentication and Authorization Server
ldap
Authentication and Authorization Server
local
The local username and password
Authentication 1 should be set consistently with Authorization 1; Authentication 2 should be
set consistently with Authorization 2; Authentication 3 should be set consistently with
Authorization 3.
When configure radius, Tacas+, local at the same time, priority order follow:1 >2 >3.
3.2.5 Configuration Management
Here you can back up the configuration parameters, import the desired parameters configuration
backup and restore the factory settings of the router.
From the left navigation panel, select Administration/Config Management, then enter “Config
Management” page, as shown in 3‐14.
Figure 3‐14 Configuration Management
Page description is shown in Table 3‐6.
Table 3‐6 Config Management Description
Parameters
Description
Default
Backup running‐config
Backup running‐config file to host.
None
Backup startup‐config
Backup startup‐config file to host.
None
Automatically save modified
Decide whether to automatically save
configuration
configuration after modify the configuration.
On
Restore Default
Restore factory configuration
Configuration
None
When import the configuration, the system will filter incorrect configuration files, and save the
correct configuration files, when system restarts, it will orderly execute theses configuration
files. If the configuration files didn’t be arranged according to effective order, the system won’t
enter the desired state.
In order not to affect current system running, when performing the import configuration and
restore the default configuration, need to reboot the router new configuration will take effect.
3.2.6 SNMP
Definition
SNMP, or Simple Network Management Protocol, is a standard network management protocol
widely used in TCP/IP networks and provides a method of managing the device through the
running the central computer of network management software. Features of SNMP:

Simplicity: SNMP adopts polling mechanism, provides the most basic sets of features
and could be used in small‐scale, rapid, low cost environments. SNMP, with UDP
message as the carrier, is supported by a great majority of devices.

Powerfulness: objective of SNMP is to ensure the transmission of management
information between any two points so as to facilitate administrator’s retrieval of
information on any node on network and modification and troubleshooting.
Benefits

Network administrators could make use of SNMP to accomplish the information query,
modification, troubleshooting and other jobs on any node on network to achieve
higher efficiency.

Shielding of physical differences between devices. SNMP only provides the most basic
sets of features for mutual independence between administration and the physical
properties, network types of devices under administration; therefore, it could realize
the uniform management of different devices at a lower cost.

Simple design, lower cost. Simplicity is stressed on addition of software/hardware,
types and formats of message on devices so as to minimize the influence and cost on
devices caused by running SNMP.
Application: management of device is achieved through SNMP
Administrator is required to carry out configuration and management of all devices in the same
network, which are scattered, making onsite device configuration impracticable. Moreover, in
case that those network devices are supplied from different sources and each source has its
independent management interfaces (for example, different command lines), the workload of
batch configuration of network devices will be considerable. Therefore, under such circumstances,
traditional manual ways will result in lower efficiency at higher cost. At that time, network
administrator would make use of SNMP to carry out remote management and configuration of
attached devices and achieve real‐time monitoring. Following is a figure showing how to manage
devices through SNMP:
To configure SNMP in networking, NMS, a management program of SNMP, shall be configured at
the Manager. Meanwhile, Agent shall be configured as well.
Through SNMP:

NMS could collect status information of devices whenever and wherever and achieve
remote control of devices under management through Agent.

Agent could timely send current status information to NMS report device. In case of any
problem, NMS will be notified immediately.
3.2.6.1 SNMP
SNMP agent of device supports SNMPv1, SNMPv2 and SNMPv3 at present.

SNMPv1 and SNMPv2 adopt community name to authenticate.

SNMPv3 adopt username and password to authenticate.
From the left navigation panel, select Administration/SNMP, then enter “SNMP” page, as
shown in Figure 3‐15.
Figure 3‐1 SNMPv1&SNMPv2c Settings
Page description is shown in Table 3‐7.
Table 3‐7 SNMP Key Items
Parameters
Description
Default
Community Name
User define Community Name
Public and private
Access Limit
Select access limit
Read‐only
MIB View
Select MIB View
defaultView
When choosing SNMPv3 version, the corresponding Use and User Group should be configured.
The configuration page is shown in Figure 3‐16.
Figure 3‐16 SNMPv3 Setting
Page description is shown in Table 3‐8.
Table 3‐8 SNMPv3 Description
Parameters
Description
Default
Group Management
Group name
User define, length:1‐32 charaters
None
Security Level
Includes NoAuth/NoPriv, Auth/NoPriv, Auth/priv
NoAuth/NoPriv
Read‐only View
Only support defaultView at present
defaultView
Read‐write View
Only support defaultView at present
defaultView
Inform View
Only support defaultView at present
defaultView
User Management
User name
User‐defined user name, length: 1‐32 characters
None
Group Name
Select user to join user group, first defined in the user group
management table, before this, select appropriate user group
None
Authentication
Mode
Select authentication mode. MD5 and SHA provides two
authentication modes, “no identification" not enable
authentication.
SHA
Authentication
password
When only authentication mode is not "no identification",
authentication password can enter.
Length: 8‐32 characters.
None
Encryption mode
Choose whether to use DES encryption mode
DES
Encryption
Password
Only encryption mode is not "no encryption", encryption
mode password can enter.
Length: 8‐32 characters.
None
3.2.6.2 SnmpTrap
SNMP trap: A certain port where devices under the management of SNMP will notify SNMP
manager rather than waiting for polling from SNMP manager. In NMS, Agents in managed devices
could have all errors reported to NMW at any time instead of waiting for polling from NMW after
its reception of such errors which, as a matter of fact, are the well‐known SNMP traps.
From the left navigation panel, select Administration/SNMP, then enter “SnmpTrap” page, as
shown in Figure 3‐17.
Figure 3‐17 SnmpTrap
Page description is shown in Table 3‐9.
Table 3‐9 SnmpTrap Description
Parameters
Host Address
Description
Fill in the NMS IP address
Default
None
Fill in the groupname when use the SNMP v1/v2c; Fill in the
None
Securtiy Name
username when use the SNMP v3. Length :1‐32 characters
UDP Port
Fill in UDP port, the default port range is 1‐65535
162
3.2.7 Alarm
Alarm function is a way which is provided for users to get exceptions of device, which can make
the users find and solve exceptions as soon as possible. When abnormality happened, device will
send alarm. User can choose many kinds of exceptions which system defined and choose
appropriate notice way to get these exceptions. All the exceptions should be recorded in alarm
log so that user troubleshoot problem.
Alarm can be divided:

Raise: Indicates the alarm occurrence has not been confirmed.

Confirm: Alarm indicates that a user can not temporary solve.

All: Indicates all alarms occur.
Alarm level can be divided:

EMERG：Device occurs some faults, it could lead to the system restart.

CRIT：Device occurs some faults which are unrecoverable.

WARN：Device occurs some faults which could affect system function.

NOTICE：Device occurs some faults which could affect system properties.

INFO：Device occurs some normal events.
3.2.7.1 Alarm Status
From the left navigation panel, select Administration/Alarm, then enter “Alarm State” page, as
shown in Figure 3‐18. Through this page, you can check all the alrms since the router is powered.

Click  to set all the alarm to “clear” state.

Click to set all the alarm to “cconfirm” state.

Click to reload all the alarms.
Figure 3‐18 Alarm Status
3.2.7.2 Alarm Input
Here user could select alarm types including system alarm and port alarm. One or more than one
types could be selected.
From the left navigation panel, select Administration/Alarm, then enter “Alarm Input” page, as
shown in Figure 3‐19.
Figure 3‐19 Alarm Input
3.2.7.3 Alarm Output
When an alarm happens, the system configured with this function will send the alarm content to
intended email address from the mail address where an alarm email is sent in a form of email.
Generally this function is not configured.
From the left navigation panel, select Administration/Alarm, then enter “Alarm Output” page, as
shown in Figure 3‐20.
Figure 3‐20 Alarm Output
Page description is shown in Table 3‐10.
Table 3‐10 Alarm Output Description
Parameters
Description
Default
Mail Server IP/Name
Set IP address of Mail Server that send alarm emails
None
Mail Server Port
Set Port of Mail Server that send alarm emails
25
Account Name
Set Email address from which alarm emails are sent
None
Account Password
Set Email password
None
Crypt
Set the crypt method
None
Email Addresses
Destination address of receiving alarm email (1‐10)
None
When the email parameters had been configured, you should click the “send test email” button
so that ensure the configuration is correct. If the test email failed, it may the network
configuration or mailbox configuration is not correct.
3.2.7.4 Alarm Map
Alarm Map consists of two mapping ways: CLI (console interface)and Email. In case of latter one
is selected, and then alarm output shall be activated with an email address well configured.
From the left navigation panel, select Administration/Alarm, then enter “Alarm Map” page, as
shown in Figure 3‐21.
Figure 3‐21 Alarm Map
3.2.8 System Log
System Log includes massive information about network and devices, including operating status,
configuration changes and so on, serving as an important way for network administrator to
monitor and control the operation of network and devices. System Log could provide information
to help network administrator to find network problems or safety hazard so as to take more
targeted measures.
3.2.8.1 System Log
From the left navigation panel, select Administration/Log, then enter “System Log” page, as
shown in Figure 3‐22.
Figure 3‐22 System Log
When download system log, router settings will also be downloaded.
3.2.8.2 System Log Settings
On “System Log Settings”, remote log server could be set. Router will have all system logs sent to
remote log server depending on remote log software (for example: Kiwi Syslog Daemon).
From navigation panel, select Administration/Log, then enter “System Log” page, as shown in
Figure 2‐23.
Figure 3‐23 System Log Settings
Page description is shown in Table 3‐11.
Table 3‐11 System Log Settings Description
Parameters
Description
Default
Log to Remote System
Open/close remote log function
Close
IP Address/ Port(UDP)
Set remote server’s IP address/Port
None/514
Log to Console
Open/close console log function
Open
3.2.8.3 Kiwi Syslog Daemon
Kiwi Syslog Daemon is a kind of free log server software used in Windows, which could receive,
record and display logs formed when powering on the host of syslog (for example, router,
exchange board, Unix host). After downloading and installation of Kiwi Syslog Daemon, configure
necessary parameters on “File>>Setup>>Input>>UDP”.
3.2.9 System Upgrading
From navigation panel, select Administration/Upgrade, then enter “Upgrade” page, as shown in
Figure 3‐24.
Figure 3‐24 System Upgrading
Click < Browse > to upgrade documents and then click  to start. The whole process
takes about 1min, upon the completion of which, restart the router and new firmware takes
effect.
Software upgrade takes time, during which, please do no carry out any operation on Web,
otherwise, interruption may take place.
Upgrade consists of two stages: first stage: read‐in of upgrade document into backup firmware
zone, as described in Section of System Upgrade; second stage: copy of documents in backup
firmware zone into main firmware zone, which may be executed in system reboot.
3.2.10 Reboot
From navigation panel, select Administration/Reboot, then enter “Reboot” page, as shown in
Figure 3‐25. Click  to reboot the system.
Figure 3‐25 Reboot
Please save the configurations before reboot, otherwise the configurations that are not saved
will be lost after reboot.
3.2.11 Cloud Platform
Cloud platform is through software platform to manage devices. After enabling cloud platform, it
can operate the device management through software platform that enables network‐efficient
running. For example, query equipment running status, update the device software, reboot the
device, and send configuration parameters to the equipment, etc., may also send control or
query message to the device through the cloud platform.
3.2.11.1 Cloud Platform
From navigation panel "Administration >> Device Management Cloud" menu, enter the "Cloud
Platform" screen, as shown in Figure 3‐26.
Figure 3‐26 Cloud Platform
Page description is shown in Table 3‐12.
Table 3‐12 Cloud Platform Description
Parameters
Description
Default
Server
Set cloud platform IP address
none
Port
Setting cloud platform port number
none
3.2.11.2 MOTT Client
From navigation panel “Administration >> Device Management Cloud" menu, enter the "MOTT
Client" screen, as shown below.
3.2.12 Scheduled Tasks
From navigation panel, select Administration>>Schedule Management, then enter “Schedule
Management” page, as shown in Figure 3‐27.
Figure 3‐27 Schedule Management
3.3 Network
3.3.1 Cellular
SIM card dial out through Dial Interface, achieve router Wi‐Fi capabilities.
Dial interface supports three connections: always‐on, on‐demand dialing and manual dialing.
3.3.1.1 Status
From navigation panel, select Network >> Cellular, then enter “Status” page, as shown in Figure
3‐28.
Figure 3‐28 Status
3.3.1.2 Cellular
In the "Cellular" page, you can complete the wireless dial configuration.
From navigation panel, select Network>>Cellular, then enter “Cellular” page, as shown in Figure
3‐29‐1.
Figure 3‐29‐1 Cellular
Advanced options are shown in Figure3‐29‐2.
Figure 3‐29‐2 Cellular Advanced options
Page description is shown in Table 3‐13.
Table 3‐13 Cellular Page Description
Parameters
Description
Default
Profile
Dial policy choices, do not need to configure here
Roaming
Select roaming
Enable
PIN Code
SIM card PIN code
None
Network Selection Mode
Three options: Automatic, 2G and 3G
Auto
Static IP
Click Enable (Enable require operators to open
related services)
Off
Connection
Alternatively always online, on‐demand dial (allows
data activation, phone activation, SMS activation),
manual dialing
Always
online
Redial Interval
when setting up the landing fails, redialing interval
10sec
ICMP detection server
Detect remote IP address
None
ICMP detection interval
Set ICMP detection interval
30sec
ICMP detection timeout
Set ICMP detection timeout
5sec
ICMP detection maximum
number of retries
Set maximum number of retries when ICMP
detection fails(Re‐dial after reaching the maximum
number)
ICMP strict detection
Click Enable
Off
Dial parameters
Index
User‐defined, generally in the order defined by
digital.
None
Network
Mobile network type used for selecting
GSM
APN (CDMA2000 series
does not set this)
Mobile operators to provide the relevant
parameters (according to local operators choose)
3gnet
Dial Number
Mobile operators to provide the relevant
parameters (according to local operators choose)
*99***1#
User Name
Mobile operators to provide the relevant
parameters (according to local operators choose)
gprs
Password
Mobile operators to provide the relevant
parameters (according to local operators choose)
******
Click Enable Show Advanced Options (the following are the relevant parameters to configure
after the advanced options turn on)
Initia Commands
Used to set advanced network parameters,
generally do not need to fill in
None
RSSI Poll Interval
Set signal query interval
120sec
Dial timeout
Set dial timeout (after dialing timeout the system
will redial)
120sec
MTU
Sets the maximum transmission unit in bytes
1500
MRU
Setting maximum receiving unit in bytes
1500
Enable default asyncmap
Click Enable default asyncmap
Disable
Use assigned DNS server
Click to enable to accept assigned DNS by mobile
operators.
Enable
Connection detection
interval
Set connection detection interval
55sec
Connection Detection
maximum number of
retries
Set maximum number of retries when connection
detection fails(Re‐dial after reaching the maximum
number)
Enable debug mode
The system can print a more detailed log
Enable
Expert Options
Provide additional PPP parameters, users generally
do not set
None
3.3.2 WLAN Interface（2.4G）
WLAN or Wireless LAN, is quite convenient data transmission system, which uses radio frequency
(Radio Frequency; RF) technology, to replace the old out of the way of twisted copper (Coaxial)
local area network composed of such a wireless local area network, can be accessed using a
simple architecture allows users to through it, to "carry information technology to facilitate travel
the world," the ideal state.
3.3.2.1 Status
From navigation panel, select Network/WLAN(2.4G), enter “Status” page, as shown in Figure
3‐30.
Figure 3‐30 WLAN (2.4G) Status
3.3.2.2 WLAN (2.4G)
WLAN interface has access point and client two types. From navigation panel, select
"Network/WLAN (2.4G)" menu, enter "WLAN (2.4G)" page. Interface type using the "access
point", as shown in Figure 3‐31‐a; interface type using the "client", as shown in Figure 3‐31‐b.
Figure 3‐31‐a WLAN (2.4G)‐ Access Point
Page description is shown in Table 3‐14‐a.
Table 3‐14‐a Access Point Description
Parameters
Description
Default
Multiple SSID
Click Enable, enabled reusable custom 3 SSID
Disable
SSID Broadcast
Open "SSID Broadcast", user can search wireless network
through SSID name.
Enable
RF Type
Six types Optional:
802.11g/n,802.11g,802.11n,802.11b,802.11b/g,802.11b/
g/n
802.11g/n
Channel
Select channel
11
SSID
User‐defined SSID name
WIFUN10503
000
Authentication
Four authentication modes available: Open, Shared,
WPA‐PSK and WPA2‐PSK
Open
Encryption
According to the different authentication methods,
NONE
support NONE, WEP40 and WEP104
Wireless
Bandwidth
Two options: 20MHz and 40MHz
20MHz
Maximum Number
of Clients
User‐defined (up to 128)
None
Figure 3‐31‐b WLAN(2.4G)‐ Client
Page description is shown in Table 3‐14‐b.
Table 3‐14‐b Client Interface Description
Parameters
Description
Default
SSID
Fill in the SSID name to connect
None
Authentication
SSID authentication method
Open
Encryption
SSID encryption method
NONE
When the WLAN is set as Client mode, refer to the following 3 steps:
Step 1: select "Network/Cellular" menu, enter "Cellular" page, and disable Cellular function. If
the router does not have celluar module, skip this step and go to step 2.
Step 2: select "Network/WLAN (2.4G)" menu, enter "WLAN (2.4G)" page and choose “Client” to
configure related parameters as shown in Figure 3‐31‐b.
Step 2: select "Network/WLAN (2.4G)" menu, enter "IP Setup" page to configure IP parameters as
shown in 3.3.2.3 IP Setup.
3.3.2.3 IP Setup
WLAN interface IP address support multiple IP, it can be set according to demand, but up to more
than 10.
From navigation panel, select "Network/WLAN (2.4G)" menu, enter "IP Setup" page, as shown in
Figure 3‐32.
Figure 3‐32 WLAN (2.4G) IP Setup
3.3.2.4 SSID Scan
WLAN interface selects client (Section 3.3.2.2WLAN Interface (2.4G)), SSID scanning function
starts. From navigation panel "Network/WLAN (2.4G)" menu, enter "SSID Scan" page, will display
all the available SSID names, and the display WIFUN1050 can be connected as a client state.
3.3.3WLAN Interface（5.8G）
3.3.3.1 Status
From navigation panel, select Network/WLAN (5.8G), enter “Status” page, as shown in Figure
3‐34.
Figure 3‐34 WLAN (5.8G) Status
3.3.3.2 WLAN（5.8G）
WLAN interface has access point and client two types. From navigation panel "Network/WLAN
(5.8G)" menu, enter "WLAN (5.8G)" page. Interface type using the "access point", as shown in
Figure 3‐35‐a; interface type using the "client", as shown in Figure 3‐35‐b.
Figure 3‐35‐a WLAN interface (5.8G)‐ Acess Point
Page description is shown in Table 3‐15‐a.
Table 3‐15‐a Acess Point Description
Parameters
Description
Default
Multiple SSID
Click Enable, enabled reusable custom 3 SSID
Disable
SSID Broadcast
Open "SSID Broadcast", user can search wireless network
through SSID name.
Enable
RF Type
Six types Optional:
802.11g/n,802.11g,802.11n,802.11b,802.11b/g,802.11b/
g/n
802.11g/n
Channel
Select channel
11
SSID
User‐defined SSID name
WIFUN1050
Authentication
Four authentication modes available: Open, Shared,
WPA‐PSK and WPA2‐PSK
Open
Encryption
According to the different authentication methods,
support NONE, WEP40 and WEP104
NONE
Wireless
Bandwidth
Two options: 20MHz and 40MHz
20MHz
Maximum Number
of Clients
User‐defined (up to 128)
None
Figure 3‐35‐b WLAN interface (5.8G)‐Client
Page description is shown in Table 3‐15‐b.
Table 3‐15‐b WLAN interface (5.8G) Description
Parameters
Description
Default
5G priority
Select Enable
Disable
SSID
SSID name to connect
None
Authentication
SSID authentication method
Open
Encryption
SSID encryption method
NONE
When the WLAN is set as Client mode, refer to the following 3 steps:
Step 1: select "Network/Cellular" menu, enter "Cellular" page, and disable Cellular function. If
the router does not have celluar module, skip this step and go to step 2.
Step 2: select "Network/WLAN (5.8G)" menu, enter "WLAN (5.8G)" page and choose “Client” to
configure related parameters as shown in Figure 3‐35‐b.
Step 2: select "Network/WLAN (5.8G)" menu, enter "IP Setup" page to configure IP parameters as
shown in 3.3.3.3 IP Setup.
3.3.3.3 IP Setup
WLAN interface IP address support multiple IP, it can be set according to demand, but up to more
than 10.
From navigation panel, select Network/WLAN (5.8G), enter "IP Setup" page, as shown in Figure
3‐36.
Figure 3‐36 WLAN (5.8G) IP Setup
3.3.3.4 SSID Scan
WLAN interface selects client (Section 3.3.3.2WLAN Interface (5.8G)), SSID scanning function
starts. From navigation panel "Network/WLAN interface (5.8G)" menu, enter "SSID Scan" page,
will display all the available SSID names, and the display WIFUN1050 can be connected as a client
state.
3.3.4 Captive Portal
Captive portal is Web page that user must visit and interact with before granted access to public
access network. Captive portal usually offers free Wi‐Fi hotspot services to Internet users in
commercial centers, airports, hotel lobbies, cafes and other public places to use.
From navigation panel "Network/captive portal" menu, enter the "captive portal" page. As shown
in Figure 3‐38.
Figure 3‐38 Captive Portal
Page description is shown in Table 3‐16.
Table 3‐16 Captive Portal Description
Parameters
Description
Default
LAN Interface
Captive portal local interface
dotllradio 1
WAN Interface
External network adapter
cellular 1
Splashed Home Page
Push Home to customers
wifi.go
Authentication
Server
User authentication server IP address for user login
authentication
None: 80
Force Relogin Period
Force user to re‐login
None
Silent User
Automatic Logoff
User automatic logoff when no flow
Client Fairness
Used in conjunction with the speed function
Enable
Speed Limit
Wifi client traffic restrictions
None
Known Users Access
Control
Authenticated user access control two optionals:
blacklist and whitelist mode.
Blacklist
Trusted MAC Addresses List
ID
Serial number
None
MAC Address
MAC address authentication‐free user
None
Global whitelist
ID
Serial number
None
Domain/IP
addressor IP that can be accessed without
authentication
None
Authenticated users blacklist
ID
Serial number
None
Domain/IP
Restrict authenticated users to access network, that is
can not be accessed by authenticated users to
None
blacklist addresses or IP
3.3.5 DHCP service
Along with the continuous expansion of network size and complication of network, number of
computers often exceeds distributable IP addresses. Meanwhile, in pace with the extensive
application of portable devices and wireless network, position of computer changes frequently,
resulting to the frequent upgrade of IP address, leading to a more and more complicated network
configuration. DHCP (Dynamic Host Configuration Protocol) is a product for such demands.
DHCP adopts Client/Server communication mode. Client sends configuration request to Server
which feeds back corresponding configuration information, including distributed IP address to the
Client to achieve the dynamic configuration of IP address and other information.
In typical applications of DHCP, generally one DHCP Server and a number of Clients (PC and
Portable Devices) are included, as the following figure shows:
When DHCP Client and DHCP Server are in different physical network segment, Client could
communicate with Server through DHCP Relay to obtain IP address and other configuration
information, as the following figure shows:
3.3.5.1 Status
From navigation panel, select Network/DHCP, then enter “Status” page, as shown in Figure 3‐39.
Figure 3‐39 DHCP Status
3.3.5.2 DHCP Server
The duty of DHCP Server is to distribute IP address when Workstation logs on and ensure each
workstation is supplied with different IP address. DHCP Server has simplified some network
management tasks requiring manual operations before to the largest extent.
From navigation panel, select Network >>DHCP, then enter “DHCP Server” page, as shown in
Figure 3‐40.
Figure 3‐40 DHCP Server
Page description is shown in Table 3‐17.
Table 3‐17 DHCP Server Description
Parameters
Description
Default
Enable
On/Off
Off
Interface
dot11radio 1
dot11radio 1
Starting Address
Dynamical distribution of starting IP address
N/A
Ending Address
Dynamical distribution of ending IP address
N/A
Lease
Dynamical distribution of IP validity
1440
DNS Server
One or two, or None
N/A
WINS
Setup of WINS, generally left blank
N/A
Static IP Setup
Set up a static specified DHCP’s MAC address
MAC Address
0000.0000.0000
(different from other MACs to avoid confliction)
Set up a static specified IP address (within the
IP Address
N/A
scope from start IP to end IP)
If the host connected with router chooses to obtain IP address automatically, then such
service must be activated. Static IP setup could help a certain host to obtain specified IP
address.
3.3.5.3 DHCP Relay
Generally, DHCP data packet is unable to be transmitted through router. That is to say, DHCP
Server is unable to provide DHCP services for two or more devices connected with a router
remotely. Through DHCP relay, DHCP requests and response data packet could go through many
routers (Broadband Router).
From navigation panel, select Network/DHCP, then enter “DHCP Relay” page, as shown in Figure
3‐41.
Figure 3‐41DHCP Relay
Page description is shown in Table 3‐18.
Table 3‐18 DHCP Realy Description
Parameters
Description
Default
Enable
On/Off
Off
DHCP Sever
Set DHCP server; up to 4 servers can be configured
N/A
Source IP
Address of the interface connected to the DHCP server
N/A
3.3.5.4 DHCP Client
From navigation panel, select Network/DHCP, then enter “DHCP Client” page, by clicking to
enable, choose SSID interface, as shown in Figure 3‐42.
Figure 3‐42DHCP Client
3.3.6 DNS Services
DNS (Domain Name System) is a DDB used in TCP/IP application programs, providing switch
between domain name and IP address. Through DNS, user could directly use some meaningful
domain name which could be memorized easily and DNS Server in network could resolve the
domain name into correct IP address.
The device supports to achieve following two functions through domain name service
configuration:
DNS Server: for dynamic domain name resolution.
DNS relay: the device, as a DNS Agent, relays DNS request and response message between
DNS Client and DNS Server to carry out domain name resolution in lieu of DNS Client.
3.3.6.1 DNS Server
Domain Name Server: DNS stands for Domain Name System. It is a core service of the Internet.
As a distributed database that can let the domain names and IP addresses mapping to each other,
it allows people to more conveniently access to the Internet without the need to memorize the IP
string that can be directly read by the computer.
From navigation panel, select Network/DNS, then enter “DNS Server” page. In manual setup of
DNS Server, if it is blank, then dial to obtain DNS. Generally this item is required to be set when
WAN port uses static IP, as shown in Figure 3‐43.
Figure 3‐43 DNS Server
Page description is shown in Table 3‐19.
Table 3‐19 DNS Server Description
Parameters
Description
Default
Primary DNS
User define Primary DNS address
N/A
Secondary DNS
User define Secondary DNS address
N/A
3.3.6.2 DNS Relay
DNS forwarding: DNS forwarding is open by default. You can set the specified [Domain Name <=>
IP Address] to let IP address match with the domain name, thus allowing access to the
appropriate IP through accessing to the domain name.
From navigation panel, select Network/DNS, then enter “DNS Relay” page, as shown in 3‐44.
Figure 3‐44 DNS Relay
Page description is shown in Table 3‐20.
Table 3‐20 DNS Delay Description
Parameters
Description
Default
Enable DNS Relay
On/Off
On
Host
Domain Name
N/A
IP Address 1
Set IP Address 1
N/A
IP Address 2
Set IP Address 2
N/A
Once DHCP is turned on, DNS relay will be turned on as default and can’t be turned off; to turn
off DNS rely, DHCP Server has to be closed firstly.
3.3.7 SMS
SMS permits message‐based reboot and manual dialing.
From navigation panel, select Network/SMS, then enter “Basic” page. Configure Permit action to
Phone Number and click . After that you can send “reboot” command to restart
the device or “cellular 1 ppp up/down” to redial or disconnect the device, as shown in Figure
3‐45.
Figure 3‐45 SMS
Page description is shown in Table 3‐21.
Table 3‐21 SMS Description
Parameters
Description
Default
Enable
On/Off
Off
Mode
TEXT and PDU
TEXT
Poll Interval
User define Poll Interval
120
SMS Access Control
ID
User define ID
Action
Permit and refuseare available
Permit
Phone Number
Trusting phone number
N/A
3.3.8 VLAN Interface
VLAN (Virtual Local Area Network) divides LAN device logically into one and another network
segment, enable emerging data exchange technology of virtual workgroups.
3.3.8.1 VLAN Configuration
From navigation panel "Network/VLAN" menu, enter "Configure VLAN Parameters" page, click
 button to add the VLAN, as shown in Figure 3‐46.
Figure 3‐46 Configure VLAN Parameters
Page description is shown in Table 3‐22.
Table 3‐22 Configure VLAN Parameters Description
Parameters
VLAN ID
Description
VLAN ID, User‐defined
Default
None
VLAN Interface
Primary
Address
Secondary
IP Address
IP address
Users can configure or change the primary IP
address needed
Subnet
Mask
Users can configure or change the subnet mask if
necessary
IP address
In addition to primary IP, user can also configure
10 Secondary IP addresses
Subnet
Mask
Users can configure or change the subnet mask if
necessary
IP
None
None
3.3.8.2 VLAN Aggregation
From navigation panel "Network/VLAN” menu, enter "VLAN Trunk" page, set VLAN port mode for
WIFUN1050, the mode can be set to Access or Trunk, as shown in Figure 3‐47.
Figure 3‐47 VLAN Trunk
3.3.9 ADSL Dialup（PPPoE）
PPPoE is Point to Point Protocol over Ethernet. Users need while maintaining the original access,
install a PPPoE client. Through PPPoE, a remote access device can realize control and accounting
of each access user.
Ethernet interface connection mode you configure here is PPPoE, namely the interface as PPPoE
client.
From navigation panel "Network/ADSL Dialup (PPPoE)" menu, enter "ADSL Dialup (PPPoE)" page,
as shown in Figure 3‐48.
Figure 3‐48 PPPoE
Page description is shown in Table 3‐23.
Table 3‐23 PPPoE Description
Parameters
Description
Default
Dial Pool
User‐defined, easy to remember and manage
None
Interface
Select Fastethernet0/1 or Fastethernet0/2
Fastethernet0/1
PPPoE List
ID
User‐defined, easy to remember and manage
Pool ID
Dial pool Index
None
Authentication Type
Three options: Auto,PAP,CHAP
Auto
User Name
Relevant parameters provided by peer
operator
None
Password
Relevant
operator
Local IP Address
Assigned IP address to Ethernet interface
None
Remote IP Address
Remote IP address
None
parameters
provided
by
peer
None
3.3.10 Loopback Interface
Loopback is used to represent router ID, because if you use active interface, when activity
interface DOWN, router ID is subject to re‐selection, that would cause OSPF convergence time
slow, thus loopback interface is generally used as a router ID.
Loopback interface is logical and virtual interface on routers. No default router loopback interface.
You can create any number of loopback interfaces as needed. These interfaces on router treated
like physical interface: You can assign them addressing information, including their choice to
update the network number in routers, or even terminate IP connection on them.
From navigation panel "Network/Loopback Interface" menu, enter "loopback" page, shown in
Figure 3‐49.
Figure 3‐49 Loopback
Page description is shown in Table 3‐24.
Table 3‐24 Loopback Interface Description
Parameters
Description
Default
IP Address
User can not change.
127.0.0.1
Subnet Mask
User can not change.
255.0.0.0
Multi‐IP settings
In addition to the above IP, user also can be equipped
with other IP addresses
None
Since loopback interface is exclusive of one IP address, subnet mask is generally recommended
to 255.255.255.255, to save resources.
3.3.11 Dynamic Domain Name
DDNS Dynamic Domain Name Service is mapping user dynamic IP address to a fixed domain
name resolution services, when user connect to the network, client program will pass dynamic IP
address of the host through information transfer to server program on the host of service
providers, the server program is responsible for providing DNS service and realizing dynamic
domain name resolution. That is, DDNS to capture changeable IP address, then corresponding
with domain name, so that other Internet users can communicate through the domain name.
And all final customers to remember, is to remember the dynamic domain name given by
suppliers, without having to pipe how they are implemented.
DDNS function as DDNS client tools, we need to work with DDNS server. Before using this feature,
you need first to find corresponding sites such as (www.3322.org) and apply for registration of a
domain name.
DDNS service type include: DynAccess, QDNS (3322)‐Dynamic, QDNS (3322)‐Static,
DynDNS‐Dynamic, DynDNS‐Static and NoIP.
From navigation panel "Network/DDNS" menu, enter "DDNS" page. Set dynamic binding domain.
As shown in Figure 3‐50.
Figure 3‐50 Dynamic Domain Name
Page description is shown in Table 3‐25.
Table 3‐25 Dynamic Domain Name Description
Parameters
Description
Default
Method
User‐defined
None
Service Type
Select dynamic domain name service providers
Disable
User Name
Apply registration DDNS username
None
Password
Apply registration DDNS username
None
Host
Apply registration DDNS host
None
Specified Interface
Update Method
Defined dynamic domain update method
None
If IP router dial obtain a private address, dynamic DNS function is not available.
3.3.12 Bridge Interface
From navigation panel "Network/Bridge " menu, enter "Bridge 1" page, set related parameters, as
shown in Figure 3‐51.
Figure 3‐51 Bridge 1
Page description is shown in Table 3‐26.
Table 3‐26 Ethernet Interface Parameter Description
Parameters
Bridge ID
Description
Bridge number can only be assigned to 1
Default
None
Bridge Interface
IP address and subnet mask of
primary address
Configure or change the primary IP address and
subnet mask as needed.
None
IP address and subnet mask of
secondary address
In addition to primary IP from outside, clients also
can be equipped with secondary IP address and
subnet mask
None
Bridge Member
Click enable bridge interface
None
3.4 Link Backup
3.4.1 SLA
Basic Concepts and Principles
Under normal circumstances, the edge router can detect if the link linked to the ISP is in fault. If
the network linking to one ISP is in fault, another ISP will be used to transmit all the data streams.
However, if the link of an ISP is normal and the infrastructure fails, the edge router will continue
to use this route. Then, the data is no longer reachable.
One feasible solution is to using static routing or policy‐based routing to first test the reachability
of important destination. If it is unreachable, the static routing will be deleted.
The reachability test can be performed with InHand SLA to continuously check the reachability of
ISP and be associated with static routing.
Basic principles of InHand SLA: 1.Object track: Track the reachability of the specified object. 2.
SLA probe: The object track function can use InHand SLA to send different types of detections to
the object. 3. Policy‐based routing using route mapping table: It associates the track results with
the routing process. 4. Using static routing and track options.
SLA Configuration Steps
Step 1: Define one or more SLA operations (detection).
Step 2: Define one or more track objects to track the status of SLA operation.
Step 3: Define measures associated with track objects.
From navigation panel, select Link Backup>>SLA, then enter “SLA” page, as shown in Figure
3‐52.
Figure 3‐52 SLA
Page description is shown in Table3‐27.
Table 3‐27 SLA Description
Parameters
Description
Default
Index
SLAindex orID
Type
Detection type, default is icmp‐echo, the user cannot change
icmp‐echo
IP Address
Detected IP address
None
Data Size
User define data size
56
Interval
User define detection interval
30
Timeout (ms)
User define,Timeout for detection to fail
5000
Connecutive
Detection retries
Life
Default is “forever”, user cannot change
forever
Start‐time
Detection Start‐time, select “now” or None
now
3.4.2 Track Module
Track is designed to achieve linkage consisting of application module, Track module and
monitoring module. Linkage refers to achieve the linkage amongst different modules through the
establishment of linkage items, namely, the monitoring module could trigger application module
to take a certain action through Track module. Monitoring module is responsible for detection of
link status, network performance and notification to application module of detection results via
Track module. Once the application module finds out any changes in network status,
corresponding measures will be taken on a timely basis so as to avoid interruption of
communication or reduction of service quality.
Track module is located between application module and monitoring module with main functions
of shielding the differences of different monitoring modules and providing uniform interfaces for
application module.
Track Module and Monitoring Module Linkage
Through configuration, the linkage relationship between Track module and monitoring module is
established. Monitoring module is responsible for detection of link status, network performance
and notification to application module of detection results via Track module so as to carry out
timely change of the status of Track item:

Successful detection, corresponding track item is Positive

Failed detection, corresponding track item is Negative
Track Module and Application Module Linkage
Through configuration, the linkage relationship between Track module and application module is
established. In case of any changes in track item, a notification requiring correspondent
treatment will be sent to application module.
Currently, application modules which could achieve linkage with track module include: VRRP,
static routing, strategy‐based routing and interface backup.
Under certain circumstances, once any changes in Track item are founded, if a timely notification
is sent to application module, then communication may be interrupted due to routing’s failure in
timely restoration and other reasons. For example, Master router in VRRP backup group could
monitor the status of upstream interface through Track. In case of any fault in upstream interface,
Master router will be notified to reduce priority so that Backup router may ascend to the new
Master to be responsible for relay of message. Once upstream interface is recovered, so long as
Track immediately sends a message to original Master router to recover priority, then the router
will take over the task of message relay. At that time, message relay failure may occur since the
router has not restored to the upstream router. Under such circumstances, user to configure that
once any changes take place in Track item, delays a period of time to notify the application
module.
From navigation panel, select Link Backup/Track, then enter “Track” page, as shown Figure 3‐53.
Figure 3‐53Track M
Page description is shown in Table 3‐28.
Table 3‐28 Track Description
Parameters
Description
Default
Index
Track index orID
Type
Default “sla”,User cannot change
sla
Defined SLA Index or ID
None
Detect interface’s up/down state
cellular 1
SLA
ID
Interface
In case of negative status, switching can be delayed based on
Negative
Delay
the set time (0 represents immediate switching), rather than
(m)
immediate switching.
In case of failure recovery, switching can be delayed based on
Positive
Delay
the set time (0 represents immediate switching), rather than
(m)
immediate switching.
3.4.3 VRRP
Default route provides convenience for user’s configuration operations but also imposes high
requirements on stability of the default gateway device. All hosts in the same network segment
are set up with an identical default route with gateway being the next hop in general. When fault
occurs on gateway, all hosts with the gateway being default route in the network segment can’t
communicate with external network.
Increasing exit gateway is a common method for improving system reliability. Then, the problem
to be solved is how to select route among multiple exits. VRRP (Virtual Router Redundancy
Protocol) adds a set of routers that can undertake gateway function into a backup group to form a
virtual router. The election mechanism of VRRP will decide which router to undertake the
forwarding task and the host in LAN is only required to configure the default gateway for the
virtual router.
VRRP will bring together a set of routers in LAN. It consists of multiple routers and is similar to a
virtual router in respect of function. According to the vlan interface ip of different network
segments, it can be virtualized into multiple virtual routers. Each virtual router has an ID number
and up to 255 can be virtualized.
VRRP has the following characteristics:

Virtual router has an IP address, known as the Virtual IP address. For the host in LAN, it
is only required to know the IP address of virtual router, and set it as the address of the
next hop of the default route.

Host in the network communicates with the external network through this virtual
router.

1 router will be selected from the set of routers based on priority to undertake the
gateway function. Other routers will be used as backup routers to perform the duties of
gateway for the gateway router in case of fault of gateway router, thus to guarantee
uninterrupted communication between the host and external network
VRRP Networking Scheme：
As shown in Figure above, Router A and Router C compose a virtual router. This virtual router has
its own IP address. The host in LAN will set the virtual router as the default gateway. Router A or
Router C, the one with the highest priority, will be used as the gateway router to undertake the
function of gateway. Another router will be used as a Backup router.
Monitor interface function of VRRP better expands backup function: the backup function can be
offered when interface of a certain router has fault or other interfaces of the router are
unavailable.
When interface connected with the uplink is at the state of Down or Removed, the router actively
reduces its priority so that the priority of other routers in the backup group is higher and thus the
router with highest priority becomes the gateway for the transmission task.
From navigation panel, select Link Backup/VRRP, then enter “VRRP” page, as shown in Figure
3‐54.
Figure 3‐54 VRRP
Page description is shown in Table 3‐29.
Table 3‐29 VRRP Description
Parameters
Description
Default
Enable
Enable/Disable
Enable
Virtual Route ID
User define Virtual Route ID
None
Interface
Configure the interface of Virtual Route
vlan1
Virtual IP Address
Configure the IP address of Virtual Route
None
Priority
The VRRP priority range is 0‐255 (a larger number indicates
100
a higher priority). The router with higher priority will be
more likely to become the gateway router.
Advertisement
Heartbeat package transmission time interval between
Interval
routers in the virtual ip group
If the router works in the preemptive mode, once it finds
that its own priority is higher than that of the current
gateway router, it will send VRRP notification package,
Preemption Mode
Enable
resulting in re‐election of gateway router and eventually
replacing the original gateway router. Accordingly, the
original gateway router will become a Backup router.
Track ID
Trace Detection, select the defined Track index or ID
None
3.4.4 Interface Backup
Interface backup refers to backup relationship formed between appointed interfaces in the same
equipment. When service transmission can’t be carried out normally due to fault of a certain
interface or lack of bandwidth, rate of flow can be switched to backup interface quickly and the
backup interface will carry out service transmission and share network flow so as to raise
reliability of communication of data equipment.
When link state of main interface is switched from up to down, system will wait for preset delay
first instead of switching to link of backup interface immediately. Only if the state of main
interface still keeps down after the delay, system will switch to link of backup interface.
Otherwise, system will not switch.
After link state of main interface is switched from down to up, system will wait for preset delay
first instead of switching back to main interface immediately. Only if state of main interface still
keeps up after the delay, system will switch back to main interface. Otherwise, system will not
switch.
From navigation panel, select Link Backup/Interface Backup, then enter “Interface Backup” page,
as shown in Figure 3‐55.
Figure 3‐55 Interface Backup
Page description is shown in Table 3‐30.
Table 3‐30 Interface Backup Description
Parameters
Description
Default
Primary Interface
The interface being used
cellular 1
Backup Interface
Interface to be switched
cellular 1
Start‐up Delay
Set how long to wait for the start‐up tracking detection
60
policy to take effect
When the primary interface switches from failed
detection to successful detection, switching can be
Up Delay
delayed based on the set time (0 represents immediate
switching), rather than immediate switching.
When the primary interface switches from successful
detection to failed detection, switching can be delayed
Down Delay
based on the set time (0 represents immediate
switching), rather than immediate switching.
Track ID
Trace Detection, select the definedTrack index or ID
None
3.5 Routing
3.5.1 Static Route
Static routing is a special routing that requires your manual setting. After setting static routing,
the package for the specified destination will be forwarded according to the path designated by
you. In the network with relatively simple networking structure, it is required to set static routing
to achieve network interworking. Proper setting and use static routing can improve the
performance of network and can guarantee bandwidth for important network applications.
Disadvantages of static routing: It cannot automatically adapt to the changes in the network
topology. The network failure or changes in topology may cause the route unreachable and
network interrupted. Then, you are required to manually modify the setting of static routing.
Static Routing performs different purposes in different network environments.

When the network structure is comparatively simple, the network can work normally
only with Static Routing.

While in complex network environment, Static Routing can improve the performance of
network and ensure bandwidth for important application.

Static Routing can be used in VPN examples, mainly for the management of VPN route.
3.5.1.1 Routing Status
From navigation panel, select Routing/Static Routing, then enter “Route Table” page, as shown in
Figure 3‐56.
Figure 3‐56 Routing Status
3.5.1.2 Static Routing
From navigation panel, select Routing/Static Routing, then enter “Static Routing,” page.
Add/delete additional Router static routing. Normally users don not need to configure this item,
as shown in 3‐57.
Figure 3‐57 Static Routing
Page description is shown in Table 3‐31.
Table 3‐31Static Routing Description
Parameters
Description
Default
Destination address
Enter the destination IP address need to be reached
None
Subnet Mask
Enter the subnet mask of destination address need to be
None
reached
Interface
The interface through which the data reaches the
None
destination address
Gateway
IP address of the next router to be passed by before the
None
input data reaches the destination address
Distance
Priority, smaller value contributes to higher priority
None
Track ID
Select the definedTrack index or ID
None
3.5.2 Dynamic Routing
The routing table entry on dynamic router is obtained in accordance with certain algorithm
optimization through the information exchange between the connected routers, while the
routing information is continuously updating in certain time slot so as to adapt to the
continuously changing network and obtain the optimized pathfinding effects at any time.
In order to achieve efficient pathfinding of IP packet, IETF has developed a variety of
pathfinding protocols, including Open Shortest Path First (OSPF) and Routing Information
Protocol (RIP) for Autonomous System (AS) interior gateway protocol. The so‐called autonomous
system refers to the collection of hosts, routers and other network devices under the
management of the same entity (e.g. schools, businesses, or ISP)
3.5.2.1 Routing Status
From navigation panel, select Routing/Dynamic Routing, then enter “Route Table” page,as shown
in Figure 3‐58.
Figure 3‐58Routing Status
3.5.2.2 RIP
RIP (Routing Information Protocol) is a relatively simple interior gateway protocol (IGP), mainly
used for smaller networks. The complex environments and large networks general do not use RIP.
RIP uses Hop Count to measure the distance to the destination address and it is called
RoutingCost. In RIP, the hop count from the router to its directly connected network is 0 and the
hop count of network to be reached through a router is 1 and so on. In order to limit the
convergence time, the specified RoutingCost of RIP is an integer in the range of 0~15 and hop
count larger than or equal to 16 is defined as infinity, which means that the destination network
or host is unreachable. Because of this limitation, the RIP is not suitable for large‐scale networks.
To improve performance and prevent routing loops, RIP supports split horizon function. RIP also
introduces routing obtained by other routing protocols.
It is specified in RFC1058 RIP that RIP is controlled by three timers, i.e. Period update, Timeout
and Garbage‐Collection:
Each router that runs RIP manages a routing database, which contains routing entries to reach all
reachable destinations. The routing entries contain the following information:

Destination address: IP address of host or network.

Address of next hop: IP address of interface of the router’s adjacent router to be passed by
on the way to reach the destination.

Output interface: The output interface for the router to forward package.

RoutingCost: Cost for the router to reach the destination.

Routing time: The time from the last update of router entry to the present. Each time the
router entry is updated, the routing time will be reset to 0.
From navigation panel, select Routing>>Dynamic Routing, then enter “RIP” page, as shown Figure
3‐59‐1.
Figure 3‐59‐1 RIP
Advanced Options are shown in Figure 3‐59‐2.
Figure 3‐59‐2 RIP
Page description is shown in Table 3‐32.
Table 3‐32 RIP Description
Parameters
Description
Default
Enable
Enable/ Disable
Disable
Update timer
It defines the interval to send routing updates
30
It defines the routing aging time. If no update package on
Timeout timer
a routing is received within the aging time, the routing’s
180
Routing Cost in the routing table will be set to 16.
It defines the time from the time when the RoutingCost
of a routing becomes 16 to the time when it is deleted
from the routing table. In the time of
Garbage‐Collection, RIP uses 16 as the RoutingCost for
Clear Timer
120
sending updates of the routing. In case of timeout of
Garbage‐Collection and the routing still has not been
updated, the routing will be completely removed from
the routing table.
Network
The first IP addressand subnet mask of the segment
None
Advanced Options
Default Post
Click Enable, the default information will enable
publishing
Disable
Default Metric
Default cost of router to destination
Disable
Redirect direct route
Redirect Static
RoutE
Direct, Static, and OSP route agreement introduced to
RIP route agreement
Redirect OSP RoutE
Disable
Disable
Advanced Options ‐ Distance/Metric Management
Distance
Set RIP routing administrative distance, priority, the
smaller value, the priority
120
IP address
Network number is the first IP address in network
segment
None
Subnet Mask
Subnet mask, network number is subnet mask of the first
IP address in network segment
None
Access List
Application of the ACL ID
None
Redirect routing
metric
Rewrite default cost from route to the destination
None
Ingress/egress
filtering policy
Set redirection route filtering policy (in/out)
in
Interface
Set Interface rewriting to route
None
Access List
Application of the ACL ID
None
Advanced Options ‐ Route Filtering Policy
Policy Type
Select the type of policy to implement
Access‐list
Policy name
Custom policy name
None
Ingress/egress
filtering policy
Select policy applied in the outbound or inbound
in
Interface
Select route filtering policy enforcement Interface
None
Send filtration
After enabling, only RIP packet send to the default
routing interface.
Disable
Advanced Options ‐ Interface
Passive Interface
After enabling,only receive RIP packet, no send
Disable
RIP send version
Select Send RIP packet version
Default
RIP Receive version
Choose receive RIP packet version
Default
Horizontal split/
toxicity Flip
Select enable split horizon or poison reverse function
None
Authentication
Select the interface authentication mode
None
Key
Fill in the corresponding key
None
Advanced Options ‐ Neighbor
IP address
Neighbor IP address
None
3.5.2.3 OSPF
Open Shortest Path First (OSPF) is a link status based interior gateway protocol developed by IETF.
Router ID
If a router wants to run the OSPF protocol, there should be a Router ID. Router ID can be
manually configured. If no Router ID is configured, the system will automatically select one IP
address of interface as the Router ID.
The selection order is as follows:

If a Loopback interface address is configured, then the last configured IP address of
Loopback interface will be used as the Router ID;

If no LoopBack interface address is configured, choose the interface with the biggest IP
adress from other interfaces as the Router ID.
Neighbor and Neighboring
After the start‐up of OSPF router, it will send out Hello packets through the OSPF interface. Upon
receipt of Hello packet, OSPF router will check the parameters defined in the packet. If both are
consistent, a neighbor relationship will be formed. Not all both sides in neighbor relationship can
form the adjacency relationship. It is determined based on the network type. Only when both
sides successfully exchange DD packets and LSDB synchronization is achieved, the adjacency in
the true sense can be formed. LSA describe the network topology around a router, LSDB describe
entire network topology.
From navigation panel, select Routing/Dynamic Routing, then enter “OSPF” page,as shown in
Figure 3‐60.
Figure 3‐60 OSPF
Page description is shown in Table 3‐33.
Table 3‐33 OSPFDescription
Parameters
Description
Default
Enable
Enable/Disable
Disable
Router ID
RouterID of the originating the LSA
None
Interface
Interface
The interface
None
Send interval of Hello packet. If the the Hello
Hello Interval
time between two adjacent routers is different,
10
you can not establish a neighbor relationship.
Dead Time. If no Hello packet is received from
the neighbors, the neighbor is considered failed.
Dead Interval
If dead times of two adjacent routers are
different, the neighbor relationship can not be
established.
40
When the router notifies an LSA to its neighbor,
it is required to make acknowledgement. If no
Retransmit Interval
acknowledgement packet is received within the
retransmission interval, this LSA will be
retransmitted to the neighbor.
LSA transmission delay
timer
OSPF packet also need to spend time when
traveling on links, so LSA aging time (age) before
transferring to add a delay time, in the
low‐speed links require consideration of
configuration.
Interface ‐ Interface Advanced Options
Interface Name
Configure OSPF interface parameters
None
Passive Interface
After enabling,only receive RIP packet, no send
Disable
Interface Cost
By default, an interface computes its cost
according to the bandwidth
10
Protocol Priority
Configure OSPF router interface priority
10
Network
IP Address
IP Address of local network
None
Subnet Mask
Subnet Mask of IP Address of local network
None
Area ID
Area ID of router which originating LSA
None
3.5.2.4 Filtering Route
Click navigation panel “Routing/Dynamic Routing” menu, enter “Filtering Route” interface, as
shown in Figure 3‐61.
Figure 3‐61Filtering Route
Page description is shown in Table 3‐34.
Table 3‐34 Filtering Route Description
Parameter
Description
Default
Access Control List
Access list
User defined
None
Action
Permit and deny
Permit
Any Address
Any address after clicking, no matching IP address and
Disable
subnet mask again
3.5.3 Multicast Routing
Multicast routing sets up an acyclic data transmission route from data source end to multiple
receiving ends, which refers to the establishment of a multicast distribution tree. The multicast
routing protocol is used for establishing and maintaining the multicast routing and forrelaying
multicast data packet correctly and efficiently.
3.5.3.1 Basic Settings
The basic is mainly to define the source of multicast routing.
From navigation panel, select Routing/Multicast Routing, then enter “Basic” page,as shown in
Figure 3‐62.
Figure 3‐62 Basic Settings
Page description is shown in Table 3‐35.
Table 3‐35 Basic Settings Description
Parameters
Description
Default
Enable
Open/Close
Close
Source
IP Address of Source
None
Netmask
Netmask of Source
255.255.255.0
3.5.3.2 IGMP
IGMP, being a multicast protocol in Internet protocol family, which is used for IP host to report its
constitution to any directly adjacent router, defines the way for multicast communication of hosts
amongst different network segments with precondition that the router itself supports multicast
and is used for setting and maintaining the relationship between multicast members between IP
host and the directly adjacent multicast routing. IGMP defines the way for maintenance of
member information between host and multicast routing in a network segment.
In the multicast communication model, sender, without paying attention to the position
information of receiver, only needs to send data to the appointed destination address, while the
information about receiver will be collected and maintained by network facility. IGMP is such a
signaling mechanism for a host used in the network segment of receiver to the router. IGMP
informs the router the information about members and the router will acquire whether the
multicast member exists on the subnet connected with the router via IGMP.
Function of multicast routing protocol:

Discovering upstream interface and interface closest to the source for the reason that
multicast routing protocol only cares the shortest route to the source.

Deciding the real downstream interface via (S, G). A multicast tree will be finished after all
routers acquire their upstream and downstream interfaces with root being router directly
connected with the source host and branches being routers directly connected via subnet
with member discovered by IGMP.

Managing multicast tree. The message can be transferred once the address of next hop can
be acquired by unicast routing, while multicast refers to relay message generated by source
to a group.
From navigation panel, select Routing/Multicast Routing, then enter “IGMP” page,as shown in
Figure 3‐63.
Figure 3‐63 IGMP
Page description is shown in Table 3‐36.
Table 3‐36 IGMP Description
Parameters
Description
Default
Uplink Interface
Uplink Interface
link to upper network device interface
None
Downlink Interface
Downlink Interface
link to terminal equipment interface
cellular 1
Uplink Interface
link to upper network device interface
cellular 1
3.6 Tools
3.6.1 PING
Help to PING internet through route.
From navigation panel, select Tools/Ping, then enter “Ping” page, as shown in Figure 3‐64.
Figure 3‐64 PING
Page description is shown in Table 3‐37.
Table 3‐37 PING Description
Parameters
Host
Description
It requires the destination host address of PING
Default
192.168.2.1
detection
Ping Count
Set Ping detection count
Packet Size
Set packet size of ping detection
32 bytes
Expert Options
Advanced parameters of ping can be used
None
3.6.2 Routing Detection
It is used to detect network routing failure.
From navigation panel, select Tools/Traceroute, then enter “Traceroute” page, as shown in Figure
3‐65.
Figure 3‐65 Traceroute
Page description is shown in Table 3‐38.
Table 3‐38 Traceroute Description
Parameters
Description
Default
Host
Host address needs to detect
192.168.2.1
Maxium Hops
Set the maxium hops of routing detection
20
Timeout
Set timeout of routing detection
3 secs
Protocol
Select ICMP/UDP
UDP
Expert Options
Advanced parameters of ping can be used
None
3.6.3 Link Speed Test
Through upload and download files, link speed can be tested.
From navigation panel, select Tools/Link Speed Test, then enter “Link Speed Test” page,as shown
in Figure 3‐66.
Figure 3‐66 Link Speed Test
3.7 Installation Guide
Simplify general configuration, where the router with fast, simple, basic configuration,
configuration result can not be displayed here, but view it when finished in a specific
corresponding configuration setting.
3.7.1 New Dial
From navigation panel "Wizards/New Cellular" menu, enter " New Cellular " page, as shown in
Figure 3‐67.
Figure 3‐67 New Cellular
Page description is shown in Table 3‐39.
Table 3‐39 New Cellular Description
Parameters
Description
Default
APN
Select New WAN Interface
3gnet
Access number
Mobile operator provide dial‐up parameters (please choose
according to the local operator)
*99***1#
User name
Mobile operator provide dial‐up parameters (please choose
according to the local operator)
gprs
password
Mobile operator provide dial‐up parameters (please choose
according to the local operator)
●●●●
Network
Address
Translation
Click Enable, put private IP address converted into a public IP
address
Disable
3.7.2 New IPSec Tunnel
From navigation panel" Wizards /New IPSec Tunnel" menu, enter "New IPSec Tunnel" page, as
shown in Figure 3‐68.
Table 3‐68 New IPSec Tunnel
Page description is shown in Table3‐40.
Table 3‐40 New IPSec Tunnel Description
Parameters
Description
Default
Basic
Tunnel No.
Set Tunnel No.
Interface Name
Select Interface Name
cellular 1
Peer Address
Set VPN peer IP
None
Negotiation Mode
Optional main mode, aggressive mode. (Usually
select main mode)
Main mode
Local subnet
address
Set IPSec local protection subnet
None
Local Subnet Mask
Set IPSec local protection subnet mask
255.255.255.0
Peer subnet
address
Set IPSec peer protection subnet
None
Peer subnet mask
Set IPSec peer protection subnet mask
255.255.255.0
Phase 1
IKE Policy
Optional 3DES‐MD5‐DH1 or 3DES‐MD5‐DH2, etc.
3DES‐MD5‐DH2
IKE Life Cycle
Set IKE Life Cycle
86400sec
Local Identity Type
Optional FQDN, USER FQDN, IP address
IP address
Local Index
Only in FQDN and USER FQDN. Fill in the
appropriate identification according to the selected
identity type (USER FQDN should be a standard
mailbox format)
None
Peer Identity Type
Optional FQDN, USER FQDN, IP address
Peer Index
Only in FQDN and USER FQDN. Fill in the
appropriate identification according to the selected
identity type (USER FQDN should be a standard
mailbox format)
None
Authentication
Choose to share keys and digital certificates
share keys
Key
Authentication mode select shared keys show the
feature. Set IPSec VPN agreement key
None
IP address
Phase 2
IPSec Policy
Optional 3DES‐MD5‐96 or 3DES ‐SHA1‐96 etc.
3DES‐MD5‐96
IPSec Life Cycle
Set IPSec Life Cycle
3600sec
Create inbound and outbound rules to each tunnel collection. If only to create a one‐way
connection filter, the rule is not applied.
3.8 Personalization Features
According to the specific needs of individual customers, private custom functions can be
equipped to WIFUN1050.
3.8.1 Nginx Server
Set hard disk server function. After opening captive portal loginb, user share hard disk data.
From navigation panel "Personalized Function/Nginx" menu, enter "Nginx" page, as shown in
Figure 3‐69.
Figure 3‐69 Nginx
3.8.2 File Synchronization
From navigation panel "Personalized Function/File Synchronization" menu, enter "File
Synchronization" page, as shown in Figure 3‐70.
Figure 3‐70 File Synchronization
Page description is shown in Table 3‐41.
Table 3‐41 File Synchronization Description
Parameters
Description
Default
Task
User‐defined task name
None
Server
Rsync Server Address
None
Server Directory
Synchronize files to Rsync server address
None
Local Directory
Synchronize files to local directory
None
User name
Rsync server name
None
Password
Rsync server password
None
3.8.3 GPS Location Information
From navigation panel "Personalized Function /GPS Config"menu, enter " GPS Config " page,
shown in Figure 3‐71.
Figure 3‐71GPS Settings
Page description is shown in Table 3‐42.
Table 3‐42 GPS Config Description
Parameters
Description
Default
Server
upload location information server IP address
None
Port
Upload location information server port
80
Positioning time interval
Set positioning time interval
60
Upload Location
Set upload Location information gap
60
information gap
3.8.4 Roaming Management
3.8.4.1 Roaming Management
From navigation panel “Personalized Function /Roaming Management" menu, enter "Roaming
Management" page, shown in Figure 3‐72.
Figure 3‐72 Roaming Management
3.8.4.2 Upgrade from AP
From navigation panel "Personalized Function /Roaming Management" menu, enter "Slave AP
Upgrade" page, as shown in Figure 3‐73.
Figure 3‐73 Slave AP Upgrade
3.9 Firewall
With the expansion of network and increase in flow, the control over network safety and the
allocation of bandwidth become the important contents of network management. The firewall
function of the router implements corresponding control to data flow at entry direction (from
Internet to local area network) and exit direction (from local area network to Internet) according
to the content features of message (such as: protocol style, source/destination IP address, etc.)
and ensures safe operation of router and host in local area network.
3.9.1 Access Control（ACL）
ACL, namely access control list, implements permission or prohibition of access for appointed
data flow (such as prescribed source IP address and account number, etc.) via configuration of a
series of matching rules so as to filter the network interface data. After message is received by
port of router, the field is analyzed according to ACL rule applied on the current port. And after
the special message is identified, the permission or prohibition of corresponding packet is
implemented according to preset strategy.
ACL classifies data packages through a series of matching conditions. These conditions can be
data packages’ source MAC address, destination MAC address, source IP address, destination IP
address, port number, etc.
The data package matching rules as defined by ACL can also be used by other functions requiring
flow distinguish.
From navigation panel, select Firewall/ACL, then enter “ACL” page, as shown in Figure 3‐74‐1.
Figure 3‐74‐1 Access Control（ACL）
Click  to add new access control list, as shown in Figure 3‐74‐2.
Figure 3‐74‐2 Access Control（ACL）
Page description is shown in Table 3‐43.
Table 3‐43 Access Control Description
Parameters
Description
Default
Standard ACL can block all communication flows from a
network, or allow all communication flows from a
particular network, or deny all communication flows of a
protocol stack (e.g. IP) of.
The extended ACL provides a wider range of control than
Type
that provided by the standard ACL. For example, if the
Extended
network administrator wants to "allow external Web
communication flows to pass through and reject external
communication flows, e.g. FTP and Telnet”, the extended
ACL can be used to achieve the objective. The standard
ACL can not be controlled so precisely.
ID
User define
None
Action
Permit/Deny
Permit
Protocol
Access Control Protocol
ip
Source IP Address
IP Address of Source
None
Destination IP
IP Address of Destination
None
Destination IP
address
Destination network address
None
Destination address mask inverted
None
Logging
Click Enable, the system will record access control on a
log
Disable
Description
Easy to record control access parameters on a log
None
Destination
Mask
Invert
Network Interface list
Interface Name
Select Interface Name
cellular1
Rules
Select inbound, outbound and management rules
none
3.9.2 NAT
NAT can achieve Internet access by multiple hosts within the LAN through one or more public
network IP addresses. It means that few public network IP addresses represent more private
network IP addresses, thus saving public network IP addresses.
From navigation panel, select Firewall/NAT, then enter “NAT” page, as shown in Figure 3‐75‐1.
Figure 3‐75‐1 NAT
NAT rule is to apply ACL to address pool, only matching the ACL address before conversion.
Click to add new NAT rules, as shown in Figure 3‐75‐2.
Figure 3‐75‐2 NAT
Page description is shown in Table 3‐44.
Table 3‐44 NAT Description
Parameters
Description
Default
SNAT：Source NAT： Translate IP packet's source address
into another address
Action
DNAT：Destination NAT: Map a set of local internal
SNAT
addresses to a set of legal global addresses.
1:1NAT： Transfer IP address one to one.
Inside：Inside address
Source Network
Inside
Outside：Outside address
Translation Type
Select the Translation Type
IP to IP
Private network IP address refers to the IP address of internal network or host, while public
network IP address is a globally unique IP address on the Internet.
RFC 1918 three IP address blocks for the private network as follows:
Class A: 10.0.0.0 ~ 10.255.255.255
Class B: 172.16.0.0~ 172.31.255.255
Class A: 192.168.0.0~ 192.168.255.255
The addresses within the above three ranges will not be allocated on the Internet. Therefore,
they can be freely used in companies or enterprises without the need to make application to the
operator or registration center
3.10 QoS
In the traditional IP network, all packets are treated equally without distinction. Each network
device uses first in first out strategy for packet processing. The best‐effort network sends packets
to the destination, but it cannot guarantee transmission reliability and delay.
QoS can control network traffic, avoid and manage network congestion, and reduce packet
dropping rate. Some applications bring convenience to users, but they also take up a lot of
network bandwidth. To ensure all LAN users can normally get access to network resources, IP
traffic control function can limit the flow of specified host on local network.
QoS provides users with dedicated bandwidth and different service quality for different
applications, greatly improving the network service capabilities. Users can meet various
requirements of different applications like guaranteeing low latency of time‐sensitive business
and bandwidth of multimedia services.
QoS can guarantee high priority data frames receiving, accelerate high‐priority data frame
transmission, and ensure that critical services are unaffected by network congestion. IR900
supports four service levels, which can be identified by receiving port of data frame, Tag priority
and IP priority.
From navigation panel, select Qos/Traffic Control, then enter “Traffic Control” page, as shown in
Figure 3‐76.
Figure 3‐76 QoS
Page description is shown in Table 3‐45.
Table 3‐45 QoS Description
Parameters
Description
Default
Type
Name
Name
Name
Any Packets
Click Startup for flow control to any packets
Disable
Source
Source address of flow control
N/A
Destination
Destination address of flow control
N/A
Protocol
Click to select protocol style
N/A
Policy
Name
Name of user defined flow control strategy
N/A
Classifier
Name of style defined above
N/A
N/A
Guaranteed Bandwidth
User defined guaranteed bandwidth
Kbps
Maximum Bandwidth Kbps
User defined maximum bandwidth
N/A
Local Priority
Local priority of selection strategy
N/A
Apply Qos
Interface
Ingress
Kbps
Max
bandwidth
Selection of flow control interface
cellular1
User define, bigger than maximum bandwidth of
N/A
input strategy
User define, bigger than maximum bandwidth of
N/A
Egress Max bandwidth Kbps
output strategy
Ingress Policy
Name of policy defined above
N/A
Egress Policy
Name of policy defined above
N/A
3.11 VPN
VPN is a new technology that rapidly developed in recent years with the extensive application of
Internet. It is for building a private dedicated network on a public network. 'Virtuality" mainly
refers to that the network is a logical network.
Two Basic Features of VPN:

Private: the resources of VPN are unavailable to unauthorized VPN users on the internet;
VPN can ensure and protect its internal information from external intrusion.

Virtual: the communication among VPN users is realized via public network which,
meanwhile can be used by unauthorized VPN users so that what VPN users obtained is only
a logistic private network. This public network is regarded as VPN Backbone.
Fundamental Principle of VPN
The fundamental principle of VPN indicates to enclose VPN message into tunnel with tunneling
technology and to establish a private data transmission channel utilizing VPN Backbone so as to
realize the transparent message transmission.
Tunneling technology encloses the other protocol message with one protocol. Also, encapsulation
protocol itself can be enclosed or carried by other encapsulation protocols. To the users, tunnel is
logical extension of PSTN/link of ISDN, which is similar to the operation of actual physical link.
The common tunnel protocols include L2TP, PPTP, GRE, IPSec, MPLS, etc.
3.11.1 IPSec
A majority of data contents are Plaintext Transmission on the Internet, which has many potential
dangers such as password and bank account information stolen and tampered, user identity
imitated, suffering from malicious network attack, etc. After disposal of IPSec on the network, it
can protect data transmission and reduce risk of information disclosure.
IPSec is a group of open network security protocol made by IETF, which can ensure the security of
data transmission between two parties on the Internet, reduce the risk of disclosure and
eavesdropping, guarantee data integrity and confidentiality as well as maintain security of service
transmission of users via data origin authentication, data encryption, data integrity and
anti‐replay function on the IP level.
IPSec, including AH, ESP and IKE, can protect one and more date flows between hosts, between
host and gateway, and between gateways. The security protocols of AH and ESP can ensure
security and IKE is used for cipher code exchange.
IPSec can establish bidirectional Security Alliance on the IPSec peer pairs to form a secure and
interworking IPSec tunnel and to realize the secure transmission of data on the Internet.
3.11.1.1 IPSec Phase 1
IKE can provide automatic negotiation cipher code exchange and establishment of SA for IPSec to
simplify the operation and management of IPSec. The self‐protection mechanisms of IKE can
complete identity authentication and key distribution in an insecure network.
From navigation panel, select VPN/IPSec, then enter “IPSec Phase 1” page,as shown in Figure
3‐77.
Figure 3‐77 IPSec Phase 1
Page description is shown in Table 3‐46.
Table 3‐46 IPSecPhase 1 Description
Parameters
Description
Default
Keyring
Name
User define key
N/A
IP Address
End‐to‐end IP address
N/A
Subnet Mask
End‐to‐end subnet mask
N/A
Key
User define key content
N/A
IKE Policy
Identification
Policy identification of user defined IKE
Authentication
Alternative authentication: shared key and digital certificate
N/A
Shared
key
3des: encrypt plaintext with three DES cipher codes of 64bit
des: encrypt a 64bit plaintext block with 64bit cipher code
3des
Encryption
Aes: encrypt plaintext block with AES Algorithm with cipher
code length of 128bit, 192bit or 256bit
md5: input information of arbitrary length to obtain 128bit
message digest.
Hash
sha‐1: input information with shorter length of bit to obtain
md5
160bit message digest.
Comparing both, md5 is faster while sha‐1 is safer.
Diffie‐Hellman
Three options: Group 1, Group 2 and Group 5
Group 2
Active time of policy
86400
Key Exchange
Lifetime
ISAKMP Profile
Name
Name of user defined ISAKMP Profile
N/A
Main mode: as an exchange method of IKE, main mode shall be
Negotiation
established in the situation where stricter identity protection is
Main
required.
mode
Mode
Aggressivemode: as an exchange method of IKE, aggressive
mode exchanging fewer message, can accelerate negotiation in
the situation where ordinary identity protection is required.
IP
Local ID Type
Select type of local identification
Address
Local ID
Remote
The local ID corresponding to the selected local ID
N/A
IP
ID
Select type of Remote ID
Type
Address
The
Remote
ID
corresponding
to
the
selected
peer
Remote ID
N/A
identification
Policy
The defined strategy identification in the IKE Strategy list
N/A
Key Ring
The defined key set in the key set list
N/A
Used for detection interval of IPSec neighbor state.
After initiating DPD, If receiving end can not receive IPSec
cryptographic message sent by peer end within interval of
DPD Interval
triggering DPD, receiving end can make DPD check, send
N/A
request message to opposite end automatically, detect whether
IKE peer pair exists.
Receiving end will make DPD check and send request message
automatically to opposite end for check. If it does not receive
DPD Timeout
IPSec cryptographic message from peer end beyond timeout,
N/A
ISAKMP Profile will be deleted.
The security level of three encryption algorithms ranks successively: AES, 3DES, DES. The
implementation mechanism of encryption algorithm with stricter security is complex and slow
arithmetic speed. DES algorithm can satisfy the ordinary safety requirements.
3.11.1.2 IPSec Phase 2
From navigation panel, select VPN>>IPSec, then enter “IPSec Phase 2” page, as shown in Figure
3‐78.
Figure 3‐78 IPSec Phase 2
Page description is shown in Table 3‐47.
Table 3‐47 IPSecIPSec Phase 2 Description
Parameters
Name
Description
User define Transform Set name
Default
N/A
Choose encapsulation forms of data packet
AH: protect integrity and authenticity of data packet from
hacker intercepting data packet or inserting false data
Encapsulation
packet on the internet.
esp
ESP: encrypt the user data needing protection, and then
enclose into IP packet for the purpose of confidentiality of
data.
Encryption
Three options: AES, 3DES, DES
3des
Authentication
Alternative authentication: md5 and sha‐1
md5
Tunnel Mode: besides source host and destination host,
special gateway will be operated with password to ensure
the safety from gateway to gateway.
Tunnel
TransmissionMode: source host and destination host must
Mode
IPSec Mode
directly be operated with all passwords for the purpose of
higher work efficiency, but comparing with tunnel mode the
security will be inferior.
3.11.1.3 IPSec Configuration
From navigation panel, select VPN/IPSec, then enter “IPSec Setting” page, as shown in
Figure3‐79.
Figure 3‐79 IPSec Configuration
Page description is shown in Table 3‐48.
Table 3‐48 IPSec Configuration Description
Parameters
Description
Default
IPSec Profile
Name
User define IPSecProfile name
N/A
ISAKMP Profile names defined in the first stage of
N/A
ISAKMP Profile
parameters of IPSec
Transform Set defined in the first stage of parameters of
N/A
Transform Set
IPSec
Perfect
Forward
Means the reveal of one cipher code will not endanger
Disable
Security (PFS)
information protected by other cipher codes.
Lifetime
Lifetime of IPSecProfile
3600
Rekey Margin (S)
Reconnection time for the second stage
540
Deviation percentage of the reconnection time for the
100
Rekey Fuzz (％)
second stage
With this function activated, successful dialing of the
SIM Card Binding
card with which IPSec is bonded is a precondition for the
Disable
use of IPSec.
Crypto Map
Name
User define name of crypto map
N/A
ID
User define ID of crypto map
N/A
Peer Address
Peer IP Address
N/A
ACL ID
ID of ACL defined in ACL of firewall
N/A
ISAKMP Profile names defined in the first stage of
N/A
ISAKMP Profile
parameters of IPSec
Transform Set defined in the first stage of parameters of
N/A
Transform Set
IPSec
Perfect
Forward
Means the reveal of one cipher code will not endanger
Disable
Security (PFS)
information protected by other cipher codes.
Lifetime
Validity of Crypto Map
3600
Rekey Margin (S)
Reconnection time for the second stage
540
Deviation percentage of the reconnection time for the
100
Rekey Fuzz (％)
second stage
Parameters
Description
Default
Interface <==> Crypto Map
MAP Interface
Select Interface Name
cellular1
Select from defined names of Crypto Map. One name is
Map Name
none
matched with several marks.
3.11.1.4 IPSec VPN Configuration Example
Building a secure channel between Router A and Router B to ensure the secure data flow
between Customer Branch A‘s subnet (192.168.1.0/24) and Customer Branch B‘s subnet
(172.16.1.0/24). Security protocol is ESP, the encryption algorithm is 3DES, and authentication
algorithm is SHA.
The topology is as follows:
Configuration Steps:
(1) Router A Settings
Step 1: IPSec Setting Phase 1
From navigation panel, select VPN/IPSec, then enter “IPSec Setting Phase 1” page,as shown
below.
No need to fill in Local ID Type and Remote ID Type.
Step 2: IPSec Setting Phase 2
From navigation panel, select VPN/IPSec, then enter “IPSec Setting Phase 2” page, as shown
below.
Step 3: IPSec Setting
From navigation panel, select VPN/IPSec, then enter “IPSec Setting” page,as shown below.
IPSec Profile setting is needed only when it’s DMVPN.
(2) Router B Settings
Step 1: IPSec Setting Phase 1
From navigation panel, select VPN/IPSec, then enter “IPSec Setting Phase 1” page, as shown
below.
Step 2: IPSec Setting Phase 2
From navigation panel, select VPN/IPSec, then enter “IPSec Setting Phase 2” page, as shown
below.
Step 3: IPSec Setting
From navigation panel, select VPN/IPSec, then enter “IPSec Setting” page,as shown below.
(3) VPN Status Checking
From navigation panel, select VPN/IPSec, then enter “IPSec Status” page, as shown below.
3.11.2 GRE
Generic Route Encapsulation (GRE) defines the encapsulation of any other network layer protocol
on a network layer protocol. GRE could be used as the L3TP of VPN to provide a transparent
transmission channel for VPN data. In simple terms, GRE is a tunneling technology which provides
a channel through which encapsulated data message could be transmitted and encapsulation and
decapsulation could be realized at both ends. GRE tunnel application networking shown as the
following figure:
Along with the extensive application of IPv4, to have messages from some network layer protocol
transmitted on IPv4 network, those messages could by encapsulated by GRE to solve the
transmission problems between different networks.
In following circumstances GRE tunnel transmission:

GRE tunnel could transmit multicast data packets as if it were a true network interface.
Single use of IPSec can not achieve the encryption of multicast.

A certain protocol adopted can not be routed.

A network of different IP address shall be required to connect other two similar networks.
GRE application example: combined with IPSec to protect multicast data
GRE can encapsulate and transmit multicast data in GRE tunnel, but IPSec, currently, could only
carry out encryption protection against unicast data. In case of multicast data requiring to be
transmitted in IPSec tunnel, a GRE tunnel could be established first for GRE encapsulation of
multicast data and then IPSec encryption of encapsulated message so as to achieve the
encryption transmission of multicast data in IPSec tunnel.
From navigation panel, select VPN/GRE, then enter “GRE” page, as shown in Figure 3‐80.
Figure 3‐80 GRE Settings
Page description is shown in Table 3‐49.
Table 3‐49 GRE Description
Parameters
Description
Default
Enable
Click to open
Open
Index
Set GRE tunnel name
None
Network Type
Select GRE network type
peer to
peer
Local Virtual IP
Set Local Virtual IP Address
None
Peer Virtual IP
Set Peer Virtual IP Address
None
Source Type
Select source type and set the according IP address or interface
IP
Local IP
Set Local IP Address
None
Peer IP
Set Peer IP Address
None
Key
Set the key of tunnel
None
MTU
Set the maximum transmission, unit in bytes
None
Enable NHRP
Next Hop Resolution Protocol, used to connect to
non‐broadcast multiple access (NBMA) formula subnetwork
source station (host or router) decided to reach "NBMA next
hop" internetworking layer address and NBMA subnetwork
between the destination station address.
Enable
Description
Add description
None
3.11.3 L2TP
L2TP, one of VPDN TPs, has expanded the applications of PPP, known as a very important VPN
technology for remote dial‐in user to access the network of enterprise headquarters.
L2TP, through dial‐up network (PSTN/ISDN), based on negotiation of PPP, could establish a tunnel
between enterprise branches and enterprise headquarters so that remote user has access to the
network of enterprise headquarters. PPPoE is applicable in L2TP. Through the connection of
Ethernet and Internet, a L2TP tunnel between remote mobile officers and enterprise
headquarters could be established.
L2TP‐Layer 2 Tunnel Protocol, encapsulates private data from user network at the head of L2 PPP.
No encryption mechanism is available, thus IPSes is required to ensure safety.
Main Purpose: branches in other places and employees on a business trip could access to
the network of enterprise headquarter through a virtual tunnel by public network remotely.
From navigation panel, select VPN/L2TP, then enter “L2TP Client” page, as shown in Figure 3‐81.
Figure 3‐81 L2TP Client
Page description is shown in Table 3‐50.
Table 3‐50 L2TP Client Description
Parameters
Description
Default
L2TP Class
Name
User difine L2TP Class Name
None
Authentication
Click Enable, peer authentication is required to network
connection when enable.
Disable
Host Name
Network connection to local host name, not to
configure.
None
Tunnel
Authentication key
When the tunnel must be configured to enable the
authentication, click authentication key, or you will not
need to configure.
None
Pseudowire Class
Name
User difine Pseudowire Class Name
None
L2TP Class
L2TP Class name
None
Source Interface
Seclect source interface name
cellular 1
L2TP Tunnel
Enable
Click to enable
Enable
Index
Automatic generated
L2TP Server
Set L2TP Server address
None
Pseudowire Class
Pseudowire Class name
None
Authentication Type
Select Authentication Type
Auto
Username
Peer Server username
None
Password
Peer Server password
None
Local IP Address
Set local IP address, or automatically allocated by peer
server.
None
Remote IP Address
Set remote IP addres, or not
None
3.11.4 OPENVPN
Single point participating in the establishment of VPN is allowed to carry out ID verification by
preset private key, third‐party certificate or username/password. OpenSSL encryption library and
SSLv3/TLSv1 protocol are massively used.
In OpenVpn, if a user needs to access to a remote virtual address (address family matching virtual
network card), then OS will send the data packet (TUN mode) or data frame (TAP mode) to the
visual network card through routing mechanism. Upon the reception, service program will
receive and process those data and send them out through outer net by SOCKET, owing to which,
the remote service program will receive those data and carry out processing, then send them to
the virtual network card, then application software receive and accomplish a complete
unidirectional transmission, vice versa.
From navigation panel, select VPN/OPENVPN, then enter “OPENVPN Client” page,as shown in
Figure 3‐82.
Figure 3‐82OPENVPN Client
Page description is shown in Table 3‐51.
Table 3‐51OPENVPNOPENVPN Client Description
Parameter
Description
Default
Enable
Click Enable
Enable
ID
Set channel ID
None
Server IP Address
Set peer server IP addresss
None
Port Number
Set peer server port number
1194
Authentication Type
Select and configure authentication type parameters
of type certification
User
name/Password
User name
Keep consistency with server
None
Password
Keep consistency with server
None
Channel description
user define channel description
None
Advanced Options
Source Port
Select source port name
None
Network Type
Select network type
net30
Port Type
Select data form issued from the interface. tun‐
packet, tap‐ data frame
tun
Protocol Type
Keep consistency with server protocol
udp
Advanced Options
Encryption
Algorithm
keep consistency with server
Default
LZO Compression
Click Enable
Off
None
Connection Testing
Set connecting testing time interval
Interval
None
Connection Testing
Set connecting testing overtime
Overtime
None
Expert
Set expert option: blank advisable
Configuration
Import configurations can be directly imported into the configured documents generated from
backend server and manual configuration of OPENVPN customer end parameter is in no need
after import.
3.11.5 Certificate Management
From navigation panel, select VPN/Certificate Management, then enter “Certificate
Management” page, as shown in Figure 3‐83.
Figure 3‐83 Certificate Management
Page description is shown in Table 3‐52.
Table 3‐52Certificate Management Description
Parameter
Description
Default
Forced to re‐apply
If the certificate has not expired, but need to reapply, click
forced to re‐apply, re‐configure the certificate request
parameter.
Disable
Request Status
successful application, "Request Status" shows:
Completion
Initiation
Certificate
Protection Key
Set certificate protection key
Certificate
Protection Key
Confirmation
Confirm certificate protection key
None
Server URL
Set certificate server IP
None
Certificate name
Set certificate name
None
FQDN
Set full domain name
None
Unit Name 1
Set unit name 1
None
Unit Name 2
Set unit name 2
None
Domain Name
Set domain name
None
Serial Number
Set application certificate serial number
None
Authentication
Password
Set authentication password
None
None
Authentication
Password
Confirmation
Confirm authentication password
Host IP
Set router address in the use of certificate application
None
RSA Key length
Set RSA key length
1024
Query Interval
Set query interval
60 sec
Query Timeout
Set query timeout
3600 sec
None
3.12 Configuration Wizard
After login the configuration page via Web, click “Connect Internet” to enter configuration page
below:
Figure 3‐12‐1Connect Internet
Page description:
Table 3‐12‐1Connect Internet Configuration Description
Parameters
Description
Default
Interface Type: 3G/LTE, ADSL, DHCP and Static IP Address
3G/LTE
APN
Provided by local operator
3gnet
Username
Provided by local operator
gprs
Password
Provided by local operator
gprs
Dialed Numbers
Provided by local operator
*99***1#
ADSL
Username
Provided by local operator
N/A
Password
Provided by local operator
N/A
No configuration for DHCP
Static IP Address
IP Address
User define
N/A
Subnet mask
User define
255.255.255.0
Gateway
User define
N/A
Primary DNS
User define
N/A
Secondary DNS
User define
N/A
Save the configuration and click  to enter “Cloud Platform” configuration page as
shown below:
Figure 3‐12‐2 Cloud Management Platform
Table 3‐12‐2 Cloud Management Platform Configuration Description
Parameters
Description
Default
Platform
Address
The address and port number of cloud
platform
rainbow.inhand.com.cn：80
Demo Mode
Click to enable
Disable
4. Application Scenarios
Place on a bus one Inhand IPortal3000 server, using WIFI wireless coverage inside the car, built
3G/4G module to access the Internet. Passengers’ smart phones, tablet and notebooks and other
intelligent terminal access to the WIFI hotspot, WIFUN1050 with Portal authentication method
push specified page to the mobile terminal, to provide information, downloads, entertainment
and other information services and Internet services. Information services available at the local
store WIFUN1050 enhance user access experience, synchronous update Center and local content
via 3G/4G.
Appendix 1 Troubleshooting
This manual describes only a simple router troubleshooting method, if still can not rule out, you
can get the service through Table 1‐1.
1) Cannot log on locally router through Web setting page?

use MS‐DOS Ping command to check the network connection
a. Ping 127.0.0.1 used to check the computer management TCP/IP protocol is installed.
b. Ping collection to FE interface IP address which directly connected to router, used to
check whether collection of management computer to router.

Number of users allowed to manage the router has reached the maximum (for up to four
users to simultaneously log), please try again later.

Please check the Web browser is set up a proxy server or dial‐up connection, if any, unset.

See above PC firewall settings are used to configure the router, whether shielding function.

Please check whether IE is equipped with third‐party plug‐ins (eg: 3721, IE partner, etc.) it is
recommended to configure after uninstalling.
2) WIFUN1050 is powered on, but can not access Internet?
Please check：

Whether the WIFUN1050 is inserted with a SIM card.

Whether the SIM card is enabled with data service, whether the service of the SIM card is
suspended because of an overdue charge.

Whether the dialup parameters, e.g. APN, dialup number, account, and password are
correctly configured.

Whether the IP Address of your computer is the same subnet with WIFUN1050 and the
gateway address is WIFUN1050 LAN address.
3) LAN users dropped cable, can not access the Internet?

Check switch cable collected to router, and WAN port network cable, if there is loosening.

Log into the router's Web setup page, check access control list, to check whether the IP
address of a segment is not allowed to access the Internet.
4) WIFUN1050 is powered on, have a ping to detect WIFUN1050 from your PC and find packet
loss?

Please check if the network crossover cable is in good condition.
5) Forget the setting after revising IP address and cannot configure WIFUN1050?
Method 1: connect WIFUN1050 with serial cable, configure it through console port.
Method 2: WIFUN1050 is powered on, press and hold RESET Reset button (until ERROR lights),
release the RESET button (ERROR lamp is off), press and hold the RESET button again (until the
ERROR indicator blinks), and you can restore the factory default settings.
After applying the above two methods, configure the WIFUN1050.
6) After WIFUN1050 is powered on, it frequently auto restarts. Why does this happen?
Please check:

Whether the module works normally.

Whether the WIFUN1050r is inserted with a SIM card.

Whether the SIM card is enabled with data service, whether the service of the SIM card is
suspended because of an overdue charge.

Whether the dialup parameters, e.g. APN, dialup number, account, and password are
correctly configured.

Whether the signal is normal.

Whether the power supply voltage is normal.
7) WIFUN1050 is powered on, but the Power LED is not on?
Please check:

Check the fuse is burned out.

Check supply voltage, and the polarity is connected correctly.
8) WIFUN1050 is powered on, connected to the PC, Why Ethernet port light is not on?
Please check:

Check the network cable is normal.

NIC characteristic on the PC is set to 10/100M, full duplex.
9) WIFUN1050 is powered on, when connected with PC, the Network LED is normal but
cannot have a ping detection to the WIFUN1050?
Check if the IP Address of the PC and WIFUN1050 are in the same network segment and
WIFUN1050 IP as gateway address.
10) WIFUN1050 dialup always fails, I cannot find out why?
Please restore WIFUN1050 to factory default settings and configure the parameters again.
Table 1‐1 Sales Service
Trouble
Description
Obtain service
Hardware
failure
For example: WIFUN1050 does not appear
normal power, did not plug the network cable
while Ethernet port light was lit and other
issues.
Please contact Inhand
Technicial Support Hotline
for help: 010‐64391099
Software
Prolem
For example: WIFUN1050 feature is unavailable,
abnormal or configuration advice.
Please contact Inhand
Technicial Support Hotline
for help: 010‐64391099
Appendix 2 Instruction of Command Line
Operating status LED:
POWER
STATUS
WARN
ERROR
The power
LED (red)
Status LED
(green)
Alarm LED
(yellow)
Error
LED(red)
on
on
on
off
Power status
on
blink
on
off
Power Success
on
blink
blink
off
Dialing
on
blink
off
off
Dialing Success
on
blink
blink
blink
Being upgraded
on
blink
on
blink
Reset Success
Description
Signal Status LED and Description:
Signal
Status
Green LED 1
Signal
Status
Green LED 2
Signal
Status
Green LED 3
off
off
off
Description
No signal was detected
1‐9 signal condition (in this case signal conditions
describe problems, please check the antenna is
on
off
off
installed intact, the signal situation in the region is
good)
10‐19 signal condition (in this case illustrate signal
on
on
off
status is normal, WIFUN1050 can be used normally)
20‐31 signal condition (in this case illustrate the
on
on
on
signal in good condition)
Ethernet Port Status LED and Description:
Green LED
Description
on
The network port is 100M, in a normal state, no data transmission
blink
The network port is 100M, in a normal state, in data transmission
off
No connection
MODEM LED and Description
MODEM Green LED
on
blink
Description
Already dialed
Not dailed
POWER LED and Description
POWER Red LED
Description
on
Nomal power connection
off
No power connection
WLAN LED and Description
WLAN Green LED
Description
on
WLAN on function
off
WLAN off function
FCC STATEMENT
1. This device complies with Part 15 of the FCC Rules. Operation is subject to the following two
conditions:
(1) This device may not cause harmful interference.
(2) This device must accept any interference received, including interference that may cause
undesired operation.
2. Changes or modifications not expressly approved by the party responsible for compliance
could void the user's authority to operate the equipment.
NOTE: This equipment has been tested and found to comply with the limits for a Class B digital
device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable
protection against harmful interference in a residential installation.
This equipment generates uses and can radiate radio frequency energy and, if not installed and
used in accordance with the instructions, may cause harmful interference to radio
communications. However, there is no guarantee that interference will not occur in a particular
installation. If this equipment does cause harmful interference to radio or television reception,
which can be determined by turning the equipment off and on, the user is encouraged to try to
correct the interference by one or more of the following measures:
Reorient or relocate the receiving antenna.
Increase the separation between the equipment and receiver.
Connect the equipment into an outlet on a circuit different from that to which the receiver is
connected.
Consult the dealer or an experienced radio/TV technician for help.
United Bus Technology
UBT (United Bus Technology), a silicon valley based high
tech company, is focusing on how to improve bus ride
experience, to generate more revenue for moto coach
operators, to provide better management for operators and
to maximize the value of coach line industry by the power of
Internet + technology. Our mission is to provide the best
internet + service to all moto coach operators with
cutting‐edge product lines that covers from daily bus
business operation to passengers’ riding experience.
United Bus Technology
778 Blanchard Way, Sunnyvale
CA, 94087‐3118
USA
T: +1 ‐408‐663‐4958
info@ubt.io
http://www.ubt.io/

---

Source Exif Data:

File Type                       : PDF
File Type Extension             : pdf
MIME Type                       : application/pdf
PDF Version                     : 1.5
Linearized                      : Yes
Author                          : Tina
Create Date                     : 2015:11:12 10:20:26+08:00
Modify Date                     : 2015:11:12 10:20:26+08:00
XMP Toolkit                     : Adobe XMP Core 4.2.1-c041 52.342996, 2008/05/07-20:48:00
Creator Tool                    : PScript5.dll Version 5.2.2
Format                          : application/pdf
Title                           : Microsoft Word - UBT
Creator                         : Tina
Producer                        : Acrobat Distiller 9.0.0 (Windows)
Document ID                     : uuid:9f98b92d-bf1c-43ce-b71b-e643f6072d76
Instance ID                     : uuid:af68e675-95a3-4261-b4f1-e80ee1b830ff
Page Count                      : 135

EXIF Metadata provided by EXIF.tools