User Guide for URSALINK models including: Lorawan Gateway

Ursalink

UG87UserGuide - Shopify

Quick Installation Guide for the Ursalink UG87industrialLoRaWANgateway. UG87UserGuide 3 ... - WEB GUI and CLI enable the admin to achieve quick configuration and simple ... Start a Web browser on your PC (Chrome and IE are recommended), type in the IP

ug87 user guide en

Revision History. Date. Doc Version. Description. July 13, 2019. V1.1. Initial version. Aug. 6, 2019. V1.2. Add New Feature: 1. Python Development.

Not Your Device? Search For Manuals / Datasheets:

File Info : application/pdf, 121 Pages, 8.85MB

Document
ug87 user guide en
UG87 User Guide
Preface
Thanks for choosing Ursalink UG87 industrial LoRaWAN gateway. The UG87 industrial LoRaWAN gateway delivers tenacious connection over network with full-featured design such as automated failover/failback, extended operating temperature, dual SIM cards, hardware watchdog, VPN, Gigabit Ethernet and beyond.
This guide shows you how to configure and operate the UG87 industrial LoRaWAN gateway. You can refer to it for detailed functionality and gateway configuration.

Readers
This guide is mainly intended for the following users: - Network Planners - On-site technical support and maintenance personnel - Network administrators responsible for network configuration and maintenance

© 2017 Xiamen Ursalink Technology Co., Ltd. All rights reserved.

All information in this user guide is protected by copyright law. Whereby, no organization or individual shall copy or reproduce the whole or part of this user guide by any means without written authorization from Xiamen Ursalink Technology Co., Ltd.

Products Covered This guide explains how to configure the following devices: · Ursalink UG87 LoRaWAN gateway

Related Documents Document Ursalink UG87 Datasheet
Ursalink UG87 Quick Start Guide

Description Datasheet for the Ursalink UG87 industrial LoRaWAN gateway.
Quick Installation Guide for the Ursalink UG87 industrial LoRaWAN gateway.

2

UG87 User Guide
Declaration of Conformity UG87 is in conformity with the essential requirements and other relevant provisions of the CE, FCC, and RoHS.

Revision History
Date July 13, 2019 Aug. 6, 2019

Doc Version V1.1 V1.2

Sep. 25, 2019

V1.3

Oct. 14, 2019

V1.4

Nov. 22, 2019 V1.5

May 12, 2020 V1.6

For assistance, please contact Ursalink technical support: Email: support@ursalink.com Tel.: 86-592-5023060 Fax: 86-592-5023065
Description Initial version Add New Feature: 1. Python Development 2. Send data to LoRaWAN nodes Add New Feature: Modbus RTU Data Transmission (Applicable for UC11-N1 and UC1152) Add New Feature: Support 16 LoRa channels Add New Feature: 1. Packet Forwarder with Multi-Destination 2. MQTT TLS certified mode 1. Delete LAN and VLAN configuration 2. Default IP change from 192.168.1.1 to 192.168.23.150 3. New Function: Add devices in bulk

3

UG87 User Guide
Contents
Chapter 1 Product Introduction......................................................................................................... 7 1.1 Overview............................................................................................................................... 7 1.2 Advantages............................................................................................................................7 1.3 Specifications........................................................................................................................ 8 1.4 Dimensions (mm)............................................................................................................... 10
Chapter 2 Access to Web GUI...........................................................................................................11 2.1 PC Configuration for Web GUI Access to gateway............................................................ 11 2.2 Access to Web GUI of gateway.......................................................................................... 12
Chapter 3 Web Configuration...........................................................................................................14 3.1 Status...................................................................................................................................14 3.1.1 Overview..................................................................................................................14 3.1.2 Packet Forwarder.................................................................................................... 14 3.1.3 Cellular..................................................................................................................... 16 3.1.4 Network................................................................................................................... 17 3.1.5 WLAN (Only Applicable to Wi-Fi Version).............................................................. 18 3.1.6 VPN...........................................................................................................................19 3.1.7 Host List....................................................................................................................20 3.2 LoRaWAN............................................................................................................................ 21 3.2.1 Packet Forwarder.................................................................................................... 22 3.2.1.1 General......................................................................................................... 22 3.2.1.3 Radios (Dual-module).................................................................................. 25 3.2.1.4 Advanced...................................................................................................... 27 3.2.1.5 Custom..........................................................................................................28 3.2.1.6 Traffic............................................................................................................ 29 3.2.2 Network Server........................................................................................................30 3.2.2.1 General......................................................................................................... 30 3.2.2.2 Application................................................................................................... 32 3.2.2.3 Profiles.......................................................................................................................... 33 3.2.2.4 Device........................................................................................................... 33 3.2.2.5 Packets.......................................................................................................... 34 3.3 Network.............................................................................................................................. 37 3.3.1 Interface...................................................................................................................37 3.3.1.1 Port............................................................................................................... 37 3.3.1.2 WLAN (Only Applicable to Wi-Fi Version)...................................................40 3.3.1.3 Cellular..........................................................................................................42 3.3.1.4 Loopback.......................................................................................................45 3.3.2 Firewall.....................................................................................................................46 3.3.2.1 Security......................................................................................................... 46 3.3.2.2 ACL................................................................................................................ 47 3.3.2.3 DMZ...............................................................................................................48 3.3.2.4 Port Mapping................................................................................................49 3.3.2.5 MAC Binding................................................................................................. 50
4

UG87 User Guide
3.3.3 QoS........................................................................................................................... 50 3.3.4 DHCP........................................................................................................................ 51
3.3.4.1 DHCP Server..................................................................................................51 3.3.4.2 DHCP Relay................................................................................................... 53 3.3.5 DDNS........................................................................................................................ 53 3.3.6 Link Failover.............................................................................................................54 3.3.6.1 SLA.................................................................................................................54 3.3.6.2 Track..............................................................................................................55 3.3.6.3 VRRP..............................................................................................................56 3.3.6.4 WAN Failover................................................................................................57 3.3.7 VPN...........................................................................................................................58 3.3.7.1 DMVPN......................................................................................................... 58 3.3.7.2 IPSec..............................................................................................................60 3.3.7.3 GRE................................................................................................................62 3.3.7.4 L2TP...............................................................................................................63 3.3.7.5 PPTP.............................................................................................................. 65 3.3.7.6 OpenVPN Client............................................................................................67 3.3.7.7 OpenVPN Server...........................................................................................68 3.3.7.8 Certifications................................................................................................ 70 3.4 System................................................................................................................................. 72 3.4.1 General Settings...................................................................................................... 72 3.4.1.1 General......................................................................................................... 72 3.4.1.2 System Time................................................................................................. 73 3.4.1.3 SMTP............................................................................................................. 75 3.4.1.4 Phone............................................................................................................75 3.4.1.5 Email............................................................................................................. 76 3.4.2 User Management...................................................................................................77 3.4.2.1 Account......................................................................................................... 77 3.4.2.2 User Management........................................................................................78 3.4.3 SNMP........................................................................................................................79 3.4.3.1 SNMP............................................................................................................ 79 3.4.3.2 MIB View...................................................................................................... 80 3.4.3.3 VACM............................................................................................................ 80 3.4.3.4 Trap............................................................................................................... 81 3.4.3.5 MIB................................................................................................................82 3.4.4 AAA.......................................................................................................................... 82 3.4.4.1 RADIUS..........................................................................................................82 3.4.4.2 TACACS+........................................................................................................83 3.4.4.3 LDAP..............................................................................................................83 3.4.4.4 Authentication..............................................................................................84 3.4.5 Device Management............................................................................................... 85 3.4.6 Events.......................................................................................................................86 3.4.6.1 Events............................................................................................................86 3.4.6.2 Events Settings............................................................................................. 87
5

UG87 User Guide
3.5 Maintenance.......................................................................................................................88 3.5.1 Tools......................................................................................................................... 88 3.5.1.1 Ping............................................................................................................... 88 3.5.1.2 Traceroute.....................................................................................................88 3.5.2 Schedule...................................................................................................................89 3.5.3 Log............................................................................................................................ 89 3.5.3.1 System Log....................................................................................................90 3.5.3.2 Log Settings...................................................................................................90 3.5.4 Upgrade....................................................................................................................91 3.5.5 Backup and Restore.................................................................................................92 3.5.6 Reboot......................................................................................................................93
3.6 APP...................................................................................................................................... 93 3.6.1 Python......................................................................................................................93 3.6.1.1 Python...........................................................................................................94 3.6.1.2 App Manager Configuration........................................................................ 94 3.6.1.3 Python App...................................................................................................95
Chapter 4 Application Examples...................................................................................................... 96 4.1 Packet Forwarder Configuration........................................................................................ 96 4.2 Application Configuration.................................................................................................. 97 4.3 Device Profiles Configuration.......................................................................................... 101 4.4 Device Configuration........................................................................................................ 104 4.5 Send Data to Device......................................................................................................... 108 4.6 Restore Factory Defaults.................................................................................................. 112 4.6.1 Via Web Interface..................................................................................................112 4.6.2 Via Hardware......................................................................................................... 113 4.7 Firmware Upgrade............................................................................................................114 4.8 Cellular Connection.......................................................................................................... 115 4.9 Dual SIM Backup Application Example............................................................................117 4.10 Wi-Fi Application Example............................................................................................. 119 4.10.1 AP Mode.............................................................................................................. 119 4.10.2 Client Mode......................................................................................................... 120
6

UG87 User Guide
Chapter 1 Product Introduction
1.1 Overview Ursalink UG87 is an industrial LoRaWAN gateway with embedded intelligent software features designed for multifarious M2M/IoT applications. Options like cellular network or Wi-Fi provide drop-in connectivity for operators and make a giant leap in maximizing uptime. Adopting high-performance industrial platform of 64-bit CPU and wireless module, the UG87 enables you to scale up M2M application combining data within limited time and budget. The UG87 is particularly ideal for smart city, smart agriculture, building automation, digital factory, environment protection, water conservancy and so on.
Figure 1-1
1.2 Advantages Benefits - Built-in industrial CPU and big memory; - Ethernet, 2.4GHz/5GHz Wi-Fi and global 2G/3G/LTE options make it easy to get
connected - Embedded network server and compliant with several third party network servers - MQTT, HTTP or HTTPS protocol for data transmission to application server - Embedded GPS module for high-precision time synchronization - Rugged enclosure, optimized for wall or pole mounting - 3-year warranty included Security & Reliability - Automated failover/failback between Ethernet and Cellular (dual SIM) - Enable unit with security frameworks like IPsec/OpenVPN/GRE/L2TP/PPTP/ DMVPN - Embedded hardware watchdog to automatically recover from various failure and ensure
highest level of availability
7

UG87 User Guide
- Establish a secured mechanism on centralized authentication and features authorization of device access by supporting AAA (TACACS+, RADIUS, LDAP, local authentication) and multiple levels of user authority
Easy Maintenance - Ursalink DeviceHub provides easy setup, mass configuration, and centralized
management of remote devices - The user-friendly web interface design and various upgrading options help administrator
to manage the device as easy as pie - WEB GUI and CLI enable the admin to achieve quick configuration and simple
management among a large quantity of devices - Users can efficiently manage the remote devices on the existing platform through the
industrial standard SNMP
Capabilities - Link remote devices in an environment where communication technologies are
constantly changing - Industrial 64-bit ARM Cortex-A53 processor, high-performance operating up to 800MHz
with low power consumption, and 512 MB memory available to support more applications - Support wide operating temperature ranging from -40°C to 70°C/-40°F to 158°F

1.3 Specifications Hardware System CPU Memory Storage LoRaWAN Connectors
Channel Frequency Band
Sensitivity Output Power

800MHz, 64-bit ARM Cortex-A53 8 GB Flash, 512 MB DDR3 RAM 1 × M.2 slot supports SATA M.2 SSD
1 × 50  N-Type (Center pin: Female) for 8-channel model 2 × 50  N-Type (Center pin: Female) for 16-channel model 8 or 16 Supports EU 863-870, US 902-928, EU 433, AU 915-928, CN 470-510 IN865 and KR 920-923 Band -140dBm Sensitivity @292bps 27dBm Max
8

UG87 User Guide

Protocol

V1.0 Class A/Class C and V1.0.2 Class A/Class C

Ethernet

Ports

1 × RJ-45 (PoE PD)

Physical Layer

10/100/1000 Base-T (IEEE 802.3)

Data Rate

10/100/1000 Mbps (auto-sensing)

Interface

Auto MDI/MDIX

Mode

Full or half duplex (auto-sensing)

Cellular Interfaces (Optional)

Connectors

1 × 50  N-Type (Center pin: Female)

SIM Slots

2

Wi-Fi Interfaces (Optional)

Connectors

1 × 50  N-Type (Center PIN: Female)

Standards

IEEE 802.11 b/g/n/ac

Tx Power

802.11b: 16 dBm +/-1.5 dBm (11 Mbps)

802.11g: 15 dBm +/-1.5 dBm (54 Mbps)

802.11n@2.4 GHz: 14 dBm +/-1.5 dBm (MCS7) 802.11n@5

GHz: 11 dBm +/-2 dBm (MCS7) 802.11ac@5 GHz: 10 dBm

+/-2 dBm (MCS9)

GPS Connectors

1 × 50  N-Type (Center PIN: Female)

Software

Network Protocols

PPP, PPPoE, SNMP v1/v2c/v3, TCP, UDP, DHCP, DDNS, VRRP,

HTTP, HTTPS, DNS, SNTP, Telnet, SSH, MQTT, etc.

VPN Tunnel

DMVPN/IPsec/OpenVPN/PPTP/L2TP/GRE

Access Authentication

CHAP/PAP/MS-CHAP/MS-CHAPV2

Firewall

ACL/DMZ/Port Mapping/MAC Binding

Management

Web, CLI, SMS, On-demand dial up

Reliability

VRRP, Dual SIM Backup

Power Supply and Consumption

Connector

1 × 802.3af/at PoE input

Consumption

Typical 4.9W, Max 6.5 W (8 channels)

Physical Characteristics

Typical 6 W, Max 8.2 W (16 channels)

Ingress Protection

IP67

9

UG87 User Guide

Dimensions Mounting Others Reset Button LED Indicators Built-in Certifications Environmental Operating Temperature
Storage Temperature Ethernet Isolation Relative Humidity

256 x 226 x 90.5 mm Wall or Pole Mounting
1 × RST 1 × PWR, 1 × SYS, 1 x L1 , 1 × L2 Watchdog, RTC, Timer RoHS, CE, FCC
-40°C to +70°C (-40°F to +158°F) Reduced cellular performance above 60°C -40°C to +85°C (-40°F to +185°F) 1.5 kV RMS 0% to 95% (non-condensing) at 25°C/77°F

1.4 Dimensions (mm)

10

UG87 User Guide
Chapter 2 Access to Web GUI
This chapter explains how to access to Web GUI of the UG87. 2.1 PC Configuration for Web GUI Access to gateway Please connect PC to GE port of UG87 directly. PC can obtain an IP address, or you can configure a static IP address manually. The following steps are based on Windows 10 operating system for your reference. The following steps are based on Windows 10 operating system for your reference.

Click "Search Box" to search "Control Panel" on the Windows 10 taskbar.

 Click "Control Panel" to open it, and then click "View network status and tasks".

 Click "Ethernet" (May have different name).

 Click "Properties".

11

UG87 User Guide

 Double Click "Internet Protocol Version 4 (TCP/IPv4)" to configure IP address and DNS server.
(Note: remember to click "OK" to finish configuration.)

 Click "Use the following IP address" to assign a static IP manually within the same subnet of the gateway.

2.2 Access to Web GUI of gateway Ursalink gateway provides Web-based configuration interface for management. If this is the first time you configure the gateway, please use the default settings below. Username: admin Password: password IP Address: 192.168.23.150 DHCP Server: Enabled

1. Start a Web browser on your PC (Chrome and IE are recommended), type in the IP address, and press Enter on your keyboard.
2. Enter the username, password, and click "Login".

12

UG87 User Guide
If the SIM card is connected to cellular network with public IP address, you can access WEB GUI remotely via the public IP address when remote access is enabled.
If you enter the username or password incorrectly more than 5 times, the login page will be locked for 10 minutes. 3. When you login with the default username and password, you will be asked to modify the password. It's suggested that you change the password for the sake of security. Click "Cancel" button if you want to modify it later.
4. After you login the Web GUI, you can view system information and perform configuration on the gateway.
13

Chapter 3 Web Configuration
3.1 Status 3.1.1 Overview You can view the system information of the gateway on this page.

UG87 User Guide

Item Model Serial Number Firmware Version Hardware Version Local Time
Uptime
CPU Load RAM (Capacity/Available) Flash (Capacity/Available) eMMC (Capacity/Available)

Figure 3-1-1-1
System Information Description Show the model name of gateway. Show the serial number of gateway. Show the currently firmware version of gateway. Show the currently hardware version of gateway. Show the currently local time of system. Show the information on how long the gateway has been running. Show the current CPU utilization of the gateway. Show the RAM capacity and the available RAM memory. Show the Flash capacity and the available Flash memory. Show the eMMC capacity and the available eMMC memory.
Table 3-1-1-1 System Information

3.1.2 Packet Forwarder You can view the LoRaWAN status of gateway on this page.

14

UG87 User Guide

Figure 3-1-2-1

Packet Forwarder Status Item Mode Version Status Gateway ID Region Code Server Address Packet Received
Packets received State
Packets forwarded Push Data Datagrams Sent
Push Data Acknowledged
Pull Data Sent

Description Show the working mode of LoRaWAN. Show the version of packet forwarder software. Show the status of packet forwarder. Value include Running, Disabled. Show the ID of the gateway. Show the LoRa region code which is based on the gateway's variant.. Show the IP address of remote LoRaWAN network server. Show the count of data packet from node to gateway. Show the RF packets receiving state:
CRC_OK: Percentage of CRC verification CRC_Fail: Percentage of CRC verification failure NO_CRC: Percentage of abnormal packets without CRC Packets that CRC verified are sent from gateway to server. The total quantity of packets sent from gateway to server, including the RF packets forwarded and statistics packets. Percentage of acknowledged packets among Push Data Datagrams Sent. Show the number of keepalive packets sent to the server, and

15

UG87 User Guide

Pull Resp Datagrams Received RF Packets Sent to node
RF Packets Sent Errors

percentage of acknowledged packet regarding the keepalive packet from the server. Show the packet counts and size that will be sent from server to gateway. Show the RF packet counts and size that will be sent from gateway to node. Show the RF packet counts that fail to be sent from server to node.

Table 3-1-2-1 LoRaWAN Status

3.1.3 Cellular

You can view the cellular network status of gateway on this page.

Figure 3-1-3-1

Modem Information

Item

Description

Status

Show corresponding detection status of module and SIM card.

Model

Show the model name of cellular module.

Current SIM

Show the current SIM card used.

Signal Level

Show the cellular signal level.

Register Status

Show the registration status of SIM card.

IMSI

Show IMSI of the SIM card.

ICCID

Show ICCID of the SIM card.

ISP

Show the network provider which the SIM card registers on.

Network Type

Show the connected network type, such as LTE, 3G, etc.

16

PLMN ID LAC Cell ID IMEI

UG87 User Guide
Show the current PLMN ID, including MCC, MNC, LAC and Cell ID. Show the location area code of the SIM card. Show the Cell ID of the SIM card location. Show the IMEI of the module.
Table 3-1-3-1 Modem Information

Network Status Item Status IP Address Netmask Gateway DNS
Connection Duration

Figure 3-1-3-2
Description Show the connection status of cellular network. Show the IP address of cellular network. Show the netmask of cellular network. Show the gateway of cellular network. Show the DNS of cellular network. Show information on how long the cellular network has been connected.
Table 3-1-3-2 Network Status

3.1.4 Network On this page you can check the Ethernet port status of the gateway.

Network Item Port

Figure 3-1-4-1
Description Show the name of WAN port.

17

UG87 User Guide

Status
Type IP Address Netmask Gateway DNS
Duration

Show the status of WAN port. "Up" refers to a status that WAN is enabled and Ethernet cable is connected. "Down" means Ethernet cable is disconnected or WAN function is disabled. Show the dial-up type of WAN port. Show the IP address of WAN port. Show the netmask of WAN port. Show the gateway of WAN port. Show the DNS of WAN port. Show the information about how long the Ethernet cable has been connected to WAN port when WAN function is enabled. Once WAN function is disabled or Ethernet cable is disconnected, the duration will stop.

Table 3-1-4-1 WAN Status

3.1.5 WLAN (Only Applicable to Wi-Fi Version)

You can check Wi-Fi status on this page, including the information of access point and client.

WLAN Status Item Wireless Status MAC Address Interface Type SSID Channel Encryption Type Status IP Address

Figure 3-1-5-1
Description Show the wireless status. Show the MAC address. Show the interface type, such as "AP" or "Client". Show the SSID. Show the wireless channel. Show the encryption type. Show the connection status. Show the IP address of the gateway.

18

Netmask Gateway
Connection Duration

UG87 User Guide
Show the wireless MAC address of the gateway. Show the gateway address in wireless network. Show information on how long the Wi-Fi network has been connected.
Table 3-1-5-1 WLAN Status

Figure 3-1-5-2

Associated Stations Item IP Address MAC Address
Connection Duration

Description Show the IP address of access point or client. Show the MAC address of the access point or client. Show information on how long the Wi-Fi network has been connected.

Table 3-1-5-2 WLAN Status

3.1.6 VPN

You can check VPN status on this page, including PPTP, L2TP, IPsec, OpenVPN and DMVPN.

Figure 3-1-6-1
19

UG87 User Guide

Figure 3-1-6-2

VPN Status Item Name Status Local IP Remote IP

Figure 3-1-6-3
Description Show the name of the VPN tunnel. Show the status of the VPN tunnel. Show the local tunnel IP of VPN tunnel. Show the remote tunnel IP of VPN tunnel.
Table 3-1-6-1 VPN Status

3.1.7 Host List You can view the host information on this page.

20

UG87 User Guide

Host List Item DHCP Leases IP Address MAC Address Lease Time Remaining MAC Binding
IP & MAC

Figure 3-1-7-1
Description
Show IP address of DHCP client Show MAC address of DHCP client Show the remaining lease time of DHCP client.
Show the IP address and MAC address set in the Static IP list of DHCP service.
Table 3-1-7-1 Host List Description

3.2 LoRaWAN

21

3.2.1 Packet Forwarder 3.2.1.1 General

UG87 User Guide

Figure 3-2-1-1

General Settings Item Gateway EUI Gateway ID
Frequency-Sync
Multi-Destination

Description
Show the identifier of the gateway.
Fill in the corresponding ID which you've used for register gateway on the remote network server, such as TTN. It is usually the same as gateway EUI and can be changed. Disable: Disable sync frequency configurations from network server, the gateway will use local configurations.
Network Server ID: Sync frequency configurations from network server by selecting the corresponding ID. The gateway will forward the data to the network server address that was created and enabled in the list.

Default Generated from MAC address of the gateway and cannot be changed. The default is the same as gateway EUI.
Disable
Local host

Table 3-2-1-1 General Setting Parameters

Related Configuration Example

Packet fowarder configuration

22

3.2.1.2 Radios

UG87 User Guide

Figure 3-2-1-2

Radios-Radio Channel Setting

Item

Description

Choose the LoRaWAN frequency plan used for

Supported

the upstream and downlink frequencies and

Frequency

datarates. Available channel plans depend on the

gateway's variant.

Name

Show the name of central frequency.

Center Frequency

Enter the central frequency of Radio 0 which supports transmitting and receiving packet. Enter the center frequency of Radio 1 which only supports receiving packet from nodes.

Default The default frequency is set based on the gateway's variant.
The default is based on what is specified in the LoRaWAN regional parameters document.

Table 3-2-1-2 Radio Channels Setting Parameters

Figure 3-2-1-3

Radios-Multi Channel Setting

Item

Description

Enable

Click to enable this channel to transmit packets.

Index

Indicate the ordinal of the list.

Radio

Choose Radio 0 or Radio 1 as center frequency.

Frequency/MHz

Enter the frequency of this channel. Range: center frequency±0.9.

Table 3-2-1-3 Multi Channel Setting Parameters

Default Enabled
Radio 0 The default frequency is set based on the supported frequency you have selected.

23

UG87 User Guide

Figure 3-2-1-4

Radios-LoRa Channel Setting

Item

Description

Enable

Click to enable this channel to transmit packets.

Radio

Choose Radio 0 or Radio 1 as center frequency.

Frequency/MHz

Enter the frequency of this channel. Range: center frequency±0.9.

Bandwidth/MHz

Enter the bandwidth of this channel. Recommended value: 125KHz, 250KHz, 500KHz

Spread Factor

Choose the selectable spreading factor. The channel with large spreading factor corresponds to a low rate, while the small one corresponds to a high rate.

Default Enabled Radio 0 The default frequency is set based on the supported frequency you have selected.
125KHz
The default is based on what is specified in the LoRaWAN regional parameters document.

Table 3-2-1-4 LoRa Channel Setting Parameters

Figure 3-2-1-5

Radios-FSK Channel Setting

Item

Description

Enable

Click to enable this channel to transmit packets.

Radio

Choose Radio 0 or Radio 1 as center frequency.

Frequency/MHz

Enter the frequency of this channel. Range: center frequency±0.9.

Bandwidth/MHz Data Rate

Enter the bandwidth of this channel. Recommended value: 125KHz, 250KHz, 500KHz Enter the data rate. Range500-25000.
Table 3-2-1-5 FSK Channel Setting Parameters

Default Disabled Radio 0 The default frequency is set based on the supported frequency you have selected.
500KHz
500

24

3.2.1.3 Radios (Dual-module)

UG87 User Guide

Figure 3-2-1-6

Radios-Radio Channel Setting (Dual-module)

Item

Description

Choose the LoRaWAN frequency plan used for

Supported

the upstream and downlink frequencies and

Frequency

datarates. Available channel plans depend on the

gateway's variant.

Name

Show the name of central frequency.

Center Frequency

Enter the central frequency of Radio 0 which supports transmitting and receiving packet. Enter the center frequency of Radio 1 which only supports receiving packet from nodes.

Default The default frequency is set based on the gateway's variant.
The default is based on what is specified in the LoRaWAN regional parameters document.

Table 3-2-1-6 Radio Channels Setting Parameters (Dual-module)

Figure 3-2-1-7

Radios-Multi Channel Setting (Dual-module)

Item

Description

Enable

Click to enable this channel to transmit packets.

Index

Indicate the ordinal of the list.

Radio

Choose Radio 0, Radio 1, Radio 2 or Radio 3 as

Default Enabled Null Radio 0

25

UG87 User Guide

Frequency/MHz

center frequency.
Enter the frequency of this channel. Range: center frequency±0.9.

The default frequency is set based on the supported frequency you have selected.

Table 3-2-1-7 Multi Channel Setting Parameters (Dual-module)

Figure 3-2-1-8

Radios-LoRa Channel Setting

Item

Description

Enable

Click to enable this channel to transmit packets.

Radio

Choose Radio 0, Radio 1, Radio 2 or Radio 3 as center frequency.

Frequency/MHz

Enter the frequency of this channel. Range: center frequency±0.9.

Bandwidth/MHz

Enter the bandwidth of this channel. Recommended value: 125KHz, 250KHz, 500KHz

Spread Factor

Choose the selectable spreading factor. The channel with large spreading factor corresponds to a low rate, while the small one corresponds to a high rate.

Default Enabled
Radio 0
The default frequency is set based on the supported frequency you have selected.
125KHz
The default is based on what is specified in the LoRaWAN regional parameters document.

Table 3-2-1-8 LoRa Channel Setting Parameters

Figure 3-2-1-9

Radios-FSK Channel Setting

Item

Description

Enable

Click to enable this channel to transmit packets.

Radio

Choose Radio 0, Radio 1, Radio 2 or Radio 3 as

Default Disabled Radio 0

26

UG87 User Guide

Frequency/MHz
Bandwidth/MHz Data Rate 3.2.1.4 Advanced

center frequency.
Enter the frequency of this channel. Range: center frequency±0.9.
Enter the bandwidth of this channel. Recommended value: 125KHz, 250KHz, 500KHz Enter the data rate. Range500-25000.
Table 3-2-1-9 FSK Channel Setting Parameters

The default frequency is set based on the supported frequency you have selected.
500KHz
500

Figure 3-2-1-10

Advanced Item Keep Alive Interval
Stat Interval
Push Timeout

Description Enter the interval of keepalive packet which is sent from gateway to LoRaWAN network server to keep the connection stable and alive. Range: 1-3600. Enter the interval to update the network server with gateway statistics. Range: 1-3600. Enter the timeout to wait for the response from server after the gateway sends data of node. Rang: 1-3600.

Default 10 30 100

27

UG87 User Guide

Forward CRC Disabled Forward CRC Error Forward CRC Valid
Network Mode

Enable to send packets received with CRC disabled to the network server. Enable to send packets received with CRC errors to the network server. Enable to send packets received with CRC valid to the network server. select from "Public LoRaWAN", "Private LoRaWAN". Public LoRaWAN: telecom/operator managed networks, connect multiple applications (multi-tenant) into a single network.

Disabled. Disabled. Enabled
Public LoRaWAN

Private LoRaWAN: individually managed networks, Network deployed for single application purpose.
Table 3-2-1-10 Advanced Parameters

3.2.1.5 Custom

Figure 3-2-1-11
When Custom Configuration mode is enabled, you can write your own packet forwarder configuration file in the edit box to configure packet forwarder. Click "Save" to save your custom configuration file content, and click "Apply" to take effect. You can click "Clear" to erase all content in the edit box. If you don't know how to write configuration file, please click "Example" to go to reference page.
28

UG87 User Guide
3.2.1.6 Traffic When navigating to the traffic page, any recent traffic received by the gateway will display. To watch live traffic, click Start.

Item Refresh Clear Rfch Direction Time Ticks Frequency Datarate Coderate RSSI SNR

Figure 3-2-1-12
Description Click to obtain the latest data. Click to clear all data. Show the channel of this packet. Show the direction of this packet. Show the receiving time of this packet. Show the ticks of this packet. Show the frequency of the channel. Show the datarate of the channel. Show the coderate of this packet. Show the received signal strength. Show the signal to noise ratio of this packet.
Table 3-2-1-11 Traffic Parameters

29

3.2.2 Network Server 3.2.2.1 General

UG87 User Guide

Item General Setting Enable Ursalink Cloud NetID
Join Delay
RX1 Delay
Lease Time

Description

Figure 3-2-2-1

Default

Click to enable Network Server mode. Enabled to connect gateway to Ursalink Cloud. Enter the network identifier. Enter the interval time between when the end-device sends a Join_request_message to network server and when the end-device prepares to open RX1 to receive the Join_accept_message sent from network server. Enter the interval time between when the end-device sends uplink packets and when the end-device prepares to open RX1 to receive the downlink packet. Enter the amount of time till a successful join

Enable Disable 01023
5
1 "744-00-00"

30

UG87 User Guide

expires. The format is hours-minutes-seconds. If

the join-type is OTAA, then the end-devices need

to join the network server again when it exceeds

the lease time.

Log level

Choose the log level.

Channel Plan Setting

Choose LoRaWAN channel plan used for the

Channel Plan

upstream and downlink frequencies and datarates. Available channel plans depend on

the gateway's variant.

Enabled frequencies are controlled using

channel mask.

Leave it blank means using the default

standard usable channels specified in the

LoRaWAN regional parameters document.

Channel Mask

A bit in the ChMask field set to 1 means that the corresponding channel can be used for uplink transmissions if this channel allows the data rate currently used by the end-device.

A bit set to 0 means the corresponding channels should be avoided.

Info
Depend on the gateway's variant.
Null. Null means using the default standard usable channels specified in the LoRaWAN regional parameters document.

US 915 and AU 915 have a 80-bit channel mask for 72 usable channels and EU, AS, IN, KR frequencies have a 16-bit mask for 16 usable channels.
Table 3-2-2-1 General Parameters
Note: For some regional variants, if allowed by your LoRaWAN region, you can use Additional Plan to configure additional channels undefined by the LoRaWAN Regional Parameters, like
EU868 and KR920, as the following picture shows:

Figure 3-2-2-2

Additional Channels

Item

Description

Frequency/MHz Enter the frequency of the additional plan.

Max Datarate

Enter the max datarate for the end-device. The range is based on what is specified in the

Default Null.
DR0(SF12,125kHz)

31

Min Datarate

UG87 User Guide

LoRaWAN regional parameters document. Enter the min datarate for the end-device. The range is based on what is specified in the LoRaWAN regional parameters document.

DR3(SF9,125kHz)

Table 3-2-2-2 Additional Plan Parameters

3.2.2.2 Application
Devices can communicate with applications that they've been registered. To register a device, you'll first need to create an application (define the method you want to decode the data sent from end-device ) and a device profile (define the join-type and LoRaWAN classes). You don't have to create new application profile and device profile when you add a new device which its "Payload Codec", "Join Type", "Class Type" are the same with existing device. You can just choose the corresponding profiles. You can see the information about the application you have created in this page.

Item ID Name Description
Payload Codec

Figure 3-2-2-3
Description Show the ID of the application profile already created. Show the name of the application profile already created. Show the description of the application profile already created. Show the payload codec of the application profile already created.
Table 3-2-2-3 Application Parameters

You can edit the application by clicking

or create a new application by clicking .

Figure 3-2-2-4
The data will be sent to your custom server address using the MQTT, HTTP or HTTPS protocol.
Related Configuration Example Application configuration
32

UG87 User Guide
3.2.2.3 Profiles You can view the information about the device profiles which you have created in this page.

Item Name Max Tx power Join Type Class Type

Figure 3-2-2-5
Description Show the name of the device profile. Show the Tx power of the device profile. Show the join type of the device profile. Show the class type of the device profile.
Table 3-2-2-4 Device profiles setting Parameters

You can edit the device profile by clicking

or create a new device profile by clicking .

Related Configuration Example Device Profiles Advanced configuraion

3.2.2.4 Device

Item Add Bulk Import Delete All Device Name

Figure 3-2-2-6
Description Add a device. Download template and import multiple devices. Delete all devices in the list. Show the name of the device.
33

Device EUI Device-Profile Application Last Seen
Activated
Operation

UG87 User Guide

Show the EUI of the device. Show the name of the device's device profile. Show the name of the device's application. Show the time of last packet received.

Show the status of the device .

means that the device has

been activated. Edit or delete the device.
Table 3-2-2-5 Device Parameters

Related Configuration Example Device configuration

3.2.2.5 Packets

Figure 3-2-2-7

Send Data To Device

Item

Description

Device EUI

Enter the EUI of the device to receive the payload.

Type

Choose from: "ASCII", "hex", "base64". Choose the payload type to enter in the payload Input box.

Payload Fport

Enter the message to be sent to this device. Enter the LoRaWAN frame port for packet transmission

Default Null
ASCII Null Null

34

Confirmed

UG87 User Guide

between device and Network Server. After enabled, the end device will receive downlink packet and should answer "confirmed" to the network server.

Disabled

Network Server Item Device EUI Frequency Datarate SNR RSSI Size Fcnt
Type
Time

Description Show the EUI of the device. Show the used frequency to transmit packets. Show the used datarate to transmit packets. Show the signal-noise ratio. Show the received signal strength indicator. Show the size of payload. Show the frame counter. Show the type of the packet: JnAcc - Join Accept Packet JnReq - Join Request Packet UpUnc - Uplink Unconfirmed Packet UpCnf - Uplink Confirmed Packet - ACK response from network requested DnUnc - Downlink Unconfirmed Packet DnCnf - Downlink Confirmed Packet- ACK response from end-device requested Show the time of packet was sent or received.
Table 3-2-2-6 Packet Parameters

Click

to get more details about the packet. As shown:

35

Figure 3-2-2-8

UG87 User Guide

Item Dev Addr GwEUI AppEUI DevEUI Immediately TimeSinceGPS Epoch Timestamp Frequency
Type
Adr
AdrAcKReq
Ack
Fcnt
FPort
Modulation Bandwidth SpreadFactor Bitrate

Description Show the address of the device. Show the EUI of the gateway. Show the EUI of the application. Show the EUI of the device. True: Device may transmit an explicit (possibly empty) acknowledgement data message immediately after the reception of a data message requiring a confirmation.
Show the GPS time.
Show the timestamp of this packet. Show the frequency of this channel. Show the type of the packet: JnAcc - Join Accept Packet JnReq - Join Request Packet UpUnc - Uplink Unconfirmed Packet UpCnf - Uplink Confirmed Packet - ACK response from network requested DnUnc - Downlink Unconfirmed Packet DnCnf - Downlink Confirmed Packet- ACK response from end-device requested True: The end-node has enabled ADR. False: The end-node has not enabled ADR. In order to validate that the network is receiving the uplink messages, nodes periodically transmit ADRACKReq message. This is 1 bit long. True:Network should respond in ADR_ACK_DELAY time to confirm that it is receiving the uplink messages False: Otherwise True: This frame is ACK. False: This frame is not ACK. Show the frame-counter of this packet.The network server tracks the uplink frame counter and generates the downlink counter for each end-device. FPort is a multiplexing port field. If the frame payload field is not empty, the port field must be present. If present, a FPort 16 value of 0 indicates that the FRMPayload contains MAC commands only.When this is the case, the FOptsLen field must be zero. FOptsLen is the length of the FOpts field in bytes. LoRa means the physical layer uses the LoRa modulation Show the bandwidth of this channel. Show the spreadFactor of this channel. Show the bitrate of this channel.

36

UG87 User Guide

CodeRate SNR RSSI Power Payload (b64) Payload (hex)
MIC

Show the coderate of this channel. Show the SNR of this channel. Show the RSSI of this channel. Show the transmit power of the device. Show the application payload of this packet. Show the application payload of this packet. Show the MIC of this packet.MIC is a cryptographic message integrity code, computed over the fields MHDR, FHDR, FPort and the encrypted FRMPayload.
Table 3-2-2-7 Packets Details Parameters

Related Topic

Send Data to Device

3.3 Network
3.3.1 Interface
3.3.1.1 Port The Ethernet port can be connected with Ethernet cable to get Internet access. It supports 3 connection types. - Static IP: configure IP address, netmask and gateway for Ethernet WAN interface. - DHCP Client: configure Ethernet WAN interface as DHCP Client to obtain IP address automatically. - PPPoE: configure Ethernet WAN interface as PPPoE Client.

Figure 3-3-1-1
37

UG87 User Guide

Port Setting Item Enable Port Connection Type MTU Primary DNS Server Secondary DNS Server
Enable NAT

Description Enable WAN function The port that is currently set as WAN port.

Default Enable GE 0

Select from "Static IP", "DHCP Client" and "PPPoE". Static IP

Set the maximum transmission unit.

1500

Set the primary DNS.

Null

Set the secondary DNS.
Enable or disable NAT function. When enabled, a private IP can be translated to a public IP.
Table 3-3-1-1 Port Parameters

Null Enable

1. Static IP Configuration If the external network assigns a fixed IP for the Ethernet port, user can select "Static IP" mode.

Static IP Item IP Address

Figure 3-3-1-2

Description

Default

Set the IP address which can access Internet. E.g. 192.168.1.2. 192.168.23.150

38

Netmask Gateway Multiple IP Address

Set the Netmask for Ethernet port. Set the gateway's IP address for Ethernet port. Set the multiple IP addresses for Ethernet port.
Table 3-3-1-2 Static IP Parameters

UG87 User Guide
255.255.255.0 192.168.23.1 Null

2. DHCP Client If the external network has DHCP server enabled and has assigned IP addresses to the Ethernet WAN interface, user can select "DHCP client" mode to obtain IP address automatically.

DHCP Client Item
Use Peer DNS

Figure 3-3-1-3
Description Obtain peer DNS automatically during PPP dialing. DNS is necessary when user visits domain name.
Table 3-3-1-3 DHCP Client Parameters

3. PPPoE PPPoE refers to a point to point protocol over Ethernet. User has to install a PPPoE client on the basis of original connection way. With PPPoE, remote access devices can get control of each user.

39

UG87 User Guide

PPPoE Item Username Password Link Detection Interval (s) Max Retries
Use Peer DNS

Figure 3-3-1-4
Description Enter the username provided by your Internet Service Provider (ISP). Enter the password provided by your Internet Service Provider (ISP).
Set the heartbeat interval for link detection. Range: 1-600.
Set the maximum retry times after it fails to dial up. Range: 0-9. Obtain peer DNS automatically during PPP dialing. DNS is necessary when user visits domain name.
Table 3-3-1-4 PPOE Parameters

3.3.1.2 WLAN (Only Applicable to Wi-Fi Version) This section explains how to set the related parameters for Wi-Fi network. UG87 supports 802.11 b/g/n/ac, as AP or client mode.

40

UG87 User Guide

WLAN Settings Item Enable Work Mode
Encryption Mode
BSSID SSID Client Mode Scan

Figure 3-2-1-5
Description Enable/disable WLAN. Select gateway's work mode. The options are "Client" or "AP". Select encryption mode. The options are "No Encryption", "WEP Open System" , "WEP Shared Key", "WPA-PSK", "WPA2-PSK" and "WPA-PSK/WPA2-PSK". Fill in the MAC address of the access point. Either SSID or BSSID can be filled to joint the network. Fill in the SSID of the access point.
Click "Scan" button to search the nearby access point.
41

UG87 User Guide

SSID Channel Signal BSSID Security Frequency Join Network AP Mode
SSID Broadcast
AP Isolation
Radio Type
Channel Cipher Key Bandwidth
Max Client Number
IP Setting Protocol IP Address Netmask Gateway

Show SSID. Show wireless channel. Show wireless signal. Show the MAC address of the access point. Show the encryption mode.
Show the frequency of radio.
Click the button to join the wireless network.
When SSID broadcast is disabled, other wireless devices can't not find the SSID, and users have to enter the SSID manually to access to the wireless network. When AP isolation is enabled, all users which access to the AP are isolated without communication with each other. Select Radio type. The options are "802.11b (2.4 GHz)", "802.11g (2.4 GHz)", "802.11n (2.4 GHz)", "802.11 n (5 GHz)" and "802.11 ac (5 GHz)". Select wireless channel. The options are "Auto", "1", "2"......"13". Select cipher. The options are "Auto", "AES", "TKIP" and "AES/TKIP". Fill the pre-shared key of WPA encryption. Select bandwidth. The options are "20MHz" and "40MHz". Set the maximum number of client to access when the gateway is configured as AP.
Set the IP address in wireless network. Set the IP address in wireless network. Set the netmask in wireless network. Set the gateway in wireless network.
Table 3-3-1-5 WLAN Parameters

Related Topic

Wi-Fi Application Example

3.3.1.3 Cellular This section explains how to set the related parameters for cellular network. The UG87 LoRaWAN gateway has two cellular interfaces, namely SIM1 and SIM2. Only one cellular interface is active at one time. If both cellular interfaces are enabled, then SIM1 interface takes precedence by default. A typical use case would be to have SIM1 configured as the primary cellular interface and SIM2 as a backup. If the UG87 cannot connect to the network via SIM1, it will automatically fail over to SIM2.
42

UG87 User Guide

Figure 3-3-1-6

Figure 3-3-1-7

General Settings Item Enable
Network Type
APN

Description Check the option to enable the corresponding SIM card. Select from "Auto", "4G Only", "3G Only" and "2G Only". Auto: connect to the network with the strongest signal automatically. 4G Only: connect to 4G network only. And so on. Enter the Access Point Name for cellular dial-up connection

Default Enable
Auto
Null

43

UG87 User Guide

Username
Password
Access Number
PIN Code Authentication Type Roaming
SMS Center
Enable NAT Restart When Dial-up failed ICMP Server Secondary ICMP Server PING Times
Packet Loss Rate

provided by local ISP.

Enter the username for cellular dial-up connection provided by local ISP.

Null

Enter the password for cellular dial-up connection provided by local ISP.

Null

Enter the dial-up center NO. For cellular dial-up connection provided by local ISP.

Null

Enter a 4-8 characters PIN code to unlock the SIM.

Null

Select from "Auto", "PAP", "CHAP", "MS-CHAP", and "MS-CHAPv2".

Auto

Enable or disable roaming.

Disable

Enter the local SMS center number for storing, forwarding, converting and delivering SMS message. Enable or disable NAT function. When this function is enabled, the gateway will restart automatically if the dial-up fails several times. Set the ICMP detection server's IP address.

Null Enable Disabled 8.8.8.8

Set the secondary ICMP detection server's IP address.

114.114.114.114

Set PING packet numbers in each ICMP detection.

5

Set packet loss rate in each ICMP detection. ICMP

detection fails when the preset packet loss rate is

20

exceeded.

Table 3-3-1-6 Cellular Parameters

Figure 3-3-1-8
44

UG87 User Guide

Item Connection Mode Connection Mode Connect on Demand
Triggered by Call
Call Group
Triggered by SMS

Description
Select from "Always Online" and "Connect on Demand". "Connect on Demand" includes "Triggered by Call", "Triggered by SMS", and "Triggered by IO". The gateway will switch from offline mode to cellular network mode automatically when it receives a call from the specific phone number. Select a call group for call trigger. Go to "System > General > Phone" to set up phone group. The gateway will switch from offline mode to cellular network mode automatically when it receives a specific SMS from the specific mobile phone.

SMS Group SMS Text
Triggered by IO
Dual SIM Strategy Current SIM Card Switch to backup SIM card when ICMP detection fails

Select a SMS group for trigger. Go to "System > General > Phone" to set up SMS group. Fill in the SMS content for triggering. The gateway will switch from offline mode to cellular network mode automatically when the DI status is changed. Go to "Industrial > I/O > DI" to configure trigger condition.
Select between "SIM1" and "SIM2" as a current SIM card used.
The gateway will switch to the backup SIM card when packet loss rate in IMCP detection exceeds the preset value.

Switch to backup SIM card when the connection fails Switch to backup SIM card when roaming is detected

The gateway will switch to the backup SIM card when the primary one fails to connect with cellular network.
The gateway will switch to the backup SIM card when the primary one is roaming.

Table 3-3-1-7 Cellular Parameters

Related Topics Cellular Connection Application Example Dual SIM Backup Application Example Phone Group

3.3.1.4 Loopback
Loopback interface is used for replacing gateway's ID as long as it is activated. When the interface is DOWN, the ID of the gateway has to be selected again which leads to long convergence time of OSPF. Therefore, Loopback interface is generally recommended as the ID of the gateway. Loopback interface is a logic and virtual interface on gateway. Under default conditions, there's no loopback interface on gateway, but it can be created as required.

45

UG87 User Guide

Loopback Item IP Address Netmask Multiple IP Addresses

Figure 3-3-1-9

Description Unalterable Unalterable Apart from the IP above, user can configure other IP addresses.
Table 3-3-1-8 Loopback Parameters

Default 127.0.0.1 255.0.0.0
Null

3.3.2 Firewall
This section describes how to set the firewall parameters, including website block, ACL, DMZ, Port Mapping and MAC Binding. The firewall implements corresponding control of data flow at entry direction (from Internet to local area network) and exit direction (from local area network to Internet) according to the content features of packets, such as protocol style, source/destination IP address, etc. It ensures that the gateway operate in a safe environment and host in local area network.
3.3.2.1 Security

46

Website Blocking URL Address
Keyword

UG87 User Guide
Figure 3-3-2-1
Enter the HTTP address which you want to block. You can block specific website by entering keyword. The maximum number of character allowed is 64.
Table 3-2-2-1 Security Parameters

3.3.2.2 ACL
Access control list, also called ACL, implements permission or prohibition of access for specified network traffic (such as the source IP address) by configuring a series of matching rules so as to filter the network interface traffic. When gateway receives packet, the field will be analyzed according to the ACL rule applied to the current interface. After the special packet is identified, the permission or prohibition of corresponding packet will be implemented according to preset strategy. The data package matching rules defined by ACL can also be used by other functions requiring flow distinction.

Item ACL Setting
Default Filter Policy
Access Control List

Figure 3-3-2-2
Description
Select from "Accept" and "Deny". The packets which are not included in the access control list will be processed by the default filter policy.

47

UG87 User Guide

Type ID Action Protocol Source IP Source Wildcard Mask Destination IP Destination Wildcard Mask Description ICMP Type ICMP Code Source Port Type Source Port Start Source Port End Source Port Destination Port Type Destination Port Start Destination Port End Destination Port More Details Interface List Interface In ACL Out ACL

Select type from "Extended" and "Standard". User-defined ACL number. Range: 1-199. Select from "Permit" and "Deny". Select protocol from "ip", "icmp", "tcp", "udp", and "1-255". Source network address (leaving it blank means all). Wildcard mask of the source network address. Destination network address (0.0.0.0 means all).
Wildcard mask of destination address.
Fill in a description for the groups with the same ID. Enter the type of ICMP packet. Range: 0-255. Enter the code of ICMP packet. Range: 0-255. Select source port type, such as specified port, port range, etc. Set source port number. Range: 1-65535. Set start source port number. Range: 1-65535. Set end source port number. Range: 1-65535. Select destination port type, such as specified port, port range, etc. Set destination port number. Range: 1-65535. Set start destination port number. Range: 1-65535. Set end destination port number. Range: 1-65535. Show information of the port.
Select network interface for access control. Select a rule for incoming traffic from ACL ID. Select a rule for outgoing traffic from ACL ID.
Table 3-3-2-2 ACL Parameters

3.3.2.3 DMZ DMZ is a host within the internal network that has all ports exposed, except those forwarded ports in port mapping.

Figure 3-3-2-3
48

DMZ Item Enable DMZ Host
Source Address

UG87 User Guide
Description Enable or disable DMZ. Enter the IP address of the DMZ host on the internal network. Set the source IP address which can access to DMZ host. "0.0.0.0/0" means any address.
Table 3-3-2-3 DMZ Parameters

3.3.2.4 Port Mapping Port mapping is an application of network address translation (NAT) that redirects a communication request from the combination of an address and port number to another while the packets are traversing a network gateway such as a gateway or firewall.
Click to add a new port mapping rules.

Figure 3-3-2-4

Port Mapping Item Source IP
Source Port
Destination IP
Destination Port Protocol Description

Description Specify the host or network which can access local IP address. 0.0.0.0/0 means all. Enter the TCP or UDP port from which incoming packets are forwarded. Range: 1-65535. Enter the IP address that packets are forwarded to after being received on the incoming interface. Enter the TCP or UDP port that packets are forwarded to after being received on the incoming port(s). Range: 1-65535. Select from "TCP" and "UDP" as your application required. The description of this rule.

Table 3-3-2-4 Port Mapping Parameters

Related Configuration Example

NAT Application Example

49

UG87 User Guide
3.3.2.5 MAC Binding MAC Binding is used for specifying hosts by matching MAC addresses and IP addresses that are in the list of allowed outer network access.

Figure 3-3-2-5

MAC Binding List

Item

Description

MAC Address Set the binding MAC address.

IP Address

Set the binding IP address.

Description

Fill in a description for convenience of recording the meaning of the binding rule for each piece of MAC-IP.

Table 3-3-2-5 MAC Binding Parameters

3.3.3 QoS

Quality of service (QoS) refers to traffic prioritization and resource reservation control mechanisms rather than the achieved service quality. QoS is engineered to provide different priority for different applications, users, data flows, or to guarantee a certain level of performance to a data flow.

Figure 3-3-3-1
50

UG87 User Guide

QoS Item Download/Upload Enable Default Class Download/Upload Bandwidth Capacity Service Classes Name Percent (%)
Max BW(kbps)
Min BW(kbps) Service Class Rules Item Name Source IP
Source Port
Destination IP
Destination Port
Protocol Service Class

Description
Enable or disable QoS. Select default class from Service Class list. The download/upload bandwidth capacity of the network that the gateway is connected with, in kbps. Range: 1-8000000.
Give the service class a descriptive name. The amount of bandwidth that this class should be guaranteed in percentage. Range: 0-100. The maximum bandwidth that this class is allowed to consume, in kbps. The value should be less than the "Download/Upload Bandwidth Capacity". The minimum bandwidth that can be guaranteed for the class, in kbps. The value should be less than the "MAX BW" value.
Description Give the rule a descriptive name. Source address of flow control (leaving it blank means any). Source port of flow control. Range: 0-65535 (leaving it blank means any). Destination address of flow control (leaving it blank means any). Destination port of flow control. Range: 0-65535 (leaving it blank means any). Select protocol from "ANY", "TCP", "UDP", "ICMP", and "GRE". Set service class for the rule.
Table 3-3-3-1 QoS (Download/Upload) Parameters

3.3.4 DHCP DHCP adopts Client/Server communication mode. The Client sends configuration request to the Server which feeds back corresponding configuration information and distributes IP address to the Client so as to achieve the dynamic configuration of IP address and other information.
3.3.4.1 DHCP Server The UG87 can be set as a DHCP server to distribute IP address when a host logs on and ensures each host is supplied with different IP addresses. DHCP Server has simplified some previous network management tasks requiring manual operations to the largest extent.
51

UG87 User Guide

DHCP Server Item Enable Interface Start Address
End Address
Netmask
Lease Time (Min) Primary DNS Server Secondary DNS Server
Windows Name Server
Static IP
MAC Address
IP Address

Figure 3-3-4-1
Description Enable or disable DHCP server. Select interface, e.g. GE. Define the beginning of the pool of IP addresses which will be leased to DHCP clients. Define the end of the pool of IP addresses which will be leased to DHCP clients. Define the subnet mask of IP address obtained by DHCP clients from DHCP server. Set the lease time on which the client can use the IP address obtained from DHCP server. Range: 1-10080.
Set the primary DNS server.
Set the secondary DNS server.
Define the Windows Internet Naming Service obtained by DHCP clients from DHCP sever. Generally you can leave it blank.
Set a static and specific MAC address for the DHCP client (it should be different from other MACs so as to avoid conflict). Set a static and specific IP address for the DHCP client (it should be outside of the DHCP range).
Table 3-3-4-1 DHCP Server Parameters

Default Enable WLAN0 192.168.1.100 192.168.1.199 255.255.255.0 1440 114.114.114.114 Null
Null
Null
Null

52

UG87 User Guide
3.3.4.2 DHCP Relay The UG87 can be set as DHCP Relay to provide a relay tunnel to solve the problem that DHCP Client and DHCP Server are not in the same subnet.

DHCP Relay Item Enable
DHCP Server

Figure 3-3-4-2
Description Enable or disable DHCP relay. Set DHCP server, up to 10 servers can be configured; separate them by blank space or ",".
Table 3-3-4-2 DHCP Relay Parameters

3.3.5 DDNS
Dynamic DNS (DDNS) is a method that automatically updates a name server in the Domain Name System, which allows user to alias a dynamic IP address to a static domain name. DDNS serves as a client tool and needs to coordinate with DDNS server. Before starting configuration, user shall register on a website of proper domain name provider and apply for a domain name.

DDNS Item Name Interface Service Type Username User ID Password Server Hostname

Figure 3-3-5-1
Description Give the DDNS a descriptive name. Set interface bundled with the DDNS. Select the DDNS service provider. Enter the username for DDNS register. Enter User ID of the custom DDNS server. Enter the password for DDNS register. Enter the name of DDNS server. Enter the hostname for DDNS.

53

Append IP

UG87 User Guide
Append your current IP to the DDNS server update path.
Table 3-3-5-1 DDNS Parameters

3.3.6 Link Failover This section describes how to configure link failover strategies, such as VRRP strategies.
Configuration Steps 1. Define one or more SLA operations (ICMP probe). 2. Define one or more track objects to track the status of SLA operation. 3. Define applications associated with track objects, such as VRRP or static routing.
3.3.6.1 SLA SLA setting is used for configuring link probe method. The default probe type is ICMP.

SLA Item
ID

Figure 3-3-6-1

Description SLA index. Up to 10 SLA settings can be added. Range: 1-10.

Default 1

Type

ICMP-ECHO is the default type to detect if the link is alive.

icmp-echo

Destination Address The detected IP address.

114.114.114.114

Secondary Address

Destination

The

secondary

detected

IP

address.

8.8.8.8

Data Size

User-defined data size. Range: 0-1000.

56

Interval (s)

User-defined detection interval. Range: 1-608400. 30

Timeout (ms)

User-defined timeout for response to determine ICMP detection failure. Range: 1-300000.

5000

PING Times

Define PING packet numbers in each SLA probe. Range: 1-1000.

5

Packet Loss Rate

Define packet loss rate in each SLA probe. SLA probe fails when the preset packet loss rate is

20

54

Start Time

UG87 User Guide

exceeded.

Detection start time; select from "Now" and blank

character. Blank character means this SLA

now

detection doesn't start.

Table 3-3-6-1 SLA Parameters

3.3.6.2 Track
Track setting is designed for achieving linkage among SLA module, Track module and Application module. Track setting is located between application module and SLA module with main function of shielding the differences of various SLA modules and providing unified interfaces for application module. Linkage between Track Module and SLA module Once you complete the configuration, the linkage relationship between Track module and SLA module will be established. SLA module is used for detection of link status, network performance and notification of Track module. The detection results help track status change timely. - For successful detection, the corresponding track item is Positive. - For failed detection, the corresponding track item is Negative.
Linkage between Track Module and Application Module After configuration, the linkage relationship between Track module and Application module will be established. When any change occurs in track item, a notification that requires corresponding treatment will be sent to Application module. Currently, the application modules like VRRP and static routing can get linkage with track module. If it sends an instant notification to Application module, the communication may be interrupted in some circumstances due to routing's failure like timely restoration or other reasons. Therefore, user can set up a period of time to delay notifying application module when the track item status changes.

Item Index Type SLA ID

Figure 3-3-6-2
Description Track index. Up to 10 track settings can be configured. Range: 1-10. The options are "sla" and "interface". Defined SLA ID.

Default 1 SLA 1
55

UG87 User Guide

Interface Negative Delay (s)
Positive Delay (s)

Select the interface whose status will be detected.
When interface is down or SLA probing fails, it will wait according to the time set here before actually changing its status to Down. Range: 0-180 (0 refers to immediate switching). When failure recovery occurs, it will wait according to the time set here before actually changing its status to Up. Range: 0-180 (0 refers to immediate switching).
Table 3-3-6-2 Track Parameters

cellular0 0
1

3.3.6.3 VRRP
The Virtual Router Redundancy Protocol (VRRP) is a computer networking protocol that provides automatic assignment of available Internet Protocol (IP) routers for participating hosts. This increases the availability and reliability of routing paths via automatic default gateway selections in an IP sub-network.

VRRP Item Enable Interface Virtual Router ID

Figure 3-3-6-3
Description Enable or disable VRRP. Select the interface of Virtual Router. User-defined Virtual Router ID. Range: 1-255.

Default Disable None None
56

UG87 User Guide

Virtual IP Priority Advertisement Interval (s)
Preemption Mode
Track ID

Set the IP address of Virtual Router. The VRRP priority range is 1-254 (a bigger number indicates a higher priority). The router with higher priority will be more likely to become the gateway router. Heartbeat package transmission time interval between routers in the virtual ip group. Range: 1-255. If the gateway works in the preemption mode, once it finds that its own priority is higher than that of the current gateway router, it will send VRRP notification package, resulting in re-election of gateway router and eventually replacing the original gateway router. Accordingly, the original gateway router will become a Backup router. Trace detection, select the defined track ID or blank character.
Table 3-3-6-3 VRRP Parameters

None 100 1
Disable
None

3.3.6.4 WAN Failover

WAN failover refers to failover between Ethernet WAN interface and cellular interface. When service transmission can't be carried out normally due to malfunction of a certain interface or lack of bandwidth, the rate of flow can be switched to backup interface quickly. Then the backup interface will carry out service transmission and share network flow so as to improve reliability of communication of data equipment. When link state of main interface is switched from up to down, system will have the pre-set delay works instead of switching to link of backup interface immediately. Only if the state of main interface is still down after delay, will the system switch to link of backup interface. Otherwise, system will remain unchanged.

WAN Failover Parameters Main Interface Backup Interface
Startup Delay (s)

Figure 3-3-6-4
Description Select a link interface as the main link. Select a link interface as the backup link. Set how long to wait for the startup tracking detection policy to take effect. Range: 0-300.

Default Cellular0 GE0
3

57

UG87 User Guide

Up Delay (s) Down Delay (s) Track ID

When the primary interface switches from failed detection to successful detection, switching can be delayed based on the set 0 time. Range: 0-180 (0 refers to immediate switching)

When the primary interface switches from successful detection to failed detection, switching can be delayed based on the set 0 time. Range: 0-180 (0 refers to immediate switching).

Track detection, select the defined track ID.

1

Table 3-3-6-4 WAN Failover Parameters

3.3.7 VPN
Virtual Private Networks, also called VPNs, are used to securely connect two private networks together so that devices can connect from one network to the other network via secure channels. The UG87 supports DMVPN, IPsec, GRE, L2TP, PPTP, OpenVPN, as well as GRE over IPsec and L2TP over IPsec.
3.3.7.1 DMVPN
A dynamic multi-point virtual private network (DMVPN), combining mGRE and IPsec, is a secure network that exchanges data between sites without passing traffic through an organization's headquarter VPN server or gateway.

Figure 3-3-7-1
58

UG87 User Guide

DMVPN Item Enable Hub Address Local IP address GRE Hub IP Address GRE Local IP Address GRE Netmask GRE Key Negotiation Mode Authentication Algorithm Encryption Algorithm
DH Group
Key Local ID Type IKE Life Time (s)
SA Algorithm
PFS Group
Life Time (s) DPD Interval Time (s) DPD Timeout (s) Cisco Secret NHRP Holdtime (s)

Figure 3-3-7-2
Description Enable or disable DMVPN. The IP address or domain name of DMVPN Hub. DMVPN local tunnel IP address. GRE Hub tunnel IP address. GRE local tunnel IP address. GRE local tunnel netmask. GRE tunnel key. Select from "Main" and "Aggressive".
Select from "DES", "3DES", "AES128", "AES192" and "AES256".
Select from "MD5" and "SHA1". Select from "MODP768_1", "MODP1024_2" and "MODP1536_5". Enter the preshared key. Select from "Default", "ID", "FQDN", and "User FQDN" Set the lifetime in IKE negotiation. Range: 60-86400. Select from "DES_MD5", "DES_SHA1", "3DES_MD5", "3DES_SHA1", "AES128_MD5", "AES128_SHA1", "AES192_MD5", "AES192_SHA1", "AES256_MD5" and "AES256_SHA1". Select from "NULL", "MODP768_1", "MODP1024_2" and "MODP1536-5". Set the lifetime of IPsec SA. Range: 60-86400. Set DPD interval time Set DPD timeout. Cisco Nhrp key. The holdtime of Nhrp protocol.
Table 3-3-7-1 DMVPN Parameters

59

UG87 User Guide
3.3.7.2 IPSec IPsec is especially useful for implementing virtual private networks and for remote user access through dial-up connection to private networks. A big advantage of IPsec is that security arrangements can be handled without requiring changes to individual user computers. IPsec provides three choices of security service: Authentication Header (AH), Encapsulating Security Payload (ESP), and Internet Key Exchange (IKE). AH essentially allows authentication of the senders' data. ESP supports both authentication of the sender and data encryption. IKE is used for cipher code exchange. All of them can protect one and more data flows between hosts, between host and gateway, and between gateways.

IPsec Item Enable IPsec Gateway Address IPsec Mode IPsec Protocol Local Subnet Local Subnet Netmask Local ID Type Remote Subnet Remote Subnet Mask Remote ID type

Figure 3-3-7-3
Description Enable IPsec tunnel. A maximum of 3 tunnels is allowed. Enter the IP address or domain name of remote IPsec server. Select from "Tunnel" and "Transport". Select from "ESP" and "AH". Enter the local subnet IP address that IPsec protects. Enter the local netmask that IPsec protects. Select from "Default", "ID", "FQDN", and "User FQDN". Enter the remote subnet IP address that IPsec protects. Enter the remote netmask that IPsec protects. Select from "Default", "ID", "FQDN", and "User FQDN".
Table 3-3-7-2 IPsec Parameters

60

UG87 User Guide

IKE Parameter Item IKE Version Negotiation Mode Encryption Algorithm Authentication Algorithm DH Group Local Authentication Local Secrets XAUTH Lifetime (s) SA Parameter
SA Algorithm
PFS Group
Lifetime (s)

Figure 3-3-7-4
Description Select from "IKEv1" and "IKEv2". Select from "Main" and "Aggressive". Select from "DES", "3DES", "AES128", "AES192" and "AES256".
Select from "MD5" and " SHA1"
Select from "MODP768_1", "MODP1024_2" and "MODP1536_5". Select from "PSK" and "CA". Enter the preshared key. Enter XAUTH username and password after XAUTH is enabled. Set the lifetime in IKE negotiation. Range: 60-86400.
Select from "DES_MD5", "DES_SHA1", "3DES_MD5", "3DES_SHA1", "AES128_MD5", "AES128_SHA1", "AES192_MD5", "AES192_SHA1", "AES256_MD5" and "AES256_SHA1". Select from "NULL", "MODP768_1" , "MODP1024_2" and "MODP1536_5". Set the lifetime of IPsec SA. Range: 60-86400.

61

UG87 User Guide

DPD Interval Time(s) DPD Timeout(s) IPsec Advanced Enable Compression
VPN Over IPsec Type

Set DPD interval time to detect if the remote side fails. Set DPD timeout. Range: 10-3600.
The head of IP packet will be compressed after it's enabled. Select from "NONE", "GRE" and "L2TP" to enable VPN over IPsec function.
Table 3-3-7-3 IPsec Parameters

3.3.7.3 GRE
Generic Routing Encapsulation (GRE) is a protocol that encapsulates packets in order to route other protocols over IP networks. It's a tunneling technology that provides a channel through which encapsulated data message can be transmitted and encapsulation and decapsulation can be realized at both ends. In the following circumstances the GRE tunnel transmission can be applied: - GRE tunnel can transmit multicast data packets as if it were a true network interface.
Single use of IPSec cannot achieve the encryption of multicast. - A certain protocol adopted cannot be routed. - A network of different IP addresses shall be required to connect other two similar
networks.

GRE Item Enable

Figure 3-3-7-5
Description Check to enable GRE function.

62

UG87 User Guide

Remote IP Address Local IP Address Local Virtual IP Address Netmask Peer Virtual IP Address Global Traffic Forwarding Remote Subnet Remote Netmask MTU Key Enable NAT

Enter the real remote IP address of GRE tunnel. Set the local IP address. Set the local tunnel IP address of GRE tunnel. Set the local netmask. Enter remote tunnel IP address of GRE tunnel. All the data traffic will be sent out via GRE tunnel when this function is enabled. Enter the remote subnet IP address of GRE tunnel. Enter the remote netmask of GRE tunnel. Enter the maximum transmission unit. Range: 64-1500. Set GRE tunnel key. Enable NAT traversal function.
Table 3-3-7-4 GRE Parameters

3.3.7.4 L2TP
Layer Two Tunneling Protocol (L2TP) is an extension of the Point-to-Point Tunneling Protocol (PPTP) used by an Internet service provider (ISP) to enable the operation of a virtual private network (VPN) over the Internet.

L2TP Item Enable Remote IP Address Username Password Authentication

Figure 3-3-7-6
Description Check to enable L2TP function. Enter the public IP address or domain name of L2TP server. Enter the username that L2TP server provides. Enter the password that L2TP server provides. Select from "Auto", "PAP", "CHAP", "MS-CHAPv1" and
63

UG87 User Guide

Global Traffic Forwarding Remote Subnet Remote Subnet Mask Key

"MS-CHAPv2". All of the data traffic will be sent out via L2TP tunnel after this function is enabled. Enter the remote IP address that L2TP protects. Enter the remote netmask that L2TP protects. Enter the password of L2TP tunnel.
Table 3-3-7-5 L2TP Parameters

Advanced Settings Item
Local IP Address
Peer IP Address Enable NAT Enable MPPE Address/Control Compression Protocol Field Compression
Asyncmap Value
MRU MTU
Link Detection Interval (s)
Max Retries

Figure 3-3-7-7
Description Set tunnel IP address of L2TP client. Client will obtain tunnel IP address automatically from the server when it's null. Enter tunnel IP address of L2TP server. Enable NAT traversal function. Enable MPPE encryption.
For PPP initialization. User can keep the default option.
For PPP initialization. User can keep the default option.
One of the PPP protocol initialization strings. User can keep the default value. Range: 0-ffffffff. Set the maximum receive unit. Range: 64-1500. Set the maximum transmission unit. Range: 64-1500 Set the link detection interval time to ensure tunnel connection. Range: 0-600. Set the maximum times of retry to detect the L2TP connection

64

Expert Options

UG87 User Guide
failure. Range: 0-10. User can enter some other PPP initialization strings in this field and separate the strings with blank space.
Table 3-3-7-6 L2TP Parameters

3.3.7.5 PPTP
Point-to-Point Tunneling Protocol (PPTP) is a protocol that allows corporations to extend their own corporate network through private "tunnels" over the public Internet. Effectively, a corporation uses a wide-area network as a single large local area network.

PPTP Item Enable Remote IP Address Username Password
Authentication
Global Traffic Forwarding Remote Subnet Remote Subnet Mask

Figure 3-3-7-8
Description Enable PPTP client. A maximum of 3 tunnels is allowed. Enter the public IP address or domain name of PPTP server. Enter the username that PPTP server provides. Enter the password that PPTP server provides. Select from "Auto", "PAP", "CHAP", "MS-CHAPv1", and "MS-CHAPv2". All of the data traffic will be sent out via PPTP tunnel once enable this function. Set the peer subnet of PPTP. Set the netmask of peer PPTP server.
Table 3-3-7-7 PPTP Parameters

65

UG87 User Guide

PPTP Advanced Settings Item Local IP Address Peer IP Address Enable NAT Enable MPPE Address/Control Compression Protocol Field Compression
Asyncmap Value
MRU MTU
Link Detection Interval (s)
Max Retries
Expert Options

Figure 3-3-7-9
Description Set IP address of PPTP client. Enter tunnel IP address of PPTP server. Enable the NAT faction of PPTP. Enable MPPE encryption.
For PPP initialization. User can keep the default option.
For PPP initialization. User can keep the default option.
One of the PPP protocol initialization strings. User can keep the default value. Range: 0-ffffffff. Enter the maximum receive unit. Range: 0-1500. Enter the maximum transmission unit. Range: 0-1500. Set the link detection interval time to ensure tunnel connection. Range: 0-600. Set the maximum times of retrying to detect the PPTP connection failure. Range: 0-10. User can enter some other PPP initialization strings in this field and separate the strings with blank space.
Table 3-3-7-8 PPTP Parameters

66

UG87 User Guide
3.3.7.6 OpenVPN Client
OpenVPN is an open source virtual private network (VPN) product that offers a simplified security framework, modular network design, and cross-platform portability. Advantages of OpenVPN include: - Security provisions that function against both active and passive attacks. - Compatibility with all major operating systems. - High speed (1.4 megabytes per second typically). - Ability to configure multiple servers to handle numerous connections simultaneously. - All encryption and authentication features of the OpenSSL library. - Advanced bandwidth management. - A variety of tunneling options. - Compatibility with smart cards that support the Windows Crypt application program
interface (API).

OpenVPN Client Item Enable

Figure 3-3-7-10
Description Enable OpenVPN client. A maximum of 3 tunnels is allowed.
67

UG87 User Guide

Protocol Remote IP Address
Port
Interface
Authentication
Local Tunnel IP Remote Tunnel IP Global Traffic Forwarding Enable TLS Authentication Username Password Enable NAT Compression Link Detection Interval (s) Link Detection Timeout (s)
Cipher
MTU Max Frame Size Verbose Level
Expert Options
Local Route Subnet Subnet Mask

Select from "UDP" and "TCP". Enter remote OpenVPN server's IP address or domain name. Enter the listening port number of remote OpenVPN server. Range: 1-65535. Select from "tun" and "tap". Select from "None", "Pre-shared", "Username/Password", "X.509 cert", and "X.509 cert+user". Set local tunnel address. Enter remote tunnel address. All the data traffic will be sent out via OpenVPN tunnel when this function is enabled.
Check to enable TLS authentication.
Enter username provided by OpenVPN server. Enter password provided by OpenVPN server. Enable NAT traversal function. Select LZO to compress data. Set link detection interval time to ensure tunnel connection. Range: 10-1800. Set link detection timeout. OpenVPN will be reestablished after timeout. Range: 60-3600. Select from "NONE", "BF-CBC", "DE-CBC", "DES-EDE3-CBC", "AES-128-CBC", "AES-192-CBC" and "AES-256-CBC". Enter the maximum transmission unit. Range: 128-1500. Set the maximum frame size. Range: 128-1500. Select from "ERROR", "WARING", "NOTICE" and "DEBUG". User can enter some other PPP initialization strings in this field and separate the strings with blank space.
Set the local route's IP address. Set the local route's netmask.
Table 3-3-7-9 OpenVPN Client Parameters

3.3.7.7 OpenVPN Server The UG87 supports OpenVPN server to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities.
68

UG87 User Guide

Figure 3-3-7-11

OpenVPN Server Item Enable Protocol Port
Listening IP
Interface
Authentication
Local Virtual IP

Figure 3-3-7-12
Description Enable/disable OpenVPN server. Select from TCP and UDP. Fill in listening port number. Range: 1-65535. Enter WAN IP address or LAN IP address. Leaving it blank refers to all active WAN IP and LAN IP address. Select from " tun" and "tap". Select from "None", "Pre-shared", "Username/Password", "X.509 cert" and "X. 509 cert +user". The local tunnel address of OpenVPN's tunnel.
69

UG87 User Guide

Remote Virtual IP Client Subnet Client Netmask Renegotiation Interval(s) Max Clients Enable CRL Enable Client to Client Enable Dup Client Enable NAT Compression
Link Detection Interval
Cipher
MTU Max Frame Size Verbose Level
Expert Options
Local Route Subnet Netmask Account Username & Password

The remote tunnel address of OpenVPN's tunnel. Local subnet IP address of OpenVPN client. Local netmask of OpenVPN client. Set interval for renegotiation. Range: 0-86400. Maximum OpenVPN client number. Range: 1-128. Enable CRL Allow access between different OpenVPN clients. Allow multiple users to use the same certification. Check to enable the NAT traversal function. Select "LZO" to compress data. Set link detection interval time to ensure tunnel connection. Range: 10-1800. Select from "NONE", "BF-CBC", "DES-CBC", "DES-EDE3-CBC", "AES-128-CBC", "AES-192-CBC" and "AES-256-CBC". Enter the maximum transmission unit. Range: 64-1500. Set the maximum frame size. Range: 64-1500. Select from "ERROR", "WARING", "NOTICE" and "DEBUG". User can enter some other PPP initialization strings in this field and separate the strings with blank space.
The real local IP address of OpenVPN client. The real local netmask of OpenVPN client.
Set username and password for OpenVPN client.
Table 3-3-7-10 OpenVPN Server Parameters

3.3.7.8 Certifications

User can import/export certificate and key files for OpenVPN and IPsec on this page.

Figure 3-3-7-13

OpenVPN Client

Item

Description

CA

Import/Export CA certificate file.

70

Public Key Private Key TA Preshared Key PKCS12

Import/Export public key file. Import/Export private key file. Import/Export TA key file. Import/Export static key file. Import/Export PKCS12 certificate file.

Table 3-3-7-11 OpenVPN Client Certification Parameters

UG87 User Guide

Figure 3-3-7-14

OpenVPN Server Item CA Public Key Private Key DH TA CRL Preshared Key

Description Import/Export CA certificate file. Import/Export public key file. Import/Export private key file. Import/Export DH key file. Import/Export TA key file. Import/Export CRL. Import/Export static key file.

Table 3-3-7-12 OpenVPN Server Parameters

Figure 3-3-7-15
71

IPsec Item CA Client Key Server Key Private Key CRL

Description Import/Export CA certificate. Import/Export client key. Import/Export server key. Import/Export private key. Import/Export certificate recovery list.
Table 3-3-7-13 IPsec Parameters

UG87 User Guide

3.4 System This section describes how to configure general settings, such as administration account, access service, system time, common user management, SNMP, AAA, event alarms, etc. 3.4.1 General Settings
3.4.1.1 General General settings include system info, access service and HTTPS certificates.

Figure 3-4-1-1

General

Item

Description

System

Hostname User-defined gateway name, needs to start with a letter.

Web Login Timeout (s)

You need to log in again if it times out. Range: 100-3600.

Access Service

Port

Set port number of the services. Range: 1-65535.

Default URSA 1800
--

72

UG87 User Guide

HTTP

Users can log in the device locally via HTTP to access and control it through Web after the option is checked.

80

Users can log in the device locally and remotely via

HTTPS

HTTPS to access and control it through Web after option 443

is checked.

Users can log in the device locally and remotely via

TELNET

TELNET to access and control it through Web after

23

option is checked.

SSH

Users can log in the device locally and remotely via SSH after the option is checked.

22

HTTPS Certificates

Click "Browse" button, choose certificate file on the PC,

Certificate

and then click "Import" button to upload the file into gateway. Click "Export" button will export the file to the

--

PC. Click "Delete" button will delete the file.

Click "Browse" button, choose key file on the PC, and

Key

then click "Import" button to upload the file into gateway. Click "Export" button will export file to the PC.

--

Click "Delete" button will delete the file.

Table 3-4-1-1 General Setting Parameters

3.4.1.2 System Time
This section explains how to set the system time including time zone and time synchronization type. Note: to ensure that the gateway runs with the correct time, it's recommended that you set the system time when configuring the gateway.

Figure 3-4-1-2
73

UG87 User Guide

Figure 3-4-1-3

System Time Item Current Time Time Zone Sync Type Sync with Browser Browser Time Set up Manually
Sync with NTP Server
Sync with NTP Server NTP Server Address
Enable NTP Server

Figure 3-4-1-4
Description Show the current system time. Click the drop down list to select the time zone you are in. Click the drop down list to select the time synchronization type. Synchronize time with browser. Show the current time of browser. Manually configure the system time. Synchronize time with NTP server so as to achieve time synchronization of all devices equipped with a clock on network.
Set NTP server address (domain name/IP). NTP client on the network can achieve time synchronization with gateway after "Enable NTP Server" option is checked.
Table 3-4-1-2 System Time Parameters

74

UG87 User Guide
3.4.1.3 SMTP SMTP, short for Simple Mail Transfer Protocol, is a TCP/IP protocol used in sending and receiving e-mail. This section describes how to configure email settings.

SMTP Item SMTP Client Settings Enable Email Address Password SMTP Server Address Port Enable TLS

Figure 3-4-1-5
Description
Enable or disable SMTP client function. Enter the sender's email account. Enter the sender's email password. Enter SMTP server's domain name. Enter SMTP server port. Range: 1-65535. Enable or disable TLS encryption.
Table 3-4-1-3 SMTP Setting

Related Topics Events Setting

3.4.1.4 Phone Phone settings involve in call/SMS trigger and SMS alarm for events. 1. Add phone list. 2. Select phone numbers and add them to the phone group. 3. Go to "Network > Interface > Cellular > Connection Mode > Connect on Demand >
Trigger by Call / Trigger by SMS" or go to "System > Events > Event Settings > SMS" and then select the phone group ID.
75

UG87 User Guide

Phone Item Phone Number List Number Description Phone Group List Group ID Description List Selected

Figure 3-4-1-6
Description
Enter the telephone number. Digits, "+" and "-" are allowed. The description of the telephone number.
Set number for phone group. Range: 1-100. The description of the phone group. Show the phone list. Show the selected phone number.
Table 3-4-1-4 Phone Settings

Related Topic Connect on Demand

3.4.1.5 Email
Email settings involve email alarm for events. 1. Add email list. 2. Select email addresses and add them to the phone group. 3. Go to "System > Events > Event Settings > Email" and then select the email group ID.

76

UG87 User Guide

Email Item Email List Email Address Description Email Group List Group ID Description List Selected

Figure 3-4-1-7
Description
Enter the Email address. The description of the Email address.
Set number for email group. Range: 1-100. The description of the Email group. Show the Email address list. Show the selected Email address.
Table 3-4-1-5 Email Settings

3.4.2 User Management
3.4.2.1 Account Here you can change the login username and password of the administrator. Note: it is strongly recommended that you modify them for the sake of security.

77

UG87 User Guide

Account Item
Username
Old Password New Password Confirm New Password

Figure 3-4-2-1
Description Enter a new username. You can use characters such as a-z, 0-9, "_", "-", "$". The first character can't be a digit. Enter the old password. Enter a new password. Enter the new password again.
Table 3-4-2-1 Account Information

3.4.2.2 User Management
This section describes how to create common user accounts. The common user permission includes Read-Only and Read-Write.

User Management Item
Username
Password Permission

Figure 3-4-2-2
Description Enter a new username. You can use characters such as a-z, 0-9, "_", "-", "$". The first character can't be a digit. Set password. Select user permission from "Read-Only" and "Read-Write".
78

UG87 User Guide
- Read-Only: users can only view the configuration of gateway in this level.
- Read-Write: users can view and set the configuration of gateway in this level.
Table 3-4-2-2 User Management
3.4.3 SNMP SNMP is widely used in network management for network monitoring. SNMP exposes management data with variables form in managed system. The system is organized in a management information base (MIB) which describes the system status and configuration. These variables can be remotely queried by managing applications. Configuring SNMP in networking, NMS, and a management program of SNMP should be set up at the Manager. Configuration steps are listed as below for achieving query from NMS: 1. Enable SNMP setting. 2. Download MIB file and load it into NMS. 3. Configure MIB View. 4. Configure VCAM.
3.4.3.1 SNMP The UG87 supports SNMPv1, SNMPv2c and SNMPv3 version. SNMPv1 and SNMPv2c employ community name authentication. SNMPv3 employs authentication encryption by username and password.

SNMP Settings Item Enable
Port
SNMP Version

Figure 3-4-3-1
Description Enable or disable SNMP function. Set SNMP listened port. Range: 1-65535. The default port is 161. Select SNMP version; support SNMP v1/v2c/v3.

79

Location Information Contact Information

Fill in the location information. Fill in the contact information.
Table 3-4-3-1 SNMP Parameters

3.4.3.2 MIB View This section explains how to configure MIB view for the objects.

UG87 User Guide

MIB View Item View Name View Filter View OID Included Excluded

Figure 3-4-3-2
Description Set MIB view's name. Select from "Included" and "Excluded". Enter the OID number. You can query all nodes within the specified MIB node. You can query all nodes except for the specified MIB node.
Table 3-3-3-2 MIB View Parameters

3.4.3.3 VACM This section describes how to configure VCAM parameters.

Figure 3-4-3-3
80

UG87 User Guide

VACM

Item

Description

SNMP v1 & v2 User List

Community

Set the community name.

Permission

Select from "Read-Only" and "Read-Write".

MIB View

Select an MIB view to set permissions from the MIB view list.

Network

The IP address and bits of the external network accessing the MIB view.

Read-Write

The permission of the specified MIB node is read and write.

Read-Only

The permission of the specified MIB node is read only.

SNMP v3 User List

Group Name

Set the name of SNMPv3 group.

Security Level Select from "NoAuth/NoPriv", "Auth/NoPriv", and " Auth/Priv".

Read-Only View Select an MIB view to set permission as "Read-only" from the MIB view list.

Read-Write View Select an MIB view to set permission as "Read-write" from the MIB view list.

Inform View

Select an MIB view to set permission as "Inform" from the MIB view list.

Table 3-4-3-3 VACM Parameters

3.4.3.4 Trap This section explains how to enable network monitoring by SNMP trap.

SNMP Trap Item Enable SNMP Version Server Address Port
Name
Auth/Priv Mode

Figure 3-4-3-4
Description Enable or disable SNMP Trap function. Select SNMP version; support SNMP v1/v2c/v3. Fill in NMS's IP address or domain name. Fill in UDP port. Port range is 1-65535. The default port is 162. Fill in the group name when using SNMP v1/v2c; fill in the username when using SNMP v3. Select from "NoAuth & No Priv", "Auth & NoPriv", and "Auth & Priv".
Table 3-4-3-4 Trap Parameters
81

UG87 User Guide
3.4.3.5 MIB This section describes how to download MIB files. The last MIB file "URSA-gateway-MIB.txt" is for the UG87.

MIB Item MIB File Download

Figure 3-4-3-5
Description Select the MIB file you need. Click "Download" button to download the MIB file to PC.
Table 3-4-3-5 MIB Download

3.4.4 AAA
AAA access control is used for visitors control and the available corresponding services once access is allowed. It adopts the same method to configure three independent safety functions. It provides modularization methods for following services: - Authentication: verify if the user is qualified to access to the network. - Authorization: authorize related services available for the user. - Charging: record the utilization of network resources.
3.4.4.1 RADIUS
Using UDP for its transport, RADIUS is generally applied in various network environments with higher requirements of security and permission of remote user access.

Figure 3-4-4-1
82

RADIUS Item Enable Server IP Address Server Port
Key

UG87 User Guide
Description Enable or disable RADIUS. Fill in the RADIUS server IP address/domain name. Fill in the RADIUS server port. Range: 1-65535. Fill in the key consistent with that of RADIUS server in order to get connected with RADIUS server.
Table 3-4-4-1 RADIUS Parameters

3.4.4.2 TACACS+
Using TCP for its transport, TACACS+ is mainly used for authentication, authorization and charging of the access users and terminal users by adopting PPP and VPDN.

TACACS+ Item Enable Server IP Address Server Port
Key

Figure 3-4-4-2
Description Enable or disable TACACS+. Fill in the TACACS+ server IP address/domain name. Fill in the TACACS+ server port. Range: 1-65535. Fill in the key consistent with that of TACACS+ server in order to get connected with TACACS+ server.
Table 3-4-4-2 TACACS+ Parameters

3.4.4.3 LDAP A common usage of LDAP is to provide a central place to store usernames and passwords. This allows many different applications and services to connect the LDAP server to validate users. LDAP is based on a simpler subset of the standards contained within the X.500 standard. Because of this relationship, LDAP is sometimes called X.500-lite as well.
83

UG87 User Guide

LDAP Item Enable
Server IP Address
Server Port Base DN Security Username Password

Figure 3-4-4-3
Description Enable or Disable LDAP. Fill in the LDAP server's IP address/domain name. The maximum count is 10. Fill in the LDAP server's port. Range: 1-65535 The top of LDAP directory tree. Select secure method from "None", "StartTLS" and "SSL". Enter the username to access the server. Enter the password to access the server.
Table 3-4-4-3 LDAP Parameters

3.4.4.4 Authentication
AAA supports the following authentication ways: - None: uses no authentication, generally not recommended. - Local: uses the local username database for authentication.
 Advantages: rapidness, cost reduction.  Disadvantages: storage capacity limited by hardware. - Remote: has user's information stored on authentication server. RADIUS, TACACS+ and LDAP supported for remote authentication. When RADIUS, TACACS+, and local are configured at the same time, the priority level is: 1 >2 >3.

84

UG87 User Guide

Authentication Item Console Web Telnet SSH

Figure 3-4-4-4
Description Select authentication for Console access. Select authentication for Web access. Select authentication for Telnet access. Select authentication for SSH access.
Table 3-4-4-4 Authentication Parameters

3.4.5 Device Management You can connect the device to the DeviceHub on this page so as to manage the gateway centrally and remotely.

DeviceHub Item Status

Figure 3-4-5-1
Description Show the connection status between the gateway and the
85

UG87 User Guide

Disconnected Activation Server Address DeviceHub Server Address
Activation Method
Authentication Code ID Password

DeviceHub. Click this button to disconnect the gateway from the DeviceHub. IP address or domain of the DeviceHub. The URL address for the device to connect to the DeviceHub, e.g. http://220.82.63.79:8080/acs. Select activation method to connect the gateway to the DeviceHub server, options are "By Authentication ID" and "By ID". Fill in the authentication code generated from the DeviceHub.
Fill in the registered DeviceHub account (email) and password.

Table 3-4-5-1

3.4.6 Events Event feature is capable of sending alerts by Email when certain system events occur. 3.4.6.1 Events You can view alarm messages on this page.

Events Item Mark as Read Delete Mark All as Read Delete All Alarms Status

Figure 3-4-6-1
Description Mark the selected event alarm as read. Delete the selected event alarm. Mark all event alarms as read. Delete all event alarms. Show the reading status of the event alarms, such as "Read" and

86

Type Time Message

"Unread". Show the event type that should be alarmed. Show the alarm time. Show the alarm content.
Table 3-4-6-1 Events Parameters

UG87 User Guide

3.4.6.2 Events Settings
In this section, you can decide what events to record and whether you want to receive email and SMS notifications when any change occurs.

Event Settings Item Enable Cellular Up Cellular Down WAN Up WAN Down VPN Up VPN Down
Record
Email

Figure 3-4-6-2
Description Check to enable "Events Settings". Cellular network is connected. Cellular network is disconnected. Ethernet cable is connected to WAN port. Ethernet cable is disconnected to WAN port. VPN is connected. VPN is disconnected. The relevant content of event alarm will be recorded on "Event" page if this option is checked. The relevant content of event alarm will be sent out via email if this
87

UG87 User Guide

Email Setting
SMS
SMS Setting Phone Group List Email Group List
Related Topics Email Setting Phone Setting

option is checked. Click and you will be redirected to the page "Email" to configure the Email group. The relevant content of event alarm will be sent out via SMS if this option is checked. Click and you will be redirected to the page of "Phone" to configure phone group list. Select phone group to receive SMS alarm. Select Email group to receive Email alarm.
Table 3-4-6-2 Events Parameters

3.5 Maintenance This section describes system maintenance tools and management. 3.5.1 Tools Troubleshooting tools includes ping and traceroute. 3.5.1.1 Ping Ping tool is engineered to ping outer network.

PING Item Host

Figure 3-5-1-1
Description Ping outer network from the gateway.
Table 3-5-1-1 IP Ping Parameters

3.5.1.2 Traceroute Traceroute tool is used for troubleshooting network routing failures.

88

UG87 User Guide

Figure 3-5-1-2
Traceroute Item Description Host Address of the destination host to be detected.
Table 3-5-1-2 Traceroute Parameters
3.5.2 Schedule This section explains how to configure scheduled reboot on the gateway.

Schedule Item Schedule Reboot Frequency Hour & Minute

Figure 3-5-2-1
Description Select schedule type. Reboot the gateway regularly. Select the frequency to execute the schedule. Select the time to execute the schedule.
Table 3-5-2-1 Schedule Parameters

3.5.3 Log
The system log contains a record of informational, error and warning events that indicates how the system processes. By reviewing the data contained in the log, an administrator or user troubleshooting the system can identify the cause of a problem or whether the system processes are loading successfully. Remote log server is feasible, and gateway will upload all

89

system logs to remote log server such as Syslog Watcher.

UG87 User Guide

3.5.3.1 System Log This section describes how to download log file and view the recent log on web.

System Log Item Download View recent (lines) Clear Log

Figure 3-5-3-1
Description Download log file. View the specified lines of system log. Clear the current system log.
Table 3-5-3-1 System Log Parameters

3.5.3.2 Log Settings This section explains how to enable remote log server and local log setting.

90

UG87 User Guide

Log Settings Item Remote Log Server
Enable
Syslog Server Address Port Local Log File Storage Size Log Severity

Figure 3-5-3-2
Description
With "Remote Log Server" enabled, gateway will send all system logs to the remote server. Fill in the remote system log server address (IP/domain name). Fill in the remote system log server port.
User can store the log file in memory or TF card. Set the size of the log file to be stored. The list of severities follows the syslog protocol.
Table 3-5-3-2 System Log Parameters

3.5.4 Upgrade
This section describes how to upgrade the gateway firmware via web. Generally you don't need to do the firmware upgrade. Note: any operation on web page is not allowed during firmware upgrade, otherwise the upgrade will be interrupted, or even the device will break down.

Upgrade Item Firmware Version Reset Configuration to Factory Default Upgrade Firmware

Figure 3-5-4-1
Description Show the current firmware version. When this option is checked, the gateway will be reset to factory defaults after upgrade. Click "Browse" button to select the new firmware file, and click

91

"Upgrade" to upgrade firmware.
Table 3-5-4-1 Upgrade Parameters
Related Configuration Example Firmware Upgrade

UG87 User Guide

3.5.5 Backup and Restore
This section explains how to create a complete backup of the system configurations to a file, restore the config file to the gateway and reset to factory defaults.

Figure 3-5-5-1

Backup and Restore

Item

Description

Config File

Click "Browse" button to select configuration file, and then click "Import" button to upload the configuration file to the gateway.

Backup

Click "Backup" to export the current configuration file to the PC.

Reset

Click "Reset" button to reset factory default settings. gateway will restart after reset process is done.

Table 3-5-5-1 Backup and Restore Parameters

Related Configuration Example Restore Factory Defaults

92

UG87 User Guide
3.5.6 Reboot On this page you can reboot the gateway and return to the login page. We strongly recommend clicking "Save" button before rebooting the gateway so as to avoid losing the new configuration.
Figure 3-5-6-1
3.6 APP 3.6.1 Python Python is an object-oriented programming language that has gained popularity because of its clear syntax and readability. As an interpreted language, Python has a design philosophy that emphasizes code readability, notably using whitespace indentation to delimit code blocks rather than curly brackets or keywords, and a syntax that allows programmers to express concepts in fewer lines of code than it's used in other languages such as C++ or Java. The language provides constructs and intends to enable writing clear programs on both small and large scale. Users can use Python to quickly generate the prototype of the program, which can be the final interface of the program, rewrite it with a more appropriate language, and then encapsulate the extended class library that Python can call. This section describes how to view the relevant running status such as App-manager, SDK version, extended storage, etc. Also you can change the App-manager configuration, and import the Python App package from here.
93

3.6.1.1 Python

UG87 User Guide

Python Item
AppManager Status
SDK Version SDK Path Available Storage SDK Upload Uninstall View

Figure 3-6-1-1
Description Show AppManager's running status, like "Uninstalled", "Running" or "Stopped". Show the version of the installed SDK. Show the SDK installation path. Select available storage to install SDK. Upload and install SDK for Python. Uninstall SDK. View application status managed by AppManager.
Table 3-6-1-1 Python Parameters

3.6.1.2 App Manager Configuration

94

UG87 User Guide

Figure 3-6-1-2

AppManager Configuration

Item

Description

After enabling Python AppManager, user can click "View" button on

Enable

the "Python" webpage to view the application status managed by

AppManager.

App Management

ID

Show the ID of the imported App.

App Command Show the name of the imported App.

Logfile Size(MB) User-defined Logfile size. Range: 1-50.

Uninstall

Uninstall APP.

App Status

App Name

Show the name of the imported App.

App Version

Show the version of the imported App.

SDK Version

Show the SDK version which the imported App is based on.

Table 3-6-1-2 APP Manager Parameters

3.6.1.3 Python App

Python APP Item App Package App Name App Configuration Debug File Debug Script

Figure 3-6-1-3
Description Select App package and import. Select App to import configuration. Select configuration file and import. Export script file. Select Python script to be debugged and import.
Table 3-6-1-3 APP Parameters

95

UG87 User Guide
Chapter 4 Application Examples
4.1 Packet Forwarder Configuration
You create multi-destination on this page. So the gateway will forward the data to multiple network server address created and enabled in the list. The configuration procedures are listed as below. 1. Go to "Packet Forwarder" > "General".

2. Click

to add a new network server address, displayed as the following picture

Multi-Destination Configuration

Item

Description

Default

Select "Ursalink" if you need to forward data to the

Ursalink Network Server.

Select "Semtech" if you need to forward data by

Semtech packet forwarder.

Select "TTN" if you need to forward data to The Things

Network.

Type

Select "Loriot" if you need to forward data to Loriot. Semtech

Select "ChirpStack-Generic" if you need to forward data

to ChirpStack with Generic MQTT broker.

Server Address Port Up

Note: When the packet forwarder is enabled as Loriot,

TTN and ChirpStack-Generic type, data will not be

forwarded to other server addresses.

Select or enter a server address of the LoRaWAN network server.

ttn.thingsco nnected.ne t

Ursalink:

Enter the port of LoRaWAN network server for

1883

uploading data. Range: 1-65535.

Semtech:

1700

96

UG87 User Guide

Port Down
Gateway Key User Credentials

Enter the port of LoRaWAN network server for sending data to your gateway. Range: 1-65535.
If the type is "TTN", you need to enter the gateway key for authentication. When you select user credentials for authentication, you need to enter the username and password required for authentication. Select from "CA signed server certificate" and "Self signed certificates".

Loriot: 1780 Ursalink: 1883 Semtech: 1700 Loriot: 1780
Null
Null

TLS Authentication

CA signed server certificate: Verify with the certificate issued by Certificate Authority (CA) that pre-loaded on device. Self signed certificates: In this mode, users have to upload the custom certificate and secret key for verification.

Self signed certificates

4.2 Application Configuration
You can create a new application on this page, which is mainly used to define the method of decoding the data sent from end-device and choosing the data transport protocol to send data to another server address. The data will be sent to your custom server address using MQTT, HTTP or HTTPS protocol. The procedures are listed as below. 1. Go to "Network Server" > "Application".

2. Click

to enter the configuration page, displayed as the following picture

97

UG87 User Guide

Application Configuration

Item

Description

Name

Enter the name of the application profile. E.g Smoker-sensor-app.

Description

Enter the description of this application. E.g a application for smoker sensor.

Select from: "None", "Cayenne LPP", "Custom".

None: This mode enables devices not to encode data.

Cayenne LPP: This mode enables devices to encode

Payload Codec data with the Cayenne Low Power Payload (LPP).

Custom: This mode enables devices to encode data

with the decoder function and the encoder function

which you have entered the code.

Default None

3. Click

to add a data transmission type of HTTP or HTTPS

Step 1: select HTTP or HTTPS as transmission protocol.

Step 2: Enter the header name and header value as needed.

98

UG87 User Guide
Headers are name/value pairs that appear in both request and response messages. The name of the header is separated from the value by a single colon. For example, this request message provides a header called User-Agent whose value is Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko. The purpose of this particular header is to supply the web server with information about the type of browser making the request.
Step 3: Enter the destination URL. Different types of data can be sent to different URLs.

4. Click

to add a data transmission type of MQTT

Step 1: select the transmission protocol as MQTT.

Step 2: Fill in general settings.

99

UG87 User Guide

MQTT General Settings

Item

Description

Broker Address

Please enter the broker address to receive data.

Broker Port Please enter the broker port to receive data.

Client ID is the unique identity of the client to the server.

Client ID

It must be unique when all clients are connected to the same

server, and it is the key to handle message at QoS 1 and 2.

Set the maximum response time when the client waits for the

Connection response from the server. If the client does not get a response

Timeout

after the maximum response time, the connection will be

considered as broken. The interval range is 1-65535 in second.

Keep Alive Interval

After the client is connected with the server, the client will send heartbeat packet to the server regularly to keep alive. The interval range is 1-65535 in second.

Default ----
30
60

Step 3: Select the authentication method required by the server. If you select user credentials for authentication, you need to enter the username and password for authentication.

If certificate is necessary for verification, please import CA certificate, client certificate and client key file for authentication.

100

UG87 User Guide
Step 4: Enter the topic to receive data and choose the QoS. QoS 0 ­ Only Once This is the fastest method and requires only 1 message. It is also the most unreliable transfer mode. QoS 1 ­ At Least Once This level guarantees that the message will be delivered at least once, but may be delivered more than once. QoS 2 ­ Exactly Once QoS 2 is the highest level of service in MQTT. This level guarantees that each message is received only once by the intended recipients. QoS 2 is the safest and slowest quality of service level.
4.3 Device Profiles Configuration

Device Profiles Settings

Item

Description

Name

Enter the Name of the application profile. E.g. Smoker-sensor-app.

Default Null

101

Max TXPower Join Type Class Type

UG87 User Guide

Enter the maximum transmit power. 0 means using the max EIRP.
Select from: "OTAA" and "ABP". OTAA:Over-the-Air Activation. For over-the-air activation, end-devices must follow a join procedure prior to participating in data exchanges with the network server. An end-device has to go through a new join procedure every time as it has lost the session context information.

0. The TXPower indicates power levels relative to the Max EIRP level of the end-device. 0 means using the max EIRP. EIRP refers to the Equivalent Isotropically Radiated Power.
OTAA

ABP: Activation by Personalization.

Under certain circumstances, end-devices can be

activated by personalization. Activation by

personalization directly ties an end-device to a

specific network bypassing the join request - join

accept procedure.

Select from: "Class A" and "Class C".

A: Class A operation has the lowest power

consumption for applications that require

downlink communication from the server shortly

after the end-device has sent an uplink

transmission.

A

C: End-device of Class C will continuously open receive windows, only closed when transmitting. Class C end-device will spend more power than Class A or Class B but they offer the lowest latency for server to end-device communication.

102

UG87 User Guide

Device Profile Advanced Settings

Item

Description

MAC Version

Choose the version of the LoRaWAN supported by the end-device.

Regional Parameter Revision

Revision of the Regional Parameters document supported by the end-device.

RX1 Datarate Offset

Enter the offset which used for calculate the RX1 data-rate, based on the uplink data-rate. The range is based on what is specified in the LoRaWAN regional parameters document.

RX2 Datarate

Enter the RX2 datarate which used for the RX2 receive-window. The range is based on what is specified in the LoRaWAN regional parameters document.

RX2 Channel Frequency
Frequency List ACK Timeout

Enter the RX2 channel frequency which used for the RX2 receive-window. The range is based on what is specified in the LoRaWAN regional parameters document. List of factory-preset frequencies. The range is based on what is specified in the LoRaWAN regional parameters document. Enter the time for confirmed downlink transmissions. Only applicable to class C.

Default 1.0.2
B
The default offset is based on what is specified in the LoRaWAN regional parameters document. The default offset is based on what is specified in the LoRaWAN regional parameters document.
Null
Null
5

103

4.4 Device Configuration
Go to "Network Server" > "Device".
You can edit the device configuration by clicking

UG87 User Guide
or create a new device by clicking .

Device Configuration-General

Item

Description

Device

Enter the name of this device.

Description

Enter the description of this device.

Device EUI

Enter the EUI of this device.

Device-Profile

Choose the device profile from created device profiles.

Application

Choose the application profile from created application.

Frame-Counter Validation

If disable the frame-counter validation, it will compromise security as it enables people to perform replay-attacks.

Default Null Null Null Null
Null
Enabled

104

UG87 User Guide

Device Configuration-GeneralApplicable for UC11-N1 and UC1152

Item

Description

Device Name

Enter the name of this device.

Description

Enter the description of this device.

Device EUI

Enter the EUI of this device.

Device-Profile Choose the device profile.

Application

Choose the application profile.

Choose from: "Disable", "Modbus RTU to TCP", "Modbus

RTU over TCP".

Default Null Null Null Null Null

Modbus RTU Data Transmission
Fport
TCP Port Frame-Counter Validation

-Disable: This feature is not enabled. -Modbus RTU to TCP: With the this function enabled, you can connect UC11-N1 or UC1152 to TCP networks while converting Modbus message to Modbus TCP Protocol. -Modbus RTU over TCP: With the this function enabled, you can connect UC11-N1 or UC1152 to TCP networks without actually changing any of the bytes in the Modbus message. Enter the LoRaWAN frame port for transparent transmission between UC11-N1 and UG87. Range: 2-84, 86-223. Note: this value must be the same as the UC11-N1/UC1152's Fport. Enter the TCP port for data transmission between the TCP Client and UG87 (as TCP Server). Range: 1-65535. If disable the frame-counter validation, it will compromise security as it enables people to perform replay-attacks.

Disable
Null Null Enabled

105

UG87 User Guide

ABP stands for Authentication By Personalisation. It means that the encryption keys are

configured manually on the device and can start sending frames to the Gateway without needing

a 'handshake' procedure to exchange the keys (such as the one performed during an OTAA join

procedure).

With ABP the encryption keys enabling communication with the network are preconfigured in the

device. The network will need to provide you with a Device Address, Network Session Key and

Application Session Key.

Device Configuration-Activate Device-ABP

Item

Description

Default

Enter the device address. The device address

Device Address identifies the end-device within the current Null

network.

Enter the network session key of the device.

The network session key specific for the

Network Session end-device. It is used by the end-device to

Key

calculate the MIC or part of the MIC (message

Null

integrity code) of all uplink data messages to

ensure data integrity.

Enter the application session key of the device.

The AppSKey is an application session key

Application Session Key

specific for the end-device. It is used by both the application server and the end-device to

Null

encrypt and decrypt the payload field of

application-specific data messages.

The number of data frames which sent uplink

to the network server. It will be incremented

by the end-device and received by the

Uplink Frame-counter

end-device. Users can reset the a personalized end-device Null manually, then the frame counters on the

end-device and the frame counters on the

network server for that end-device will be

reset to 0.

Downlink Frame-counter

The number of data frames which received by the end-device downlink from the network

Null

106

server. It will be incremented by the network server. Users cloud reset the a personalized end-device manually, then the frame counters on the end-device and the frame counters on the network server for that end-device will be reset to 0.

UG87 User Guide

OTAA stands for Over The Air Activation. With this method the end-device sends a Join request to

the gateway using the Application Key, Application Key is a shared secret key unique to your

device to generate the session keys that prove its identity to the network. If the keys are correct,

the gateway will reply to the end-device with a join accept message, and from that point on the

end-device is able to send and receive packets to/from gateway. If the keys are incorrect, no

response will be received.

Device Configuration-Activate Device-OTAA

Item

Description

Default

Enter the application key. Whenever an end-device joins a

Application Key network via over-the-air activation, the application key is Null

used for derive the Application Session key.

Show the device address when the device has been

Device Address

activated. The device address identifies the end-device within the current network.It will be cleared when the

Null

node has not been activated yet or device has been

107

UG87 User Guide

Network Session Key
Application Session Key
Uplink Frame-counter
Downlink Frame-counter

inactive for a long time.

Show the network session key of the device when the

device has been activated. The network session key specific

for the end-device. It is used by the end-device to calculate

the MIC or part of the MIC (message integrity code) of all Null

uplink data messages to ensure data integrity.It will be

cleared when the node has not been activated yet or

device has been inactive for a long time.

Show the application session key of the device when the

device has been activated. The AppSKey is an application

session key specific for the end-device. It is used by both

the application server and the end-device to encrypt and Null

decrypt the payload field of application-specific data

messages. It will be cleared when the node has not been

activated yet or device has been inactive for a long time.

The number of data frames which sent uplink to the

network server. It will be incremented and received by the

end-device. After a JoinReq -JoinAccept message exchange, the frame

Null

counters on the end-device and the frame counters on the

network server for that end-device will be reset to 0.

The number of data frames which received by the

end-device downlink from the network server. It will be

incremented by the network server. After a JoinReq -JoinAccept message exchange, the frame

Null

counters on the end-device and the frame counters on the

network server for that end-device will be reset to 0.

4.5 Send Data to Device Go to "Network Server" > "Packets".
Step 1: Please check the packet in the network server list to make sure that the device has joined the network successful.

Step 2: Fill these input box.

108

Step 3: Click "Send".

UG87 User Guide

Step 4: Check the packet in the network server list to make sure that the device has received this message successful. Note: please check the "confirmed" .

You can click "Refresh" to refresh the list or set automatic refreshing frequency for the list. If the device's class type is Class C, then the device will be constantly receiving packet. This packet's type is DnCnf (Downlink Confirmed Packet) and if the packet's color is gray, then it means the packet cannot be transmitted now because at least one message has been in the queue.
This is the data packet has been delivered successfully.
If the device receives this downlink confirmed packet, then the device will reply "ACK" when delivering next.

109

UG87 User Guide
Ack is "true" means that the device has received this packet. If the device's class type is Class A, then the Network Server communicates with end-device (downlink) during predetermined response windows. This packet's type is DnCnf (Downlink Confirmed Packet) and if the packet's color is gray, then it means that the packet cannot be transmitted now because at least one message has been in queue. Only after the device sends out an uplink packet will the network server sends out data to the device.
110

UG87 User Guide
111

Related Topic Packets

UG87 User Guide

4.6 Restore Factory Defaults
4.6.1 Via Web Interface 1. Log in web interface, and go to "Maintenance > Backup and Restore". 2. Click "Reset" button under the "Restore Factory Defaults". You will be asked to confirm if you'd like to reset it to factory defaults. Then click "Reset" button.

Then the gateway will reboot and restore to factory settings immediately. 112

UG87 User Guide

Please wait till the login page pops up again, which means the gateway has already been reset to factory defaults successfully.

Related Topic Restore Factory Defaults

4.6.2 Via Hardware Locate the reset button on the gateway, and take corresponding actions based on the status of SYS LED.

SYSTEM LED Blinking Static Green  Rapidly Blinking Off  Blinking

Action Press and hold the reset button for more than 5 seconds. Release the button and wait.
The gateway is now reset to factory defaults.

113

UG87 User Guide
4.7 Firmware Upgrade It is suggested that you contact Ursalink technical support first before you upgrade gateway firmware. After getting firmware file from Ursalink technical support, please refer to the following steps to complete the upgrade. 1. Go to "Maintenance > Upgrade". 2. Click "Browse" and select the correct firmware file from the PC. 3. Click "Upgrade" and the gateway will check if the firmware file is correct. If it's correct,
the firmware will be imported to the gateway, and then the gateway will start to upgrade.
Related Topic Upgrade
114

UG87 User Guide
4.8 Cellular Connection The UG87 have two cellular interfaces, named SIM1 & SIM2. Only one cellular interface is active at one time. If both cellular interfaces are enabled, SIM1 interface takes precedence as default. Example We are about to take an example of inserting a SIM card into SIM1 slot of the UG87 and configuring the gateway to get Internet access through cellular. Configuration Steps 1. Go to "Network > Interface > Cellular > Cellular Setting" and configure the cellular info. 2. Enable SIM1. 3. Choose relevant network type. "Auto", "Auto 3G/4G", "4G Only", "3G Only" are
optional.
Click "Save" and "Apply" for configuration to take effect. 4. Check the cellular connection status by WEB GUI of gateway. Click "Status > Cellular" to view the status of the cellular connection. If it shows 'Connected', SIM1 has dialed up successfully.
115

UG87 User Guide
5. Check out if network works properly by browser on PC. Open your preferred browser on PC, type any available web address into address bar and see if it is able to visit Internet via the UG87. Related Topic Cellular Setting Cellular Status
116

UG87 User Guide
4.9 Dual SIM Backup Application Example Example In this section we will take an example of inserting two SIM cards into the UG87. When one SIM fails, gateway will try to connect with the other SIM as backup link. Configuration Steps 1. Go to "Network > Interface > Cellular" to enable SIM1 and SIM2. Leave the network
type as "Auto" by default.
2. Enable "Dual SIM Strategy", and configure the corresponding options as below. ICMP server can be configured as any reachable IP address.
117

Then click "Save" and "Apply" button.

UG87 User Guide

3. Go to "Status > Cellular", and you will see the gateway is connected to the network via SIM1.

4. You can remove SIM1 to make the gateway fail to connect to network via it. Go to "Status > Cellular" again, and you will see the gateway is connected to the network through SIM2.
118

UG87 User Guide
Now SIM2 becomes the main SIM, and SIM1 runs as the backup. The gateway won't reconnect via SIM1 until SIM2 fails. Related Topic Cellular Setting Cellular Status 4.10 Wi-Fi Application Example 4.10.1 AP Mode Application Example Configure UG87 as AP to allow connection from users or devices. Configuration Steps 1. Go to "Network > Interface > WLAN" to configure wireless parameters as below.
Click "Save" and "Apply" buttons after all configurations are done. 119

UG87 User Guide
2. Use a smart phone to connect by SSID "Ursalink_support". Go to "Status > WLAN", and you can check the AP settings and information of the connected client/user.
4.10.2 Client Mode Application Example Configure UG87 as Wi-Fi client to connect to an access point to have Internet access. Configuration Steps 1. Go to "Network > Interface > WLAN" to configure wireless as below.
Click "Save" and "Apply" buttons after all configurations are done. 120

UG87 User Guide
2. Go to "Status > WLAN", and you can check the connection status of the client.

Related Topic WLAN Setting WLAN Status

[END]

121



References

WPS 文字