URSALINK UR32 (01) PDF MANUAL


Post questions, comments, reviews or errors in the comment box below.

Your File is Ready … Download PDF

CLICK HERE TO DOWNLOAD URSALINK UR32 (01) PDF MANUAL


PDF Content Summary: Preface Thanks for choosing Ursalink UR52/UR55 industrial cellular router. The UR52/UR55 industrial cellular router delivers tenacious connection over network with full-featured design such as automated failover/failback, extended operating temperature, dual SIM cards, hardware watchdog, VPN, Fast Ethernet and beyond. This guide describes how to configure and operate the UR52/UR55 industrial cellular router. You can refer to it for detailed functionality and router configuration. Readers This guide is mainly intended for the following users: - Network Planners - On-site technical support and maintenance personnel - Network administrators responsible for network configuration and maintenance © 2017 Xiamen Ursalink Technology Co., Ltd. All rights reserved. All information in this user guide is protected by copyright law. Whereby, no organization or individual shall copy or reproduce the whole or part of this user guide by any means without written authorization from Xiamen Ursalink Technology Co., Ltd. Products Covered This guide explains how to configure the following devices: • Ursalink UR52 Industrial Cellular Router • Ursalink UR55 Industrial Cellular Router Related Documents Document Description Ursalink UR52/UR55 Datasheet Datasheet for the Ursalink UR5x series industrial cellular router. Ursalink UR52/UR55 Quick Start Guide Quick Installation guide for the Ursalink UR5x series industrial cellular router. Declaration of Conformity UR32 User Guide1 Preface Thanks for choosing Ursalink UR32 industrial cellular router. The UR32 industrial cellular router delivers tenacious connection over network with full-featured design such as automated failover/failback, extended operating temperature, dual SIM cards, hardware watchdog, VPN, Fast Ethernet and beyond. This guide describes how to configure and operate the UR32 industrial cellular router. You can refer to it for detailed functionality and router configuration. Readers This guide is mainly intended for the following users: - Network Planners - On-site technical support and maintenance personnel - Network administrators responsible for network configuration and maintenance © 2020 Xiamen Ursalink Technology Co., Ltd. All rights reserved. All information in this user guide is protected by copyright law. Whereby, no organization or individual shall copy or reproduce the whole or part of this user guide by any means without written authorization from Xiamen Ursalink Technology Co., Ltd. Products Covered This guide explains how to configure the following devices: • Ursalink UR32 Industrial Cellular Router Related Documents Document Description Ursalink UR32 Datasheet Datasheet for the Ursalink UR32 industrial cellular router. Ursalink UR32 Quick Start Guide Quick Installation guide for the Ursalink UR32 series industrial cellular router. Declaration of Conformity UR32 is in conformity with the essential requirements and other relevant provisions of the CE, FCC, and RoHS. UR32 User Guide2

For assistance, please contact Ursalink technical support: Email: support@ursalink.com Tel.: 86-592-5023060 Fax: 86-592-5023065 Revision History Date Doc Version Description May. 16, 2019 V 1.1.0 Initial version Nov. 14, 2019 V 1.2.0 Add Python, SMS, IP passthrough functions May 11, 2020 V 1.3.0 Web interfaces upgrade UR32 User Guide3

Contents Chapter 1 Product Introduction............................................................................................................................... 8 1.1 Overview.....................................................................................................................................................8 1.2 Advantages..................................................................................................................................................8 1.3 Specifications..............................................................................................................................................9 1.4 Dimensions (mm)......................................................................................................................................11 Chapter 2 Access to Web GUI.................................................................................................................................12 2.1 PC Configuration for Web GUI Access to Router.....................................................................................12 2.2 Access to Web GUI of Router...................................................................................................................13 Chapter 3 Web Configuration.................................................................................................................................15 3.1 Status.........................................................................................................................................................15 3.1.1 Overview........................................................................................................................................15 3.1.2 Cellular........................................................................................................................................... 16 3.1.3 Network......................................................................................................................................... 17 3.1.4 WLAN (Only Applicable to Wi-Fi Version)....................................................................................19 3.1.5 VPN.................................................................................................................................................20 3.1.6 Routing...........................................................................................................................................21 3.1.7 Host List..........................................................................................................................................21 3.1.8 GPS (Only Applicable to GPS Version)..........................................................................................22 3.2 Network.....................................................................................................................................................23 3.2.1 Interface.........................................................................................................................................23 3.2.1.1 Link Failover........................................................................................................................23 3.2.1.2 Cellular................................................................................................................................25 3.2.1.3 Port......................................................................................................................................27 3.2.1.4 WAN....................................................................................................................................28 3.2.1.5 Bridge..................................................................................................................................32 3.2.1.6 WLAN (Only Applicable to Wi-Fi Version).........................................................................33 3.2.1.7 Switch..................................................................................................................................35 3.2.1.8 Loopback.............................................................................................................................36 3.2.2 DHCP...............................................................................................................................................36 3.2.2.1 DHCP Server........................................................................................................................36 3.2.2.2 DHCP Relay......................................................................................................................... 38 3.2.3 Firewall...........................................................................................................................................38 3.2.3.1 Security............................................................................................................................... 39 3.2.3.2 ACL.......................................................................................................................................40 3.2.3.3 Port Mapping......................................................................................................................41 3.2.3.4 DMZ.....................................................................................................................................42 3.2.3.5 MAC Binding.......................................................................................................................43 3.2.3.6 Custom Rules......................................................................................................................43 3.2.3.7 SPI........................................................................................................................................44 3.2.4 QoS.................................................................................................................................................45 3.2.5 VPN.................................................................................................................................................46 3.2.5.1 DMVPN................................................................................................................................46 UR32 User Guide4

3.2.5.2 IPSec Server........................................................................................................................ 47 3.2.5.3 IPSec....................................................................................................................................50 3.2.5.4 GRE......................................................................................................................................52 3.2.5.5 L2TP.....................................................................................................................................54 3.2.5.6 PPTP.................................................................................................................................... 56 3.2.5.7 OpenVPN Client..................................................................................................................58 3.2.5.8 OpenVPN Server.................................................................................................................59 3.2.5.9 Certifications.......................................................................................................................61 3.2.6 IP Passthrough...............................................................................................................................64 3.2.7 Routing...........................................................................................................................................64 3.2.7.1 Static Routing......................................................................................................................64 3.2.7.2 RIP....................................................................................................................................... 65 3.2.7.3 OSPF....................................................................................................................................68 3.2.7.4 Routing Filtering.................................................................................................................74 3.2.8 VRRP...............................................................................................................................................74 3.2.9 DDNS.............................................................................................................................................. 76 3.3 System.......................................................................................................................................................78 3.3.1 General Settings.............................................................................................................................78 3.3.1.1 General................................................................................................................................78 3.3.1.2 System Time........................................................................................................................79 3.3.1.3 Email....................................................................................................................................81 3.3.1.4 Storage................................................................................................................................82 3.3.2 Phone&SMS...................................................................................................................................83 3.3.2.1 Phone..................................................................................................................................83 3.3.2.2 SMS..................................................................................................................................... 84 3.3.3 User Management.........................................................................................................................85 3.3.3.1 Account...............................................................................................................................85 3.3.3.2 User Management..............................................................................................................86 3.3.4 SNMP..............................................................................................................................................87 3.3.4.1 SNMP...................................................................................................................................87 3.3.4.2 MIB View.............................................................................................................................88 3.3.4.3 VACM...................................................................................................................................89 3.3.4.4 Trap..................................................................................................................................... 90 3.3.4.5 MIB......................................................................................................................................90 3.3.5 AAA.................................................................................................................................................91 3.3.5.1 Radius..................................................................................................................................91 3.3.5.2 TACACS+..............................................................................................................................92 3.3.5.3 LDAP....................................................................................................................................92 3.3.5.4 Authentication....................................................................................................................93 3.3.6 Device Management..................................................................................................................... 94 3.3.6.1 DeviceHub...........................................................................................................................94 3.3.6.2 Ursalink VPN.......................................................................................................................95 3.3.7 Events.............................................................................................................................................96 3.3.7.1 Events..................................................................................................................................96 UR32 User Guide5

3.3.7.2 Events Settings....................................................................................................................97 3.4 Industrial Interface................................................................................................................................... 99 3.4.1 I/O.................................................................................................................................................. 99 3.4.1.1 DI.........................................................................................................................................99 3.4.1.2 DO..................................................................................................................................... 100 3.4.2 Serial Port.....................................................................................................................................101 3.4.3 Modbus Slave.............................................................................................................................. 104 3.4.3.1 Modbus TCP......................................................................................................................104 3.4.3.2 Modbus RTU.....................................................................................................................105 3.4.3.3 Modbus RTU Over TCP.....................................................................................................106 3.4.4 Modbus Master........................................................................................................................... 107 3.4.4.1 Modbus Master................................................................................................................107 3.4.4.2 Channel.............................................................................................................................108 3.4.5 GPS (Only Applicable to GPS Version)........................................................................................110 3.4.5.1 GPS....................................................................................................................................110 3.4.5.2 GPS IP Forwarding............................................................................................................110 3.4.5.3 GPS Serial Forwarding......................................................................................................112 3.5 Maintenance...........................................................................................................................................113 3.5.1 Tools............................................................................................................................................. 113 3.5.1.1 Ping....................................................................................................................................113 3.5.1.2 Traceroute.........................................................................................................................113 3.5.1.3 Packet Analyzer................................................................................................................ 114 3.5.1.4 Qxdmlog............................................................................................................................114 3.5.2 Debugger......................................................................................................................................115 3.5.2.1 Cellular Debugger.............................................................................................................115 3.5.2.2 Firewall Debugger............................................................................................................ 115 3.5.3 Log................................................................................................................................................116 3.5.3.1 System Log........................................................................................................................116 3.5.3.2 Log Download...................................................................................................................117 3.5.3.3 Log Settings.......................................................................................................................118 3.5.4 Upgrade........................................................................................................................................119 3.5.5 Backup and Restore.....................................................................................................................119 3.5.6 Reboot..........................................................................................................................................120 3.6 APP.......................................................................................................................................................... 121 3.6.1 Python..........................................................................................................................................121 3.6.1.1 Python...............................................................................................................................121 3.6.1.2 App Manager Configuration............................................................................................ 122 3.6.1.3 Python App.......................................................................................................................123 Chapter 4 Application Examples.......................................................................................................................... 124 4.1 Restore Factory Defaults........................................................................................................................ 124 4.1.1 Via Web Interface........................................................................................................................124 4.2.2 Via Hardware...............................................................................................................................125 4.2 Firmware Upgrade..................................................................................................................................125 4.3 Events Application Example...................................................................................................................126 UR32 User Guide6

4.4 SNMP Application Example....................................................................................................................128 4.5 Network Connection...............................................................................................................................131 4.5.1 Cellular Connection.....................................................................................................................131 4.5.2 Ethernet WAN Connection..........................................................................................................133 4.6 Wi-Fi Application Example (Only Applicable to Wi-Fi Version)............................................................136 4.6.1 AP Mode.......................................................................................................................................136 4.6.2 Client Mode................................................................................................................................. 137 4.7 VRRP Application Example.....................................................................................................................138 4.8 NAT Application Example.......................................................................................................................141 4.9 Access Control Application Example......................................................................................................142 4.10 QoS Application Example.....................................................................................................................143 4.11 DTU Application Example.....................................................................................................................144 4.12 PPTP Application Example................................................................................................................... 148 UR32 User Guide7

Chapter 1 Product Introduction 1.1 Overview Ursalink UR32 is an industrial cellular router with embedded intelligent software features that are designed for multifarious M2M/IoT applications. Supporting global WCDMA and 4G LTE, UR32 provides drop-in connectivity for operators and makes a giant leap in maximizing uptime. Adopting high-performance and low-power consumption industrial grade CPU and wireless module, the UR32 is capable of providing wire-speed network with low power consumption and ultra-small package to ensure the extremely safe and reliable connection to the wireless network. Meanwhile, the UR32 also supports Fast Ethernet ports, serial port (RS232) and I/O (input/output), which enables you to scale up M2M application combining data and video in limited time and budget. The UR32 is particularly ideal for smart grid, digital media installations, industrial automation, telemetry equipment, medical device, digital factory, finance, payment device, environment protection, water conservancy and so on. For details of hardware and installation, please check UR32 Quick Start Guide. Figure 1-1 1.2 Advantages Benefits - Built-in industrial strong CPU, big memory - Fast Ethernet is applied to all models of Ursalink routers for lightning transmission of data - Dual SIM cards for backup between multiple carriers networking and global 2G/3G/LTE options make it easy to get connected - Flexible modular design provides users with different connection modules like Ethernet, I/O, serial port, Wi-Fi, GPS for connecting diverse field assets - Embedded Python SDK for second development - Rugged enclosure, optimized for DIN rail or shelf mounting - 3-year warranty included UR32 User Guide8

Security & Reliability - Automated failover/failback between Ethernet and Cellular (dual SIM) - Enable unit with security frameworks like IPsec/OpenVPN/GRE/L2TP/PPTP/ DMVPN - Embed hardware watchdog, able to automatically recover from various failure, ensure highest level of availability - Establish a secured mechanism on centralized authentication and authorization of device access by supporting AAA (TACACS+, Radius, LDAP, local authentication) and multiple levels of user authority Easy Maintenance - Ursalink DeviceHub provides easy setup, mass configuration, and centralized management of remote devices - The user-friendly web interface design and more than one option of upgrade help administrator to manage the device as easy as pie - WEB GUI and CLI enable the admin to achieve simple management and quick configuration among a large quantity of devices - Efficiently manage the remote routers on the existing platform through the industrial standard SNMP Capabilities - Link remote devices in an environment where communication technologies are constantly changing - Industrial 32-bit ARM Cortex-A7 processor, high-performance operating up to 528MHz with low power consumption below 1W, and 128 MB memory available to support more applications - Support rich protocols like SNMP, Modbus bridging, RIP, OSPF - Support wide operating temperature ranging from -40°C to 70°C/-40°F to 158°F 1.3 Specifications Hardware System CPU 528MHz, 32-bit ARM Cortex-A7 Memory 128 MB Flash, 128 MB DDR3 RAM Storage 1 × Micro SD Cellular Interfaces Connectors 2 × 50 Ω SMA (Center pin: female) SIM Slots 2 Wi-Fi Interface (Optional) Connectors 1 × 50 Ω SMA (Center pin: male) UR32 User Guide9

Standards IEEE 802.11 b/g/n Tx Power 802.11b: 16 dBm +/-1.5 dBm (11 Mbps) 802.11g: 14 dBm +/-1.5 dBm (54 Mbps) 802.11n: 13 dBm +/-1.5 dBm (65 Mbps, HT20/40 MCS7) Modes Support AP and Client mode, multiple SSID Security WPA/WPA2 authentication, WEP/TKIP/AES encryption GPS (Optional) Connectors 1 × 50 Ω SMA (Center pin: female) Protocols NMEA 0183, PMTK Ethernet Ports 2 × RJ-45 (PoE PSE Optional) Physical Layer 10/100 Base-T (IEEE 802.3) Data Rate 10/100 Mbps (auto-sensing) Interface Auto MDI/MDIX Mode Full or half duplex (auto-sensing) Serial Interface Ports 1 × RS232 (RS485 Optional) Connector Terminal block Baud Rate 300bps to 230400bps IOConnector Terminal block Digital 1 × DI + 1 × DO Software Network Protocols PPP, PPPoE, SNMP v1/v2c/v3, TCP, UDP, DHCP, RIPv1/v2, OSPF, DDNS, VRRP, HTTP, HTTPS, DNS, ARP, QoS, SNTP, Telnet, VLAN, SSH, etc. VPN Tunnel DMVPN/IPsec/OpenVPN/PPTP/L2TP/GRE Access Authentication CHAP/PAP/MS-CHAP/MS-CHAPV2 Firewall ACL/DMZ/Port Mapping/MAC Binding/SPI/DoS&DDoS Protection /IP Passthrough Management Web, CLI, SMS, On-demand dial up, DeviceHub AAA Radius, TACACS+, LDAP, Local Authentication Multilevel Authority Multiple levels of user authority Reliability VRRP, WAN Failover, Dual SIM Backup Serial Port Transparent (TCP Client/Server, UDP), Modbus Gateway (Modbus RTU to UR32 User Guide10 Modbus TCP) Power Supply and Consumption Connector 2-pin with 5.08 mm terminal block Input Voltage 9-48 VDC Power Consumption Typical 1.9 W, Max 2.4 W (In Non-PoE mode) Power Output 2 × 802.3 af/at PoE output Physical Characteristics Ingress Protection IP30 Housing & Weight Metal, 271g Dimensions 108 x 90 x 26 mm (4.25 x 3.54 x 1.02 in) Mounting Desktop, wall or DIN rail mounting Others Reset Button 1 × RESET LED Indicators 1 × POWER, 1 × SYSTEM, 1 × SIM, 3 × Signal strength Built-in Watchdog, Timer Certifications RoHS, CE, FCC, PTCRB, AT&T, RCM, NBTC, SPDDI Environmental Operating Temperature -40°C to +70°C (-40°F to +158°F) Reduced cellular performance above 60°C Storage Temperature -40°C to +85°C (-40°F to +185°F) Ethernet Isolation 1.5 kV RMS Relative Humidity 0% to 95% (non-condensing) at 25°C/77°F 1.4 Dimensions (mm) Figure 1-2 UR32 User Guide11

Chapter 2 Access to Web GUI This chapter explains how to access to Web GUI of the UR32 router. 2.1 PC Configuration for Web GUI Access to Router Please connect PC to LAN port of UR32 router directly. PC can obtain an IP address, or you can configure a static IP address manually. The following steps are based on Windows 10 operating system for your reference. 1Click "Search Box" to search "Control Panel" on the Windows 10 taskbar. 2 Click “Control Panel” to open it, and then click “View network status and tasks”. 3 Click "Ethernet" (May have different name). 4 Click "Properties". UR32 User Guide12

5 Double Click "Internet Protocol Version 4 (TCP/IPv4)" to configure IP address and DNS server. 6 Method 1: click "Obtain an IP address automatically"; 2.2 Access to Web GUI of Router Ursalink router provides Web-based configuration interface for management. If this is the first time you configure the router, please use the default settings below. Username: admin Password: password IP Address: 192.168.1.1 DHCP Server: Enabled 1. Start a Web browser on your PC (Chrome and IE are recommended), type in the IP address, and press Enter on your keyboard. 2. Enter the username, password, and click "Login". Method 2: click "Use the following IP address" to assign a static IP manually within the same subnet of the router. (Note: remember to click “OK” to finish configuration.) UR32 User Guide13

If the SIM card is connected to cellular network with public IP address, you can access WEB GUI remotely via the public IP address when remote access is enabled. If you enter the username or password incorrectly more than 5 times, the login page will be locked for 10 minutes. 3. When you login with the default username and password, you will be asked to modify the password. It’s suggested that you change the password for the sake of security. Click "Cancel" button if you want to modify it later. 4. After you login the Web GUI, you can view system information and perform configuration on the router. UR32 User Guide14

Chapter 3 Web Configuration 3.1 Status 3.1.1 Overview You can view the system information of the router on this page. Figure 3-1-1-1 System Information Item Description Model Show the model name of router. Serial Number Show the serial number of router. Firmware Version Show the currently firmware version of router. Hardware Version Show the currently hardware version of router. Table 3-1-1-1 System Information System Status Item Description Local Time Show the currently local time of system. Uptime Show the information on how long the router has been running. CPU Load Show the current CPU utilization of the router. RAM (Available/ Capacity) Show the RAM capacity and the available RAM memory. Flash (Available/ Capacity) Show the Flash capacity and the available Flash memory. Table 3-1-1-2 System Status UR32 User Guide15

Cellular Item Description Status Show the real-time status of the currently SIM card Current SIM Show the SIM card currently used for the data connection. IP Show the IP address obtained from the mobile carrier. Connection Duration Show the connection duration of the currently SIM card. Data Usage Monthly Show the monthly data usage statistics of currently used SIM card. Table 3-1-1-3 Cellular Status WAN Item Description Status Show the currently local time of system. IP The IP address configured WAN port. MAC The MAC address of the Ethernet port. Connection Duration Show the connection duration of the WAN port. Table 3-1-1-4 WAN Status LAN Item Description IP Show the IP address of the LAN port. Connected Devices Number of devices that connected to the router's LAN. Table 3-1-1-5 LAN Status 3.1.2 Cellular You can view the cellular network status of router on this page. Figure 3-1-2-1 UR32 User Guide16

Modem Information Item Description Status Show corresponding detection status of module and SIM card. Model Show the model name of cellular module. Current SIM Show the current SIM card used. Signal Level Show the cellular signal level. Register Status Show the registration status of SIM card. IMEI Show the IMEI of the module. IMSI Show IMSI of the SIM card. ICCID Show ICCID of the SIM card. ISP Show the network provider which the SIM card registers on. Network Type Show the connected network type, such as LTE, 3G, etc. PLMN ID Show the current PLMN ID, including MCC, MNC, LAC and Cell ID. LAC Show the location area code of the SIM card. Cell ID Show the Cell ID of the SIM card location. Table 3-1-2-1 Modem Information Network Item Description Status Show the connection status of cellular network. IP Address Show the IP address of cellular network. Netmask Show the netmask of cellular network. Gateway Show the gateway of cellular network. DNS Show the DNS of cellular network. Connection Duration Show information on how long the cellular network has been connected. Table 3-1-2-2 Network Status Data Usage Monthly Item Description SIM-1 Show the monthly data usage statistics of SIM-1. SIM-2 Show the monthly data usage statistics of SIM-2. Table 3-1-2-3 Data Usage Information 3.1.3 Network On this page you can check the WAN and LAN status of the router. UR32 User Guide17

Figure 3-1-3-1 WAN Status Item Description Port Show the name of WAN port. Status Show the status of WAN port. "up" refers to a status that WAN is enabled and Ethernet cable is connected. "down" means Ethernet cable is disconnected or WAN function is disabled. Type Show the dial-up connection type of WAN port. IP Address Show the IPv4 or IPv6 address of WAN port. Netmask Show the IPv4 netmask of WAN port. Prefix-length Show the IPv6 Prefix-length of WAN port. Gateway Show the gateway of WAN port. DNS Show the DNS of WAN port. Connection Duration Show the information on how long the Ethernet cable has been connected on WAN port when WAN function is enabled. Once WAN function is disabled or Ethernet connection is disconnected, the duration will stop. Table 3-1-3-1 WAN Status Figure 3-1-3-2 Bridge Item Description Name Show the name of the bridge interface. STP Show if STP is enabled. IP Show the IP address of the bridge interface. Netmask Show the Netmask of the bridge interface. Members Show the members of the bridge interface. Table 3-1-3-2 Bridge Status UR32 User Guide18

3.1.4 WLAN (Only Applicable to Wi-Fi Version) You can check Wi-Fi status on this page, including the information of access point and client. Figure 3-1-4-1 WLAN Status Item Description WLAN Status Name Show the name of the Wi-Fi interface . Status Show the status of the Wi-Fi interface. Type Show the Wi-Fi interface type. SSID Show the SSID of the router when the interface type is AP. Show the SSID of AP which the router connected to when the interface type is Client. IP Address Show the IP address of the router when the interface type is AP. Show the IP address of AP which the router connected to when the interface type is Client. Netmask Show the netmask of the router when the interface type is AP. Show the netmask of AP which the router connected to when the interface type is Client. Associated Stations SSID Show the SSID of the router when the interface type is AP. Show the SSID of AP which the router connected to when the interface type is Client. MAC Address Show the MAC address of the client which connected to the router when the interface type is AP. Show the MAC address of the AP which the router connected to when the interface type is Client. IP Address Show the IP address of the client which connected to the router when the interface type is AP. Show the IP address of the AP which the router connected to when the interface type is Client. Connection Duration Show the connection duration between client device and router when the interface type is AP. Show the connection duration between router and the AP when the interface type is Client. Table 3-1-4-1 WLAN Status UR32 User Guide19

3.1.5 VPN You can check VPN status on this page, including PPTP, L2TP, IPsec, OpenVPN and DMVPN. Figure 3-1-5-1 VPN Status Item Description Clients Name Show the name of the enabled VPN clients. Status Show the status of client. "Connected" refers to a status that client is connected to the server. "Disconnected" means client is disconnected to the server. Local IP Show the local IP address of the tunnel. Remote IP Show the real remote IP address of the tunnel. Server Name Show the name of the enabled VPN Server. Status Show the status of Server. Connected List Server Type Show the type of the server. Client IP Show the IP address of the client which connected to the server. Duration Show the information about how long the client has been connected to this server when the server is enabled. Once the server is disabled or connection is disconnected, the duration will stop counting. Table 3-1-5-1 VPN Status UR32 User Guide20

3.1.6 Routing You can check routing status on this page, including the routing table and ARP cache. Figure 3-1-6-1 Item Description Routing Table Destination Show the IP address of destination host or destination network. Netmask Show the netmask of destination host or destination network. Gateway Show the IP address of the gateway. Interface Show the outbound interface of the route. Metric Show the metric of the route. ARP Cache IP Show the IP address of ARP pool. MAC Show the IP address's corresponding MAC address. Interface Show the binding interface of ARP. Table 3-1-6-1 Routing Information 3.1.7 Host List You can view the host information on this page. UR32 User Guide21

Figure 3-1-7-1 Host List Item Description DHCP Leases IP Address Show IP address of DHCP client MAC Address Show MAC address of DHCP client Lease Time Remaining Show the remaining lease time of DHCP client. MAC Binding IP & MAC Show the IP address and MAC address set in the Static IP list of DHCP service. Table 3-1-7-1 Host List Description 3.1.8 GPS (Only Applicable to GPS Version) When GPS function is enabled and the GPS information is obtained successfully, you can view the latest GPS information including GPS Time, Latitude, Longitude and Speed on this page. Figure 3-1-8-1 UR32 User Guide22

GPS Status Item Description Status Show the status of GPS. Time for Locating Show the time for locating. Satellites In Use Show the quantity of satellites in use. Satellites In View Show the quantity of satellites in view. Latitude Show the Latitude of the location. Longitude Show the Longitude of the location. Altitude Show the Altitude of the location. Speed Show the speed of movement. Table 3-1-8-1 GPS Status Description 3.2 Network 3.2.1 Interface 3.2.1.1 Link Failover This section describes how to configure link failover strategies, their priority and the ping settings, each rule owns its own ping rules by default. Router will follow the priority to choose the next available interface to access the internet, make sure you have enable the full interface that you need to use here. Figure 3-2-1-1 Link Failover Item Description Link Priority Priority Display the priority of each interface, you can modify it by the operation’s up and down button. UR32 User Guide23

If enabled, the router will choose this interface into its Enable Rule switching rule. For the Cellular interface, if it’s not enabled here, the interface will be disabled as well. Link In Use Mark whether this interface is in use with Green color Interface Display the name of the interface. Connection type Display how to obtain the IP address in this interface, like static IP or DHCP. IP Display the IP address of the interface. Operation You can change the priority of the rules and configure the ping detection rules here. Settings Revert Interval Specify the number of seconds to waiting for switching to the link with higher priority, 0 means disable the function. Emergency Reboot Enable to reboot the device if no link is available. Table 3-2-1-1 Link Failover Parameters Figure 3-2-1-2 Ping Detection Item Description Enable If enabled, the router will periodically detect the connection status of the link. Primary Server (IPv4) The router will send ICMP packet to the IP address or hostname to determine whether the Internet connection is still available or not. Secondary Server (IPv4) The router will try to ping the secondary server name if primary server is not available. UR32 User Guide24

Interval Time interval (in seconds) between two Pings. Retry Interval Set the ping retry interval. When ping failed, the router will ping again in every retry interval. Timeout The maximum amount of time the router will wait for a response to a ping request. If it does not receive a response for the amount of time defined in this field, the ping request will be considered to have failed. Max Ping Retries The retry times of the router sending ping request until determining that the connection has failed. Table 3-2-1-2 Ping Detection Parameters 3.2.1.2 Cellular This section explains how to set the related parameters for cellular network. The UR32 cellular router has two cellular interfaces, namely SIM1 and SIM2. Only one cellular interface is active at one time. If both cellular interfaces are enabled, it will follow the priority rule configured in ‘Link Failover’ page. Figure 3-2-1-3 Cellular Settings Item Description APN Enter the Access Point Name for cellular dial-up connection UR32 User Guide25

provided by local ISP. Username Enter the username for cellular dial-up connection provided by local ISP. Password Enter the password for cellular dial-up connection provided by local ISP. PIN Code Enter a 4-8 characters PIN code to unlock the SIM. Access Number Enter the dial-up center NO. For cellular dial-up connection provided by local ISP. Authentication Type Select from "Auto", "PAP", "CHAP", "MS-CHAP", and "MS-CHAPv2". Network Type Select from "Auto", "4G Only", "3G Only", and "2G Only". Auto: connect to the network with the strongest signal automatically. 4G Only: connect to 4G network only. And so on. PPP Preferred The PPP dial-up method is preferred. SMS Center Enter the local SMS center number for storing, forwarding, converting and delivering SMS message. Enable NAT Enable or disable NAT function. Roaming Enable or disable roaming. Data Limit When you reach the specified data usage limit, the data connection of currently used SIM card will be disabled. 0 means disable the function. Billing Day Choose the billing day of the SIM card, the router will reset the data used to 0. Table 3-2-1-3 Cellular Parameters Figure 3-2-1-4 UR32 User Guide26

Connection Setting Item Description Connection Mode Select from "Always Online" and "Connect on Demand". Re-dial Interval(s) Set the interval to dial into ISP when it lost connection, the default value is 5s. Max Idle Times Set the maximum duration of router when current link is under idle status. Range: 10-3600 Triggered by Call The router will switch from offline mode to cellular network mode automatically when it receives a call from the specific phone number. Call Group Select a call group for call trigger. Go to "System > Phone&SMS > Phone" to set up phone group. Triggered by SMS The router will switch from offline mode to cellular network mode automatically when it receives a specific SMS from the specific mobile phone. SMS Group Select an SMS group for trigger. Go to "System > Phone&SMS > SMS" to set up SMS group. SMS Text Fill in the SMS content for triggering. Triggered by IO The router will switch from offline mode to cellular network mode automatically when the DI status is changed. Go to "Industrial > I/O > DI" to configure trigger condition. Table 3-2-1-4 Cellular Parameters Related Topics Cellular Network Connection Phone Group DI Setting 3.2.1.3 Port This section describes how to configure the Ethernet port parameters. UR32 cellular router supports 2 Fast Ethernet ports. Figure 3-2-1-5 Port Setting Item Description Port Users can define the Ethernet ports according to their needs. Status Set the status of Ethernet port; select "up" to enable and "down" to disable. Property Set the Ethernet port's type, as a WAN port or a LAN port. UR32 User Guide27

Speed Set the Ethernet port's speed. The options are "auto", "100 Mbps", and "10 Mbps". Duplex Set the Ethernet port's mode. The options are "auto", "full", and "half". Table 3-2-1-5 Port Parameters 3.2.1.4 WAN WAN port can be connected with Ethernet cable to get Internet access. It supports 3 connection types. - Static IP: configure IP address, netmask and gateway for Ethernet WAN interface. - DHCP Client: configure Ethernet WAN interface as DHCP Client to obtain IP address automatically. - PPPoE: configure Ethernet WAN interface as PPPoE Client. Figure 3-2-1-6 WAN Setting Item Description Default Enable Enable WAN function. Enable Port The port that is currently set as WAN port. LAN1/WAN Connection Type Select from "Static IP", "DHCP Client", “DHCPv6 Client” and "PPPoE". Static IP MTU Set the maximum transmission unit. 1500 UR32 User Guide28

Primary DNS Server Set the primary DNS. 8.8.8.8 Secondary DNS Server Set the secondary DNS. Null Enable NAT Enable or disable NAT function. When enabled, a private IP can be translated to a public IP. Enable Table 3-2-1-6 WAN Parameters 1. Static IP Configuration If the external network assigns a fixed IP for the WAN interface, user can select “Static IP” mode. Figure 3-2-1-7 Static IP Item Description Default IPv4 Address Set the IPv4 address which can access Internet. E.g. 192.168.1.2. 192.168.0.1 Netmask Set the Netmask for WAN port. 255.255.255.0 IPv4 Gateway Set the gateway for WAN port's IPv4 address. 192.168.0.2 IPv6 Address Set the IPv6 address which can access Internet. Generated from Mac address Prefix-length Set the IPv6 prefix length to identify how many bits of a Global Unicast IPv6 address are there in network part. For example, in 64 UR32 User Guide29

2001:0DB8:0000:000b::/64, the number 64 is used to identify that the first 64 bits are in network part. IPv6 Gateway Set the gateway for WAN port's IPv6 address. E.g.2001:DB8:ACAD:4::2. -- Multiple IP Address Set the multiple IP addresses for WAN port. Null Table 3-2-1-7 Static Parameters 2. DHCP Client/DHCPv6 Client If the external network has DHCP server enabled and has assigned IP addresses to the Ethernet WAN interface, user can select “DHCP client” mode to obtain IP address automatically. Figure 3-2-1-8 Figure 3-2-1-9 UR32 User Guide30

DHCP Client Item Description Use Peer DNS Obtain peer DNS automatically during PPP dialing. DNS is necessary when visiting domain name. DHCPv6 Client Request IPv6-address Choose the ways to obtain the IPv6 address from the DHCP Server. Select from try, force, none. Try: The DHCP Server will assign specific address in priority. Force: The DHCP Server assigns specific address only. None: The DHCP Server will randomly assign address.The specific address is relevant to the prefix length of IPv6 address you set. Request prefix length of IPv6 Set the prefix length of IPv6 address which router is expected to obtain from DHCP Server. Table 3-2-1-8 DHCP Client Parameters 3. PPPoE PPPoE refers to a point to point protocol over Ethernet. User has to install a PPPoE client on the basis of original connection way. With PPPoE, remote access devices can get control of each user. Figure 3-2-1-10 UR32 User Guide31

PPPoE Item Description Username Enter the username provided by your Internet Service Provider (ISP). Password Enter the password provided by your Internet Service Provider (ISP). Link Detection Interval (s) Set the heartbeat interval for link detection. Range: 1-600. Max Retries Set the maximum retry times after it fails to dial up. Range: 0-9. Use Peer DNS Obtain peer DNS automatically during PPP dialing. DNS is necessary when visiting domain name. Table 3-2-1-9 PPOE Parameters Related Configuration Example Ethernet WAN Connection 3.2.1.5 Bridge Bridge setting is used for managing local area network devices which are connected to LAN ports of the UR32, allowing each of them to access the Internet. Figure 3-2-1-11 Bridge Item Description Default Name Show the name of bridge. "Bridge0" is set by default and cannot be changed. Bridge0 STP Enable/disable STP. Disable IP Address Set the IP address for bridge. 192.168.1.1 Netmask Set the Netmask for bridge. 255.255.255.0 MTU Set the maximum transmission unit. Range: 68-1500. 1500 Multiple IP Address Set the multiple IP addresses for bridge. Null Table 3-2-1-10 UR32 User Guide32

3.2.1.6 WLAN (Only Applicable to Wi-Fi Version) This section explains how to set the related parameters for Wi-Fi network. UR32 supports 802.11 b/g/n, as AP or client mode. Wi-Fi is optional on UR32. Figure 3-2-1-12 WLAN Item Description Enable Enable/disable WLAN. Work Mode Select router's work mode. The options are "Client" or "AP". Encryption Mode Select encryption mode. The options are “No Encryption", “WEP Open System" , “WEP Shared Key", “WPA-PSK", “WPA2-PSK" and “WPA-PSK/WPA2-PSK". BSSID Fill in the MAC address of the access point. Either SSID or BSSID can be filled to joint the network. SSID Fill in the SSID of the access point. Client Mode Scan Click "Scan" button to search the nearby access point. SSID Show SSID. Channel Show wireless channel. Signal Show wireless signal. BSSID Show the MAC address of the access point. UR32 User Guide33

Cipher Show the cipher of the access point. Security Show the encryption mode. Frequency Show the frequency of radio. Join Network Click the button to join the wireless network. AP Mode Radio Type Select Radio type. The options are “802.11b (2.4 GHz)", “802.11g (2.4 GHz)", “802.11n (2.4 GHz)”. Channel Select wireless channel. The options are "Auto", "1", "2"......"11". Cipher Select cipher. The options are “Auto", “AES", “TKIP" and “AES/TKIP". Key Fill the pre-shared key of WPA encryption. Bandwidth Select bandwidth. The options are "20MHz" and "40MHz". SSID Broadcast When SSID broadcast is disabled, other wireless devices can't not find the SSID, and users have to enter the SSID manually to access to the wireless network. AP Isolation When AP isolation is enabled, all users which access to the AP are isolated without communication with each other. Guest Mode The internal network is not allowed to visit if the guest mode is enabled. Max Client Number Set the maximum number of client to access when the router is configured as AP. IP Setting Protocol Set the IP address in wireless network. IP Address Set the IP address in wireless network. Netmask Set the netmask in wireless network. Gateway Set the gateway in wireless network. Table 3-2-1-11 WLAN Parameters Figure 3-2-1-13 MAC Filtering Item Description Type In this mode, you can choose the rule according to your security policy, which is ‘Allow and Block the Rest’ and ‘Block and Allow the Rest’, the default value is Disabled. Allow and block the rest Only the listed MAC addresses are allowed to connect to the router's wireless access point. Block and allow the rest The listed MAC addresses are not allowed to connect to the router's UR32 User Guide34

wireless access point. Table 3-2-1-12 MAC Filtering Parameters Related Topic Wi-Fi Application Example 3.2.1.7 Switch VLAN is a kind of new data exchange technology that realizes virtual work groups by logically dividing the LAN device into network segments. Figure 3-2-1-14 Switch Item Description LAN Settings Name Set interface name of VLAN. VLAN ID Select VLAN ID of the interface. IP Address Set IP address of LAN port. Netmask Set Netmask of LAN port. MTU Set the maximum transmission unit of LAN port. Range: 68-1500. VLAN Settings VLAN ID Set the label ID of the VLAN. Range: 1-4094. FE1/1, FE1/2 Make the VLAN bind with the corresponding ports and select status from "Tagged", "Untagged" and "Close" for Ethernet frame on trunk link. CPU Control communication between VLAN and other networks. Table 3-2-1-13 VLAN Trunk Parameters UR32 User Guide35

3.2.1.8 Loopback Loopback interface is used for replacing router's ID as long as it is activated. When the interface is DOWN, the ID of the router has to be selected again which leads to long convergence time of OSPF. Therefore, Loopback interface is generally recommended as the ID of the router. Loopback interface is a logic and virtual interface on router. Under default conditions, there's no loopback interface on router, but it can be created as required. Figure 3-2-1-15 Loopback Item Description Default IP Address Unalterable 127.0.0.1 Netmask Unalterable 255.0.0.0 Multiple IP Addresses Apart from the IP above, user can configure other IP addresses. Null Table 3-2-1-14 Loopback Parameters 3.2.2 DHCP DHCP adopts Client/Server communication mode. The Client sends configuration request to the Server which feeds back corresponding configuration information and distributes IP address to the Client so as to achieve the dynamic configuration of IP address and other information. 3.2.2.1 DHCP Server The UR32 can be set as a DHCP server to distribute IP address when a host logs on and ensures each host is supplied with different IP addresses. DHCP Server has simplified some previous network management tasks requiring manual operations to the largest extent. UR32 User Guide36

DHCP Server Item Description Default Enable Enable or disable DHCP server. Enable Interface Select interface. Bridge0 Start Address Define the beginning of the pool of IP addresses which will be leased to DHCP clients. 192.168.1.2 End Address Define the end of the pool of IP addresses which will be leased to DHCP clients. 192.168.1.25 4 Netmask Define the subnet mask of IP address obtained by DHCP clients from DHCP server. 255.255.255. 0 Lease Time (Min) Set the lease time on which the client can use the IP address obtained from DHCP server. Range: 1-10080. 1440 Primary DNS Server Set the primary DNS server. 192.168.1.1 Secondary DNS Server Set the secondary DNS server. Null Windows Name Server Define the Windows Internet Naming Service obtained by DHCP clients from DHCP sever. Generally you can leave it blank. Null Static IP MAC Address Set a static and specific MAC address for the DHCP client (it should be different from other MACs so as to avoid conflict). Null IP Address Set a static and specific IP address for the DHCP client (it should be outside of the DHCP range). Null Figure 3-2-2-1 Table 3-2-2-1 DHCP Server Parameters UR32 User Guide37

3.2.2.2 DHCP Relay The UR32 can be set as DHCP Relay to provide a relay tunnel to solve the problem that DHCP Client and DHCP Server are not in the same subnet. Figure 3-2-2-2 DHCP Relay Item Description Enable Enable or disable DHCP relay. DHCP Server Set DHCP server, up to 10 servers can be configured; separate them by blank space or ",". Table 3-2-2-2 DHCP Relay Parameters 3.2.3 Firewall This section describes how to set the firewall parameters, including security, ACL, DMZ, Port Mapping, MAC Binding and SPI. The firewall implements corresponding control of data flow at entry direction (from Internet to local area network) and exit direction (from local area network to Internet) according to the content features of packets, such as protocol style, source/destination IP address, etc. It ensures that the router operate in a safe environment and host in local area network. UR32 User Guide38

3.2.3.1 Security Figure 3-2-3-1 Item Description Default Prevent Attack DoS/DDoS Protection Enable/disable Prevent DoS/DDoS Attack. Disable Access Service Control Port Set port number of the services. Range: 1-65535. -- Local Access the router locally. Enable Remote Access the router remotely. Disable HTTP Users can log in the device locally via HTTP to access and control it through Web after the option is checked. 80 HTTPS Users can log in the device locally and remotely via HTTPS to access and control it through Web after option is checked. 443 TELNET Users can log in the device locally and remotely via Telnet after the option is checked. 23 UR32 User Guide39

SSH Users can log in the device locally and remotely via SSH after the option is checked. 22 FTP Users can log in the device locally and remotely via FTP after the option is checked. 21 Website Blocking URL Blocking Enter the HTTP address which you want to block. Keyword Blocking You can block specific website by entering keyword. The maximum number of character allowed is 64. Table 3-2-3-1 Security Parameters 3.2.3.2 ACL Access control list, also called ACL, implements permission or prohibition of access for specified network traffic (such as the source IP address) by configuring a series of matching rules so as to filter the network interface traffic. When router receives packet, the field will be analyzed according to the ACL rule applied to the current interface. After the special packet is identified, the permission or prohibition of corresponding packet will be implemented according to preset strategy. The data package matching rules defined by ACL can also be used by other functions requiring flow distinction. Figure 3-2-3-2 Item Description ACL Setting Default Filter Policy Select from "Accept" and "Deny". The packets which are not included in the access control list will be processed by the default filter policy. Access Control List Type Select type from "Extended" and "Standard". UR32 User Guide40

ID User-defined ACL number. Range: 1-199. Action Select from "Permit" and "Deny". Protocol Select protocol from "ip", "icmp", "tcp", "udp", and "1-255". Source IP Source network address (leaving it blank means all). Source Wildcard Mask Wildcard mask of the source network address. Destination IP Destination network address (0.0.0.0 means all). Destination Wildcard Mask Wildcard mask of destination address. Description Fill in a description for the groups with the same ID. ICMP Type Enter the type of ICMP packet. Range: 0-255. ICMP Code Enter the code of ICMP packet. Range: 0-255. Source Port Type Select source port type, such as specified port, port range, etc. Source Port Set source port number. Range: 1-65535. Start Source Port Set start source port number. Range: 1-65535. End Source Port Set end source port number. Range: 1-65535. Destination Port Type Select destination port type, such as specified port, port range, etc. Destination Port Set destination port number. Range: 1-65535. Start Destination Port Set start destination port number. Range: 1-65535. End Destination Port Set end destination port number. Range: 1-65535. More Details Show information of the port. Interface List Interface Select network interface for access control. In ACL Select a rule for incoming traffic from ACL ID. Out ACL Select a rule for outgoing traffic from ACL ID. Table 3-2-3-2 ACL Parameters Related Configuration Example Access Control Application Example 3.2.3.3 Port Mapping Port mapping is an application of network address translation (NAT) that redirects a communication request from the combination of an address and port number to another while the packets are traversing a network gateway such as a router or firewall. Click to add a new port mapping rules. UR32 User Guide41

Figure 3-2-3-3 Port Mapping Item Description Source IP Specify the host or network which can access local IP address. 0.0.0.0/0 means all. Source Port Enter the TCP or UDP port from which incoming packets are forwarded. Range: 1-65535. Destination IP Enter the IP address that packets are forwarded to after being received on the incoming interface. Destination Port Enter the TCP or UDP port that packets are forwarded to after being received on the incoming port(s). Range: 1-65535. Protocol Select from "TCP" and "UDP" as your application required. Description The description of this rule. Table 3-2-3-3 Port Mapping Parameters Related Configuration Example NAT Application Example 3.2.3.4 DMZ DMZ is a host within the internal network that has all ports exposed, except those forwarded ports in port mapping. Figure 3-2-3-4 UR32 User Guide42

DMZ Item Description Enable Enable or disable DMZ. DMZ Host Enter the IP address of the DMZ host on the internal network. Source Address Set the source IP address which can access to DMZ host. "0.0.0.0/0" means any address. Table 3-2-3-4 DMZ Parameters 3.2.3.5 MAC Binding MAC Binding is used for specifying hosts by matching MAC addresses and IP addresses that are in the list of allowed outer network access. Figure 3-2-3-5 MAC Binding List Item Description MAC Address Set the binding MAC address. IP Address Set the binding IP address. Description Fill in a description for convenience of recording the meaning of the binding rule for each piece of MAC-IP. Table 3-2-3-5 MAC Binding Parameters 3.2.3.6 Custom Rules In this page, you can configure your own custom firewall iptables rules. You need to follow the format listed here. Figure 3-2-3-6 UR32 User Guide43

Custom Rules Item Description Rule Specify an iptables rule like the example shows. Tips: You must reboot the device to take effect after modifying or deleting the iptables rules. Description Enter the description of the rule. Table 3-2-3-6 Custom Rules Parameters 3.2.3.7 SPI Figure 3-2-3-7 SPI Firewall Item Description Enable Enable/disable SPI firewall. Filter Proxy Blocks HTTP requests containing the "Host": string. Filter Cookies Identifies HTTP requests that contain "Cookie": String and mangle the cookie. Attempts to stop cookies from being used. Filter ActiveX Blocks HTTP requests of the URL that ends in ".ocx" or ".cab". Filter Java Applets Blocks HTTP requests of the URL that ends in ".js" or ".class". Filter Multicast Prevent multicast packets from reaching the LAN. Filter IDENT(port 113) Prevent WAN access to Port 113. Block WAN SNMP access Block SNMP requests from the WAN. Filter WAN NAT Redirection Prevent hosts on LAN from using WAN address of router to connect servers on the LAN (which have been configured using port redirection). Block Anonymous WAN Requests Stop the router from responding to "pings" from the WAN. Table 3-2-3-7 SPI Parameters UR32 User Guide44

3.2.4 QoS Quality of service (QoS) refers to traffic prioritization and resource reservation control mechanisms rather than the achieved service quality. QoS is engineered to provide different priority for different applications, users, data flows, or to guarantee a certain level of performance to a data flow. Figure 3-2-4-1 QoS Item Description Download/Upload Enable Enable or disable QoS. Default Category Select the default category from Service Category list. Download/Upload Bandwidth Capacity The download/upload bandwidth capacity of the network that the router is connected with, in kbps. Range: 1-8000000. Service Category Name You can use characters such digits, letters and "-". Percent (%) Set percent for the service category. Range: 0-100. Max BW(kbps) The maximum bandwidth that this category is allowed to consume, in kbps. The value should be less than the "Download/Upload Bandwidth Capacity" when the traffic is blocked. Min BW(kbps) The minimum bandwidth that can be guaranteed for the category, in kbps.The value should be less than the "MAX BW" value. Service Category Rules Item Description Name Give the rule a descriptive name. UR32 User Guide45

Source IP Source address of flow control (leaving it blank means any). Source Port Source port of flow control. Range: 0-65535 (leaving it blank means any). Destination IP Destination address of flow control (leaving it blank means any). Destination Port Destination port of flow control. Range: 0-65535 (leaving it blank means any). Protocol Select protocol from "ANY", "TCP", "UDP", "ICMP", and "GRE". Service Category Set service category for the rule. Table 3-2-4-1 QoS (Download/Upload) Parameters Related Configuration Example QoS Application Example 3.2.5 VPN Virtual Private Networks, also called VPNs, are used to securely connect two private networks together so that devices can connect from one network to the other network via secure channels. The UR32 supports DMVPN, IPsec, GRE, L2TP, PPTP, OpenVPN, as well as GRE over IPsec and L2TP over IPsec. 3.2.5.1 DMVPN A dynamic multi-point virtual private network (DMVPN), combining mGRE and IPsec, is a secure network that exchanges data between sites without passing traffic through an organization's headquarter VPN server or router. UR32 User Guide46

Figure 3-2-5-1 DMVPN Item Description Enable Enable or disable DMVPN. Hub Address The IP address or domain name of DMVPN Hub. Local IP address DMVPN local tunnel IP address. GRE Hub IP Address GRE Hub tunnel IP address. GRE Local IP Address GRE local tunnel IP address. GRE Netmask GRE local tunnel netmask. GRE Key GRE tunnel key. Negotiation Mode Select from "Main" and "Aggressive". Authentication Algorithm Select from "DES", "3DES", "AES128", "AES192" and "AES256". Encryption Algorithm Select from "MD5" and "SHA1". DH Group Select from "MODP768_1", "MODP1024_2" and "MODP1536_5". Key Enter the preshared key. Local ID Type Select from "Default", "ID", "FQDN", and "User FQDN" IKE Life Time (s) Set the lifetime in IKE negotiation. Range: 60-86400. SA Algorithm Select from "DES_MD5", "DES_SHA1", "3DES_MD5", "3DES_SHA1", "AES128_MD5", "AES128_SHA1", "AES192_MD5", "AES192_SHA1", "AES256_MD5" and "AES256_SHA1". PFS Group Select from "NULL", "MODP768_1", "MODP1024_2" and "MODP1536-5". Life Time (s) Set the lifetime of IPsec SA. Range: 60-86400. DPD Interval Time (s) Set DPD interval time DPD Timeout (s) Set DPD timeout. Cisco Secret Cisco Nhrp key. NHRP Holdtime (s) The holdtime of NHRP protocol. Table 3-2-5-1 DMVPN Parameters 3.2.5.2 IPSec Server IPsec is especially useful for implementing virtual private networks and for remote user access through dial-up connection to private networks. A big advantage of IPsec is that security arrangements can be handled without requiring changes to individual user computers. IPsec provides three choices of security service: Authentication Header (AH), Encapsulating Security Payload (ESP), and Internet Key Exchange (IKE). AH essentially allows authentication of the senders’ data. ESP supports both authentication of the sender and data encryption. IKE is used for cipher code exchange. All of them can protect one and more data flows between hosts, between host and gateway, and between gateways. UR32 User Guide47

Figure 3-2-5-2 IPsec Server Item Description Enable Enable IPsec tunnel. A maximum of 3 tunnels is allowed. IPsec Mode Select from "Tunnel" and "Transport". IPsec Protocol Select from "ESP" and "AH". Local Subnet Enter the local subnet IP address that IPsec protects. Local Subnet Netmask Enter the local netmask that IPsec protects. Local ID Type Select from "Default", "ID", "FQDN", and "User FQDN". Remote Subnet Enter the remote subnet IP address that IPsec protects. Remote Subnet Mask Enter the remote netmask that IPsec protects. Remote ID type Select from "Default", "ID", "FQDN", and "User FQDN". Table 3-2-5-2 IPsec Parameters UR32 User Guide48

Figure 3-2-5-4 IKE Parameter Item Description IKE Version Select from "IKEv1" and "IKEv2". Negotiation Mode Select from "Main" and "Aggressive". Encryption Algorithm Select from "DES", "3DES", "AES128", "AES192" and "AES256". Authentication Algorithm Select from "MD5" and " SHA1" DH Group Select from "MODP768_1", "MODP1024_2" and "MODP1536_5". Local Authentication Select from "PSK" and "CA". XAUTH Enter XAUTH username and password after XAUTH is enabled. Figure 3-2-5-3 UR32 User Guide49

Lifetime (s) Set the lifetime in IKE negotiation. Range: 60-86400. XAUTH List Username Enter the username used for the xauth authentication. Password Enter the password used for the xauth authentication. PSK List Selector Enter the corresponding identification number for PSK authentication. PSK Enter the pre-shared key. SA Parameter SA Algorithm Select from "DES_MD5", "DES_SHA1", "3DES_MD5", "3DES_SHA1", "AES128_MD5", "AES128_SHA1", "AES192_MD5", "AES192_SHA1", "AES256_MD5" and "AES256_SHA1". PFS Group Select from "NULL", "MODP768_1" , "MODP1024_2" and "MODP1536_5". Lifetime (s) Set the lifetime of IPsec SA. Range: 60-86400. DPD Interval Time(s) Set DPD interval time to detect if the remote side fails. DPD Timeout(s) Set DPD timeout. Range: 10-3600. IPsec Advanced Enable Compression The head of IP packet will be compressed after it's enabled. VPN Over IPsec Type Select from "NONE", "GRE" and "L2TP" to enable VPN over IPsec function. Table 3-2-5-3 IPsec Server Parameters 3.2.5.3 IPSec UR32 User Guide50

Figure 3-2-5-5 IPsec Item Description Enable Enable IPsec tunnel. A maximum of 3 tunnels is allowed. IPsec Gateway Address Enter the IP address or domain name of remote IPsec server. IPsec Mode Select from "Tunnel" and "Transport". IPsec Protocol Select from "ESP" and "AH". Local Subnet Enter the local subnet IP address that IPsec protects. Local Subnet Netmask Enter the local netmask that IPsec protects. Local ID Type Select from "Default", "ID", "FQDN", and "User FQDN". Remote Subnet Enter the remote subnet IP address that IPsec protects. Remote Subnet Mask Enter the remote netmask that IPsec protects. Remote ID type Select from "Default", "ID", "FQDN", and "User FQDN". Table 3-2-5-4 IPsec Parameters Figure 3-2-5-6 UR32 User Guide51

IKE Parameter Item Description IKE Version Select from "IKEv1" and "IKEv2". Negotiation Mode Select from "Main" and "Aggressive". Encryption Algorithm Select from "DES", "3DES", "AES128", "AES192" and "AES256". Authentication Algorithm Select from "MD5" and " SHA1" DH Group Select from "MODP768_1", "MODP1024_2" and "MODP1536_5". Local Authentication Select from "PSK" and "CA". Local Secrets Enter the pre-shared key. XAUTH Enter XAUTH username and password after XAUTH is enabled. Lifetime (s) Set the lifetime in IKE negotiation. Range: 60-86400. SA Parameter SA Algorithm Select from "DES_MD5", "DES_SHA1", "3DES_MD5", "3DES_SHA1", "AES128_MD5", "AES128_SHA1", "AES192_MD5", "AES192_SHA1", "AES256_MD5" and "AES256_SHA1". PFS Group Select from "NULL", "MODP768_1" , "MODP1024_2" and "MODP1536_5". Lifetime (s) Set the lifetime of IPsec SA. Range: 60-86400. DPD Interval Time(s) Set DPD interval time to detect if the remote side fails. DPD Timeout(s) Set DPD timeout. Range: 10-3600. IPsec Advanced Enable Compression The head of IP packet will be compressed after it's enabled. VPN Over IPsec Type Select from "NONE", "GRE" and "L2TP" to enable VPN over IPsec function. Table 3-2-5-5 IPsec Parameters 3.2.5.4 GRE Generic Routing Encapsulation (GRE) is a protocol that encapsulates packets in order to route other protocols over IP networks. It’s a tunneling technology that provides a channel through which encapsulated data message could be transmitted and encapsulation and decapsulation could be realized at both ends. In the following circumstances the GRE tunnel transmission can be applied: - GRE tunnel could transmit multicast data packets as if it were a true network interface. Single use of IPSec cannot achieve the encryption of multicast. - A certain protocol adopted cannot be routed. - A network of different IP addresses shall be required to connect other two similar networks. UR32 User Guide52

Figure 3-2-5-7 GRE Item Description Enable Check to enable GRE function. Remote IP Address Enter the real remote IP address of GRE tunnel. Local IP Address Set the local IP address. Local Virtual IP Address Set the local tunnel IP address of GRE tunnel. Netmask Set the local netmask. Peer Virtual IP Address Enter remote tunnel IP address of GRE tunnel. Global Traffic Forwarding All the data traffic will be sent out via GRE tunnel when this function is enabled. Remote Subnet Enter the remote subnet IP address of GRE tunnel. Remote Netmask Enter the remote netmask of GRE tunnel. MTU Enter the maximum transmission unit. Range: 64-1500. Key Set GRE tunnel key. Enable NAT Enable NAT traversal function. Table 3-2-5-6 GRE Parameters UR32 User Guide53

3.2.5.5 L2TP Layer Two Tunneling Protocol (L2TP) is an extension of the Point-to-Point Tunneling Protocol (PPTP) used by an Internet service provider (ISP) to enable the operation of a virtual private network (VPN) over the Internet. Figure 3-2-5-8 L2TP Item Description Enable Check to enable L2TP function. Remote IP Address Enter the public IP address or domain name of L2TP server. Username Enter the username that L2TP server provides. Password Enter the password that L2TP server provides. Authentication Select from "Auto", "PAP", "CHAP", "MS-CHAPv1" and "MS-CHAPv2". Global Traffic Forwarding All of the data traffic will be sent out via L2TP tunnel after this function is enabled. Remote Subnet Enter the remote IP address that L2TP protects. Remote Subnet Mask Enter the remote netmask that L2TP protects. Key Enter the password of L2TP tunnel. Table 3-2-5-7 L2TP Parameters UR32 User Guide54

Figure 3-2-5-9 Advanced Settings Item Description Local IP Address Set tunnel IP address of L2TP client. Client will obtain tunnel IP address automatically from the server when it's null. Peer IP Address Enter tunnel IP address of L2TP server. Enable NAT Enable NAT traversal function. Enable MPPE Enable MPPE encryption. Address/Control Compression For PPP initialization. User can keep the default option. Protocol Field Compression For PPP initialization. User can keep the default option. Asyncmap Value One of the PPP protocol initialization strings. User can keep the default value. Range: 0-ffffffff. MRU Set the maximum receive unit. Range: 64-1500. MTU Set the maximum transmission unit. Range: 64-1500 Link Detection Interval (s) Set the link detection interval time to ensure tunnel connection. Range: 0-600. Max Retries Set the maximum times of retry to detect the L2TP connection failure. Range: 0-10. Expert Options User can enter some other PPP initialization strings in this field and separate the strings with blank space. Table 3-2-5-8 L2TP Parameters UR32 User Guide55

3.2.5.6 PPTP Point-to-Point Tunneling Protocol (PPTP) is a protocol that allows corporations to extend their own corporate network through private "tunnels" over the public Internet. Effectively, a corporation uses a wide-area network as a single large local area network. Figure 3-2-5-10 PPTP Item Description Enable Enable PPTP client. A maximum of 3 tunnels is allowed. Remote IP Address Enter the public IP address or domain name of PPTP server. Username Enter the username that PPTP server provides. Password Enter the password that PPTP server provides. Authentication Select from "Auto", "PAP", "CHAP", "MS-CHAPv1", and "MS-CHAPv2". Global Traffic Forwarding All of the data traffic will be sent out via PPTP tunnel once enable this function. Remote Subnet Set the peer subnet of PPTP. Remote Subnet Mask Set the netmask of peer PPTP server. Table 3-2-5-9 PPTP Parameters UR32 User Guide56

Figure 3-2-5-11 PPTP Advanced Settings Item Description Local IP Address Set IP address of PPTP client. Peer IP Address Enter tunnel IP address of PPTP server. Enable NAT Enable the NAT faction of PPTP. Enable MPPE Enable MPPE encryption. Address/Control Compression For PPP initialization. User can keep the default option. Protocol Field Compression For PPP initialization. User can keep the default option. Asyncmap Value One of the PPP protocol initialization strings. User can keep the default value. Range: 0-ffffffff. MRU Enter the maximum receive unit. Range: 0-1500. MTU Enter the maximum transmission unit. Range: 0-1500. Link Detection Interval (s) Set the link detection interval time to ensure tunnel connection. Range: 0-600. Max Retries Set the maximum times of retrying to detect the PPTP connection failure. Range: 0-10. Expert Options User can enter some other PPP initialization strings in this field and separate the strings with blank space. Table 3-2-5-10 PPTP Parameters Related Configuration Example PPTP Application Example UR32 User Guide57

3.2.5.7 OpenVPN Client OpenVPN is an open source virtual private network (VPN) product that offers a simplified security framework, modular network design, and cross-platform portability. Advantages of OpenVPN include: - Security provisions that function against both active and passive attacks. - Compatibility with all major operating systems. - High speed (1.4 megabytes per second typically). - Ability to configure multiple servers to handle numerous connections simultaneously. - All encryption and authentication features of the OpenSSL library. - Advanced bandwidth management. - A variety of tunneling options. - Compatibility with smart cards that support the Windows Crypt application program interface (API). Figure 3-2-5-12 OpenVPN Client Item Description Enable Enable OpenVPN client. A maximum of 3 tunnels is allowed. UR32 User Guide58

Protocol Select from "UDP" and "TCP". Remote IP Address Enter remote OpenVPN server's IP address or domain name. Port Enter the listening port number of remote OpenVPN server. Range: 1-65535. Interface Select from "tun" and "tap". Authentication Select from "None", "Pre-shared", "Username/Password", "X.509 cert", and "X.509 cert+user". Local Tunnel IP Set local tunnel address. Remote Tunnel IP Enter remote tunnel address. Global Traffic Forwarding All the data traffic will be sent out via OpenVPN tunnel when this function is enabled. Enable TLS Authentication Check to enable TLS authentication. Username Enter username provided by OpenVPN server. Password Enter password provided by OpenVPN server. Enable NAT Enable NAT traversal function. Compression Select LZO to compress data. Link Detection Interval (s) Set link detection interval time to ensure tunnel connection. Range: 10-1800. Link Detection Timeout (s) Set link detection timeout. OpenVPN will be reestablished after timeout. Range: 60-3600. Cipher Select from "NONE", "BF-CBC", "DE-CBC", "DES-EDE3-CBC", "AES-128-CBC", "AES-192-CBC" and "AES-256-CBC". MTU Enter the maximum transmission unit. Range: 128-1500. Max Frame Size Set the maximum frame size. Range: 128-1500. Verbose Level Select from "ERROR", "WARING", "NOTICE" and "DEBUG". Expert Options User can enter some other PPP initialization strings in this field and separate the strings with blank space. Local Route Subnet Set the local route's IP address. Subnet Mask Set the local route's netmask. Table 3-2-5-11 OpenVPN Client Parameters 3.2.5.8 OpenVPN Server The UR32 supports OpenVPN server to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. UR32 User Guide59

Figure 3-2-5-14 OpenVPN Server Item Description Enable Enable/disable OpenVPN server. Protocol Select from TCP and UDP. Port Fill in listening port number. Range: 1-65535. Listening IP Enter WAN IP address or LAN IP address. Leaving it blank refers to all active WAN IP and LAN IP address. Interface Select from " tun" and "tap". Authentication Select from "None", "Pre-shared", "Username/Password", "X.509 cert" and "X. 509 cert +user". Local Virtual IP The local tunnel address of OpenVPN's tunnel. Remote Virtual IP The remote tunnel address of OpenVPN's tunnel. Figure 3-2-5-13 UR32 User Guide60

Client Subnet Local subnet IP address of OpenVPN client. Client Netmask Local netmask of OpenVPN client. Renegotiation Interval(s) Set interval for renegotiation. Range: 0-86400. Max Clients Maximum OpenVPN client number. Range: 1-128. Enable CRL Enable CRL Enable Client to Client Allow access between different OpenVPN clients. Enable Dup Client Allow multiple users to use the same certification. Enable NAT Check to enable the NAT traversal function. Compression Select "LZO" to compress data. Link Detection Interval Set link detection interval time to ensure tunnel connection. Range: 10-1800. Cipher Select from "NONE", "BF-CBC", "DES-CBC", "DES-EDE3-CBC", "AES-128-CBC", "AES-192-CBC" and "AES-256-CBC". MTU Enter the maximum transmission unit. Range: 64-1500. Max Frame Size Set the maximum frame size. Range: 64-1500. Verbose Level Select from "ERROR", "WARING", "NOTICE" and "DEBUG". Expert Options User can enter some other PPP initialization strings in this field and separate the strings with blank space. Local Route Subnet The real local IP address of OpenVPN client. Netmask The real local netmask of OpenVPN client. Account Username & Password Set username and password for OpenVPN client. Table 3-2-5-12 OpenVPN Server Parameters 3.2.5.9 Certifications User can import/export certificate and key files for OpenVPN and IPsec on this page. Figure 3-2-5-15 UR32 User Guide61 OpenVPN Client Item Description CA Import/Export CA certificate file. Public Key Import/Export public key file. Private Key Import/Export private key file. TA Import/Export TA key file. Preshared Key Import/Export static key file. PKCS12 Import/Export PKCS12 certificate file. Table 3-2-5-13 OpenVPN Client Certification Parameters Figure 3-2-5-16 OpenVPN Server Item Description CA Import/Export CA certificate file. Public Key Import/Export public key file. Private Key Import/Export private key file. DH Import/Export DH key file. TA Import/Export TA key file. CRL Import/Export CRL. Preshared Key Import/Export static key file. Table 3-2-5-14 OpenVPN Server Parameters UR32 User Guide62 Figure 3-2-5-17 IPsec Item Description CA Import/Export CA certificate. Client Key Import/Export client key. Server Key Import/Export server key. Private Key Import/Export private key. CRL Import/Export certificate recovery list. Table 3-2-5-15 IPsec Parameters Figure 3-2-5-18 IPsec Server Item Description CA Import/Export CA certificate. Local Certificate Import/Export Local Certificate file. Private Key Import/Export private key. CRL Import/Export certificate recovery list. Table 3-2-5-16 IPsec Server Parameters UR32 User Guide63

3.2.6 IP Passthrough IP Passthrough mode shares or "passes" the Internet providers assigned IP address to a single LAN client device connected to the router. Figure 3-2-6-1 IP Passthrough Item Description Enable Enable or disable IP Passthrough. Passthrough Mode Select passthrough mode from “DHCPS-Fixed” and “DHCPS-Dynamic”. MAC Set MAC address. Table 3-2-6-1 IP Passthrough Parameters 3.2.7 Routing 3.2.7.1 Static Routing A static routing is a manually configured routing entry. Information about the routing is manually entered rather than obtained from dynamic routing traffic. After setting static routing, the package for the specified destination will be forwarded to the path designated by user. UR32 User Guide64

Figure 3-2-7-1 Static Routing Item Description Destination Enter the destination IP address. Netmask Enter the subnet mask of destination address. Interface The interface through which the data can reach the destination address. Gateway IP address of the next router that will be passed by before the input data reaches the destination address. Distance Priority, smaller value refers to higher priority. Range: 1-255. Table 3-2-7-1 Static Routing Parameters 3.2.7.2 RIP RIP is mainly designed for small networks. RIP uses Hop Count to measure the distance to the destination address, which is called Metric. In RIP, the hop count from the router to its directly connected network is 0 and the hop count of network to be reached through a router is 1 and so on. In order to limit the convergence time, the specified metric of RIP is an integer in the range of 0 - 15 and the hop count larger than or equal to 16 is defined as infinity, which means that the destination network or host is unreachable. Because of this limitation, the RIP is not suitable for large-scale networks. To improve performance and prevent routing loops, RIP supports split horizon function. RIP also introduces routing obtained by other routing protocols. Each router that runs RIP manages a routing database, which contains routing entries to reach all reachable destinations. UR32 User Guide65

Figure 3-2-7-2 RIP Item Description Enable Enable or disable RIP. Update Timer It defines the interval to send routing updates. Range: 5-2147483647, in seconds. Timeout Timer It defines the routing aging time. If no update package on a routing is received within the aging time, the routing's Routing Cost in the routing table will be set to 16. Range: 5-2147483647, in seconds. Garbage Collection Timer It defines the period from the routing cost of a routing becomes 16 to it is deleted from the routing table. In the time of Garbage-Collection, RIP uses 16 as the routing cost for sending routing updates. If Garbage Collection times out and the routing still has not been updated, the routing will be completely removed from the routing table. Range: 5-2147483647, in seconds. Version RIP version. The options are v1 and v2. Advanced Settings Default Information Originate Default information will be released when this function is enabled. Default Metric The default cost for the router to reach destination. Range: 0-16 Redistribute Connected Check to enable. UR32 User Guide66

Metric Set metric after "Redistribute Connected" is enabled. Range: 0-16. Redistribute Static Check to enable. Metric Set metric after "Redistribute Static" is enabled. Range: 0-16. Redistribute OSPF Check to enable. Metric Set metric after "Redistribute OSPF" is enabled. Range: 0-16. Table 3-2-7-2 RIP Parameters Figure 3-2-7-3 Item Description Distance/Metric Management Distance Set the administrative distance that a RIP route learns. Range: UR32 User Guide67

1-255. IP Address Set the IP address of RIP route. Netmask Set the netmask of RIP route. ACL Name Set ACL name of RIP route. Metric The metric of received route or sent route from the interface. Range: 0-16. Policy in/out Select from "in" and "out". Interface Select interface of the route. ACL Name Access control list name of the route strategy. Filter Policy Policy Type Select from "access-list" and "prefix-list". Policy Name User-defined prefix-list name. Policy in/out Select from "in" and "out". Interface Select interface from "cellular0", "LAN1/WAN" and "Bridge0". Passive Interface Passive Interface Select interface from "cellular0" and "LAN1/WAN", "Bridge0". Interface Interface Select interface from "cellular0", "LAN1/WAN" and "Bridge0". Send Version Select from "default", "v1" and "v2". Receive Version Select from "default", "v1" and "v2". Split-Horizon Select from "enable" and "disable". Authentication Mode Select from "text" and "md5". Authentication String The authentication key for package interaction in RIPV2. Authentication Key-chain The authentication key-chain for package interaction in RIPV2. Neighbor IP Address Set RIP neighbor's IP address manually. Network IP Address The IP address of interface for RIP publishing. Netmask The netmask of interface for RIP publishing. Table 3-2-7-3 3.2.7.3 OSPF OSPF, short for Open Shortest Path First, is a link status based on interior gateway protocol developed by IETF. If a router wants to run the OSPF protocol, there should be a Router ID that can be manually configured. If no Router ID configured, the system will automatically select an IP address of interface as the Router ID. UR32 User Guide68

The selection order is as follows: - If a Loopback interface address is configured, then the last configured IP address of Loopback interface will be used as the Router ID; - If no Loopback interface address is configured, the system will choose the interface with the biggest IP address as the Router ID. Five types of packets of OSPF: - Hello packet - DD packet (Database Description Packet) - LSR packet (Link-State Request Packet) - LSU packet (Link-State Update Packet) - LSAck packet (Link-Sate Acknowledgment Packet) Neighbor and Neighboring After OSPF router starts up, it will send out Hello Packets through the OSPF interface. Upon receipt of Hello packet, OSPF router will check the parameters defined in the packet. If it’s consistent, a neighbor relationship will be formed. Not all matched sides in neighbor relationship can form the adjacency relationship. It is determined by the network type. Only when both sides successfully exchange DD packets and LSDB synchronization is achieved, the adjacency in the true sense can be formed. LSA describes the network topology around a router, LSDB describes entire network topology. Figure 3-2-7-4 OSPF Item Description Enable Enable or disable OSPF. Router ID Router ID (IP address) of the originating LSA. UR32 User Guide69

Figure 3-2-7-5 Item Description Interface Interface Select interface from "cellular0",”LAN1/WAN”and "Bridge0". Hello Interval (s) Send interval of Hello packet. If the Hello time between two adjacent routers is different, the neighbour relationship cannot be established. Range: 1-65535. Dead Interval (s) Dead Time. If no Hello packet is received from the neighbours within the dead time, then the neighbour is considered failed. If dead times of two adjacent routers are different, the neighbour relationship cannot be established. Retransmit Interval (s) When the router notifies an LSA to its neighbour, it is required to make acknowledgement. If no acknowledgement packet is received within the retransmission interval, this LSA will be retransmitted to the neighbour. Range: 3-65535. Transmit Delay (s) It will take time to transmit OSPF packets on the link. So a certain delay time should be increased before transmission the aging time of LSA. This configuration needs to be further considered on the low-speed link. ABR Type Select from cisco, ibm, standard and shortcut. RFC1583 Compatibility Enable/Disable. OSPF Opaque-LSA Enable/Disable LSA: a basic communication means of the OSPF routing protocol for the Internet Protocol (IP). SPF Delay Time Set the delay time for OSPF SPF calculations. Range: 0-6000000, in milliseconds. SPF Initial-holdtime Set the initialization time of OSPF SPF. Range: 0-6000000, in milliseconds. SPF Max-holdtime Set the maximum time of OSPF SPF. Range: 0-6000000, in milliseconds. Reference Bandwidth Range: 1-4294967, in Mbit. Table 3-2-7-4 OSPF Parameters UR32 User Guide70

Figure 3-2-7-6 Item Description Passive Interface Passive Interface Select interface from "cellular0", "LAN1/WAN" and "Bridge0". Network IP Address The IP address of local network. Netmask The netmask of local network. Area ID The area ID of original LSA's router. Area Area ID Set the ID of the OSPF area (IP address). Area Select from "Stub" and "NSSA". The backbone area (area ID 0.0.0.0) cannot be set as "Stub" or "NSSA". No Summary Forbid route summarization. Authentication Select authentication from "simple" and "md5". Range: 1-65535. Interface Advanced Options Interface Select interface. Network Select OSPF network type. Cost Set the cost of running OSPF on an interface. Range: 1-65535. Priority Set the OSPF priority of interface. Range: 0-255. Authentication Set the authentication mode that will be used by the OSPF area. Simple: a simple authentication password should be configured and confirmed again. MD5: MD5 key & password should be configured and confirmed again. Key ID It only takes effect when MD5 is selected. Range 1-255. Key The authentication key for OSPF packet interaction. Table 3-2-7-5 OSPF Parameters UR32 User Guide71

Figure 3-2-7-7 Area Advanced Options Item Description Area Range Area ID The area ID of the interface when it runs OSPF (IP address). IP Address Set the IP address. Netmask Set the netmask. No Advertise Forbid the route information to be advertised among different areas. Cost Range: 0-16777215 Area Filter Area ID Select an Area ID for Area Filter. Filter Type Select from "import", "export", "filter-in", and "filter-out". ACL Name Enter an ACL name which is set on "Routing > Routing Filtering" webpage. Area Virtual Link Area ID Set the ID number of OSPF area. ABR Address ABR is the router connected to multiple outer areas. Authentication Select from "simple" and "md5". Key ID It only takes effect when MD5 is selected. Range 1-15. Key The authentication key for OSPF packet interaction. Hello Interval Set the interval time for sending Hello packets through the interface. Range: 1-65535. Dead Interval The dead interval time for sending Hello packets through the interface. Range: 1-65535. Retransmit Interval The retransmission interval time for re-sending LSA. Range: 1-65535. Transmit Delay The delay time for LSA transmission. Range: 1-65535. Table 3-2-7-7 OSPF Parameters Table 3-2--7-6 OSPF Parameters UR32 User Guide72

Figure 3-2-7-8 Item Description Redistribution Redistribution Type Select from "connected", "static" and "rip". Metric The metric of redistribution router. Range: 0-16777214. Metric Type Select Metric type from "1" and "2". Route Map Mainly used to manage route for redistribution. Redistribution Advanced Options Always Redistribute Default Route Send redistribution default route after starting up. Redistribute Default Route Metric Send redistribution default route metric. Range: 0-16777214. Redistribute Default Route Metric Type Select from "0", "1" and "2". Distance Management Area Type Select from "intra-area", "inter-area" and "external". Distance Set the OSPF routing distance for area learning. Range: 1-255. Table 3-2-7-8 OSPF Parameters UR32 User Guide73

3.2.7.4 Routing Filtering Figure 3-2-7-9 Routing Filtering Item Description Access Control List Name User-defined name, need to start with a letter. Only letters, digits and underline (_) are allowed. Action Select from "permit" and "deny". Match Any No need to set IP address and subnet mask. IP Address User-defined. Netmask User-defined. IP Prefix-List Name User-defined name, need to start with a letter. Only letters, digits and underline (_) are allowed. Sequence Number A prefix name list can be matched with multiple rules. One rule is matched with one sequence number. Range: 1-4294967295. Action Select from "permit" and "deny". Match Any No need to set IP address, subnet mask, FE Length, and LE Length. IP Address User-defined. Netmask User-defined. FE Length Specify the minimum number of mask bits that must be matched. Range: 0-32. LE Length Specify the maximum number of mask bits that must be matched. Range: 0-32. Table 3-2-7-9 Routing Filtering Parameters 3.2.8 VRRP The Virtual Router Redundancy Protocol (VRRP) is a computer networking protocol that provides automatic assignment of available Internet Protocol (IP) routers for participating hosts. This increases the availability and reliability of routing paths via automatic default gateway selections in an IP sub-network. UR32 User Guide74

Increasing the number of exit gateway is a common method for improving system reliability. VRRP adds a group of routers that undertake gateway function into a backup group so as to form a virtual router. The election mechanism of VRRP will decide which router undertakes the forwarding task, and the host in LAN is only required to configure the default gateway for the virtual router. In VRRP, routers need to be aware of failures in the virtual master router. To achieve this, the virtual master router sends out multicast “alive” announcements to the virtual backup routers in the same VRRP group. The VRRP router who has the highest number will become the virtual master router. The VRRP router number ranges from 1 to 255 and usually we use 255 for the highest priority and 100 for backup. If the current virtual master router receives an announcement from a group member (Router ID) with a higher priority, then the latter will pre-empt and become the virtual master router. VRRP has the following characteristics: - The virtual router with an IP address is known as the Virtual IP address. For the host in LAN, it is only required to know the IP address of virtual router, and set it as the address of the next hop of the default route. - The network Host communicates with the external network through this virtual router. - A router will be selected from the set of routers based on its priority to undertake the gateway function. Other routers will be used as backup routers to perform the duties of gateway for the gateway router in the case of any malfunction, so as to guarantee uninterrupted communication between the host and external network. When interface connected with the uplink is at the state of Down or Removed, the router actively lowers its priority so that priority of other routers in the backup group will be higher. Thus the router with the highest priority becomes the gateway for the transmission task. Figure 3-2-8-1 UR32 User Guide75

VRRP Item Description Default Enable Enable or disable VRRP. Disable Interface Select the interface of Virtual Router. None Virtual Router ID User-defined Virtual Router ID. Range: 1-255. None Virtual IP Set the IP address of Virtual Router. None Priority The VRRP priority range is 1-254 (a bigger number indicates a higher priority). The router with higher priority will be more likely to become the gateway router. 100 Advertisement Interval (s) Heartbeat package transmission time interval between routers in the virtual ip group. Range: 1-255. 1 Preemption Mode If the router works in the preemption mode, once it finds that its own priority is higher than that of the current gateway router, it will send VRRP notification package, resulting in re-election of gateway router and eventually replacing the original gateway router. Accordingly, the original gateway router will become a Backup router. Disable IPV4 Primary Server The router will send ICMP packet to the IP address or hostnam e to determine whether the Internet connection is still availab le or not. 8.8.8.8 IPV4 Secondary Server The router will try to ping the secondary server name if prima ry server is not available. 114.114. 114.114 Interval Time interval (in seconds) between two Pings. 300 Retry Interval Set the ping retry interval. When ping failed, the router will pi ng again every retry interval. 5 Timeout The maximum amount of time the router will wait for a respo nse to a ping request. If it does not receive a response for the amount of time defined in this field, the ping request will be c onsidered as failure. 3 Max Ping Retries The retry times of the router sending ping request until deter mining that the connection has failed. 3 Table 3-2-8-1 VRRP Parameters Related Configuration Example VRRP Application Example 3.2.9 DDNS Dynamic DNS (DDNS) is a method that automatically updates a name server in the Domain Name System, which allows user to alias a dynamic IP address to a static domain name. DDNS serves as a client tool and needs to coordinate with DDNS server. Before starting configuration, user shall register on a website of proper domain name provider and apply for a domain name. UR32 User Guide76 Figure 3-2-9-1 DDNS Item Description Enable Enable/disable DDNS. Name Give the DDNS a descriptive name. Interface Set interface bundled with the DDNS. Service Type Select the DDNS service provider. Username Enter the username for DDNS register. User ID Enter User ID of the custom DDNS server. Password Enter the password for DDNS register. Server Enter the name of DDNS server. Server Path By default the hostname is appended to the path. Hostname Enter the hostname for DDNS. Append IP Append your current IP to the DDNS server update path. Table 3-2-9-1 DDNS Parameters UR32 User Guide77

3.3 System This section describes how to configure general settings, such as administration account, access service, system time, common user management, SNMP, AAA, event alarms, etc. 3.3.1 General Settings 3.3.1.1 General General settings include system info and HTTPS certificates. Figure 3-3-1-1 General Item Description Default System Hostname User-defined router name, needs to start with a letter. ROUTER Web Login Timeout (s) You need to log in again if it times out. Range: 100-3600. 1800 Encrypting Cleartext Passwords This function will encrypt all of cleartext passwords into ciphertext passwords. Enable HTTPS Certificates Certificate Click "Browse" button, choose certificate file on the PC, and then click "Import" button to upload the file into router. Click "Export" button will export the file to the PC. Click "Delete" button will delete the file. -- Key Click "Browse" button, choose key file on the PC, and then click "Import" button to upload the file into router. Click "Export" button will export file to the PC. Click "Delete" button will delete the file. -- Table 3-3-1-1 General Setting Parameters UR32 User Guide78

3.3.1.2 System Time This section explains how to set the system time including time zone and time synchronization type. Note: to ensure that the router runs with the correct time, it’s recommended that you set the system time when configuring the router. Figure 3-3-1-2 Figure 3-3-1-3 UR32 User Guide79

Figure 3-3-1-5 System Time Item Description Current Time Show the current system time. Time Zone Click the drop down list to select the time zone you are in. Sync Type Click the drop down list to select the time synchronization type. Sync with Browser Synchronize time with browser. Browser Time Show the current time of browser. Set up Manually Manually configure the system time. GPS Time Synchronization Synchronize time with GPS. Primary NTP Server Enter primary NTP Server's IP address or domain name. Secondary NTP Server Enter secondary NTP Server's IP address or domain name. NTP Server Enable NTP Server NTP client on the network can achieve time synchronization with router Figure 3-3-1-4 UR32 User Guide80


FREE ENGLISH PDF

OPERATING INSTRUCTIONS

USER GUIDE - USER MANUAL

OWNER GUIDE - OWNER MANUAL

REFERENCE GUIDE - REFERENCE MANUAL

INSTRUCTION GUIDE - INSTRUCTION MANUAL

Leave a Reply