M300 User Manual

Status

When you enter the web browser in the beginning and have not log in, the first item of main menu shows your status that you are a guest. This status only can view status page without any permission to log in. The interface of main window displays the status of router to show about information, including Cellular Attribute, Dual SIM information, the current connectivity of WAN Ethernet and LAN Ethernet. If the router has GPS function, the GPS interface is shown.

After logging in the system, you can set up the status of user and divide into three levels for setting user's authority, including Super User, Administrator, and Read Only. For Guest, this status is without any authority. All users log in or log out and they need to have Web UI log records.

Status > DO

Item	Description
Alarm OFF	Alarm configured to be disabled.
Alarm ON	Alarm configured to be enabled.
Alarm PULSE	Alarm configured to be enabled and DO in pulse mode.
Force ON	DO is force ON and in always mode by SMS/HTTPS.
Force OFF	DO is force OFF by SMS/HTTPS.
Force PULSE	DO is force ON and in pulse mode by SMS/HTTPS.

Status > CPU

Item	Description
Temperature	CPU Temperature.

Title Bar

Item	Description
RSSI	Received Signal Strength Indicator.
Uptime	The time starting turn on the router until current using.
WAN Priority	Which WAN take first priority.
SIM Slot	The current using of SIM Slot that inserts into SIM1 or SIM2.
Location	(Latitude,Longitude).
Google Maps	Display Google Map according to location.
Language	Choose your language from the drop-down list on the upper right corner of the title bar.
Login/Logout	Click to log in or log out of the web configurator.
?	On-line manual.

Status > WAN LTE

Item	Description
SIM Status	Ready: No PIN code protection or unlock already Unlock: Unlock pin code protection Locked: Locked by pin code Error: SIM operation error Blocked: PUK needed to unlock Not Inserted: No sim card Hardware Error: Unable to enable function Ignore: Ignore Specified SIM in dual sim device
Operator	Operator name.
Modem Access	The router to access protocol type.
IMSI	The IMSI number of the SIM card.
Phone Number	The phone number of the SIM card.
Band	The current connected Band.
EARFCN	Absolute radio-frequency channel number.
PLMN	Public LAN Mobile Network ID.
IPv4 Address	LTE WAN obtain IPv4 Address.
IPv4 Mask	LTE WAN obtain IPv4 Mask.
Default Gateway	LTE WAN IPv4 Default Gateway.
IPv4 Conn Time	LTE WAN IPv4 Connected Time.
Roaming	Roaming status.

Status > WAN Ethernet

Item	Description
IPv4 Address	Ethernet WAN obtain IPv4 Address.
IPv4 Mask	Ethernet WAN obtain IPv4 Mask.
Default Gateway	Ethernet WAN IPv4 Default Gateway.
IPv4 Conn Time	Ethernet WAN IPv4 Connected Time.

Status > WAN DNS

Item	Description
IPv4 DNS Server #1	IPv4 DNS Server Address#1.
IPv4 DNS Server #2	IPv4 DNS Server Address#2.
IPv4 DNS Server #3	IPv4 DNS Server Address#3.
IPv6 DNS Server #1	IPv6 DNS Server Address#1.
IPv6 DNS Server #2	IPv6 DNS Server Address#2.
IPv6 DNS Server #3	IPv6 DNS Server Address#3.

Status > LAN Ethernet

Item	Description
IPv4 Address	LAN is assigned IPv4 Address.
IPv4 Mask	LAN is assigned IPv4 Mask.
IPv6 Address	LAN is assigned IPv6 Address.
IPv6 Conn Time	IPv6 Connected Time.

Status > GPS

Item	Description
Latitude	The latitude of location.
Longitude	The longitude of location.
Horizontal	The horizontal of location.
Altitude	The altitude of location.
Date(UTC)	The date of location query.
Satellite	The satellite number of location query.

Status > System

Item	Description
Modem Firmware Version	show the modem firmware version of the device
LTE IMEI	show the IMEI - International Mobile Equipment Identity
Software Version	show the software version currently running on the device
Serial Number	show the serial number of the device
LAN Ethernet MAC Address	show the MAC address of LAN interface
WAN Ethernet MAC Address	show the MAC address of WAN interface
Ethernet WAN Port as	show the status of current 'WAN/LANx Port Function'

Status > Connected VPN Connections

Item	Description
Open VPN	Open VPN connected number
IPSec	IPSec connected number
GRE	GRE connected number
PPTP Server	PPTP server connected number
L2TP	L2TP connected number

System > Time and Date

This section allows you to set up the time and date of router and NTP server. There are two modes at Time and Date Setup, including Get from Time Server and Manual. The default mode is Get from Time Server.

If the router has GPS function, you can turn on "GPS Time" for sync time from GPS server.

For Time Zone Setup, the Daylight Savings Time allows the device to forward/backward the amount of time from Ahead of standard time setting automatically when the time is at the Daylight Savings duration that you have set up before.

System > Time and Date > Time Zone Setup

Item	Description
Daylight Saving	Turn on/off the Daylight Savings feature. Select from Off or On. The default is Off.
Ahead of standard time	The forward/backward minutes when enter/leave Daylight Savings duration. Default is 60 mins.
Start Date/Start Time	Time to enter Daylight Savings duration. The Month range is 1~12 1- Jan 2 - Feb 3 - Mar 4 - Apr 5 - May 6 - Jun 7 - Jul 8 - Aug 9 - Sep 10 - Oct 11 - Nov 12 - Dec The Week range is 1~5 1 - first week in month. 2 - second week in month 3 - third week in month 4 - fourth week in month 5 - fifth week in month The Day range is 0~6 0 - Sunday(The start day of a week) 1- Monday 2 - Tuesday 3 - Wednesday 4 - Thursday 5 - Friday 6 - Saturday The Hour range is 0~23 The Min range is 0~59
End Date/End Time	Time to leave Daylight Savings duration. Same with Start Date/Start Time.

System > Time and Date > Time Server

The Time server feature allows user to set a time server for LAN side client to get the time through NTP/SNTP protocol.

Item	Description
Server mode	Turn on/off the time server.
Server port	The UDP port listened by time server.

System > COM Ports

This section provides you to configure the COM port settings and remotely manage the device through the virtual COM setting. For the remote management, the managed device should be connected to the cellular router by serial interface either RS232 or RS485.

Note: The COM 1 and COM 2 are RS232 interface, and the COM 3 is RS485 interface.

Item	Description
Edit Configuration
Baud Rate	Select from the current Baud Rate.
Data	Select from 7 bit or 8 bit.
Parity	Select from the information of Parity.
Stop	Select from 1 bit or 2 bit.
Flow Control	Select from none, Xon/Xoff or hardware.
Virtual COM
Mode	Select from Disable, Server or Client.
Protocol	Select from TCP or UDP.
Host Address	The host address is only available on client mode. Specify what the domain name or IP address (IPv4 or IPv6) to be connected.
Redirect Port	Server Mode: This network package of cellular router is on this port. Client Mode: The network package of remote device is on the remote host.

System > Logging

This section allows cellular router to record the data and display the status of data.

Logging > Logging

Logging section provides you to control all logging records.

Users need to select Apply to confirm your settings.

Item	Description
Mode	Turn on/off the logging configuration. Select from Disable or Enable. The default is Enable.
Remote Log	The logging messages send to remote log or not. Select from Disable or Enable. The default is Disable.
Log Server Address	When you choose Enable on Remote Log, you should input IP address to save and receive all logging data. Note: This server should have installed Log software.

Logging > Log

This section displays all data status.

You can choose Filter function to quickly search for your data.
When you click Clear, all of the data that displays on the interface will be totally cleared without any backup.
When you click Refresh, the system will update and display the latest data from your cellular router.
When you click Download Logs, the system will download the latest data from your cellular router.

Item	Description
Filter	Filter the required data quickly.
Date	Show the date of log for each logging data.
Group	Show the group of software functions.
Module	Show the module of group of software functions.
Message	Show the messages for each logging data.

System > Alarm

If you select [SMS] in Alarm input/output, you need to add the trust phone number into [Contracts/ On Duty].
If you select [SNMP trap] in Alarm output, you need to set up SNMP trap configuration from Service SNMP.
If you select [E-Mail] in Alarm output, you need to set up SMTP configuration from Service SMTP.
If you select [TR069] in Alarm output, you need to set up TR069 configuration from Service TR069.

Item	Description
Mode	Turn on/off the Alarm configuration. Select from Disable or Enable. The default is Disable.
Alarm Input	SMS: It means on duty team members on [Contacts / On Duty] can send SMS to the phone number of using SIM card to trigger alarm. DI: IO to trigger alarm. VPN disconnect: All tunnels get disconnected then trigger alarm. WAN disconnect: WAN connections get disconnected then trigger alarm. LAN disconnect: LAN connection get disconnected then trigger alarm. Reboot: Reboot then trigger alarm. CPU Thermal: CPU temperature os too high or too low than the specified value then trigger alarm. LTE Reach Data Limit: LTE usage reach data upper bound then trigger alarm. LTE Data Blocked: LTE data is blocked then trigger alarm.
Alarm Output	Select from SMS, DO, SNMP trap, E-mail and TR069 as alarm output.
DI 1/2 Trigger	Select from High or Low. The default is High Trigger
DO behavior	Always: Pull DO high Pulse: High and Low continuourly Pulse Time Length: Pulse time length (unit: mini seconds)
CPU Thermal	Specify CPU low and high temerature to trigger alarm.
SMS/E-mail	Write your messages and the messages limit 80 pure English characters or 20 characters for other languages to deliver.

System > Alarm Current Status

[Refresh]: To update the newest alarm status.
[Clean Recover]: To clean up recovered alarm from status table.
[Clean All]: To clean up all alarm from status table.

System > Ethernet

This section allows you to configure the Ethernet.

For Flow Control, it allows you to configure the Ethernet and solve unstable throughput under heavy loading. Sending 64 Bytes with bandwidth 100M bps traffic to LAN and WAN at the same time, the throughput may drop to zero at either side. When the system is very busy or buffer is exhausted, the flow control packet will be sent out to indicate the link party that it should stop to send the packet to system. The flow control packet will be sent out again once the system goes back to normal to indicate the link party that it can send packet again.

Note: The LAN port of Ethernet has different layout based on which router model you use.

Item	Description
Ethernet Ports Status	Show the connectivity status of LAN and WAN.
Ethernet Ports Configurations	Select from Auto, 100M Full, 100M Half, 10M Full, 10M Half and Disable.
WAN Ethernet	MTU is the Maximum Transmission Unit that can be sent over the WAN Ethernet interface. It allows users to adjust the MTU size to fit into their existing network environment.
Flow Control	Allow user to control the traffic ingress from Ethernet LAN or WAN.

System > Modbus

This section allows you to configure the Modbus.

Note: This configuration is for Modbus TCP and the function is only for COM 3 (RS485).

System > Modbus
Item	Description
Mode	Select from Disable or Enable.
Port	The listening port of Modbus TCP.

System > Client List

This section allows you to understand how many devices have been connected and their status from the router.

There are two types, one is DHCP Client and the other is Online.

The default is both types to show all status when the router is on DHCP Client and Online.

Item	Description
List Type	DHCP Client: List all clients’ information when it is via DHCP. Online: List the information when it is online.

WAN > Priority

Item	Description
Priority	Auto: WAN Ethernet is first priority and the second priority is LTE. The default is Auto. LTE Only: Only use LTE connection. ETH Only: Only use WAN Ethernet connection. LTE First: WAN LTE is first priority and the second priority is Ethernet.
WAN/LANx Port Function	Allow user to setup the WAN/LANx Port function as Auto, WAN or LANx.

WAN > Ethernet

This section provides three options, including DHCP Client,PPPoE Client and Static IPv4.The default is DHCP Client.

Item	Description
WAN Ethernet	DHCP Client: DHCP server-assigned IP address, netmask, gateway, and DNS. PPPoE Client: Your ISP will provide you with a username and password. This option is typically used for DSL services. Static IPv4: User-defined IP address, netmask, and gateway address.

When selecting DHCP Client, you can set up DNS Server Configuration.

For IPv4 DNS Server, it provides three options to set up and each option has provided with From ISP,User Defined and None to configure.

WAN Ethernet > DHCP Client

Item	Description
IPv4 DNS Server #1 IPv4 DNS Server #2 IPv4 DNS Server #3	Each setting DNS Server has three options, including From ISP, User Defined and None. When you select From ISP, the IPv4 DNS server IP is obtained from ISP. When you select User Defined, the IPv4 DNS server IP is input by user.

Item

Description

IPv4 DNS Server #1

IPv4 DNS Server #2

IPv4 DNS Server #3

Each setting DNS Server has three options, including From ISP, User Defined and None.
When you select From ISP, the IPv4 DNS server IP is obtained from ISP.
When you select User Defined, the IPv4 DNS server IP is input by user.

When you select PPPoE Client, the interface shows the item of configuration to fill in your User Name and Password.

When you select Static IPv4, the interface shows the information of configuration, including IP Address, IP Mask and Gateway Address.

WAN Ethernet > Static IPv4

Item	Description
Static IPv4 Configuration
IP Address	Fill in the IP Address.
IP Mask	Fill in the IP Mask.
Gateway Address	Fill in Gateway Address.
DNS Server Configuration
IPv4 DNS Server #1 IPv4 DNS Server #2 IPv4 DNS Server #3	The IPv4 DNS server IP is input by user.

WAN Ethernet > Ethernet Health Check

If you configure WAN Priority to Auto mode, the system would choose the cost effective connection first such as Ethernet. However in case the Ethernet connection exist but it is unable to access internet; you can enable Ethernet Health Check and the system would switch to LTE connection and switch back whenever Ethernet is able to access internet again.

Item	Description
Ethernet Health Check	Select from Disable or Enable. The default is Enable.	When Disable is chosen, the connection will NOT be treated as down of IP routing error.
Method	This setting specifies the health check method fpr the WAN connection.	This Value can be PING, DNS Lookup. The default is Ping.	DNS Lookup: Connections will be considered as up if DNS responses are received from any one of the health check DNS servers, regardless of a positive or negative result.
Use the first two DNS from ISP	If this setting is checked, the first two DNS fronm ISP will be DNS lookup targets for checking a connection health.	If this setting is not checked, Host 1 must be filled, while a value for Host 2 is optional.
Interval	The interval is from 1 to 60 seconds.
IPv4 Host 1	Input the address of IPv4 Host 1.	Host1 must be filled.
IPv4 Host 2	Input the address of IPv4 Host 2.	Host2 is optional.
Hint	Show the usage descriptions.

In addition, you can check which WAN is actually using from Status page. The interface will be shown check mark (V symbol) on the connection title. For IPv6 address, the status will be displayed on LAN Etherent Interface when IPv6 is using as WAN connection.

WAN > IPv6 DNS

This section allows you to set up IPv6 DNS Server Configuration.

For IPv6 DNS Server, it provides three options to set up and each option has provided with "From ISP", "User Defined" and "None" to configure.

Item	Description
IPv6 DNS Server #1 IPv6 DNS Server #2 IPv6 DNS Server #3	Each setting DNS Server has three options, including From ISP, User Defined and None. When you select From ISP,the IPv6 DNS server IP is obtained from ISP. When you select User Defined, the IPv6 DNS server IP is input by user.

WAN > Health Check

If you configure WAN Priority to Auto mode, the system would choose the cost effective connection first such as Ethernet. However in case the Ethernet connection exist but it is unable to access internet; you can enable WAN Health Check and the system would switch to LTE connection and switch back whenever Ethernet is able to access internet again.

Item	Description
Health Check	Select from Disable or Enable. The default is Enable. When Disable is chosen, the connection will NOT be treated as down of IP routing error.
Method	This setting specifies the health check method for the WAN connection. This Value can be PING, DNS Lookup. The default is Ping. DNS Lookup: Connections will be considered as up if DNS responses are received from any one of the health check DNS servers, regardless of a positive or negative result.
Use the first two DNS from ISP	If this setting is checked, the first two DNS from ISP will be DNS lookup targets for checking a connection health. If this setting is not checked, Host 1 must be filled, while a value for Host 2 is optional.
Interval	The interval is from 1 to 60 seconds.
Retries	The retries is from 1 to 255 times.
IPv4 Host 1	Input the address of IPv4 Host 1. Host1 must be filled.
IPv4 Host 2	Input the address of IPv4 Host 2. Host2 is optional.
LTE Keep Alive	Enable LTE Keep Alive to continue to send health check packages to avoid no network traffic cause operation kick out the connection.
LTE Keep Interval	LTE Keep Alive interval is from 1 to 60 seconds.
Hint	Show the usage descriptions.

LTE > LTE Config

LTE Config > LTE Config

Item	Description
Auto	Automatically connect the possible band.
4G Only	Connect to 4G network only.
3G Only	Connect to 3G network only.
2G Only	Connect to 2G network only.

LTE Config > MTU

MTU is the Maximum Transmission Unit that can be sent over the LTE interface. It allows user to adjust the MTU size to fit into their existing network environment.

LTE > GPS > Status

This section allows you to view GPS status.

Item	Description
Latitude	Latitude
Longitude	Longitude
Horizontal	Horizontal precision:0.5-99.9
Altitude	The altitude of antenna away from the sea level(unit: m), accurate to one decimal place
Date	UTC date when fixing position
Time	UTC time when fixing position
Satellite	Number of satellites

LTE > GPS > Config

This section allows you to set up GPS Configuration and send out GPS location to TCP Server or display in log.

Item	Description
Report to	Select from TCP Server and LOG.
Internal	Query GPS interval.
IPv4 Address	GPS IPv4 TCP Server Address.
IPv4 Address Port	GPS IPv4 TCP Server Port.
IPv6 Address	GPS IPv6 TCP Server Address.
IPv6 Address Port	GPS IPv6 TCP Server Port.
Prefix Type	Identification type for GPS Track.
User Defined Prefix	User defined identification for GPS Track.

LTE > GPS Track

This section allows user to see the GPS Track.

LTE > Dual SIM

Dual SIM > Connect Policy

Item	Description
Current SIM Card	Display which SIM slot is using.
Status of SIM Card Connectivity	Disconnect: If there is one SIM slot get connection, the Disconnect button appear. After manually click Disconnect, the system would not automatically get connection until next reboot. Connect: After manually disconnect, user can only click Connect button to get connection or reboot the device to make it automatically connect.
Disable Roaming	NO: make connection even device is in roaming mode. YES: Not to make connection when device is in roaming.
Used SIM	Dual SIM: Automatically switch SIM card when the current SIM card fail to make connection. SIM1: Only use SIM1 card slot. SIM2: Only use SIM2 card slot.
SIM Priority	Dual SIM: Automatically switch SIM card when the current SIM card fail to make connection. SIM1: Use SIM1 card slot as the first priority for connection. SIM2: Use SIM2 card slot as the first priority for connection.
Roaming Switch	Switch to another SIM when roaming is detected. System will switch SIM slot when current SIM is in roaming state and another SIM slot is in READY state.
Connect Retry Number	After timeout, the router attempts to switch another SIM Slot. The default timeout is three minutes. This option is only for Dual SIM mode.
Reboot when LTE is the only connection which has continuous link down for xx times	Select: Enable Reboot when LTE continuous link down for specified times Specified times: 3 ~ 15 times

Dual SIM > SIM1 / SIM2 Configuration

Item	Description
Status	Display SIM card status.
SIM PIN	a password personal identification number (PIN) for ordinary use to protect your SIM card.
Confirmed SIM PIN.	Double confirm SIM PIN password.
SIM PUK	If user input the wrong SIM PIN more than 3 times, the user needs another password personal unblocking code (PUK) for PIN unlocking. Please check your operator for forgotten PUK number.
Confirmed SIM PUK	Double confirm SIM PUK password.
APN	The Access Point Name (APN) is the name for the settings to set up a connection to the gateway between your carrier's cellular network and the Public Internet. Leave it empty will search internally database automatically by SIM card for connection; however please notice APN1 and APN2 must be manually configured different setting while concurrently use.
Username	Username for authentication. The username can be input by user or the system will search from internal database if the APN setting is empty.
Password	Password for authentication. The password can be input by user or the system will search from internal database if the APN setting is empty.
Confirm Password	Double confirm password.
Auth: (None/PAP/CHAP)	If Auth mode is not None, most servers require username and password above.
Change SIM PIN	If you want to change SIM PIN code, you can click Change button and type old SIM PIN code and new SIM PIN code. Please aware not to exceed the retry number (PIN remaining number and PUN remaining number).
Old PIN	Please input the current SIM PIN code.
New PIN	Please input the newly update SIM PIN code.
PIN remaining number	Display the allowed remaining PIN code retry number.
PUK remaining number	Display the allowed remaining PUK code retry number.

Dual SIM > Data Limitation

Item	Description
Mode	Turn on/off the Data Limitation to disable or enable.
Already Used Data (MB)	Display current used Data since last reset.
Max Data Limitation (MB)	Configure maximum Data Limitation.
Monthly Reset	Set up the reset time during the month.
Now Time	Show the current time of system.

LTE > Usage Display

Real Time > Used MB in 10 Seconds

It displays real-time Download/Upload/Total MB for 10 seconds period.

Hourly

It displays Download/Upload/Total MB per hour in one day for current using SIM card and the view window size is 24 hours.

Daily

It displays Download/Upload/Total MB per day in one month for current using SIM card and the view window size is 31 days.

Weekly

It displays Download/Upload/Total MB per day in one week for current using SIM card and the view window size is 7 days.

Monthly

It displays Download/Upload/Total MB per month in one year for current using SIM card and the view window size is 12 months.

LTE > SMS

SMS > SMS Action

When enabling SMS Action, it allows trust phone number which in [trusted and on duty members] list by sending key words SMS to trigger device setting/action/query status.

SMS > View SMS

This section allows you to review the information of SMS that you have received, including the state, phone and date and time. You can click [Refresh] button to review all messages. Please [Clear] clear button to clear all read messages

LTE > Serving Cell

Item	Description
RSRP	Reference Signal Received Power.
RSRQ	Reference Signal Received Quality.
SINR	Loarithmic value of SINR.
RSCP	The Received Signal Code Power Level of the cell that was scanned.
ECIO	Carrier to noise ratio in dB = measured Ec/lo value in dB.
Cell Identity	eNB ID (20 Bits) + Cell ID (8 Bits).
eNB ID	eNB ID.
Cell ID	Cell ID.
PCI ID	Physical Cell ID.
EARFCN	The E-UTRA-ARFCN of the cell that was scanned.
UL Bandwidth	Up Link Bandwidth.
DL Bandwidth	Down Link Bandwidth.
RSSI	Received Signal Strength Indication.
State	Connection State.

LTE > Lock Bands

Please check Hint for module support bands and then select your desired multiple bands to lock for use.

LTE > DNS

This section allows you to setup LTE specific DNS setting.

Item	Description
IPv4 DNS Server #1 IPv4 DNS Server #2 IPv4 DNS Server #3	Each setting DNS Server has three options, including From ISP, User Defined and None. When you select From ISP,the IPv4 DNS server IP is obtained from ISP. When you select User Defined, the IPv4 DNS server IP is input by user.

LTE > Search Operators

To search Manually the available networks and display the following info.

Item	Description
STATE	Current: Current connection. Available: Possible connection. Forbidden: Forbidden connection.
OPERATOR	Operator Name.
PLMN	Public Land Mobile Network ID.
ACT	3GPP Technology.

LAN > IPv4

Item	Description
LAN IPv4	IP Address:192.168.1.1 IP Mask:255.255.255.0 Both of them are default, you can change them according to your local IP Address and IP Mask.
DHCP Server	Turn on/off DHCP Server Configuration. Enable to make router can lease IP address to DHCP clients which connect to LAN.
IP Address Pool	Define the beginning and the end of the pool of IP addresses which will lease to DHCP clients.
Gateway	The IP address of gateway which will assigned to the DHCP clients. Default: Will use the NET IP address.
Lease Time	Time in minutes that will be assigned to a lease for DHCP client's address.
Static IP Addresses	DHCP server support static IP address assigment. The static IP address can be added by clicking the `+Add Static IP Address` button. Each static IP consist of mode(on/off), MAC and IP address. `Mode`: Turn on/off the static IP address `MAC`: The MAC address of target host or PC `IP`: The desired IP address for target host or PC

LAN > IPv6

Select your type of IPv6, which shows Delegate Prefix from WAN or Static, and then set up DHCP Server Configuration, including Address Assign, DNS Assign and DNS Server.

Item	Description
LAN IPv6	This section provides two types, including Delegate Prefix from WAN and Static. Static Address: You need to input the static address when you select the static type.
Delegate Prefix from WAN	Select this option to automatically obtain an IPv6 network prefix from the service provider or an uplink router.
Static	Select this option to configure a fixed IPv6 address for the cellular router’s LAN IPv6 address.
Address Assign Setup	Stateless: The cellular router uses IPv6 stateless auto configuration. RADVD (Router Advertisement Daemon) is enabled to have the cellular router send IPv6 prefix information in router advertisements periodically and in response to router solicitations. Stateful: The cellular router uses IPv6 stateful auto configuration. The LAN IPv6 clients can obtain IPv6 addresses through DHCPv6.

LAN > VLAN

This section allows you to set up VLAN that provides a network segmentation system to distinguish the LAN clients and separate them into different LAN subnet for enhancing security and controlling traffic.

There are two router models based on the numbers of LAN ports to have two setting types of VLAN and communicate with your devices, one is 1-port LAN and the other is 3-port LANs

Type 1:

For 1-port LAN router model, you can use the Type 1 to configure VLAN. First, the VLAN Mode allows you to select Off or Tag Base (802.1p)

When VLAN Mode is set to Tag Base,the VLAN setting window will show up.

The VLAN Isolation function allow administrator to saparate the different Subnet(VLAN).When it is on,the different Subnet(VLAN) user can not communication each other.

For each row, the settings can be enabled or disabled by checkbox and select the Subnet and the VLAN ID (VID).The Subnet sets up the IP address and IP mask for the router so this router can communicate with the third party by this IP address and IP mask on this VLAN.(Note: The NET1 can't remove it and fixes in the first row.)

Furthermore, the Subnet provides DHCP Server function to allow the third party for the same VLAN to get IP address and IP mask. Therefore, you do not need to configure manually.

(Note: The subnet information will show the Subnet window from the LAN catalogue.)

Item	Description
Mode	The VLAN mode is Off or Tag Base (802.1p VLAN).
VLAN Isolation	The VLAN Isolation is Off or On.
Enable	The assigned row of setting are enabled.
Subnet	The subnet provides IP address and IP mask for the router.
VID	The VLAN ID range is from 1 to 4094.

Type 2:

For 3-port LANs, the VLAN Mode allows you to select Off, Tag Base (802.1p) or Port Base.

When VLAN Mode is set to Tag Base,the VLAN setting window will show up.

The VLAN Isolation function allow administrator to saparate the different Subnet(VLAN).When it is on,the different Subnet(VLAN) user can not communication each other.

For each row, the settings can be enabled or disabled by checkbox and select the Subnet and the VLAN ID (VID). The Subnet sets up the IP address and IP mask for the router so this router can communicate with the third party by this IP address and IP mask on this VLAN.Note: The NET1 can't remove it and fixes in the first column.)

Furthermore, the Subnet provides DHCP Server function to allow the third party for the same VLAN to get IP address and IP mask. Therefore, you do not need to configure manually.

(Note: The subnet information will show the Subnet window from the LAN catalogue.)

There are three ports for Tag Base Mode, including LAN1, LAN2 and LAN3. And one Router port which is a gate allows those ports to access internet or the router. The PVID and Tag Mode are for LAN1, LAN2 and LAN3 ports. The PVID provides the untagged devices to communicate with third-party devices.(Note: The untagged devices mean not to support 802.1p VLANs.)

The Tag Mode can be Trunk or Access. The Trunk allows to carry multiple 802.1p VLANs traffic. The Access allows the untagged devices to communicate with a specific 802.1p VLAN by assigned PVID

Item	Description
Mode	The VLAN mode is Off or Tag Base (802.1p VLAN).
VLAN Isolation	The VLAN Isolation is Off or On.
Enable	The assigned row of settings are enabled.
Subnet	Sets the IP address, IP mask and DHCP server.
VID	The VLAN ID range is from 1 to 4094.
Port	The port is shown to assign the port to a VLAN which the device is connected from LAN 1, LAN2, LAN3 and Router.
PVID	The PVID range from 1 to 4094 Sets the default VLAN ID for untagged devices connected to the port.
Tag Mode	The Trunk port setting is connected to another 802.1p VLAN aware switch or device. The Access port setting is connected to a single untagged device.

When VLAN Mode is set to Port Base, the VLAN setting window will show up.

For each row, the settings can be enabled or disabled by checkbox and assign the port to communicate each other. There are three ports for Port Base Mode, including LAN1, LAN2 and LAN3. And one Router port;which is a gate allows those ports to access internet or the router.

Item	Description
Mode	The VLAN mode is Off, Tag Base (802.1p VLAN) or Port Base.
Enable	The assigned row of setting are enabled.
Port	The port is shown to assign the port to a VLAN which the device is connected from LAN 1, LAN2, LAN3 and Router.

LAN > Subnet

This section allows you to get the information of IP Address and IP Mask and edit for the VLAN Subnets from DHCP Server Configuration.

This Subnet setting is the same with LAN>IPv4 setting and follows with Tag Base Mode of VLAN to enable the function.

IP Routing > Static Route

Item	Description
Mode	The setting is for full network. Select from Off or On.
Settings
Mode	The setting is for the specific network. Select from Off or On.
Name	Set up each name for your running host or network.
Destination	Fill in the destination of a specific subnet or IP from network.
Gateway	Fill in the gateway address of your router.
Interface	Select the interface from LAN or Ethernet.

IP Routing > Policy Route

Note:
Policy Route is only enabled on active interfaces, but it is disabled on deactivated interfaces automatically.

Item	Description
Mode	The setting is for full network. Select from Disable or Enable.
Settings
Mode	The setting is for the specific network. Select from Disable or Enable.
Name	Set up each name for your running host or network.
Source(IP/MASK)	Fill in the source of a specific IP/MASK from network.
Destination(IP/MASK)	Fill in the destination of a specific IP/MASK from network.
Gateway	Fill in the gateway address of your router.
Interface	Select the interface from LAN or Ethernet.

IP Routing > RIP

This section allows you to configure RIP and select the mode from Disable or Enable. The default is Disable.

Note:
RIP (Routing Information Protocol, RFC 2453) is an Interior Gateway Protocol (IGP) and is commonly used in internal networks. It allows a router to exchange its routing information automatically with other routers, and allows it to dynamically adjust its routing tables and adapt to changes in the network.

IP Routing > RIP > General

Item	Description
Mode	Select from Off or On to open or close RIP function.
Redistribute local routes	Select from Off or On to open or close redistribute local routes.
Redistribute connected routes	Select from Off or On to open or close redistribute connected routes.
Redistribute OSPF routes	Select from Off or On to open or close redistribute OSPF routes.
Redistribute BGP routes	Select from Off or On to open or close redistribute BGP routes.

IP Routing > RIP > Interfaces

Item	Description
Mode	Select from Off or On to use or not to use the RIP function in the interface.
Interface	Select from eth1 (WAN Ethernet) or LAN.
Authentication	Select from none or md5 to approve authentication. Note: Please offer Key and Key ID when you select md5 to use HMAC-MD5.
Key	The key used for authentication (maxlength=16).
Key ID	The ID of the key used for authentication (1-255).
Passive	Select from Off or On to send out or not to send out RIP packets on this interface.

IP Routing > OSPF

This section allows you to set up OSPF with three sub configurations, including General, Interfaces and Networks configuration.

IP Routing > OSPF > General

Item	Description
Mode	Select from Off or On to open or close OSPF function.
Redistribute local routes	Select from Off or On to open or close redistribute local routes.
Redistribute connected routes	Select from Off or On to open or close redistribute connected routes.
Redistribute RIP routes	Select from Off or On to open or close redistribute RIP routes.
Redistribute BGP routes	Select from Off or On to open or close redistribute BGP routes.

IP Routing > OSPF > Interfaces

Item	Description
Mode	Select from Off or On to use or not to use the OSPF function in the interface.
Interface	Select from eth1 (WAN Ethernet) or LAN.
Authentication	Select from none or md5 to approve authentication. Note: Please offer Key and Key ID when you select md5 to use HMAC-MD5.
Key	The key used for authentication (maxlength=16).
Key ID	The ID of the key used for authentication (1-255).
Cost	The cost for sending packets via this interface (0: OSPF defaults).
Passive	Select from Off or On to send out or not to send out OSPF packets on this interface.

IP Routing > OSPF > Networks

Item	Description
Mode	Select from Off or On to enable the network setting.
Prefix	Set Prefix of the network
Prefix Length	Set Length of the prefix
Area	Routing area to which this interface belongs (0-65535, 0 means backbone)

IP Routing > BGP

This section allows you to set up BGP with three sub configurations, including General, Neighbors and Networks configuration.

IP Routing > BGP > General

Item	Description
Mode	Off：BGP function is off On：BGP function is on.
Number	number of the autonomous system (1 ~ 4294967295)
Redistribute local routes	Off：Not redistribute local routes from the device's own routing table On：Redistribute local routes from the device's own routing table
Redistribute connected routes	Off：Not redistribute connected routes to networks which are directly connected to the device On：Redistribute connected routes to networks which are directly connected to the device

IP Routing > BGP > Neighbor

The neighbors sub configuration is used to configure all the BGP routers to peer with and the maximum neighbors is 16.

Item	Description
Mode	Select from Off or On to enable the neighbor setting
IP Address	Set IP address of the peer router
AS Number	Autonomous system number of the peer router
Multihop	Allow multiple hops between this router and the peer router
Update Source Mode	Whether to specify the source address to this neighbor
Update Source Address	The source address to this neighbor

IP Routing > BGP > Networks

The networks sub configuration allows to add IP network prefixes that shall be distributed via BGP in addition to the networks that are redistributed from other sources as defined on the general sub configuration and the maximum neighbors is 16.

Item	Description
Mode	Prefix of the network
Prefix	Length of the prefix

VPN > OpenVPN

From Setting tab, you can set up the connection of OpenVPN.

From Log tab, the interface will be shown the status of connection to make you follow the suitation whenever is successful or fail connection.

OpenVPN Common Setting

Item	Description
Mode	Turn on/off OpenVPN to select Disable or Enable.
VPN Mode	Server: Tick to enable OpenVPN server tunnel. Client: Tick to enable OpenVPN client tunnel. The default is Client. Custom: This option allows user to use the .ovpn configuration file to quickly set up VPN tunnel with third-party server or use the OpenVPN advanced options to be compatible with other servers.
VPN Type	Roadwarrior (default) Bridging: Bridging the VPN tunnel and LAN/VLAN
Status	Display the status of OpenVPN.
TLS Mode	Select from Disable or Enable for data security. The default is Disable.
Cipher	The OpenVPN format of data transmission.
IPv6 Mode	Select from Disable or Enable. The default is Disable.
Device	Select from TUN or TAP. The default is TUN.
Protocol	Select from UDP or TCP Client which depends on the application. The default is UDP.
Port	Enter the listening port of remote side OpenVPN server.
VPN Compression	Select Disable or Enable to compress the data stream. The default is Disable.
Authentication	Select from two different kinds of authentication ways: Certificate or pkcs#12 Certificate. The pkcs#12 option is only available on the VPN client mode.

OpenVPN Client Setting

This section allows you configure the OpenVPN client route and authentication files.

The files could be imported by clicking Import button and the file should be downloaded from OpenVPN server.

Item	Description
Server Address	Fill in WAN IP of OpenVPN server.
Route Client Networks	Select from Off or On. This setting needs to match the server side. When enabled, the cellular router will auto apply the properly routing rules.
Local Network
Network	The local network which will be exported by OpenVPN. When this option keep blank, the OpenVPN will export the LAN network automatically.
Netmask	The local netmask which will be exported by OpenVPN. When this option keep blank, the OpenVPN will export the LAN netmask automatically.
NAT
1:1 NAT	Tick to enable NAT Traversal for OpenVPN. This item must be enabled when the router under NAT environment. Select from Off or On. When two routers’ LAN Subnet are same and create OpenVPN tunnels, this function should be turned on.
Client-Security
Root CA	The Certificate Authority file of OpenVPN server could be downloaded from OpenVPN server.
Cert	The certification file is for OpenVPN client, which could be downloaded from OpenVPN server.
Key	The private key file is for OpenVPN client, which could be downloaded from OpenVPN server.
P12	The PKCS#12 file is for OpenVPN client, which could be downloaded from OpenVPN server.

OpenVPN Server Setting

This section allows you to configure the server status of VPN Mode.

Note: When selecting the On option of Route Client Networks, the OpenVPN server will route the client traffic or not.

You should fill in the client IP and netmask when this option is enabled.

Item	Description
VPN Network	The network ID for OpenVPN virtual network.
VPN Netmask	The netmask for OpenVPN virtual network.
Roadwarrior: Route Client Networks	Select from Off or On. The OpenVPN server will route the client traffic or not. User should fill in the client IP and netmask when this option is enabled.
Local Network
Network	The local network which will be exported by OpenVPN. When this option keep blank, the OpenVPN will export the LAN network automatically.
Netmask	The local netmask which will be exported by OpenVPN. When this option keep blank, the OpenVPN will export the LAN netmask automatically.
NAT
1:1 NAT	Tick to enable NAT Traversal for OpenVPN. This item must be enabled when router under NAT environment. Select from Off or On. The default is Off. When two routers’ LAN Subnet are same and create OpenVPN tunnels, this function is turned on.
Server- Server Security
Root CA	Create Root CA key.
Cert, Key and DH	Create Cert, Key and DH key.
Server- User Security
User 1 - User 8	According to your requirement, you can create different kinds of user security key from User 1 to User 8.

OpenVPN Custom Setting

For Custom of VPN Mode, this section helps you use the .ovpn configuration file to quickly set up VPN tunnel with third-party server or use the OpenVPN advance options to be compatible with other servers.

Note: When clicking the Import button, you can import third-party OpenVPN configuration that find out from Internet and save the document into your server or PC.

After importing the file, the interface will show info/download buttons to display the information or downloading the file.

For third-party OpenVPN configuration, suggest from http:

Item	Description
Mode	Select from Disable or Enable. The default is Disable.
VPN Mode	Select from custom mode.
Custom Config	Import OpenVPN configuration.
Username	Fill in the username if the imported file has already set up the username.
Password	Fill in the password if the imported file has already set up the password.
Status	Display the connection status of OpenVPN, such as IP address and the connected time.

VPN > IPSec

Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts the packets of data sent over an IPv4 network.

The router provide the basic control items to control the IPsec overall behavior.

Item	Description
Mode	Running the IPsec VPN or not. Select from Disable or Enable. The default is Disable.
Type	Select from Policy-based or Route-based. The default is Policy-based. Policy-based: transmit traffic that meet the IPsec phase 2 local/remote subnet. Route-based: transmit traffic that match routing table.

Overviews

There have four sub settings to setup the IPsec VPN.

Connections
Authentication IDs
X.509 Certificates
CA Certificates

For the IPsec connection which be authenticated by pre-shared key, it only need to setup the Connections and Authentication IDs

For the IPsec connection which be authenticated by RSA or TLS, the settings must cover the four parts.

Connections

This section provides the information of the IPsec connections.

Each connection will show the State, IKE information and Tunnel information.

In the default setting, the list of connections is empty.

You can create the new connection by click + Add Connection button.

For the edit, you can click the Phase 1 and Phase 2 buttons to edit IPsec phase 1 and phase 2 setting respectively.

For the advance settings (like Dead peer detection, a.k.a DPD), you can click the ... button to edit it.

IPsec Phase 1 Setting

Item	Description
Mode	Select from Disable or Enable. The default is Disable.
Name	Short name or description
Protocol	Select from IKEv1 or IKEv2. The default is IKEv1.
Aggressive mode	Select from Disable or Enable. The default is Disable. When this option be enabled, the connection will running on IKEv1 Aggreesive mode. Note: This option only work on IKEv1
Auth Type	Select from PSK (default), RSA, EAP-TLS. Note: The EAP-TLS is for IKEv2 only.
Encryption	The encyrption algorithm. Select from AES128 (default), AES192, AES256 or 3DES.
Hash	The integrity algorithm. Select from MD5, SHA1 (default) or SHA256.
DH Group	The Diffie Hellman Group. Select from 1(768 bit), 2(1024 bit), 5(1536 bit) (default), 14(2048 bit), 15(3072 bit), 16(4096 bit), 17(6144 bit) or 18(8192 bit).
Lifetime	How long the keying channel of a connection. Select from 30 minutes, 1 hour, 2 hours, 3 hours, 6 hours, 12 hours or 24 hours.
Local Host	The IP address of the router's public network interface. If this value is blank, the connection will automatically detect the correct IP address.
Local ID	The identification for authentication on local peer. Select from the created authentication IDs or empty.
Remote Host	The IP address of the peer gateway's public network interface. If this value is blank, the connection will act the server role to wait the incomming request.
Remote ID	The identification for authentication on remote peer. Select from the created authentication IDs or empty.

IPsec Phase 2 Setting

Item	Description
Protocol	Only support ESP.
Encryption	The encyrption algorithm. Select from AES128 (default), AES192, AES256 or 3DES.
Hash	The integrity algorithm. Select from MD5, SHA1 (default) or SHA256.
DH Group	The Diffie Hellman Group. Select from 1(768 bit), 2(1024 bit), 5(1536 bit) (default), 14(2048 bit), 15(3072 bit), 16(4096 bit), 17(6144 bit) or 18(8192 bit).
Lifetime	How long a particular instance of a connection. Select from 30 minutes, 1 hour, 2 hours, 3 hours, 6 hours, 12 hours or 24 hours.
Local Subnet	The private subnet behind the router. The available formats are A.B.C.D, A.B.C.D/M, A.B::C.D or A.B::C.D/M If this value is blank, the connection will set it as the `Local Host` of Phase 1 setting. Note 1: This option only work on Policy-based IPsec VPN type. Note 2: This option will be setup as 0.0.0.0/0 automatically on IPsec Route-based VPN. Note 3: This option will be omitted when the service option is L2TP. (for host-to-host connection only)
Remote Subnet	The private subnet behind the peer gateway. The available formats are A.B.C.D, A.B.C.D/M, A.B::C.D or A.B::C.D/M If this value is blank, the connection will set it as the `Remote Host` of Phase 1 setting. Note 1: This option only work on Policy-based IPsec VPN type. Note 2: This option will be setup as 0.0.0.0/0 automatically on IPsec Route-based VPN. Note 3: This option will be omitted when the service option is L2TP. (for host-to-host connection only)
Service	Restrict the VPN traffic to the particular protocol only. Select from the Any, TCP, UDP or L2TP.

IPsec Advance Setting

Item	Description
DPD interval	The period time interval to detect dead peers. The default is 30 seconds.
DPD retry	The max number of retry of dead peer detection. The default is 5 times.

Authentication IDs

This section provides the authenticaion ID set to authenticate the IPsec connections.

In the default setting, the list of authentication ID is empty.

You can create the new authentication ID by click + Add Authentication ID button.

Note: Please apply the changes before edit the connection settings.

Item	Description
ID	The identification for authentication. It only work on PSK type.
Type	Select from PSK or RSA. The default is PSK. PSK: Use the pre-shared key to authenticate the connection. RSA: Use the certificate to authenticate the connection.
Pre-shared Key / X.509 Certificate	The X.509 certificate for authentication. The certificate could be generated or imported by X.509 Certificates section.

According the above options, there have some combination to authenticate the IPsec connection.

#	ID	Type	Pre-shared Key / X.509 Certificate	Comment
1		PSK	password	The default password for the PSK connections.
2	remote.ipsec	PSK	2wsx#EDC	The password only for the PSK connection with `remote.ipsec` ID. Normally, this case will be used to authenticate peer gateway.
3	local.ipsec	PSK		The identification for the connection. Normally, this case will be used to announe the ID of the router.
4	test	RSA	`created X.509`	The ID field will be omitted, and use the common name(CN) of X.509 as the ID field.

X.509 Certificates

This section provides the certificates set which could be used by IPsec authentication ID.

Each certificate will show the State and Subject information.

And providing the controlling buttons to let user could import, download or edit the certificate/key files.

Note: Please apply the changes before editing the Authentication IDs settings.

CA Certificates

This section provides the CA certificates set which could check the X.509 certificate valid or not.

There have one self-signed CA (generated by the router).

And it support the user import the self-signed CAs to the router.

The self-signed CA will help the router to verify the self-signed X.509 certificate which be imported on X.509 Certificates section.

Each CA certificate will show the State and Subject information.

And providing the controlling buttons to let user could download or edit the certificate/key files.

IPsec Certificate

Certificate Generation

There have two kinds of certificate could generated by router, one is self-signed CA, the other one is X.509.

To generate the self-signed CA certificate:

Navigate to CA Certificates tab.
Click the Edit button to navigate the Certificate Setting page.
Fill up the information of the CA certificate.
Click the Generate Certificate button and Save.
Click the Apply button to apply the changes.

To generate the X.509 certificate:

Make sure the self-signed CA certificate generated.
Navigate to X.509 Certificates tab.
Add the new X.509 certificate by + Add X.509 button. (if not existed)
Click the Edit button to navigate the Certificate Setting page.
Fill up the information of the X.509 certificate.
Click the Generate Certificate button and Save.
Click the Apply button to apply the changes.

Certificate Setting

Item	Description
Country Name	The 2-letter country code. e.g. US This option is required for certificate generation.
State	The state name. e.g. Some-State
Location	The location name. e.g. city-name
Orgnization Name	The orgnization name. e.g. company-name This option is required for certificate generation.
Orgnization Unit Name	The orgnization unit name.
Common Name	The host name associated with the certificate. e.g. example.com This option is required for certificate generation.
E-mail	The maintainer's E-mail.

Certificate Importing

Same as the Certificate Generation, the router support the CA and X.509 certificate importing.

To import the CA certificate:

Navigate to CA Certificates tab.
Click the + Add CA certificate button.
Select the CA certificate file from browser window.
When the file be selected and everything all right, the newly CA certificate will shown the CA certificate list with Imported state.

To import the X.509 certificate:

Navigate to X.509 Certificates tab.
Click the + Add X.509 button. The list will pop up the balnk X.509 entry.
Click the Cert Import button.
Select the X.509 certificate file from browser window.
When the file be selected and everything all right, the state should be Cert or Key is missed.
Click the Key Import button.
Select the X.509 key file from browser window.
When the state shown Imported, the importing procedure is completed.

How to download the certificate

If the certificate be generated or imported. There have the download button to download each certificate and key file.

Note: When the connection is authenticated by RSA or EAP-TLS, the user must to download the X.509 certificate, key and CA certificate, and import the files to the remote gateway.

VPN > GRE

This section allows you to set GRE configuration. The default mode is off.

Generic Routing Encapsulation (GRE) is one of the available tunneling mechanisms which uses IP as the transport protocol and can be used for arrying many different passenger protocols. The tunnels behave as virtual point-to-point links that have two endpoints identified by the tunnel source and tunnel destination addresses at each endpoint.

Item	Description
Mode	Select from Off or On to enable GRE.
Local Address	Set local address of the GRE tunnel.
Remote Address	Set remote address of the GRE tunnel.
Tunnel Device Address	Set IP address of this GRE tunnel device.
Tunnel Device Address Prefix	Set Prefix of the Tunnel Device Address.

VPN > PPTP Server

This section provides 2 sub configurations, including General Configuration and Clients Configuration.

VPN > PPTP Server > General

Item	Description
Mode	Select from Off or On to enable PPTP Server.
Server Address	IP addresses to be used at the local end of the tunneled PPP links between the server and the client.
Client Address Range	A list of IP addresses to assign to remote PPTP clients.

VPN > PPTP Server > Clients

Item	Description
Mode	Select from Off or On to set the client setting.
Username	The username of this client.
Password	The password of this client.

VPN > L2TP

VPN> L2TP > Server Mode

Item	Description
Mode	Select from Off or On to set the client setting.
Auth	The authentication method for L2TP connection. Available options: PAP, CHAP, MS-CHAP, MS-CHAPv2
Local IP	The virtual IP for L2TP server.
Remote begin IP	The begin address of L2TP client's IP pool.
Remote end IP	The end address of L2TP client's IP pool.
Username	The L2TP client's username. Could be used to add the newly client or update existed client.
Password	The L2TP client's password. Could be used to add the newly client or update existed client.

VPN> L2TP > Client Mode

Item	Description
Mode	Turn on/off this L2TP connection
Server	The L2TP server address or hostname.
Auth	The authentication method for L2TP connection. Should same as L2TP server's auth type.
Username	The username for L2TP authentication.
Password	The password for L2TP authentication.
NAT	Turn on to translate the LAN subnet IP to L2TP virtual IP.
Default route	Turn on to redirect all traffic to L2TP tunnel.

Firewall > Basic Rules

This section allows you to set the Basic Rules configuration.

Item	Description
WAN Ping Blocking	Check IPv4 or IPv6 for blocking.
Guest network	Guest network doesn't allow access device.

Firewall > Port Forwarding

This section allows you to set up Port Forwarding and click edit button to configure.

Item	Description
Mode	Turn on/off Port Forwarding to select Disable or Enable. The default is Disable.
Description	Descript the name of Port Forwarding.
Protocol	Select from UDP or TCP Client which depends on the application.
Source Port Begin	Fill in the beginning of source port.
Source Port End	Fill in the end of source port.
Destination IP	Fill in the current private destination IP.
Destination Port Begin	Fill in the beginning of private destination port.
Destination Port End	Fill in the end of private destination port.

Firewall > DMZ

This section allows you to set the DMZ configuration.

Item	Description
Mode	Select from Disable or Enable. The default is Disable.
Host IP Address	Fill in your Host IP Address.

Firewall > Management IP

Some firewall function may block all user communication,assign Management IP Address to allow administrator to access the Router.

Item	Description
Management IP Address	IP Address. The default 0.0.0.0 means NOT assign.

Firewall > Service PORT

The setting is specified for Router access only.User set it to allow/disallow Router service access from/to outside WAN/inside LAN,for example: access Router Web service.

Item	Description
Mode	Select from Disable or Enable. The default is Disable.
Action	Select from None,Drop or Accept.
Direction	Select from LAN INPUT,WAN INPUT,or ALL INPUT for inward direction; LAN OUTPUT, WAN OUTPUT, or ALL OUTPUT for outward direction.
Protocol	Select from TCP or UDP.
Port	Fill in service port number.For inward direction,it is device's port number.For outward direction,it is server's port number of outside WAN/inside LAN.

Firewall > IP Filter

This section allows you to configure IP Filter. After clicking edit button, you can edit your IP protocol, source/port and destination/port.

The default is Disable Mode.
The default List is Black.When set as Black List,the specific IP address/port in rule will be blocked.When set as White List,the specific IP address/port in rule will be accepted.
Management IP Address is for White List only.Since White List will block all user communication except those has been assigned by rules,so it is better to assign a specific IP address for the administrator to access the Router, that's Management IP Address.
Service Ports is for White List only.The setting is specified for Router access only.The user can set it to allow Router access outside WAN/inside LAN Service,for example: access outside WAN DNS service.Or allow user to acess Router service from outside WAN/inside LAN,for example: access Router Web service.

Item	Description
Mode	Select from Disable or Enable. The default is Disable.
Protocol	Select from All, ICMP, TCP or UDP.
Source IP	Fill in your source IP address.
Source Port	Fill in your source port.
Destination IP	Fill in your destination IP address.
Destination Port	Fill in your destination port.

When selecting Enable Mode, the protocol is TCP. The source IP has IPv4 and IPv6 setting formats.
For Source IP, there are three types to input your source IP that depends on your requirement, including single IP, IP with Mask or giving a range of IP. The following table provides some examples.

IP Format	Single IP	IP with Mask	Ranged IP
IPv4	192.168.0.123	192.168.1.0/24 192.168.1.0/255.255.255.	192.168.1.1-192.168.1.123
IPv6	2607:f0d0:1002:51::4	2607:f0d0:1002:51::0/64	2607:f0d0:1002:51::4- 2607:f0d0:1002:51::aaaa
Note: Setting up a range of IP, please use "-" hyphen symbol to mark your ranged IP.

For Source Port, there are two types to input your source port that depends on your requirement, including single port (e.g.1234) or giving a range of ports (e.g.1234:5678).

Note: Setting up a range of source ports, please use ":" colon symbol to mark your ranged ports.

Firewall > MAC Filter

This section allows you to set up MAC Filter. After clicking edit button, you can edit your MAC address.

Item	Description
Mode	Select from Disable or Enable. The default is Disable.
MAC Address	Fill in your MAC address.

Note: Setting up MAC address, please use ":" colon symbol (e.g. xx : xx : xx : xx) or "-" hyphen symbol to mark (e.g. xx - xx - xx - xx).

Firewall > URL Filter

This section allows you to set up URL Filter. After clicking edit button, you can edit the type of filter and information.

Note: Please not include "https://" for the URL address in the Full Filter.

Item	Description
Mode	Select from Disable or Enable. The default is Disable.
Filter	Select from Key or Full. The default is Key.
Key/Full	Fill in your Key/Full information.

Firewall > NAT

This section allows you to set NAT configuration.

When NAT is on, the router will replace the source private IP address by its Internet public address for outgoing packets, and replace the destination Internet public address by private IP address for incoming packets.

When NAT is off, the router will send the source LAN private IP address for outgoing packets and allow to receive the destination LAN private IP address for incoming packets.

Firewall > IPS

This section allows you to set IPS configuration. IPS prevents the system from being attacked by the Internet.

The system allows to limit the max incoming connection number from WAN per source IP address to prevent system resource exhausted. Also, the system allows to limit the max incoming connection retry number during a specific time period from WAN per source IP address to prevent too many unexpected connections retry event from causing system busy.

Item	Description
Mode	Turn on/off IPS function (default: Off)
Checkbox	Select from Enable or Disable (default).
Total allow incoming connection number	The default number is 10.
Checkbox	Select from Enable or Disable (default).
Max incoming connection retry number	The default number is 20.
Duration time	The default time is 120 seconds.

Service > SNMP

Service > SNMP > Community

Item	Description
Mode	Select from Disable or Enable to configure SNMP.
Community	Configure community setting with three options, including # 1, # 2 and #3.
Mode	Select from Disable or Enable.
Name	Name each community.
Access	Select from Read-Only or Read-Write.

Service > SNMP > SNMP v3 User configuration

Item	Description
Mode	Select from Disable or Enable to configure SNMP. The default is Disable.
Name	Fill in your name.
Auth Mode	Select from Authentication or Privacy.
Authentication Password	Fill in your authentication password.
Authentication Protocol	Select from MD5 or SHA.
Privacy Password	Fill in your privacy password.
Privacy Protocol	Select from DES or AES.
Access	Select from Read-Only or Read-Write.

Service > SNMP > SNMP trap configuration

Item	Description
Mode	Select from Disable or Enable. The default is Disable.
Community Name	Fill in your community name.
Destination	The destination (domain name/IP) of remote SNMP trap server.

Service > TR069

This section allows you to set up TR069 client configuration.

Item	Description
Mode	Select from Disable or Enable. The default is Disable.
ACS URL	Fill in the URL address of ACS(Auto-Configuration Server).
ACS Username	Fill in the ACS username to authenticate the CPE (this router) when connecting to the ACS.
ACS Password	Fill in the ACS password to authenticate the CPE (this router) when connecting to the ACS.
Periodic Inform	Select from Disable or Enable. The default is Disable. The CPE reports the status to the ACS when enabling a period of time set.
Periodic Inform Interval(Sec)	Fill in the periodic time. The CPE reports to ACS the status according to your duration in seconds of the interval set.
Connection Request Username	Fill in the connection request username to authenticate the ACS if the ACS attempts to communicate with the CPE.
Connection Request Password	Fill in the connection request password to authenticate the ACS if the ACS attempts to communicate with the CPE.

Service > Dynamic DNS

This section allows you to set up Dynamic DNS.

Item	Description
Mode	Turn on/off this function to select Disable or Enable. The default is Disable.
Service Provider	Select the Service Provider of Dynamic DNS.
Host Name	Fill in your registered Host Name from Service Provider.
Token ID	Fill in your Token ID from Service Provider.
Host Secret ID	Fill in your Secret ID from Service Provider.
Username	Fill in your registered username from Service Provider.
Password	Fill in your registered password from Service Provider.
Update Period Time (Sec)	Fill in "0" to mean 30 days.
IP Address Selection	Select either Internet IP or WAN IP.

There are six options of Service Provider as below to explain the information.

Service Provider	dynv6.com
Host Name	Register hostname, e.g. tester.dynv6.net
Token ID	The token ID, e.g. v_ABjMMQxeAnWv5UwtuVn1QBriynzq

Service Provider	www.nsupdate.info
Host Name	Register hostname, e.g. tester.nsupdate.info
Host Secret ID	The Host Secret ID, e.g. e2AMDsLmVF

Service Provider	www.duckdns.org
Host Name	Register hostname, e.g. tester.duckdns.org
Token ID	The token ID, e.g.12345678-de49-4e97-a33c-98b159aead2b

Service Provider	no-ip.com
Host Name	Register hostname, e.g. tester.hopto.org
Username	Register username.
Password	Register password.

Service Provider	freedns.afraid.org
Host Name	Register hostname, e.g. tester.mooo.com
Username	Register username.
Password	Register password.

Service Provider	dyndns.org
Host Name	Register hostname, e.g. tester.dyns.com
Username	Register username.
Password	Register password.

Service > VRRP

This section allows you to configure VRRP.

Item	Description
Mode	Select from Disable or Enable. The default is Disable.
Group ID	Specify which VRRP group of this router belong to (1-255). The default is 1.
Priority	Enter the priority value from 1 to 254. The larger value has higher priority. The default is 100.
Virtual IP	Each router in the same VRRP group must have the same virtual IP address. The default is 0.0.0.0. This virtual IP address must belong to the same address range as the real IP address of the interface.

Service > MQTT

This section makes you configure MQTT which allows the MQTT client to send the message within specific topic or channel. By default, the router does not allow anonymous to read/write the MQTT topic or channel. Thus, you need to create the account with username and password for MQTT client in the web UI.

Item	Description
Mode	Select from Disable or Enable. The default is Disable.
Port	Fill in the port number of MQTT application.
Manage Users	Create the users and show all users’ names. Allow each user to delete their name.
Username	Fill in the username of manage user.
Password	Fill in the password of manage user.
ACLs	Allow to specify what topic should be limited.
User	Select the users and identify their authority to read or write the MQTT topic/channel.
Topic	Name the topic of MQTT message.

Service > UPnP

This section allows you to set up UPnP confirguration to select the mode from Disable or Enable. The default UPnP is enabled for the cellular router.

Note: UPnP™ (Universal Plug and Play) is a set of protocols that allows a PC to automatically discover other UPnP devices (anything from an Internet gateway device to a light switch), retrieve an XML description of the device and its services, control the device, and subscribe to real-time event notification.

PCs using UPnP can retrieve the cellular router's WAN IP address, and automatically create NAT port maps. This means that applications that support UPnP, and are used with UPnP enabled cellular router, will not need application layer gateway support on the cellular router to work through NAT.

Service > SMTP

Item	Description
Mode	Select from Disable or Enable. The default is Disable.
Server	The email will be sent through the server.
Port	There are three ports for SMTP communication between mail servers. Port 25: Use TCP port 25 without encryption. Port 465: SMTP connections secured by SSL. Port 587: SMTP connections secured by TLS.
Username/Password	Fill in your username and password as the same your server.

Service > IP Alias

This section allows you to set IP Alias configuration.

IP Alias is associating more than one IP address to a network interface. With IP Alias, one node on a network can have multiple connections to a network, each serving a different purpose.

IP Alias can be used to provide multiple network addresses on a single physical interface.

Item	Description
Mode	Select from Off or On to enable the IP Alias.
Entries	The setting can be edited or deleted the existed entries.
Add/Edit IP Alias Entry	Mode: select from Off or On to use or not use this entry. Interface: the interface you want to provide the additional address. Addr: the IP address. Mask: the network mask.

Service > QoS

QoS (Quality of Service) refers to a network ability to achieve maximum bandwidth and allow minimum bandwidth. It guarantees the minimum and limit the maximum bandwidth for certain class of traffic. The QoS configuration has three parts, including Interface bandwidth, QoS and Status.

Interface bandwidth allows user to configure the max bandwidth of the specific interface.
QoS configuration allows user to classify the traffic. Once classified, the traffic will have the guarantee minimum and limit maximum bandwidth.
Status allows user to monitor the dynamic bandwidth usage.

QoS > Interface Bandwidth

User can assign Bandwidth for each interface. The Bandwidth unit is kilobits per second.

To prevent guaranteed traffic loss, the assigned bandwidth is better not to exceed the real bandwidth because the allowable traffic quantity may exceed the real bandwidth.

Each Interface has its bandwidth management and in charge to management the traffic egress from the interface.
Interface with Upstream selection is WAN(Upstream) interface.It is in charge to managemnt the traffic egree out to internet from the interface.
Interface with Upstream and Downstream selection is LAN(Downstream) interface.It is in charge to managemnt the traffic egree out to LAN from the interface.
The Upstream selection in LAN interface allow user to decide whether the traffic ingress from the interface to be mangmeneted by WAN interface or not.

QoS > QoS

You can select QoS tab to show an overall view for QoS configuration.

At right side of window, there are three buttons.

Edit button allows you to edit QoS Entry and configure QoS settings.

Up/Down arrow button allow you to adjust priority of the QoS entry. The first QoS entry is the highest priority.

The QoS entry configuration page has three parts for classify traffic, assign bandwidth, and group IP address bandwidth.

Classify traffic by following items:

Item	Description
Mode	Select from Disable or Enable QoS.
Name	The setting can be edited or deleted the existed entries.
Direction	When selecting Upstream for LAN to WAN traffic, the Port Begin/End is for public server. When selecting Downstream for WAN to LAN traffic, the Port Begin/End is for public server. When selecting Upstream (LAN server) for WAN to LAN traffic, the Port Begin/End is for LAN server. When selecting Downstream (LAN server) for LAN to WAN traffic, the Port Begin/End is for LAN server.
Interface/Min rate(Result)/Max rate	For traffic from LAN to WAN by selecting Direction, the egress interfaces WAN(Upstream) show up For traffic from WAN to LAN by selecting Direction, the egress interfaces LAN(Downstream) show up Max Rate: The unit is kilobits per second.It is the limit bandwidth. Min Rate: The unit is kilobits per second. Min Rate guarantee the minimum bandwidth. Result : It show the per IP Address Min Rate when Bandwidth divided for each IP Address selected.
IPv4v6 Address	Choose four types to set address format, including All, Single, Subnet, and Range. All is for none. Single is for single IP address. Subnet is for IP address with subnet mask bit. Range is for the specified range between two IP addresses. Hint: When [RANGE] is selected, compare the difference from left to right octet and find out different octet for setting the specified range of IP address. All other parts after different octet would be ignored.
Bandwidth divided for each IP Address	This feature is used for multiple user which would like to share the same Max rate but still have their Min rate,it show up ONLY when IP Type is Subnet or Range. When selected, the bandwidth assigned by Min Rate will be divided by the number of IP addresses and it show on the Result field of the selected Interface The subnet mask bit in IP Type Subnet is octet boundary and the number of IP addresses is one octet too, 256, from subnet mask bit to subnet mask plus eight bit.
Max. Number of Simultaneous Users	This feature is used to increase the Min Rate for each IP address and it show up ONLY when Bandwidth divided for each IP Address selected. The number of IP Address assigned in IPv4v6 Address may associate with DHCP IP range,hence if the Max. Number of Simultaneous Users is far smaller than it,then set the vlaue can increase the Min Rate for each IP Address effectively. When selected and assign the value, the bandwidth assigned by Min Rate will be divided by the value and it show on the Result field of the selected Interface
Protocol	All is for none. UDP is for User Datagram Protocol. TCP is for Transmission Control Protocol.
Port Begin/Port End	the TCP/UDP service port
VLAN follow vid of	NONE. NET1 - NET8. Note:For NET1 to NET8, make sure the related subnet is enabled at VLAN->Tag Base. The VLAN ID, vid, will be the VID field of the related Subnet at VLAN->Tag Base.
COS (Class of Service or 802.1q)	NONE or 0~7. It is class of service for VLAN.

QoS > Status

Refresher Setting select the showed content of bandwidth usage by following items:

Refresh rate: how long the browser will update the showed content once.
Show detail bandwidth for each IP address: show each IP bandwidth usage.
Apply Refresh Setting button: press this button to take above new setting effect.

Data part is the content of bandwidth usage.

Service > IPv6

This section allows you to set the Service > IPv6 configuration.

Item	Description
Mode	IPV6 master switch,select from Disable or Enable. The default is Enable.

Management > Identification

Item	Description
Model Name	show the model name of the device
LAN MAC Address	show the MAC address of LAN interface
WAN MAC Address	show the MAC address of WAN interface
Software Version	show the software version currently running on the device
Firmware Version	show the firmware version currently running on the device
Hardware Version	show the hardware version of the PCBA used at this device
Software MCSV	show the software MCSV of the running firmware
Hardware MCSV	show the harware MCSV of the device
Serial Number	show the serial number of the device
Modem Firmware Version	show the modem firmware version of the device
IMEI	show the IMEI - International Mobile Equipment Identity
Uptime	show the current system uptime
FOTA check time	Show the FOTA check time.
FOTA Software Version	Show the FOTA software version.
FOTA next check time	Show the FOTA next check time.

Management > Administration

This section allows you to set up the name of router and change your new password. For the Session TTL, you can set up what duration of time will be logout. If you don’t need to have this timeout limitation, you can fill in “0“(Zero). The default timeout is 5 minutes.

After logging in the system, you can set up the status of user and divide into three levels for setting user's authority, including Super User, Administrator, and Read Only. For Guest, this status is without any authority. All users log in or log out and they need to have Web UI log records.

Status	Super User	Administration	Rean Only	Guest
User name	system account (root/admin)	only Super User can modify	only Super User can modify	N/A
Password	configurable	configurable	configurable	N/A
Permission	Add/Delete/Modify all users' accounts except Super User. Read/Write Configuration	Read/Write Configuration	only Read Configuration	N/A

Management > Contacts / Duty Schedule

Contacts

Contacts allows you to create the groups, and add the users.

+Add Group: Please fill out group name.
+Add User: Please fill out Name/Phone/E-Mail/Groups.

Duty Schedule

Please select duty date for every group. The trust and responsible groups can receive alarm, perform SMS actions and input SMS alarm.

Management > SSH

Secure Shell (SSH) allows user to configure system via a secure channel. User can configure system from either public domain or local LAN.

Item	Description
Mode	Select from Disable or Enable SSH function.
Server Port	The port number is where SSH server works on.
Access Control	Allow All: Any client who own the IPv4v6 Address can reach system is able to connect system. Allow specified IPv4v6 Address below: Only those configured IPv4v6 Address client are allowed to connect system.

Management > Fail2Ban

Fail2Ban is an intrusion prevention feature that protects the device from brute-force login attacks.

Item	Description
Mode	Select from Disable or Enable. The default is Enable.
Retry	The limit for maximun login retries/attempts.
Ban Time(s)	The banned time(s) for user or IP when it exceeded the retry limit.

Management > Web

This section allows user to change the HTTP port via HTTP. As long as pressing Apply, the web daemon will restart the new configuration, and you won’t see the response at the web browser.

Item	Description
HTTP Port	The TCP port listened by HTTP daemon.
HTTPS Port	The TCP port listened by HTTPS daemon.

After pressing Apply button, the device will apply immediately and give you some hints "Please use new port to access latter". For example, port 3000.

Management > Firmware

This section provides you to upgrade the firmware of the device

Click Select the firmware to upgrade button to choose your current firmware version in your PC.
Select Upgrade button to update.
After upgrading successfully, please reboot the device.

Management > Modem Firmware

This section provides you to upgrade the firmware of the LTE modem

Click Select the firmware to upgrade button to choose your current firmware version in your PC.
Select Upgrade button to update.
After upgrading successfully, please reboot the device.

Management > Configuration

This section supports you to export or import the configuration file.

Click Backup the running configurations button to export your current configurations.
Click Select the configuration file to restore button to import the configuration file.

Management > Load Factory

This section supports you to load the factory default configuration and restart the device immediately. You can click the Load Factory and Restart button.

Management > Restart

This section allows you to click Restart button to restart the device.

Management > Schedule Reboot

The setting allows you to schedule the reboot time regularly.

Schedule Type – Interval
Schedule Type - Per Day
Schedule Type - Per Week
Schedule Type - Per Month

Management > FOTA

This section allows you to set up the Firmware Over-the-Air.

Firmware Over the Air

Item	Description
Enable	Enable or disable the FOTA function, which is Enabled by default.
Check only the new firmware version (not upgrade)	Only check, not download firmware from the server.
Server URL	Enter custom server URL.

Schedule

Item	Description
	You can choose Auto or Custom, which is Auto by default.
Auto	There are two options for automatic, every day or every week.
Custom	You can choose the time or execute it immediately

Status

Show the status information after running. Update information server, Firmware download server, FOTA check time, FOTA software version, Result, FOTA next check time.

Diagnosis > Ping

Item	Description
Use Interface As Source	use or not use the Interface as source
Use Interface	APN1 / APN2
Host	the host name or the host IP address

Diagnosis > Traceroute

Item	Description
Use Interface As Source	use or not use the Interface as source
Use Interface	APN1 / APN2
Host	the host name or the host IP address

Diagnosis > TTY2TCP

Item	Description
Port number	the port number to issue tty2tcp
Start	start tty2tcp
Stop	stop tty2tcp