Pepwave MAX User Manual Pepwave Products: MAX BR2 Pro / BR2 Pro / MAX BR2 Pro LTE / MAX BR2 Pro LTEA / MAX -CX2-Mini / MAX CX2 Mini / CX2 Mini / MAX-BR2-PRO-LTE-E-T / MAX-BR2-PRO-LTE-US-T / MAX-BR2-PROLTEA-W-T / UBR LTE / UBR-LTE-US-T-PRM / MAX UBR LTE / MAX UBR / MAX UBR LTEA / UBR / Pismo941 / UBR-LTE / UBR-LTE-US-T / UBR-LTEA-W-T / UBR-LTEA-W-T-PRM / MAX BR1 Pro / MAX BR1 Pro LTE / MAX BR1 Pro LTEA / MAX-BR1-PRO-LTEA-W-T / MAX-BR1-LTE-US-T / UBR-LTE-EJ-T-PRM Pepwave Firmware 8.0.
Table of Contents Introduction and Scope 7 Glossary 8 Product Features Supported Network Features WAN LAN VPN Firewall Captive Portal Outbound Policy AP Controller QoS Other Supported Features 9 9 9 10 10 10 10 10 11 11 11 Pepwave MAX Mobile Router Overview MAX BR2 Pro 134 13 Advanced Feature Summary Drop-in Mode and LAN Bypass: Transparent Deployment QoS: Clearer VoIP Per-User Bandwidth Control High Availability via VRRP USB Modem and Android Tethering Built-In Remote User VPN Support SIM-card USSD
Basic Settings Port Settings Captive Portal 24 33 34 Configuring the WAN Interface(s) Ethernet WAN DHCP Connection Static IP Connection PPPoE Connection L2TP Connection Cellular WAN Wi-Fi WAN Creating Wi-Fi Connection Profiles WAN Health Check Dynamic DNS Settings 36 37 40 440 41 43 44 549 57 58 60 Advanced Wi-Fi Settings 62 ContentHub Configuration ContentHub Configuring the ContentHub Configure a website to be published from the ContentHub Configure an application to be published from the ContentHub
Algorithm: Priority Algorithm: Overflow Algorithm: Least Used Algorithm: Lowest Latency Expert Mode 94 94 95 95 96 Inbound Access Port Forwarding Service UPnP / NAT-PMP Settings 96 96 99 NAT Mappings 99 QoS User Groups Bandwidth Control Application Application Prioritization Prioritization for Custom Applications DSL/Cable Optimization 101 10001 10102 10102 10102 10103 10203 Firewall Outbound and Inbound Firewall Rules Access Rules Apply Firewall Rules to PepVpn Traffic Intrusion Detection and DoS P
High Availability Certificate Manager Service Forwarding SMTP Forwarding Web Proxy Forwarding DNS Forwarding Custom Service Forwarding Service Passthrough UART GPS Forwarding Ignition Sensing Ignition Sensing installation GPIO Menu Grouped Networks SIM Toolkit 11820 12123 12224 125 12326 12426 12426 12426 12629 12831 12832 12932 13134 13235 13235 AP - access point AP Controller Wireless SSID Settings 13538 13538 13538 13942 AP Controller Status Info Access Point (Usage) Wireless SSID Wireless Client Nea
SNMP InControl Configuration Feature Add-ons Reboot 166 168 169 170 170 Tools Ping Traceroute Test PepVPN Test Wake-on-LAN CLI (Command Line Interface Support) 171 171 171 172 172 173 Status Device GPS Data Active Sessions Client List WINS Client UPnP / NAT-PMP OSPF & RIPv2 BGP SpeedFusion Status Event Log WAN Quality Usage Reports Real-Time 182 Daily Monthly 174 174 175 176 177 178 178 179 179 180 182 184 184 185 186 187 188 Appendix B: Declaration 191 https://www.peplink.
1 Introduction and Scope Pepwave routers provide link aggregation and load balancing across multiple WAN connections, allowing a combination of technologies like 3G HSDPA, EVDO, 4G LTE, Wi-Fi, external WiMAX dongle, and satellite to be utilized to connect to the Internet. The MAX wireless SD-WAN router series has a wide range of products suitable for many different deployments and markets. Entry level SD-WAN models such as the MAX BR1 are suitable for SMEs or branch offices.
Glossary The following terms, acronyms, and abbreviations are frequently used in this manual: Term Definition 3G 3rd generation standards for wireless communications (e.g., HSDPA) 4G 4th generation standards for wireless communications (e.g.
2 WAN Wide Area Network WINS Windows Internet Name Service WLAN Wireless Local Area Network Product Features Pepwave routers enable all LAN users to share broadband Internet connections, and they provide advanced features to enhance Internet access. Our Max BR wireless routers support multiple SIM cards. They can be configured to switch from using one SIM card to another SIM card according to different criteria, including wireless network reliability and data usage.
2.1.2 LAN ● ● ● ● ● ● Wi-Fi AP Ethernet LAN ports DHCP server on LAN Extended DHCP option support Static routing rules VLAN on LAN support 2.1.3 VPN ● ● ● ● ● ● ● ● ● ● ● PepVPN with SpeedFusionTM PepVPN performance analyzer X.
● ● service Traffic prioritization and DSL optimization Prioritize and route traffic to VPN tunnels with Priority and Enforced algorithms 2.1.7 AP Controller ● ● Configure and manage Pepwave AP devices Review the status of connected APs 2.1.8 QoS ● ● ● ● 2.
● ● IPv6 support Support USB tethering on Android 2.2+ phones * Not supported on MAX Surf-On-The-Go, and BR1 variants https://www.peplink.
3 Pepwave MAX Mobile Router Overview 3.1 BR2 Pro 3.1.1 Panel Appearance 3.1.2 LED Indicators The statuses indicated by the front panel LEDs are as follows: Status Indicators Status https://www.peplink.
Wi-Fi AP and Wi-Fi WAN Indicators Wi-Fi WAN Wi-Fi AP OFF Disconnected Blinking slowly Connecting to network Blinking Connected to network with traffic ON Connected to network without traffic OFF Disabled Blinking slowly Enabled but no client connected Blinking Connected to network with traffic ON Client(s) connected to wireless network LAN and Ethernet WAN Ports Green LED Orange LED Port Type https://www.peplink.
4 Advanced Feature Summary 4.1 Drop-in Mode and LAN Bypass: Transparent Deployment As your organization grows, it needs more bandwidth. But modifying your network would require effort better spent elsewhere. In Drop-in Mode, you can conveniently install your Peplink router without making any changes to your network. And if the Peplink router loses power for any reason, LAN Bypass will safely and automatically bypass the Peplink router to resume your original network connection.
4.3 Per-User Bandwidth Control With per-user bandwidth control, you can define bandwidth control policies for up to 3 groups of users to prevent network congestion. Define groups by IP address and subnet, and set bandwidth limits for every user in the group. 4.4 High Availability via VRRP When your organization has a corporate requirement demanding the highest availability with no single point of failure, you can deploy two Peplink routers in High Availability mode.
4.5 USB Modem and Android Tethering For increased WAN diversity, plug in a USB LTE modem as backup. Peplink routers are compatible with over 200 modem types. You can also tether to smartphones running Android 4.1.X and above. Compatible with: MAX 700, HD2 (all variants except IP67), HD4 (All variants) 4.6 Built-In Remote User VPN Support Use OpenVPN or L2TP with IPsec to safely and conveniently connect remote clients to your private network.
4.7 SIM-card USSD support Cellular-enabled routers can now use USSD to check their SIM card’s balance, process prepaid cards, and configure carrier-specific services. Click here for full instructions on using USSD. https://www.peplink.
5 Installation The following section details connecting Pepwave routers to your network. 5.1 Preparation Before installing your Pepwave router, please prepare the following as appropriate for your installation: ● ● ● 5.
The following figure schematically illustrates the resulting configuration: 5.3 Configuring the Network Environment To ensure that the Pepwave router works properly in the LAN environment and can access the Internet via WAN connections, please refer to the following setup procedures: ● LAN configuration For basic configuration, refer to Section 8, Connecting to the Web Admin Interface. For advanced configuration, go to Section 9, Configuring the LAN Interface(s).
6.2 Car Mount The Pepwave MAX700/HD2 can be mounted in a vehicle using the included mounting brackets. Place the mounting brackets by the two sides and screw them onto the device. 6.3 IP67 Installation Guide Installation instructions for IP67 devices can be found here: http://download.peplink.com/manual/IP67_Installation_Guide.pdf 7 Connecting to the Web Admin Interface 1. Start a web browser on a computer that is connected with the Pepwave router through the LAN. 2.
The Dashboard shows current WAN, LAN, and Wi-Fi AP statuses. Here, you can change WAN connection priority and switch on/off the Wi-Fi AP. For further information on setting up these connections, please refer to Sections 8 and 9. Device Information displays details about the device, including model name, firmware version, and uptime. For further information, please refer to Section 22. Important Note Configuration changes (e.g. WAN, LAN, admin settings, etc.
8 Configuring the LAN Interface(s) 8.1 Basic Settings LAN interface settings are located at Network>LAN>Network Settings. Navigating to that page will show the following dashboard: This represents the LAN interfaces that are active on your router (including VLAN). A grey “X” means that the VLAN is used in other settings and cannot be deleted. You can find which settings are using the VLAN by hovering over the grey “X”. Alternatively, a red “X” means that there are no settings using the VLAN.
Network Settings Name VLAN ID Inter-VLAN routing Enter a name for the LAN. Enter a number for your VLAN. Check this box to enable routing between virtual LANs. Layer 2 PepVPN Bridging The remote network of the selected PepVPN profiles will be bridged with this local PepVPN Profiles LAN, creating a Layer 2 PepVPN, they will be connected and operate like a single to Bridge LAN, and any broadcast or multicast packets will be sent over the VPN.
connected not act as a router, and most Layer 3 routing functions will cease to work. Click on the question Mark if you want to enable DHCP Option 82. DHCP Option 82 This allows the device to inject Option 82 with Router Name information before forwarding the DHCP Request packet to a PepVPN peer, such that the DHCP Server can identify where the request originates from.
this unit's built-in WINS server by entering this unit's LAN IP address in their DHCP WINS Server setting. Afterward, all PC clients in the VPN can resolve the NetBIOS names of other clients in remote peers. If you have enabled this option, a list of WINS clients will be displayed at Status>WINS Clients. BOOTP Extended DHCP Option DHCP Reservation Check this box to enable BOOTP on older networks that still require it. In addition to standard DHCP options (e.g.
Static Route Settings Static Route This table is for defining static routing rules for the LAN segment. A static route consists of the network address, subnet mask, and gateway address. The address and subnet mask values are in w.x.y.z format. The local LAN subnet and subnets behind the LAN will be advertised to the VPN. Remote routes sent over the VPN will also be accepted. Any VPN member will be able to route to the local subnets. Press to create a new route. Press to remove a route.
DNS Proxy Settings Enable To enable the DNS proxy feature, check this box, and then set up the feature at Network>LAN>DNS Proxy Settings. A DNS proxy server can be enabled to serve DNS requests originating from LAN/PPTP/SpeedFusionTM peers. Requests are forwarded to the DNS servers/resolvers defined for each WAN connection. DNS Caching This field is to enable DNS caching on the built-in DNS proxy server.
If a SpeedFusionTM peer is selected, you may enter the VPN peer’s DNS resolver IP address(es). Queries will be forwarded to the selected connections’ resolvers. If all of the selected connections are down, queries will be forwarded to all resolvers on healthy WAN connections. A - Advanced feature, please click the button on the top right hand corner to activate. Finally, if needed, configure Bonjour forwarding, Apple’s zero configuration networking protocol.
IP Settings IP Address & Subnet Mask Enter the Pepwave router’s IP address and subnet mask values to be used on the LAN. Network Settings Name VLAN ID Inter-VLAN routing Captive Portal Enter a name for the LAN. Enter a number for your VLAN. Check this box to enable routing between virtual LANs. Check this box to turn on captive portals. DHCP Server Settings DHCP Server https://www.peplink.
prevent IP address collisions on the LAN. To enable DHCP bridge relay, please click the IP Range & Subnet Mask Lease Time icon on this menu item. These settings allocate a range of IP addresses that will be assigned to LAN computers by the Pepwave router’s DHCP server. This setting specifies the length of time throughout which an IP address of a DHCP client remains valid. Upon expiration of Lease Time, the assigned IP address will no longer be valid and the IP address assignment must be renewed.
DHCP Relay Settings Enable Check this box to turn on DHCP relay. Click the icon to disable DHCP relay. Enter the IP addresses of one or two DHCP servers in the provided fields. The DHCP Server IP DHCP servers entered here will receive relayed DHCP requests from the LAN. For active-passive DHCP server configurations, enter active and passive DHCP server Address relay IP addresses in DHCP Server 1 and DHCP Server 2.
Captive Portal Settings Enable Check Enable and then, optionally, select the LANs/VLANs that will use the captive portal. Hostname To customize the portal’s form submission and redirection URL, enter a new URL in this field. To reset the URL to factory settings, click Default. Access Mode Click Open Access to allow clients to freely access your router. Click User Authentication to force your clients to authenticate before accessing your router. This authenticates your clients through a RADIUS server.
Fill in the necessary information to complete your connection to the server and enable authentication. Access Quota Set a time and data cap to each user’s Internet usage. Quota Reset Time This menu determines how your usage quota resets. Setting it to Daily will reset it at a specified time every day. Setting a number of minutes after quota reached establish a timer for each user that begins after the quota has been reached.
Portal Customization Logo Image Message Terms & Conditions Custom Landing Page 9 Click the Choose File button to select a logo to use for the built-in portal. If you have any additional messages for your users, enter them in this field. If you would like to use your own set of terms and conditions, please enter them here. If left empty, the built-in portal will display the default terms and conditions. Fill in this field to redirect clients to an external URL.
To disable a particular WAN connection, drag on the appropriate WAN by holding the left mouse button, move it the Disabled row, and drop it by releasing the mouse button. You can also set priorities on the Dashboard. Click the Details button in the corresponding row to modify the connection setting. Important Note Connection details will be changed and become effective immediately after clicking the Save and Apply button. 9.
● ● ● PING - ICMP PING packets will be issued to test connectivity with configurable target IP addresses or host names. DNS Lookup - DNS lookups will be issued to test the connectivity with configurable target DNS server IP addresses. HTTP - HTTP connections will be issued to test the connectivity with configurable URLs and strings to match. Default: DNS Lookup These fields are for specifying the target IP addresses or host names where ICMP Ping packets will be sent to for health check.
Allowance Monitor connection for each billing cycle. When this option is not enabled, bandwidth usage of each month is still being tracked but no action will be taken. If Email Notification is enabled, you will receive an email notification when usage hits 75% and 95% of the monthly allowance. Action If the box Disconnect when usage hits 100% of monthly allowance is checked, this WAN connection will be disconnected automatically when the usage hits the monthly allowance.
9.1.1 DHCP Connection There are four possible connection methods: 1. DHCP 2. Static IP 3. PPPoE 4. L2TP The DHCP connection method is suitable if the ISP provides an IP address automatically using DHCP (e.g., satellite modem, WiMAX modem, cable, Metro Ethernet, etc.). DHCP Connection Settings Routing Mode IP Address/ Subnet Mask/ Default Gateway NAT allows substituting the real address in a packet with a mapped address that is routable on the destination network.
enter custom DNS server addresses for this WAN connection into the DNS Server 1 and DNS Server 2 fields. 9.1.2 Static IP Connection The static IP connection method is suitable if your ISP provides a static IP address to connect directly. Static IP Settings Routing Mode NAT allows substituting the real address in a packet with a mapped address that is routable on the destination network. By clicking the help icon in this field, you can display the IP Forwarding option, if your network requires it.
PPPoE Settings Routing Mode IP Address / Subnet Mask / Default Gateway PPPoE Username / Password Confirm PPPoE Password NAT allows substituting the real address in a packet with a mapped address that is routable on the destination network. By clicking the help icon in this field, you can display the IP Forwarding option, if your network requires it. This information is obtained from the ISP automatically. Enter the required information in these fields in order to connect via PPPoE to the ISP.
9.1.4 L2TP Connection L2TP has all the compatibility and convenience of PPTP with greater security. Combine this with IPsec for a good balance between ease of use and security. L2TP Settings L2TP Username / Password Enter the required information in these fields in order to connect via L2TP to your ISP. The parameter values are determined by and can be obtained from your ISP. Confirm L2TP Password Verify your password by entering it again in this field.
the PPPoE server.) When Use the following DNS server address(es) is selected, you can enter custom DNS server addresses for this WAN connection into the DNS server 1 and DNS server 2 fields. 9.2 Cellular WAN To access cellular WAN settings, click Network>WAN>Details. Cellular Status IMSI This is the International Mobile Subscriber Identity which uniquely identifies the SIM card. This is applicable to 3G modems only. MEID Some Pepwave routers support both HSPA and EV-DO.
ESN This serves the same purpose as MEID HEX but uses an older format. IMEI This is the unique ID for identifying the modem in GSM/HSPA mode. Connection Settings WAN Connection Name Enable Routing Mode Subnet Selection Connection Priority https://www.peplink.com Indicate a name you wish to give this WAN connection Click the checkbox to toggle the on and off state of this connection. This option allows you to select the routing method to be used in routing IP frames via the WAN connection.
If Backup is chosen, the WAN connection will depend on other WAN connections. It will not be used when one or more higher priority dependent WAN connections are connected. Independent from Backup WANs Idle Disconnect If this is checked, the connection will be working independent from other Backup WAN connections. Those in Backup Priority will ignore the status of this WAN connection, and will be used when none of the other higher priority connections are available.
Cellular Settings SIM Card Indicate which SIM card this cellular WAN will use. Only applies to cellular WAN with redundant SIM cards. Preferred SIM Card If both cards were enabled on the above field, then you can designate the priority of the SIM card slots here. LTE/3G This drop-down menu allows restricting cellular to particular band. Click the button to enable the selection of specific bands.
If email notification is enabled, you will be notified by email when usage hits 75% and 95% of the monthly allowance. If Disconnect when usage hits 100% of monthly allowance is checked, this WAN connection will be disconnected automatically when the usage hits the monthly allowance. It will not resume connection unless this option has been turned off or the usage has been reset when a new billing cycle starts.
state. When Remain connected is chosen, bringing up this WAN connection to active makes it immediately available for use. When Internet traffic is not detected within the user-specified timeframe, the modem Idle Disconnect will automatically disconnect. Once the traffic is resumed by the LAN host, the connection will be re-activated. Health Check Settings Health Check Method This setting allows you to specify the health check method for the cellular connection.
● ● tzo.com DNS-O-Matic Select Disabled to disable this feature. See Section 9.5 for configuration details. MTU MTU 9.3 This field is for specifying the Maximum Transmission Unit value of the WAN connection. An excessive MTU value can cause file downloads stall shortly after connected. You may consult your ISP for the connection's MTU value. Wi-Fi WAN To access Wi-Fi WAN settings, click Network>WAN>Details.
Standby State This setting specifies the state of the WAN connection while in standby. The available options are Remain Connected (hot standby) and Disconnect (cold standby). MTU This setting specifies the maximum transmission unit. By default, MTU is set to Custom 1440. You may adjust the MTU value by editing the text field. Click Default to restore the default MTU value. Select Auto and the appropriate MTU value will be automatically detected.
can configure the output power here. Click the “boost” button for additional power. However, with that option ticked, output power may exceed local regulatory limits. Roaming Checking this box will enable Wi-Fi roaming. Click the options. icon for additional Connect to Any This option is to specify whether the Wi-Fi WAN will connect to any open mode Open Mode AP access points it finds. Beacon Miss Counter This sets the threshold for the number of missed beacons.
Health Check Settings Method This setting specifies the health check method for the WAN connection. This value can be configured as Disabled, PING, DNS Lookup, or HTTP. The default method is DNS Lookup. For mobile Internet connections, the value of Method can be configured as Disabled or SmartCheck. Health Check Disabled When Disabled is chosen in the Method field, the WAN connection will always be considered as up. The connection will NOT be treated as down in the event of IP routing errors.
DNS lookups will be issued to test connectivity with target DNS servers. The connection will be treated as up if DNS responses are received from one or both of the servers, regardless of whether the result was positive or negative. Health Check DNS Servers This field allows you to specify two DNS hosts’ IP addresses with which connectivity is to be tested via DNS Lookup.
Timeout This setting specifies the timeout in seconds for ping/DNS lookup requests. The default timeout is 5 seconds. Health Check Interval This setting specifies the time interval in seconds between ping or DNS lookup requests. The default health check interval is 5 seconds. Health Check Retries This setting specifies the number of consecutive ping/DNS lookup timeouts after which the Peplink Balance will treat the corresponding WAN connection as down. Default health retries is set to 3.
User ID / User / Email This setting specifies the registered user name for the dynamic DNS service. Password / Pass / TZO Key This setting specifies the password for the dynamic DNS service. Update All Hosts Check this box to automatically update all hosts. Hosts / Domain This setting specifies a list of hostnames or domains to be associated with the public Internet IP address of the WAN connection.
Wi-Fi Connection Profile Settings Type Network Name (SSID) Select whether the network will connect automatically or manually. Enter a name to represent this Wi-Fi connection. This option allows you to select which security policy is used for this wireless network. Available options: ● Open ● WEP ● WPA/WPA2 – Personal ● WPA/WPA2 – Enterprise Security https://www.peplink.
9.4 WAN Health Check To ensure traffic is routed to healthy WAN connections only, the Pepwave router can periodically check the health of each WAN connection. The health check settings for each WAN connection can be independently configured via Network>WAN>Details. Health Check Settings Method This setting specifies the health check method for the WAN connection. This value can be configured as Disabled, PING, DNS Lookup, or HTTP. The default method is DNS Lookup.
If Use first two DNS servers as Health Check DNS Servers is checked, the first two DNS servers will be the DNS lookup targets for checking a connection's health. If the box is not checked, Host 1 must be filled, while a value for Host 2 is optional. If Include public DNS servers is selected and no response is received from all specified DNS servers, DNS lookups will also be issued to some public DNS servers.
requests. The default health check interval is 5 seconds. Interval This setting specifies the number of consecutive ping/DNS lookup timeouts after which the Pepwave router will treat the corresponding WAN connection as down. Default health retries is set to 3. Using the default Health Retries setting of 3, the corresponding WAN connection will be treated as down after three consecutive timeouts.
Dynamic DNS Settings Dynamic DNS This setting specifies the dynamic DNS service provider to be used for the WAN based on supported dynamic DNS service providers: ● changeip.com ● dyndns.org ● no-ip.org ● tzo.com ● DNS-O-Matic ● Others… Support custom Dynamic DNS servers by entering its URL. Works with any service compatible with DynDNS API. Select Disabled to disable this feature. Account Name / Email Address This setting specifies the registered user name for the dynamic DNS service.
10 Advanced Wi-Fi Settings Wi-Fi settings can be configured at Advanced>Wi-Fi Settings (or AP>Settings on some models). Note that menus displayed can vary by model. AP Settings SSID You can select the wireless networks for 2.4 GHz or 5 GHz seperately for each SSID. Operating Country This drop-down menu specifies the national/regional regulations which the WiFi radio should follow.
AP Settings (part 2) Protocol This option allows you to specify whether 802.11b and/or 802.11g client association requests will be accepted. Available options are 802.11ng and 802.11na. By default, 802.11ng is selected. Channel Width Available options are 20 MHz, 40 MHz, and Auto (20/40 MHz) . Default is Auto (20/40 MHz), which allows both widths to be used simultaneously. Channel This option allows you to select which 802.11 RF channel will be utilized. Channel 1 (2.412 GHz) is selected by default.
Advanced AP Settings This field specifies the VLAN ID to tag to management traffic, such as communication traffic between the AP and the AP Controller. The value is zero Management VLAN by default, which means that no VLAN tagging will be applied. ID NOTE: Change this value with caution as alterations may result in loss of connection to the AP Controller. Operating Schedule Choose from the schedules that you have defined in System>Schedule.