21.1 Outbound and Inbound Firewall Rules 21.1.2 Access Rules The outbound firewall settings are located at Advanced>Firewall>Access Rules>Outbound Firewall Rules. Click Add Rule to display the following screen: Inbound firewall settings are located at Advanced>Firewall>Access Rules>Inbound Firewall Rules. Click Add Rule to display the following screen: https://www.peplink.
Internal Network firewall settings are located at Advanced>Firewall>Access Rules>Internal Network Firewall Rules. Click Add Rule to display the following window: https://www.peplink.
Inbound / Outbound / Internal Network Firewall Settings Rule Name Enable This setting specifies a name for the firewall rule. This setting specifies whether the firewall rule should take effect. If the box is checked, the firewall rule takes effect. If the traffic matches the specified protocol/IP/port, actions will be taken by the Pepwave router based on the other parameters of the rule. If the box is not checked, the firewall rule does not take effect.
that matches the both of the following: ● Source IP & port ● Destination IP & port With the value of Allow for the Action setting, the matching traffic passes through the router (to be routed to the destination). If the value of the Action setting is set to Deny, the matching traffic does not pass through the router (and is discarded). This setting specifies whether or not to log matched firewall events. The logged messages are shown on the page Status>Event Log.
Tip If the default inbound rule is set to Allow for NAT-enabled WANs, no inbound Allow firewall rules will be required for inbound port forwarding and inbound NAT mapping rules. However, if the default inbound rule is set as Deny, a corresponding Allow firewall rule will be required. 21.1.3 Apply Firewall Rules to PepVpn Traffic When this option is enabled, Outbound Firewall Rules will be applied to PepVPN traffic. To turn on this feature, click , check the Enable check box, and press the Save button. 21.
21.2 Content Blocking 21.2.2 Application Blocking Choose applications to be blocked from LAN/PPTP/PepVPN peer clients' access, except for those on the Exempted User Groups or Exempted Subnets defined below. 21.2.3 Web Blocking Defines website domain names to be blocked from LAN/PPTP/PepVPN peer clients' access https://www.peplink.
except for those on the Exempted User Groups or Exempted Subnets defined below. If "foobar.com" is entered, any web site with a host name ending in foobar.com will be blocked, e.g. www.foobar.com, foobar.com, etc. However, "myfoobar.com" will not be blocked. You may enter the wild card ".*" at the end of a domain name to block any web site with a host name having the domain name in the middle. If you enter "foobar.*", then "www.foobar.com", "www.foobar.co.jp", or "foobar.co.uk" will be blocked.
22 Routing Protocols 22.1 OSPF & RIPv2 The Pepwave supports OSPF and RIPv2 dynamic routing protocols. Click the Advanced tab from the top bar, and then click the Routing Protocols > OSPF & RIPv2 item on the sidebar to reach the following menu: OSPF Router ID Area This field determines the ID of the router. By default, this is specified as the WAN IP address. If you want to specify your own ID, enter it into the Custom field. This is an overview of the OSPF areas that you have defined.
OSPF Settings Area ID Link Type Assign a name to be applied to this group. Machines linked to this group will send and receive related OSPF packets, while unlinked machines will ignore them. Choose the type of network that this area will use. Authentication If an authentication method is used, select one from this drop-down menu. Available options are MD5 and Text. Authentication key(s) may be input next to the drop-down menu after selecting an authentication method.
RIPv2 Settings Authentication If an authentication method is used, select one from this drop-down menu. Available options are MD5 and Text. Authentication key(s) may be input next to the drop-down menu after selecting an authentication method. Interfaces Select the interface(s) that this area will use to listen to and deliver RIPv2 packets. OSPF & RIPv2 Route Advertisement PepVPN Route Isolation Isolate PepVPN peers from each other.
BGP Name Enable Interface Autonomous System This field specifies the name that represents this profile. When this box is checked, this BGP profile will be enabled. If it is left unchecked, it will be disabled. The interface in which the BGP neighbor is located. The Autonomous System Number (ASN) assigned to this profile. Neighbor BGP Neighbors and their details. IP address The IP address of the Neighbor. Autonomous System The Neighbor's ASN.
Hold Time Wait time in seconds for a keepalive message from a Neighbor before considering the BGP connection as stalled. The value must be either 0 (infinite hold time) or between 3 and 65535 inclusively. Default: 240 Next Hop Self iBGP Local Preference BFD Enable this option to advertise your own source address as the next hop when propagating routes. This is the metric advertised to iBGP Neighbors to indicate the preference for external routes. The value must be between 0 to 4294967295 inclusively.
Two numbers in new-format. e.g. 65000:21344 Well-known communities: no-export 65535:65281 no-advertise 65535:65282 no-export-subconfed 65535:65283 no-peer 65535:65284 Route Prefix: Comma separated networks. e.g. 172.168.1.0/24,192.168.1.0/28 This field allows for the selection of the filter mode for route import. None: All BGP routes will be accepted. Filter Mode Accept: Routes in "Restricted Networks" will be accepted, routes not in the list will be rejected.
be rejected. Reject: Routes in "Restricted Networks" will be rejected, routes not in the list will be accepted. This field specifies the network(s) in the “route export” entry. Restricted Networks Exact Match: When this box is checked, only routes with the same Network and Subnet Mask will be filtered. Otherwise, routes within the Networks and Subnets will be filtered. Export to other BGP Profile When this box is checked, routes learnt from this BGP profile will be exported to other BGP profiles.
23 Remote User Access A remote-access VPN connection allows an individual user to connect to a private business network from a remote location using a laptop or desktop computer connected to the Internet. Networks routed by a Pepwave router can be remotely accessed via OpenVPN, L2TP with IPsec or PPTP. To configure this feature, navigate to Network > Remote User Access and choose the required VPN type. 23.
You have a choice between 2 different OpenVPN Client profiles: ● "route all traffic" profile Using this profile, VPN clients will send all the traffic through the OpenVPN tunnel ● "split tunnel" profile Using this profile, VPN clients will ONLY send those traffic designated to the untagged LAN and VLAN segment through the OpenVPN tunnel. 23.3 PPTP No additional configuration required. The Point-to-Point Tunneling Protocol (PPTP) is an obsolete method for implementing virtual private networks.
Note: The username must contain lowercase letters, numerics, underscore(_), dash(-), at sign(@), and period(.) only. The password must be between 8 and 12 characters long. LDAP Server: Enter the matching LDAP server details to allow for LDAP server authentication. Radius Server: Enter the matching Radius server details to allow for Radius server authentication. Active Directory: Enter the matching Active Directory details to allow for Active Directory server authentication. https://www.peplink.
24 Miscellaneous Settings The miscellaneous settings include configuration for High Availability, Certificate Manager, service forwarding, service passthrough, GPS forwarding, GPIO, Groupe Networks and SIM Toolkit (depending the feature is supported on the model of Peplin router that is being used). 24.1 High Availability Many Pepwave routers support high availability (HA) configurations via an open standard virtual router redundancy protocol (VRRP, RFC 3768).
● configured LAN IP address. At a subsequent point when the master Pepwave router recovers, it will once again become active. You can configure high availability at Advanced>Misc. Settings>High Availability. Interface for Master Router Interface for Slave Router High Availability Enable Checking this box specifies that the Pepwave router is part of a high availability configuration. This number identifies a pair of Pepwave routers operating in a high availability Group Number configuration.
Administration IP must be under the same network. LAN This setting specifies a LAN IP address to be used for accessing administration Administration functionality. This address should be unique within the LAN. IP Subnet Mask This setting specifies the subnet mask of the LAN. Important Note For Pepwave routers in NAT mode, the virtual IP (VIP) should be set as the default gateway for all hosts on the LAN segment.
Please note that the drop-in WAN cannot be configured as a LAN bypass port while it is configured for high availability. 24.2 Certificate Manager This section allows for certificates to be assigned to the local VPN, Web Admin SSL, Captive Portal SSL, OpenVPN CA, Wi-Fi WAN Client certificate and Wi-Fi WAN CA Certificate. https://www.peplink.
The following knowledge base article describes how to create self-signed certificates and import it to a Peplink Product. https://forum.peplink.com/t/how-to-create-a-self-signed-certificate-and-import-it-to-a-peplink-pro duct/ 24.3 Service Forwarding Service forwarding settings are located at Advanced>Misc. Settings>Service Forwarding. Service Forwarding SMTP Forwarding When this option is enabled, all outgoing SMTP connections destined for any host at TCP port 25 will be intercepted.
24.3.2 SMTP Forwarding Some ISPs require their users to send e-mails via the ISP’s SMTP server. All outgoing SMTP connections are blocked except those connecting to the ISP’s. Pepwave routers support intercepting and redirecting all outgoing SMTP connections (destined for TCP port 25) via a WAN connection to the WAN’s corresponding SMTP server. To enable the feature, select Enable under SMTP Forwarding Setup. Check Enable Forwarding for the WAN connection(s) that needs forwarding.
When this feature is enabled, the Pepwave router will intercept all outgoing connections destined for the proxy server specified in Web Proxy Interception Settings, choose a WAN connection with reference to the outbound policy, and then forward them to the specified web proxy server and port number. Redirected server settings for each WAN can be set here. If forwarding is disabled for a WAN, web proxy connections for the WAN will be simply forwarded to the connection’s original destination. 24.3.
24.4 Service Passthrough Service passthrough Passthrough. settings can be found at Advanced>Misc. Settings>Service Some Internet services need to be specially handled in a multi-WAN environment. Pepwave routers can handle these services such that Internet applications do not notice being behind a multi-WAN router. Settings for service passthrough support are available here. Service Passthrough Support SIP Session initiation protocol, aka SIP, is a voice-over-IP protocol.
IPsec NAT-T https://www.peplink.com This field is for enabling the support of IPsec NAT-T passthrough. UDP ports 500, 4500, and 10000 are monitored by default. You may add more custom data ports that your IPsec system uses by checking Define custom ports. If the VPN contains IPsec site-to-site VPN traffic, check Route IPsec Site-to-Site VPN and choose the WAN connection to route the traffic to.
24.5 UART Selected Pepwave MAX routers feature a RS-232 serial interface on the built-in terminal block. The RS-232 serial interface can be used to connect to a serial device and make it accessible over an TCP/IP network. The serial interface can be enabled and parameters can be set on the web admin page under Advanced > UART. Make sure they match the serial device you are connecting to. https://www.peplink.
There are 4 pins i.e. TX, RX, RTS, CTS on the terminal block for serial connection and they correspond to the pins in a DB-9 connector as follows: DB-9 Pepwave MAX Terminal Block Pin 1 – Pin 2 Rx (rated -+25V) Pin 3 Tx (rated -+12V) Pin 4 – Pin 5 – Pin 6 – Pin 7 RTS Pin 8 CTS Pin 9 – The RS232 serial interface is not an isolated RS232. External galvanic isolation may be added if required.
24.6 GPS Forwarding Using the GPS forwarding feature, some Pepwave routers can automatically send GPS reports to a specified server. To set up GPS forwarding, navigate to Advanced>GPS Forwarding. GPS Forwarding Enable Check this box to turn on GPS forwarding. Server Enter the name/IP address of the server that will receive GPS data. Also specify a port number, protocol (UDP or TCP), and a report interval of between 1 and 10 seconds. Click to save these settings.
24.7 Ignition Sensing Ignition Sensing detects the ignition signal status of a vehicle it is installed in. This feature allows the cellular router to start up or shut down when the engine of that vehicle is started or turned off. The time delay setting between ignition off and power down of the router is a configurable setting, which allows the router to stay on for a period of time after the engine of a vehicle is turned off.
Connectivity diagram for devices with 4-pin connector Connectivity diagram for devices with terminal block connection https://www.peplink.
GPIO Menu Note: This feature is applicable for certain models that come with a GPIO interface. Ignition Sensing options can be found in Advanced > GPIO. The configurable option for Ignition Input is Delay; the time in seconds that the router stays powered on after the ignition is turned off. The O/P (connected to the I/O pin on a 4 pin connector) can be configured as a digital input, a digital output, or an analog input.
24.8 NTP Server Pepwave routers can now serve as a local NTP server. Upon start up, it is now able to provide connected devices with the accurate time, precise UTC from either an external NTP server or via GPS and ensuring that connected devices always receive the correct time. Compatible with: BR1 ENT, 700 HW3, HD2/4, Transit NTP Server setting can be found via: Advanced>Misc. Settings>NTP Server Time Settings can be found at System>Time>Time Settings https://www.peplink.
24.9 Grouped Networks Advanced > Grouped Networks allows to configure destination networks in grouped format. Select Add group to create a new group with single IPaddresses or subnets from different VLANs. The created network groups can be used in outbound policies, firewall rules. https://www.peplink.
24.10Remote SIM Management The Remote SIM management is accessible via Advanced > Misc Settings > Remote SIM Management. By default, this feature is disabled. Please note that a limited number of Pepwave routers support the SIM Injector, may refer to the link: https://www.peplink.com/products/sim-injector/ or Appendix B for more details on FusionSIM Manual. Remote SIM Host Settings Remote SIM Host Settings Active LAN Discovery Check this box to enable Auto LAN discovery of the remote SIM server..
Add Remote SIM Settings SIM Server Add a new SIM Server SIM Server - Serial Number Enter the serial number of SIM Server SIM Server - Name This optional field allows you define a name for the SIM Server SIM Slot SIM Slot - Name Data Roaming Click the drop-down menu and choose which SIM slot you want to connect. This optional field allows you define a name for the SIM slot. Enables data roaming on this particular SIM card. This setting allows you to configure the APN settings of your connection.
24.11 SIM Toolkit The SIM Toolkit, accessible via Advanced > Misc Settings > SIM Toolkit, supports two functionalities, USSD and SMS. USSD Unstructured Supplementary Service Data (USSD) is a protocol used by mobile phones to communicate with their service provider’s computers. One of the most common uses is to query the available balance. Enter your USSD code under the USSD Code text field and click Submit. You will receive a confirmation. To check the SMS response, click Get.
SMS The SMS option allows you to read SMS (text) messages that have been sent to the SIM in your Pepwave router. https://www.peplink.
25 AP 25.1 AP Controller The AP controller acts as a centralized controller of Pepwave Access Points. With this feature, users can customize and manage up to 1500 Access Points from a single Pepwave router interface. To configure, navigate to the AP tab. and the following screen appears. AP Controller The AP controller for managing Pepwave APs can be enabled by checking this box.
SSID Settings SSID Enable VLAN https://www.peplink.com This setting specifies the SSID of the virtual AP to be scanned by Wi-Fi clients. Click the drop-down menu to apply a time schedule to this interface This setting specifies the VLAN ID to be tagged on all outgoing packets generated from this wireless network (i.e., packets that travel from the Wi-Fi segment through the Pepwave AP One unit to the Ethernet segment via the LAN port).
Broadcast SSID This setting specifies whether or not Wi-Fi clients can scan the SSID of this wireless network. Broadcast SSID is enabled by default. Data Rate A Select Auto to allow the Pepwave router to set the data rate automatically, or select Fixed and choose a rate from the displayed drop-down menu. Multicast FilterA This setting enables the filtering of multicast network traffic to the wireless SSID.
● ● WPA/WPA2 - Personal (TKIP/AES: CCMP) WPA/WPA2 – Enterprise When WPA/WPA2 - Enterprise is configured, RADIUS-based 802.1 x authentication is enabled. Under this configuration, the Shared Key option should be disabled. When using this method, select the appropriate version using the V1/V2 controls. The security level of this method is known to be very high. When WPA/WPA2- Personal is configured, a shared key is used for data encryption and authentication.
RADIUS Server Settings Host Enter the IP address of the primary RADIUS server and, if applicable, the secondary RADIUS server. Secret Enter the RADIUS shared secret for the primary server and, if applicable, the secondary RADIUS server. Authentication In the field, enter the UDP authentication port(s) used by your RADIUS server(s) or click the Default button to enter 1812.
Firewall Settings Firewall Mode The settings allow administrators to control access to the SSID based on Firewall Rules. Available options are Disable, Lockdown - Block all except... and Flexible -Allow all except… Firewall Exceptions Create Firewall Rules based on Port, IP Network, MAC address or Domain Name 25.3 Wireless Mesh Wireless Mesh Support is available on devices running 802.11ac (Wi-Fi 5) and above.
25.4 Settings On many Pepwave models, the AP settings screen (AP>Settings) looks similar to the example below: AP Settings SSID https://www.peplink.com These buttons specify which wireless networks will use this AP profile. You can also select the frequencies at which each network will transmit. Please note that the Pepwave MAX does not detect whether the AP is capable of transmitting at both frequencies. Instructions to transmit at unsupported frequencies will be ignored by the AP.
This drop-down menu specifies the national / regional regulations which the AP should follow. ● If a North American region is selected, RF channels 1 to 11 will be available and the maximum transmission power will be 26 dBm (400 mW). ● If European region is selected, RF channels 1 to 13 will be available. Operating Country The maximum transmission power will be 20 dBm (100 mW). Note: Users are required to choose an option suitable to local laws and regulations.
Max number of ClientsA This field determines the maximum clients that can be connected to APs under this profile. This field specifies the VLAN ID to tag to management traffic, such as AP to AP controller communication traffic. The value is 0 by default, meaning that no Management VLAN VLAN tagging will be applied. ID Note: change this value with caution as alterations may result in loss of connection to the AP controller.
The device with integrated AP can operate under the Wi-Fi Operating Mode: Note: This option is available only for HD2/HD4 and HD2/HD4 MBX. Integrated AP WAN In this mode, all Wi-Fi will operate as Wi-Fi WAN. Since all device Wi-Fi are exhausted, no integrated Wi-Fi AP will be operated on this device. WAN + AP In this mode, some Wi-Fi will operate as Wi-Fi WAN. Some other Wi-Fi WANs will be forced offline and their Wi-Fi resources will be reserved for integrated Wi-Fi AP operations.
Navigating to AP>Settings on some Pepwave models displays a screen similar to the one shown below: Wi-Fi Radio Settings Operating Country Wi-Fi Antenna This option sets the country whose regulations the Pepwave router follows. Choose from the router's internal or optional external antennas, if so equipped. Important Note Per FCC regulations, the country selection is not available on all models marketed in the US. All US models are fixed to US channels only.
1Mbps is selected. A Beacon IntervalA This option is for setting the time interval between each beacon. By default, 100ms is selected. DTIMA This field allows you to set the frequency for the beacon to include a delivery traffic indication message. The interval is measured in milliseconds. The default value is set to 1 ms. Slot TimeA This field is for specifying the wait time before the Router transmits a packet. By default, this field is set to 9 µs.
26 AP Controller Status 26.1 Info A comprehensive overview of your AP can be accessed by navigating to AP > Controller Status > Info. AP Controller License Limit This field displays the maximum number of AP your Balance router can control. You can purchase licenses to increase the number of AP you can manage. Frequency Underneath, there are two check boxes labeled 2.4 Ghz and 5 Ghz. Clicking either box will toggle the display of information for that frequency.
given time. Mouse over any line on the graph to see how many clients connected to a specific SSID for that point in time. Data Usage This graph enables you to see the data usage of any SSID for any given time period. Mouse over any line on the graph to see the data usage by each SSID for that point in time. Use the buttons next to Zoom to select the time scale you wish to view. In addition, you could use the sliders at the bottom to further refine your timescale.
26.2 Access Point (Usage) A detailed breakdown of data usage for each AP is available at AP > Controller Status > Access Point. Usage AP Name/Serial Number Online Status This field enables you to quickly find your device if you know its name or serial number. Fill in the field to begin searching. Partial names and serial numbers are supported. This button toggles whether your search will include offline devices.
For easier network management, you can give each client a name and designate its location. You can also designate which firmware pack (if any) this client will follow, as well as the channels on which the client will broadcast. Click the icon to see a graph displaying usage: Click any point in the graphs to display detailed usage and client information for that device, using that SSID, at that point in time. On the Data Usage by menu, you can display the information by SSID or by AP send/receive rate.
particular device: 26.3 Wireless SSID In-depth SSID reports are available under AP > Controller Status > Wireless SSID. https://www.peplink.
Click the blue arrow on any SSID to obtain more detailed usage information on each SSID. 26.4 Mesh / WDS Mesh / WDS allows you to monitor the status of your wireless distribution system (WDS) or Mesh, and track activity by MAC address by navigating to AP > Controller Status > Mesh / WDS. This table shows the detailed information of each AP, including protocol, transmit rate (sent / received), signal strength, and duration. https://www.peplink.
26.5 Wireless Client You can search for specific Wi-Fi users by navigating to AP > Controller Status > Wireless Client. Here, you will be able to see your network’s heaviest users as well as search for specific users. Click the icon to bookmark specific users, and click the icon for additional details about each user: https://www.peplink.
https://www.peplink.
26.6 Nearby Device A listing of near devices can be accessed by navigating to AP > Controller Status > Nearby Device. Suspected Rogue Devices Hovering over the device MAC address will result in a popup with information on how this device was detected. Click the icons and the device will be moved to the bottom table of identified devices. 26.7 Event Log You can access the AP Controller Event log by navigating to AP > Controller Status > Event Log. https://www.peplink.
Events This event log displays all activity on your AP network, down to the client level. Use to filter box to search by MAC address, SSID, AP Serial Number, or AP Profile name. Click View Alerts to see only alerts, and click the More… link for additional records. 27 Toolbox Tools for managing firmware packs can be found at AP>Toolbox. Firmware Packs Here, you can manage the firmware of your AP. Clicking on will result in information regarding each firmware pack.
28 System Settings 28.1 Admin Security There are two types of user accounts available for accessing the web admin: admin and user. They represent two user levels: the admin level has full administrative access, while the user level is read-only. The user level can access only the device's status information; users cannot make any changes on the device. A web login session will be logged out automatically when it has been idle longer than the Web Session Timeout.
Admin Settings Router Name Admin User Name This field allows you to define a name for this Pepwave router. By default, Router Name is set as MAX_XXXX, where XXXX refers to the last 4 digits of the unit’s serial number. Admin User Name is set as admin by default, but can be changed, if desired. Admin Password This field allows you to specify a new administrator password. Confirm Admin Password This field allows you to verify and confirm the new administrator password.
Web Session Timeout This field specifies the number of hours and minutes that a web session can remain idle before the Pepwave router terminates its access to the web admin interface. By default, it is set to 4 hours. Authentication by RADIUS With this box is checked, the web admin will authenticate using an external RADIUS server. Authenticated users are treated as either "admin" with full read-write permission or “user” with read-only access. Local admin and user accounts will be disabled.
be accessed. This option is for specifying the network interfaces through which the web admin interface can be accessed: Web Admin Access ● LAN only ● LAN/WAN If LAN/WAN is chosen, the WAN Connection Access Settings form will be displayed. LAN Connection Access Settings Allowed LAN Networks This field allows you to permit only specific networks or VLANs to access the Web UI. WAN Connection Access Settings This field allows you to restrict web admin access only from defined IP subnets.
32 inclusively (For example, 192.168.0.0/24). To define multiple subnets, separate each IP subnet one in a line. For example: ● ● Allowed WAN IP Address(es) 192.168.0.0/24 10.8.0.0/16 This is to choose which WAN IP address(es) the web server should listen on. 28.2 Firmware Web admin interface : automatically check for updates Upgrading firmware can be done in one of three ways.
The firmware will now be applied to the router*. The amount of time it takes for the firmware to upgrade will also depend on the router that’s being upgraded. *Upgrading the firmware will cause the router to reboot. Web admin interface : install updates manually In some cases, a special build may be provided via a ticket or it may be found in the forum. Upgrading to the special build can be done using this method, or using IC2 if you are using that to manage your firmware upgrades.
A prompt will be displayed advising to download the Current Active Configuration. Please click on the underlined download text. After downloading the current config click the Ok button to start the upgrade process. The firmware will now be applied to the router*. The amount of time it takes for the firmware to upgrade will depend on the router that’s being upgraded. *Upgrading the firmware will cause the router to reboot. The InControl method Described in this knowledgebase article on our forum. 28.
Time Server This setting specifies the NTP network time server to be utilized by the Pepwave router. 28.4 Schedule Enable and disable different functions (such as WAN connections, outbound policy, and firewalls at different times, based on a user-scheduled configuration profile. The settings for this are located at System > Schedule Enable scheduling, and then click on your schedule name or on the New Schedule button to begin. Edit Schedule Profile Enabling https://www.peplink.
Name Enter your desired name for this particular schedule profile. Schedule Click the drop-down menu to choose pre-defined schedules as your starting point. Please note that upon selection, previous changes on the schedule map will be deleted. Schedule Map Click on the desired times to enable features at that time period. You can hold your mouse for faster entry. 28.5 Email Notification Email notification functionality provides a system administrator with up-to-date information on network status.
● ● ● SMTP Port None STARTTLS SSL/TLS This field is for specifying the SMTP port number. By default, this is set to 25. If Connection Security is selected “STARTTLS”, the default port number will be set to 587. If Connection Security is selected “SSL/TLS”, the default port number will be set to 465. You may customize the port number by editing this field. SMTP User Name / Password This setting specifies the SMTP username and password while sending email.
https://www.peplink.
28.6 Event Log Event log functionality enables event logging at a specified remote syslog server. The settings for configuring the remote system log can be found at System>Event Log. Event Log Settings Remote Syslog This setting specifies whether or not to log events at the specified remote syslog server. Remote Syslog Host This setting specifies the IP address or hostname of the remote syslog server.
Session Logging This setting specifies the IP address or hostname of the Session log server. Host For more information on www.peplink.com/products/router-utility the Router Utility, go to: 28.7 SNMP SNMP or simple network management protocol is an open standard that can be used to collect information about the Pepwave router. SNMP configuration is located at System>SNMP. SNMP Settings SNMP Device Name SNMP Port https://www.peplink.
SNMPv1 This option allows you to enable SNMP version 1. SNMPv2 This option allows you to enable SNMP version 2. SNMPv3 This option allows you to enable SNMP version 3. SNMP Trap This option allows you to enable SNMP Trap. If enabled, the following entry fields will appear. SNMP Trap Community This setting specifies the SNMP Trap community name. SNMP Trap Server Enter the IP address of the SNMP Trap server. This option specifies the port which the SNMP Trap server will use.
Allowed Source This setting specifies a subnet from which access to the SNMP server is allowed. Enter subnet address here (e.g., 192.168.1.0) and select the appropriate subnet Subnet Address mask. To define a user name for SNMPv3, click Add SNMP User in the SNMPv3 User Name table, upon which the following screen is displayed: SNMPv3 User Settings User Name This setting specifies a user name to be used in SNMPv3.
SMS Control Settings Enable Click the checkbox to enable the SMS Control. Password This setting sets the password for authentication - maximum of 32 characters, which cannot include semicolon (;). White List Optionally, you can add phone number(s) to the whitelist. Only matching phone numbers are allowed to issue SMS commands. Phone numbers must be in the E.164 International Phone Numbers format. 28.
You can sign up for an InControl account at https://incontrol2.peplink.com/. You can register your devices under the account, monitor their status, see their usage reports, and receive offline notifications. 28.10Configuration Backing up Pepwave router settings immediately after successful completion of initial setup is strongly recommended. The functionality to download and upload Pepwave router settings is found at System>Configuration. Note that available options vary by model.
the settings, configure the LAN IP address of the Pepwave router so that it is from High Availability Pair different from the HA counterpart. 28.11 Feature Add-ons Some Pepwave routers have features that can be activated upon purchase. Once the purchase is complete, you will receive an activation key. Enter the key in the Activation Key field, click Activate, and then click Apply Changes. 28.12 Reboot This page provides a reboot button for restarting the system.
29 Tools 29.1 Ping The ping test tool sends pings through a specific Ethernet interface or a SpeedFusionTM VPN connection. You can specify the number of pings in the field Number of times, to a maximum number of 10 times. Packet Size can be set to a maximum of 1472 bytes. The ping utility is located at System>Tools>Ping, illustrated below: Tip A system administrator can use the ping utility to manually check the connectivity of a particular LAN/WAN connection. https://www.peplink.
29.2 Traceroute Test The traceroute test tool traces the routing path to the destination through a particular Ethernet interface or a SpeedFusionTM connection. The traceroute test utility is located at System>Tools>Traceroute. Tip A system administrator can use the traceroute utility to analyze the connection path of a LAN/WAN connection. 29.3 PepVPN Test The PepVPN Test tool can help to test the throughput between different VPN peers.
29.4 Wake-on-LAN Peplink routers can send special “magic packets” to any client specified from the Web UI. To access this feature, navigate to System > Tools > Wake-on-LAN Select a client from the drop-down list and click Send to send a “magic packet” 29.5 CLI (Command Line Interface Support) The CLI (command line interface) can be accessed via SSH. This field enables CLI support. The below settings specify which TCP port and which interface(s) should accept remote SSH CLI access.
30 Status 30.1 Device System information is located at Status>Device. System Information Device Name Model Product Code Hardware Revision https://www.peplink.com This is the name specified in the Device Name field located at System>Admin Security. This shows the model name and number of this device. If your model uses a product code, it will appear here. This shows the hardware version of this device.
Serial Number Firmware This shows the serial number of this device. This shows the firmware version this device is currently running. PepVPN Version This shows the current PepVPN version. Modem Support This shows the modem support version. For a list of supported modems, click Modem Support List. Version InControl Managed Configuration Host Name Uptime System Time InControl Managed Configurations (firmware, VLAN, Captive Portal, etcetera) The host name assigned to the Pepwave router appears here.
30.2 GPS Data GPS enabled models automatically store up to seven days of GPS location data in GPS eXchange format (GPX). To review this data using third-party applications, click Status>Device and then download your GPX file. The Pepwave GPS enabled devices export real-time location data in NMEA format through the LAN IP address at TCP port 60660. It is accessible from the LAN or over a SpeedFusion connection. To access the data via a virtual serial port, install a virtual serial port driver.
30.3 Active Sessions Information on active sessions can be found at Status>Active Sessions>Overview. This screen displays the number of sessions initiated by each application. Click on each service listing for additional information. This screen also indicates the number of sessions initiated by each WAN port. In addition, you can see which clients are initiating the most sessions. You can also perform a filtered search for specific sessions. You can filter by subnet, port, protocol, and interface.
This Active Sessions section displays the active inbound/outbound sessions of each WAN connection on the Pepwave router. A filter is available to sort active session information. Enter a keyword in the field or check one of the WAN connection boxes for filtering. https://www.peplink.
30.4 Client List The client list table is located at Status>Client List. It lists DHCP and online client IP addresses, names (retrieved from the DHCP reservation table or defined by users), current download and upload rate, and MAC address. Clients can be imported into the DHCP reservation table by clicking the right. You can update the record after import by going to Network>LAN. button on the If the PPTP server (see Section 19.2), SpeedFusionTM (see Section 12.
You may also unblock the Wi-Fi or Remote User Access clients when the client devices need to reconnect the network by clicking the button on the right. 30.5 WINS Client The WINS client list table is located at Status>WINS Client. The WINS client table lists the IP addresses and names of WINS clients. This option will only be available when you have enabled the WINS server (navigation: Network>Interfaces>LAN).
Click to delete a single UPnP / NAT-PMP record in its corresponding row. To delete all records, click Delete All on the right-hand side below the table. Important Note UPnP / NAT-PMP records will be deleted immediately after clicking the button need to click Save or Confirm. or Delete All, without the 30.7 OSPF & RIPv2 Shows status of OSPF and RIPv2 https://www.peplink.
30.8 BGP Shows status of BGP 30.9 SpeedFusion Status Current SpeedFusionTM status information is located at Status>SpeedFusionTM. Details about SpeedFusionTM connection peers appears as below: Click on the corresponding peer name to explore the WAN connection(s) status and subnet information of each VPN peer. https://www.peplink.
Click the button for a SpeedFusion chart displaying real-time throughput, latency, and drop-rate information for each WAN connection. https://www.peplink.
When pressing the button, the following menu will appear: The Speedfusion status page shows all related information about the PepVPN connection. This screen also allows you to run PepVPN Tests allowing throughput tests. Peplink also published a whitepaper about Speedfusion which can be downloaded from the following url: http://download.peplink.com/resources/whitepaper-speedfusion-and-best-practices-2019.pdf https://www.peplink.
30.10 Event Log Event log information is located at Status>Event Log. The log section displays a list of events that has taken place on the Pepwave router. Check Auto Refresh to refresh log entries automatically. Click the Clear Log button to clear the log. https://www.peplink.
31 WAN Quality The Status > WAN Quality allow to show detailed information about each connected WAN connection. For cellular connections it shows signal strength, quality, throughput and latency for the past hour. https://www.peplink.
32 Usage Reports This section shows bandwidth usage statistics and is located at Status > Usage Reports Bandwidth usage at the LAN while the device is switched off (e.g., LAN bypass) is neither recorded nor shown. 32.1 Real-Time The Data transferred since installation table indicates how much network traffic has been processed by the device since the first bootup. The Data transferred since last reboot table indicates how much network traffic has been processed by the device since the last bootup.
32.2 Hourly This page shows the hourly bandwidth usage for all WAN connections, with the option of viewing each individual connection. Select the desired connection to check from the drop-down menu. https://www.peplink.
32.3 Daily This page shows the daily bandwidth usage for all WAN connections, with the option of viewing each individual connection. Select the connection to check from the drop-down menu. If you have enabled the Bandwidth Monitoring feature, the Current Billing Cycle table for that WAN connection will be displayed. Click on a date to view the client bandwidth usage of that specific date. This feature is not available if you have selected to view the bandwidth usage of only a particular WAN connection.
32.4 Monthly This page shows the monthly bandwidth usage for each WAN connection. If you have enabled the Bandwidth Monitoring feature, you can check the usage of each particular connection and view the information by Billing Cycle or by Calendar Month. Click the first two rows to view the client bandwidth usage in the last two months. This feature is not available if you have chosen to view the bandwidth of an individual WAN connection.
Ethernet WAN Monthly Bandwidth Usage Tip By default, the scale of data size is in MB. 1GB equals 1024MB. https://www.peplink.
Appendix A: Restoration of Factory Defaults To restore the factory default settings on a Pepwave router, follow the steps below: 1. Locate the reset button on the front or back panel of the Pepwave router. 2. With a paperclip, press and keep the reset button pressed. Note: There is a dual function to the reset button.
Appendix B: FusionSIM Manual Peplink has developed a unique technology called FusionSIM, which allows SIM cards to remotely link to a cellular router. This can be done via cloud or within the same physical network. There are a few key scenarios to fit certain applications. The purpose of this manual is to provide an introduction on where to start and how to set up for the most common scenarios and uses. Requirements 1. A Cellular router that supports FusionSIM technology 2. SIM Injector 3.
Setup topology This is the most basic scenario in which the SIM Injector is connected directly to the cellular router’s LAN port via an ethernet cable. This allows for the cellular router to be positioned for the best possible signal. Meanwhile, the SIM cards can be conveniently located in other locations such as the office, passenger area, or the bridge of a ship. The SIM Injector allows for easily swapping SIM cards without needing to access a cellular router.
1a. If you are using a Balance cellular router, go to the Network tab (top navigation bar). 1b. If you are using a MAX cellular router, go to the Advanced tab (top navigation bar). 2. Under Misc. settings (left navigation bar) find Remote SIM Management. 3. In Remote SIM Management, click on the edit icon next to Remote SIM is Disabled. 4. Check the Auto LAN discovery checkbox and click Save and Apply Changes. 5. Click Save and then Apply Changes. Step 2.
A. Defining SIM Injector(s) - Format: - Example 1: 1111-2222-3333 - Example 2: 1111-2222-3333 4444-5555-6666 B. Defining SIM Injector(s) SIM slot(s): - Format: - Example 1: 1111-2222-3333:7,5 (the Cellular Interface will use SIM in slot 7, then 5) - Example 2: 1111-2222-3333:1,2 1111-2222-3333:3,4 (the cellular Interface will use SIM in slot 1, then in 2 from the first SIM Injector, and then it will use 3 and 4 from the second SIM Injector).
Setup topology In this scenario, each HD Dome creates a WAN connection to the main router. A single SIM Injector is used to provide SIM cards for each HD Dome. The HD Dome can be replaced with any Peplink cellular router supporting RemoteSIM technology. This scenario requires the completion of the configuration steps shown in Scenario 1 in addition to the configuration steps explained below. Additional configurations for Cellular Routers Step 1. Disable the DHCP server.
Step 2. Ethernet port configuration The Ethernet port must be set to ACCESS mode for each HD Dome. To do this, dummy VLANs need to be created first. 1. Go to Network (Top tab), then Network Settings (Left-side tab), and click on New LAN. This will open the settings page to create a dummy VLAN. 2. The image below shows the values that need to be changed to create a new VLAN: Note: set different IP addresses for each HD dome (e.g. 192.168.10.1 and 192.168.10.2). 3. Click Save and Apply Changes. 4.
Configuration requirements for the main Router Requirements for the main router are: - Configure WAN 1 as a DHCP client. - WAN 1 will automatically get the Gateway IP address from HD Dome 1. - Configure WAN 2 as a Static IP and set it to 192.168.50.12. - Configure WAN 2 Gateway to 192.168.50.2. Same as the HD Dome 2’s IP address. https://www.peplink.
Scenario 3: SIM Injector in LAN of main Router and multiple Cellular Routers Setup topology In this scenario, SIMs are provided to the HD Domes via the main router. In this example, the Remote SIM Proxy functionality needs to be enabled on the main router. Notes: - HD Dome can be replaced with any other cellular router that supports RemoteSIM. - It is recommended to use Peplink Balance series or X series routers as the main router. https://www.peplink.
This scenario requires the completion of the configuration steps for the cellular router and the SIM Injector as in Scenario 1. The configuration for the main router is explained below. Main Router configuration IMPORTANT: Main router LAN side and Cellular Routers must be configured using different subnets, e.g. 192.168.50.1/24 and 192.168.100.1/24. Note: please make sure the Peplink router is running Firmware 8.1.0 or above. 1.
Scenario 4: SIM Injector in a remote location Setup topology Requirements for installing a SIM Injector in a remote location: ● ● ● ● Cellular router communicates with the SIM Injector via UDP port 50000. Therefore this port must be reachable via public IP over the Internet. The one way latency between the cellular router and the SIM Injector should be up to 250 ms. A higher latency may lead to stability issues. The cellular router must have Internet connection to connect to the SIM Injector.
2. Under Misc. settings (Left-side tab), find Remote SIM Management. 3. In Remote SIM Management, click on the edit icon next to Remote SIM is Disabled. 4. Enter the public IP of the SIM Injector and click Save and Apply Changes. Notes: - Do NOT check Auto LAN Discovery. Do NOT add a SIM Injector serial number to the Remote SIM Host field. Step 2. RemoteSIM and custom SIM card settings configurations are the same as in Scenario 1. https://www.peplink.
How to check if a Pepwave Cellular Router supports Remote SIM 1. Go to Network (Top tab), then WAN (Left-side tab), and click Details on any cellular WAN. This will open the WAN Connection Settings page. 2. Scroll down to Cellular settings. If you can see the Remote SIM Settings section, then the cellular router supports Remote SIMs. Monitor the status of the Remote SIM 1. Go to Network (Top tab), then WAN (Left-side tab), and click Details on the cellular WAN which was configured to use RemoteSIM. 2.
Appendix C: Overview of ports used by Peplink SD-WAN routers and other Peplink services Default Port Number Usage Service Inbound/Outbound Default Status UDP 5246 Data flow InControl Outbound Enabled TCP 443 HTTPS service InControl Outbound Enabled TCP 5246 Optional, used when TCP 443 is not responding InControl Outbound Enabled Outbound Enabled InControl Virtual Appliance TCP 5246 Remote Web Admin TCP 4500 VPN Data (TCP Mode) PepVPN / SpeedFusion Inbound / Outbound* Disabled TC
Interface access TCP 443 HTTPS traffic Web Admin Interface access (secure) TCP 8822 SSH SSH Inbound Disabled UDP 161 SNMP Get SNMP monitoring Inbound Disabled UDP 162 SNMP Trap SNMP monitoring Outbound Disabled TCP, UDP 1812 Radius Authentication Radius Outbound Disabled TCP, UDP 1813 Radius Accounting Radius Outbound Disabled UDP 123 Network Time Protocol NTP Inbound Outbound Disabled Enabled TCP 60660 Real-time location data in NMEA format GPS Outbound Disabled Inboun
Appendix D: Declaration FCC Requirements for Operation in the United States Federal Communications Commission (FCC) Compliance Notice: For MAX Transit Pro E / MAX Transit LTEA (FCC ID: U8G-P1835) FCC 15.21: Any changes or modifications not expressly approved by the party responsible for compliance could void your authority to operate the equipment. FCC 15.105 This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC Rules.
ICES Statement This product meets the applicable Innovation, Science and Economic Development Canada technical specifications. Le présent produit est conforme aux spécifications techniques applicables d'Innovation, Sciences et Développement économique Canada. This device contains licence-exempt transmitter(s)/receiver(s) that comply with Innovation, Science and Economic Development Canada’s licence-exempt RSS(s). Operation is subject to the following two conditions: 1.
This radio transmitter IC: 20682-P1835 has been approved by Innovation, Science and Economic Development Canada to operate with the antenna types listed below, with the maximum permissible gain indicated. Antenna types not included in this list that have a gain greater than the maximum gain indicated for any type listed are strictly prohibited for use with this device. https://www.peplink.
Cet émetteur radio IC : 20682-P1835 a été approuvé par Innovation, Sciences et Développement économique Canada doit fonctionner avec les types d'antennes énumérés ci-dessous, avec le gain maximal admissible indiqué. Les types d'antenne non inclus dans cette liste qui ont un gain supérieur au gain maximum indiqué pour tout type répertorié sont strictement interdits pour une utilisation avec cet appareil. https://www.peplink.
FCC Requirements for Operation in the United States Federal Communications Commission (FCC) Compliance Notice: For MAX Transit Pro E (FCC ID: U8G-P1AX09) Federal Communication Commission Interference Statement Any changes or modifications not expressly approved by the party responsible for compliance could void your authority to operate the equipment. This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC Rules.
(i) The device for operation in the band 5150–5250 MHz is only for indoor use to reduce the potent for harmful interference to co-channel mobile satellite systems; (ii) For devices with detachable antenna(s), the maximum antenna gain permitted for devices in the band 5725-5850 MHz shall be such that the equipment still complies with the e.i.r.p. limits as appropriate; (detachable antenna only) ; and The high-power radars are allocated as primary users (i.e.
This radio transmitter IC: 20682-P1AX09 has been approved by Innovation, Science and Economic Development Canada to operate with the antenna types listed below, with the maximum permissible gain indicated. Antenna types not included in this list that have a gain greater than the maximum gain indicated for any type listed are strictly prohibited for use with this device. WIFI Antenna type: Omni-directional WIFI Antenna gain: 2.4GHz / 2.44 dBi 5150 ~ 5250 MHz / 4.10 dBi 5725 ~ 5850 MHz / 4.
USB WAN Modem Port Specification MAX Series Output Rating https://www.peplink.com MAX 700 MAX HD2 / MAX HD2 Media Fast MAX HD2 Mini MAX HD2 / HD4 MBX MAX BR1 ENT MAX BR1NT MAX HD4 / MAX HD4 Media Fast / MediaFast 200 5V DC, 2A 5V DC, 2A 5V DC, 2A 5V DC, 0.