Pepwave MAX HD4 MBX User Manual Pepwave Products: MAX HD4 MBX / MBX / HD4 MBX / MAX-HD4-MBX-LTEA-R-T / EXM-T4-LTEA-R Pepwave Firmware 7.1.1 February 2019 Copyright & Trademarks Specifications are subject to change without notice. Copyright © 2019 Pepwave Ltd. All Rights Reserved. Pepwave and the Pepwave logo are trademarks of Pepwave Ltd. Other brands or products mentioned may be trademarks or registered trademarks of their respective owners.
Table of Contents Introduction and Scope 7 Glossary 8 Product Features Supported Network Features WAN LAN VPN Firewall Captive Portal Outbound Policy AP Controller QoS Other Supported Features 9 9 9 10 10 10 11 11 11 11 11 Pepwave MAX Mobile Router Overview MAX HD4 MBX 13 13 Advanced Feature Summary Drop-in Mode and LAN Bypass: Transparent Deployment QoS: Clearer VoIP Per-User Bandwidth Control High Availability via VRRP USB Modem and Android Tethering Built-In Remote User VPN Support SIM-card USSD
Port Settings Captive Portal 36 36 Configuring the WAN Interface(s) Ethernet WAN DHCP Connection Static IP Connection PPPoE Connection L2TP Connection Cellular WAN Wi-Fi WAN Creating Wi-Fi Connection Profiles WAN Health Check Dynamic DNS Settings 39 40 42 43 44 46 47 53 60 62 64 Advanced Wi-Fi Settings 66 MediaFast Configuration Setting Up MediaFast Content Caching Scheduling Content Prefetching Viewing MediaFast Statistics 71 71 72 73 Bandwidth Bonding SpeedFusionTM / PepVPN PepVPN The Pepwave Rout
Algorithm: Lowest Latency Expert Mode 94 95 Inbound Access Port Forwarding Service UPnP / NAT-PMP Settings 95 95 98 NAT Mappings 98 QoS User Groups Bandwidth Control Application Application Prioritization Prioritization for Custom Applications DSL/Cable Optimization 100 100 101 102 102 102 103 Firewall Outbound and Inbound Firewall Rules Access Rules Apply Firewall Rules to PepVpn Traffic Intrusion Detection and DoS Prevention Content Blocking Application Blocking Web Blocking Customized Domains Exe
SMTP Forwarding Web Proxy Forwarding DNS Forwarding Custom Service Forwarding Service Passthrough GPS Forwarding 125 126 126 126 127 128 AP Controller Wireless SSID Settings 129 129 134 AP Controller Status Info Access Point (Usage) Wireless SSID Wireless Client Nearby Device Event Log 140 140 142 145 146 147 148 Toolbox 149 System Settings Admin Security Firmware Time Schedule Email Notification Event Log SNMP InControl Configuration Feature Add-ons Reboot 150 150 154 155 155 157 159 160 163 163 1
Wake-on-LAN CLI (Command Line Interface Support) 167 167 Status Device Active Sessions Client List WINS Client UPnP / NAT-PMP SpeedFusion Status Event Log Bandwidth Status Real-Time Hourly Daily Monthly 169 169 170 172 173 173 174 178 179 180 180 181 181 Appendix B: Declaration 185 https://www.peplink.
1 Introduction and Scope Pepwave routers provide link aggregation and load balancing across multiple WAN connections, allowing a combination of technologies like 3G HSDPA, EVDO, 4G LTE, Wi-Fi, external WiMAX dongle, and satellite to be utilized to connect to the Internet. This manual covers setting up Pepwave routers and provides an introduction to their features and usage. Tips Want to know more about Pepwave routers? Visit our YouTube Channel for a video introduction! http://youtu.
2 Glossary The following terms, acronyms, and abbreviations are frequently used in this manual: Term Definition 3G 3rd generation standards for wireless communications (e.g., HSDPA) 4G 4th generation standards for wireless communications (e.g.
3 UDP User Datagram Protocol VPN Virtual Private Network VRRP Virtual Router Redundancy Protocol WAN Wide Area Network WINS Windows Internet Name Service WLAN Wireless Local Area Network Product Features Pepwave routers enable all LAN users to share broadband Internet connections, and they provide advanced features to enhance Internet access.
● ● Dynamic DNS (supported service providers: changeip.com, dyndns.org, no-ip.org, tzo.com and DNS-O-Matic) Ping, DNS lookup, and HTTP-based health check 3.1.2 LAN ● ● ● ● ● ● Wi-Fi AP Ethernet LAN ports DHCP server on LAN Extended DHCP option support Static routing rules VLAN on LAN support 3.1.3 VPN ● ● ● ● ● ● ● ● ● ● ● PepVPN with SpeedFusionTM PepVPN performance analyzer X.
3.1.5 Captive Portal ● ● ● Splash screen of open networks, login page for secure networks Customizable built-in captive portal Supports linking to outside page for captive portal 3.1.6 Outbound Policy ● ● ● ● Link load distribution per TCP/UDP service Persistent routing for specified source and/or destination IP addresses per TCP/UDP service Traffic prioritization and DSL optimization Prioritize and route traffic to VPN tunnels with Priority and Enforced algorithms 3.1.
● ● ● ● ● ● ● ● ● ● ● ● ● ● Shared IP drop-in mode Authentication and accounting by RADIUS server for web admin Built-in WINS servers* Syslog SIP passthrough PPTP packet passthrough Event log Active sessions Client list WINS client list UPnP / NAT-PMP Real-time, hourly, daily, and monthly bandwidth usage reports and charts IPv6 support Support USB tethering on Android 2.2+ phones https://www.peplink.
4 Pepwave MAX Mobile Router Overview 4.1 MAX HD4 MBX 4.1.1 Panel Appearance https://www.peplink.
4.1.2 LED Indicators The statuses indicated by the front panel LEDs are as follows: Status Indicators https://www.peplink.
Status OFF System initializing Red Booting up or busy Blinking red Boot up error Green Ready Wi-Fi AP and Wi-Fi WAN Indicators Wi-Fi WAN / Cellular 1 / Cellular 2 OFF Disabled Intermittent Blinking slowly Connecting to wireless network(s) Blinking Connected to wireless network(s) with traffic ON Connected to wireless network(s) without traffic LAN and Ethernet WAN Ports Green LED Orange LED Port Type ON 10 / 100 / 1000 Mbps Blinking Data is transferring OFF No data is being transferr
5 Advanced Feature Summary 5.1 Drop-in Mode and LAN Bypass: Transparent Deployment As your organization grows, it needs more bandwidth. But modifying your network would require effort better spent elsewhere. In Drop-in Mode, you can conveniently install your Peplink router without making any changes to your network. And if the Peplink router loses power for any reason, LAN Bypass will safely and automatically bypass the Peplink router to resume your original network connection. 5.
VoIP traffic and assign it the highest priority, giving you crystal-clear calls. 5.3 Per-User Bandwidth Control With per-user bandwidth control, you can define bandwidth control policies for up to 3 groups of users to prevent network congestion. Define groups by IP address and subnet, and set bandwidth limits for every user in the group. 5.4 High Availability via VRRP https://www.peplink.
When your organization has a corporate requirement demanding the highest availability with no single point of failure, you can deploy two Peplink routers in High Availability mode. With High Availability mode, the second device will take over when needed. 5.5 USB Modem and Android Tethering For increased WAN diversity, plug in a USB LTE modem as backup. Peplink routers are compatible with over 200 modem types. You can also tether to smartphones running Android 4.1.X and above. https://www.peplink.
5.6 Built-In Remote User VPN Support Use L2TP with IPsec to safely and conveniently connect remote clients to your private network. L2TP with IPsec is supported by most devices, but legacy devices can also connect using PPTP. Click here for full instructions on setting up L2TP with IPsec. 5.7 SIM-card USSD support https://www.peplink.
Cellular-enabled routers can now use USSD to check their SIM card’s balance, process pre-paid cards, and configure carrier-specific services.Click here for full instructions on using USSD. https://www.peplink.
6 Installation The following section details connecting Pepwave routers to your network. 6.1 Preparation Before installing your Pepwave router, please prepare the following as appropriate for your installation: ● ● ● 6.
The following figure schematically illustrates the resulting configuration: 6.3 Configuring the Network Environment To ensure that the Pepwave router works properly in the LAN environment and can access the Internet via WAN connections, please refer to the following setup procedures: ● LAN configuration For basic configuration, refer to Section 8, Connecting to the Web Admin Interface. For advanced configuration, go to Section 9, Configuring the LAN Interface(s).
7 Connecting to the Web Admin Interface 1. Start a web browser on a computer that is connected with the Pepwave router through the LAN. 2. To connect to the router’s web admin interface, enter the following LAN IP address in the address field of the web browser: http://192.168.50.1 (This is the default LAN IP address for Pepwave routers.) 3. Enter the following to access the web admin interface. Username: admin Password: admin (This is the default username and password for Pepwave routers.
The Dashboard shows current WAN, LAN, and Wi-Fi AP statuses. Here, you can change WAN connection priority and switch on/off the Wi-Fi AP. For further information on setting up these connections, please refer to Sections 8 and 9. Device Information displays details about the device, including model name, firmware version, and uptime. For further information, please refer to Section 22. Important Note Configuration changes (e.g. WAN, LAN, admin settings, etc.
8 Configuring the LAN Interface(s) 8.1 Basic Settings LAN interface settings are located at Network>LAN>Network Settings. Navigating to that page will result in the following dashboard: This represents the LAN interfaces that are active on your router (including VLAN). A grey “X” means that the VLAN is used in other settings and cannot be deleted. You can find which settings are using the VLAN by hovering over the grey “X”. Alternatively, a red “X” means that there are no settings using the VLAN.
Network Settings Name VLAN ID Inter-VLAN routing Captive Portal Enter a name for the LAN. Enter a number for your VLAN. Check this box to enable routing between virtual LANs. Check this box to turn on captive portals. https://www.peplink.
Drop-in Mode Settings Enable Drop-in mode eases the installation of Peplink routers on a live network between the existing firewall and router, such that no configuration changes are required on existing equipment. Check the box to enable the drop-in mode feature, if available on your model. WAN for Drop-In Select the WAN port to be used for drop-in mode. If WAN 1 with LAN Bypass is selected, the high availability feature will be disabled automatically.
Layer 2 PepVPN Bridging The remote network of the selected PepVPN profiles will be bridged with this local PepVPN Profiles LAN, creating a Layer 2 PepVPN, they will be connected and operate like a single to Bridge LAN, and any broadcast or multicast packets will be sent over the VPN. Spanning Tree Protocol Override IP Address when bridge connected Click the box will enable STP for this layer 2 profile bridge.
DHCP Server When this setting is enabled, the DHCP server automatically assigns an IP address to each computer that is connected via LAN and configured to obtain an IP address via DHCP. The Pepwave router’s DHCP server can prevent IP address collision on the LAN. IP Range & Subnet Mask These settings allocate a range of IP addresses that will be assigned to LAN computers by the Pepwave router’s DHCP server.
LAN Physical Settings Speed This is the port speed of the LAN interface. It should be set to the same speed as the connected device to avoid port negotiation problems. When a static speed is set, you may choose whether to advertise its speed to the peer device. Auto is selected by default. You can choose not to advertise the port speed if the port has difficulty negotiating with the peer device. Static Route Settings Static Route This table is for defining static routing rules for the LAN segment.
WINS Server Settings Enable Check the box to enable the WINS server. A list of WINS clients will be displayed at Status>WINS Clients. DNS Proxy Settings Enable To enable the DNS proxy feature, check this box, and then set up the feature at Network>LAN>DNS Proxy Settings. A DNS proxy server can be enabled to serve DNS requests originating from LAN/PPTP/SpeedFusionTM peers. Requests are forwarded to the DNS servers/resolvers defined for each WAN connection.
A Include Google Public DNS Servers When this option is enabled, the DNS proxy server will also forward DNS requests to Google's Public DNS Servers, in addition to the DNS servers defined in each WAN. This could increase the DNS service's availability. This setting is disabled by default. Local DNS Records This table is for defining custom local DNS records. A static local DNS record consists of a host name and IP address.
To add a new LAN, click the New LAN button. To change LAN settings, click the name of the LAN to change under the LAN heading. The following settings are displayed when creating a new LAN or editing an existing LAN. IP Settings IP Address & Subnet Mask Enter the Pepwave router’s IP address and subnet mask values to be used on the LAN. Network Settings Name VLAN ID Inter-VLAN routing Enter a name for the LAN. Enter a number for your VLAN. Check this box to enable routing between virtual LANs.
Captive Portal Check this box to turn on captive portals. DHCP Server Settings DHCP Server When this setting is enabled, the Pepwave router’s DHCP server automatically assigns an IP address to each computer that is connected via LAN and configured to obtain an IP address via DHCP. The Pepwave router’s DHCP server can prevent IP address collisions on the LAN. To enable DHCP bridge relay, please click the IP Range & Subnet Mask Lease Time icon on this menu item.
BOOTP Check this box to enable BOOTP on older networks that still require it. In addition to standard DHCP options (e.g. DNS server address, gateway address, subnet mask), you can specify the value of additional extended DHCP options, as Extended DHCP defined in RFC 2132. With these extended options enabled, you can pass additional configuration information to LAN hosts. To define an extended DHCP Option option, click the Add button, choose the option to define, and then enter its value.
Once DHCP is set up, configure LAN Physical Settings, Static Route Settings, WINS Server Settings, and DNS Proxy Settings as noted above. 8.2 Port Settings To configure port settings, navigate to Network > Port Settings On this screen, you can enable specific ports, as well as determine the speed of the LAN ports, whether each port is a trunk or access port, can well as which VLAN each link belongs to, if any. 8.
Enable Check Enable and then, optionally, select the LANs/VLANs that will use the captive portal. Hostname To customize the portal’s form submission and redirection URL, enter a new URL in this field. To reset the URL to factory settings, click Default. Access Mode Click Open Access to allow clients to freely access your router. Click User Authentication to force your clients to authenticate before accessing your router. This authenticates your clients through a RADIUS server.
Splash Page Here, you can choose between using the Pepwave router’s built-in captive portal and redirecting clients to a URL you define. The Portal Customization menu has two options: and . Clicking displays a pop-up previewing the captive portal that your clients will see. Clicking displays the following menu: Portal Customization Logo Image Message Terms & Conditions Click the Choose File button to select a logo to use for the built-in portal.
Custom Landing Page 9 Fill in this field to redirect clients to an external URL. Configuring the WAN Interface(s) WAN Interface settings are located at Network>WAN. To reorder WAN priority, drag on the appropriate WAN by holding the left mouse button, move it to the desired priority (the first one would be the highest priority, the second one would be lower priority, and so on), and drop it by releasing the mouse button.
9.1 Ethernet WAN Health Check Settings This field specifies the Health Check method to be used for this WAN connection. ● ● Health Check Method ● ● Disabled - The WAN connection is always considered to be up and will not be treated as down for any IP routing errors. PING - ICMP PING packets will be issued to test connectivity with configurable target IP addresses or host names. DNS Lookup - DNS lookups will be issued to test the connectivity with configurable target DNS server IP addresses.
Health Check Interval This is the time interval between each health check test. Health Check Retries This is the number of consecutive check failures before treating a connection as down. Recovery Retries This is the number of responses required after a health check failure before treating a connection as up again. Bandwidth Allowance Monitor Settings Bandwidth Allowance Monitor Check the box Enable to enable bandwidth usage monitoring on this WAN connection for each billing cycle.
Additional Public IP Settings If you have access to status public IP addresses,, you can assign them on this field. Dynamic DNS Settings This setting specifies the dynamic DNS service provider to be used for the WAN based on supported dynamic DNS service providers: Dynamic DNS Service Provider ● ● ● ● ● changeip.com dyndns.org no-ip.org tzo.com DNS-O-Matic Select Disabled to disable this feature. See Section 9.5 for configuration details. 9.1.
DHCP Connection Settings Routing Mode IP Address/ Subnet Mask/ Default Gateway NAT allows substituting the real address in a packet with a mapped address that is routable on the destination network. By clicking the help icon in this field, you can display the IP Forwarding option, if your network requires it. This information is obtained from the ISP automatically.
Static IP Settings Routing Mode NAT allows substituting the real address in a packet with a mapped address that is routable on the destination network. By clicking the help icon in this field, you can display the IP Forwarding option, if your network requires it. IP Address / Subnet Mask / Default Gateway These settings allow you to specify the information required in order to communicate on the Internet via a fixed Internet IP address.
PPPoE Settings Routing Mode IP Address / Subnet Mask / Default Gateway PPPoE User Name / Password Confirm PPPoE Password NAT allows substituting the real address in a packet with a mapped address that is routable on the destination network. By clicking the help icon in this field, you can display the IP Forwarding option, if your network requires it. This information is obtained from the ISP automatically. Enter the required information in these fields in order to connect via PPPoE to the ISP.
connection. (The DNS servers are obtained along with the WAN IP address assigned from the DHCP server.) When Use the following DNS server address(es) is selected, you may enter custom DNS server addresses for this WAN connection into the DNS Server 1 and DNS Server 2 fields. 9.1.4 L2TP Connection L2TP has all the compatibility and convenience of PPTP with greater security. Combine this with IPsec for a good balance between ease of use and security.
DNS (Domain Name System) servers to be used when a DNS lookup is routed through this connection. Selecting Obtain DNS server address automatically results in the DNS servers assigned by the PPPoE server to be used for outbound DNS lookups over the WAN connection. (The DNS servers are obtained along with the WAN IP address assigned from the PPPoE server.
Cellular Status IMSI This is the International Mobile Subscriber Identity which uniquely identifies the SIM card. This is applicable to 3G modems only. MEID Some Pepwave routers support both HSPA and EV-DO. For Sprint or Verizon Wireless EV-DO users, a unique MEID identifier code (in hexadecimal format) is used by the carrier to associate the EV-DO device with the user. This information is presented in hex and decimal format. ESN This serves the same purpose as MEID HEX but uses an older format.
Auto: The subnet mask will be set automatically. Subnet Selection Routing Mode Force /31 Subnet: The subnet mask will be set as 255.255.255.254(/31), and the gateway IP address will be recalculated. This option allows you to select the routing method to be used in routing IP frames via the WAN connection. The mode can be either NAT (network address translation) or IP Forwarding. Click the button to enable IP forwarding. Each ISP may provide a set of DNS servers for DNS lookups.
Cellular Settings SIM Card Indicate which SIM card this cellular WAN will use. Only applies to cellular WAN with redundant SIM cards. Preferred SIM If both cards were enabled on the above field, then you can designate the priority of https://www.peplink.
Card the SIM card slots here. 3G/2G This drop-down menu allows restricting cellular to particular band. Click the button to enable the selection of specific bands. Authentication Choose from PAP Only or CHAP Only to use those authentication methods exclusively. Select Auto to automatically choose an authentication method. Data Roaming This checkbox enables data roaming on this particular SIM card. Please check your service provider’s data roaming policy before proceeding.
General Settings Independent from Backup WANs If this is checked, the connection will be working independent from other Backup WAN connections. Those in Backup Priority will ignore the status of this WAN connection, and will be used when none of the other higher priority connections are available. Standby State This option allows you to choose whether to remain connected or disconnected when this WAN connection is no longer in the highest priority and has entered the standby state.
Health Check Retries This is the number of consecutive check failures before treating a connection as down. Recovery Retries This is the number of responses required after a health check failure before treating a connection as up again. Dynamic DNS Settings This setting specifies the dynamic DNS service provider to be used for the WAN based on supported dynamic DNS service providers: ● ● ● ● ● Dynamic DNS Service Provider changeip.com dyndns.org no-ip.org tzo.
WAN Connection Settings WAN Connection Name Operating Schedule Enter a name to represent this WAN connection. Click the drop-down menu to apply a time schedule to this interface. If this is checked, the connection will be working independent from other Backup Independent from WAN connections. Those in Backup Priority will ignore the status of this WAN connection, and will be used when none of the other higher priority connections Backup WANs are available.
Wi-Fi WAN Settings Channel Width Select the channel width for this Wi-Fi WAN. 20MHz will have greater support for older devices using 2.4Ghz, while 40MHz is appropriate for networks with newer devices that connect using 5Ghz Determine whether the channel will be automatically selected.
Counter Bandwidth Allowance Monitor Action Start Day Monthly Allowance If Error! Reference source not found. is enabled, you will be notified by email when usage hits 75% and 95% of the monthly allowance. If Disconnect when usage hits 100% of monthly allowance is checked, this WAN connection will be disconnected automatically when the usage hits the monthly allowance. It will not resume connection unless this option has been turned off or the usage has been reset when a new billing cycle starts.
Method This setting specifies the health check method for the WAN connection. This value can be configured as Disabled, PING, DNS Lookup, or HTTP. The default method is DNS Lookup. For mobile Internet connections, the value of Method can be configured as Disabled or SmartCheck. Health Check Disabled When Disabled is chosen in the Method field, the WAN connection will always be considered as up. The connection will NOT be treated as down in the event of IP routing errors.
If Include public DNS servers is selected and no response is received from all specified DNS servers, DNS lookups will also be issued to some public DNS servers. A WAN connection will be treated as down only if there is also no response received from the public DNS servers. Connections will be considered as up if DNS responses are received from any one of the health check DNS servers, regardless of a positive or negative result.
Interval Health Check Retries requests. The default health check interval is 5 seconds. This setting specifies the number of consecutive ping/DNS lookup timeouts after which the Peplink Balance will treat the corresponding WAN connection as down. Default health retries is set to 3. Using the default Health Retries setting of 3, the corresponding WAN connection will be treated as down after three consecutive timeouts.
TZO Key Update All Hosts Hosts / Domain Check this box to automatically update all hosts. This setting specifies a list of hostnames or domains to be associated with the public Internet IP address of the WAN connection. Important Note In order to use dynamic DNS services, appropriate hostname registration(s), as well as a valid account with a supported dynamic DNS service provider, are required.
Wi-Fi Connection Profile Settings Type Network Name (SSID) Select whether the network will connect automatically or manually. Enter a name to represent this Wi-Fi connection. This option allows you to select which security policy is used for this wireless network. Available options: ● Open ● WEP ● WPA/WPA2 – Personal ● WPA/WPA2 – Enterprise Security https://www.peplink.
9.4 WAN Health Check To ensure traffic is routed to healthy WAN connections only, the Pepwave router can periodically check the health of each WAN connection. The health check settings for each WAN connection can be independently configured via Network>WAN>Details. Health Check Settings Method This setting specifies the health check method for the WAN connection. This value can be configured as Disabled, PING, DNS Lookup, or HTTP. The default method is DNS Lookup.
DNS lookups will be issued to test connectivity with target DNS servers. The connection will be treated as up if DNS responses are received from one or both of the servers, regardless of whether the result was positive or negative. Health Check DNS Servers This field allows you to specify two DNS hosts’ IP addresses with which connectivity is to be tested via DNS lookup.
Other Health Check Settings Timeout This setting specifies the timeout in seconds for ping/DNS lookup requests. The default timeout is 5 seconds. Health Check Interval This setting specifies the time interval in seconds between ping or DNS lookup requests. The default health check interval is 5 seconds. Health Check Retries This setting specifies the number of consecutive ping/DNS lookup timeouts after which the Pepwave router will treat the corresponding WAN connection as down.
service providers. Through registration with dynamic DNS service provider(s), the default public Internet IP address of each WAN connection can be associated with a host name. With dynamic DNS service enabled for a WAN connection, you can connect to your WAN's IP address from the external, even if its IP address is dynamic. You must register for an account from the listed dynamic DNS service providers before enabling this option. If the WAN connection's IP address is a reserved private IP address (i.e.
Password / TZO Key This setting specifies the password for the dynamic DNS service. Hosts / Domain This field allows you to specify a list of host names or domains to be associated with the public Internet IP address of the WAN connection. If you need to enter more than one host, use a carriage return to separate them. Important Note In order to use dynamic DNS services, appropriate host name registration(s) and a valid account with a supported dynamic DNS service provider are required.
Preferred Frequency Indicate the preferred frequency to use for clients to connect. Important Note Per FCC regulation, the country selection is not available on all models marketed in the US. All US models are fixed to US channels only. AP Settings (part 2) Protocol This option allows you to specify whether 802.11b and/or 802.11g client association requests will be accepted. Available options are 802.11ng and 802.11na. By default, 802.11ng is selected.
Threshold Maximum number of clients This setting determines the maximum number of clients that can connect to this Wi-Fi frequency. Advanced Wi-Fi AP settings can be displayed by clicking the on the top right-hand corner of the Wi-Fi AP Settings section, which can be found at AP>Settings. Other models will display a separate section called Wi-Fi AP Advanced Settings, which can be found at Advanced>Wi-Fi Settings.
DTIM A This field allows you to set the frequency for the beacon to include delivery traffic indication messages. The interval is measured in milliseconds. The default value is set to 1 ms. RTS Threshold A The RTS (Request to Clear) threshold determines the level of connection required before the AP starts sending data. The recommended standard of the RTS threshold is around 500.
Web Administration Settings Enable Web Access Protocol Ticking this box enables web admin access for APs located on the WAN. Determines whether the web admin portal can be accessed through HTTP or HTTPS Management Port Determines the port at which the management UI can be accessed. Admin Username Determines the username to be used for logging into the web admin portal Admin Password Determines the password for the web admin portal on external AP.
output to exceed local regulatory limits. 11 MediaFast Configuration MediaFast settings can be configured from the Network menu. 11.1 Setting Up MediaFast Content Caching To access MediaFast content caching settings, select Advanced>Cache Control Cache Control Settings Domain Choose to Cache on all domains, or enter domain names and then choose either Cache the specified domains only or Do not cache the specified domains.
Cache Lifetime Settings Enter a file extension, such as JPG or DOC. Then enter a lifetime in days to specify how long files with that extension will be cached. Add or delete entries using the controls on the right. 11.2 Scheduling Content Prefetching Content prefetching allows you to download content on a schedule that you define, which can help to preserve network bandwidth during busy times and keep costs down. To access MediaFast content prefetching settings, select Advanced >Prefetch Schedule.
incorrectly specified download target, while a value that is too long could mean a download with an incorrectly specified target or stop time. This field is also useful for quickly seeing which downloads are consuming the most storage space. To begin a scheduled download immediately, click Actions To cancel a scheduled download, click To edit a scheduled download, click To delete a scheduled download, click . . . . Click to begin creating a new scheduled download.
https://www.peplink.
12 Bandwidth Bonding SpeedFusionTM / PepVPN Pepwave bandwidth bonding SpeedFusionTM is our patented technology that enables our SDWAN routers to bond multiple Internet connections to increase site-to-site bandwidth and reliability. SpeedFusion functionality securely connects your Pepwave router to another Pepwave or Peplink device (Peplink Balance 210/310/380/580/710/1350 only). Data, voice, or video communications between these locations are kept confidential across the public Internet.
The local LAN subnet and subnets behind the LAN (defined under Static Route on the LAN settings page) will be advertised to the VPN. All VPN members (branch offices and headquarters) will be able to route to local subnets. Note that all LAN subnets and the subnets behind them must be unique. Otherwise, VPN members will not be able to access each other. All data can be routed over the VPN using the 256-bit AES encryption standard.
PepVPN Profile Settings Name This field is for specifying a name to represent this profile. The name can be any combination of alphanumeric characters (0-9, A-Z, a-z), underscores (_), dashes (-), and/or non-leading/trailing spaces ( ). Active When this box is checked, this VPN connection profile will be enabled. Otherwise, it will be disabled. Encryption Authentication Remote ID / Pre-shared Key By default, VPN traffic is encrypted with 256-bit AES.
Enter Remote IDs either by typing out each Remote ID and Pre-shared Key, or by pasting a CSV. If you wish to paste a CSV, click the icon next to the “Remote ID / Preshared Key” setting. Remote ID/Remote Certificate These optional fields become available when X.509 is selected as the Peplink Balance’s VPN authentication method, as explained above. To authenticate VPN connections using X.509 certificates, copy and paste certificate details into these fields. To get more information on a listed X.
Use IP ToS Checking this button enables the use of IP ToS header field. Traffic will be stopped for links that exceed the specified millisecond value with Latency respect to the lowest latency link. (e.g. Lowest latency is 100ms, a value of 500ms Difference Cutoff means links with latency 600ms or more will not be used) - Advanced feature, please click the button on the top right-hand corner to activate.
You could also specify a DNS server to resolve incoming DNS requests. Click the checkbox next to Backup Site to designate a backup SpeedFusion profile that will take over, should the main PepVPN connection fail. Outbound Policy/PepVPN Outbound Custom Rules Some models allow you to set outbound policy and custom outbound rules from Advanced>PepVPN. See Section 14 for more information on outbound policy settings.
PepVPN Settings To designate a custom handshake port (TCP), click the custom radio button and Handshake PortA enter the port number you wish to designate. Backward Compatibility Link Failure Detection Time A Determine the level of backward compatibility needed for PepVPN tunnels. The use of the Latest setting is recommended as it will improve the performance and resilience of SpeedFusion connections. The bonded VPN can detect routing failures on the path between two sites over each WAN connection.
http://youtu.be/TLQgdpPSY88 12.2 The Pepwave Router Behind a NAT Router Pepwave routers support establishing SpeedFusionTM over WAN connections which are behind a NAT (network address translation) router. To enable a WAN connection behind a NAT router to accept VPN connections, you can configure the NAT router in front of the WAN connection to inbound port-forward TCP port 32015 to the Pepwave router.
One of the WANs connected to Router A is non-NAT’d (212.1.1.1). The rest of the WANs connected to Router A and all WANs connected to Router B are NAT’d. In this case, the Peer IP Addresses / Host Names field for Router B should be filled with all of Router A’s hostnames or public IP addresses (i.e., 212.1.1.1, 212.2.2.2, and 212.3.3.3), and the field in Router A can be left blank.
13.1 IPsec VPN Settings Many Pepwave products can make multiple IPsec VPN connections with Peplink, Pepwave, Cisco, and Juniper routers. Note that all LAN subnets and the subnets behind them must be unique. Otherwise, VPN members will not be able to access each other. All data can be routed over the VPN with a selection of encryption standards, such as 3DES, AES-128, and AES-256. To configure IPsec VPN on Pepwave devices that support it, navigate to Advanced>IPsec VPN.
https://www.peplink.
IPsec VPN Settings Name This field is for specifying a local name to represent this connection profile. Active When this box is checked, this IPsec VPN connection profile will be enabled. Otherwise, it will be disabled. Connect Upon Check this box and select a WAN to connect to this VPN automatically when the Disconnection specified WAN is disconnected. of Remote Gateway IP Enter the remote peer’s public IP address. For Aggressive Mode, this is Address / Host optional.
Mode Choose Main Mode if both IPsec peers use static IP addresses. Choose Aggressive Mode if one of the IPsec peers uses dynamic IP addresses. Force UDP For forced UDP encapsulation regardless of NAT-traversal, tick this checkbox. Encapsulation This defines the peer authentication pre-shared key used to authenticate this Pre-shared Key VPN connection. The connection will be up only if the pre-shared keys on each side match. Remote Available only when X.
Group 5: 1536-bit is the third option. Phase 2 SA Lifetime This setting specifies the lifetime limit of this Phase 2 Security Association. By default, it is set at 28800 seconds. WAN Connection Priority WAN Connection Select the appropriate WAN connection from the drop-down menu. 14 Outbound Policy Management Pepwave routers can flexibly manage and load balance outbound traffic among WAN connections. Important Note Outbound policy is applied only when more than one WAN connection is active .
14.1 Outbound Policy Outbound policies for managing and load balancing outbound traffic are located at Network>Outbound Policy> or Advanced>PepVPN>Outbound Policy. There are three main selections for the outbound traffic policy: ● High Application Compatibility ● Normal Application Compatibility ● Custom Note that some Pepwave routers provide only the Send All Traffic To setting here. See Section 12.1 for details.
http://youtu.be/rKH4AS_bQnE 14.2 Custom Rules for Outbound Policy Click in the Outbound Policy form. Choose Custom and press the Save button. 14.2.1 Algorithm: Weighted Balance This setting specifies the ratio of WAN connection usage to be applied on the specified IP protocol and port. This setting is applicable only when Algorithm is set to Weighted Balance. https://www.peplink.
The amount of matching traffic that is distributed to a WAN connection is proportional to the weight of the WAN connection relative to the total weight. Use the sliders to change each WAN’s weight. For example, with the following weight settings: ● Ethernet WAN1: 10 ● Ethernet WAN2: 10 ● Wi-Fi WAN: 10 ● Cellular 1: 10 ● Cellular 2: 10 ● USB: 10 Total weight is 60 = (10 +10 + 10 + 10 + 10 + 10). Matching traffic distributed to Ethernet WAN1 is 16.7% = (10 / 60 x 100%.
distribution for Internet services is undesirable. For example, for security reasons, many ebanking and other secure websites terminate the session when the client computer’s Internet IP address changes mid-session. In general, different Internet IP addresses represent different computers. The security concern is that an IP address change during a session may be the result of an unauthorized intrusion attempt.
which is specified in the WAN settings page). If you choose Custom, you can customize the weight of each WAN manually by using the sliders. 14.2.3 Algorithm: Enforced This setting specifies the WAN connection usage to be applied on the specified IP protocol and port. This setting is applicable only when Algorithm is set to Enforced. Matching traffic will be routed through the specified WAN connection, regardless of the health check status of the WAN connection. Starting from Firmware 5.
Configure multiple distribution rules to accommodate different kinds of services. 14.2.5 Algorithm: Overflow The traffic matching this rule will be routed through the healthy WAN connection that has the highest priority and is not in full load. When this connection gets saturated, new sessions will be routed to the next healthy WAN connection that is not in full load. Drag and drop to specify the order of WAN connections to be used for routing traffic.
in Connection and has the lowest latency. Latency checking packets are issued periodically to a nearby router of each WAN connection to determine its latency value. The latency of a WAN is the packet round trip time of the WAN connection. Additional network usage may be incurred as a result. Tip The roundtrip time of a 6M down/640k uplink can be higher than that of a 2M down/2M up link because the overall round trip time is lengthened by its slower upload bandwidth, despite its higher downlink speed.
router. Inbound port forwarding rules can be defined at Advanced>Port Forwarding. To define a new service, click Add Service. Port Forwarding Settings Enable This setting specifies whether the inbound service takes effect. When Enable is checked, the inbound service takes effect: traffic is matched and actions are taken by the Pepwave router based on the other parameters of the rule.
The Port setting specifies the port(s) that correspond to the service, and can be configured to behave in one of the following manners: Any Port, Single Port, Port Range, Port Map, and Range Mapping Any Port: all traffic that is received by the Pepwave router via the specified protocol is forwarded to the servers specified by the Servers setting. For example, with IP Protocol set to TCP, and Port set to Any Port, all TCP traffic is forwarded to the configured servers.
15.1.1 UPnP / NAT-PMP Settings UPnP and NAT-PMP are network protocols which allow a computer connected to the LAN port to automatically configure the router to allow parties on the WAN port to connect to itself. That way, the process of inbound port forwarding becomes automated. When a computer creates a rule using these protocols, the specified TCP/UDP port of all WAN connections' default IP address will be forwarded. Check the corresponding box(es) to enable UPnP and/or NAT-PMP.
NAT Mapping Settings LAN Client(s) NAT mapping rules can be defined for a single LAN IP Address, an IP Range, or an IP Network. Address This refers to the LAN host’s private IP address. The system maps this address to a number of public IP addresses (specified below) in order to facilitate inbound and outbound traffic. This option is only available when IP Address is selected. Range The IP range is a contiguous group of private IP addresses used by the LAN host.
or IP forwarding mode. Also note that each WAN IP address can be associated to one NAT mapping only. Outbound Mappings This setting specifies the WAN IP addresses that should be used when an IP connection is made from a LAN host to the Internet. Each LAN host in an IP range or IP network will be evenly mapped to one of each selected WAN's IP addresses (for better IP address utilization) in a persistent manner (for better application compatibility).
Add / Edit User Group From the drop-down menu, choose whether you are going to define the client(s) by an IP Address or a Subnet. If IP Address is selected, enter a Subnet / IP Address name defined in DHCP reservation table or a LAN client's IP address. If Subnet is selected, enter a subnet address and specify its subnet mask. Group This field is to define which User Group the specified subnet / IP address belongs to.
17.3 Application 17.3.1 Application Prioritization On many Pepwave routers, you can choose whether to apply the same prioritization settings to all user groups or customize the settings for each group. Three application priority levels can be set: ↑High,━ Normal, and↓Low. Pepwave routers can detect various application traffic types by inspecting the packet content. Select an application by choosing a supported application, or by defining a custom application manually.
17.3.3 DSL/Cable Optimization DSL/cable-based WAN connections have lower upload bandwidth and higher download bandwidth. When a DSL/cable circuit's uplink is congested, the download bandwidth will be affected. Users will not be able to download data at full speed until the uplink becomes less congested. DSL/Cable Optimization can relieve such an issue. When it is enabled, the download speed will become less affected by the upload traffic. By default, this feature is enabled.
18.1 Outbound and Inbound Firewall Rules 18.1.1 Access Rules The outbound firewall settings are located at Advanced>Firewall>Access Rules>Outbound Firewall Rules. Click Add Rule to display the following screen: https://www.peplink.
Inbound firewall settings are located at Advanced>Firewall>Access Rules>Inbound Firewall Rules. Click Add Rule to display the following screen: Rules are matched from top to bottom. If a connection matches any one of the upper rules, the matching process will stop. If none of the rules match, the Default rule will be applied. By default, the Default rule is set as Allow for both outbound and inbound access.
Protocol This setting specifies the protocol to be matched. Via a drop-down menu, the following protocols can be specified: ● TCP ● UDP ● ICMP ● IP Alternatively, the Protocol Selection Tool drop-down menu can be used to automatically fill in the protocol and port number of common Internet services (e.g., HTTP, HTTPS, etc.) After selecting an item from the Protocol Selection Tool drop-down menu, the protocol and port number remains manually modifiable.
● ● ● ● ● DST: Destination IP address LEN: Packet length PROTO: Protocol SPT: Source port DPT: Destination port Click Save to store your changes. To create an additional firewall rule, click Add Rule and repeat the above steps. To change a rule’s priority, simply drag and drop the rule: ● ● ● Hold the left mouse button on the rule. Move it to the desired position. Drop it by releasing the mouse button.
● ● o NMAP FIN/URG/PSH o Xmas tree o Another Xmas tree o Null scan o SYN/RST o SYN/FIN SYN flood prevention Ping flood attack prevention https://www.peplink.
18.2 Content Blocking 18.2.1 Application Blocking Choose applications to be blocked from LAN/PPTP/PepVPN peer clients' access, except for those on the Exempted User Groups or Exempted Subnets defined below. https://www.peplink.
18.2.2 Web Blocking Defines website domain names to be blocked from LAN/PPTP/PepVPN peer clients' access except for those on the Exempted User Groups or Exempted Subnets defined below. If "foobar.com" is entered, any web site with a host name ending in foobar.com will be blocked, e.g. www.foobar.com, foobar.com, etc. However, "myfoobar.com" will not be blocked. You may enter the wild card ".*" at the end of a domain name to block any web site with a host name having the domain name in the middle.
19 OSPF & RIPv2 The Pepwave supports OSPF and RIPv2 dynamic routing protocols. Click the Advanced tab from the top bar, and then click the Routing Protocols >OSPF & RIPv2 item on the sidebar to reach the following menu: OSPF Router ID Area This field determines the ID of the router. By default, this is specified as the LAN IP address. If you want to specify your own ID, enter it in the Custom field. This is an overview of the OSPFv2 areas you have defined. Click on the area name to configure it.
OSPF Settings Area ID Link Type Determine the name of your Area ID to apply to this group. Machines linked to this group will send and receive related OSPF packets, while unlinked machines will ignore it. Choose the network type that this area will use. Authentication Choose an authentication method, if one is used, from this drop-down menu. Available options are MD5 and Text. Enter the authentication key next to the dropdown menu.
RIPv2 Settings Authentication Interfaces Choose an authentication method, if one is used, from this drop-down menu. Available options are MD5 and Text. Enter the authentication key next to the dropdown menu. Determine which interfaces this group will use to listen to and deliver RIPv2 packets. OSPF & RIPv2 Route Advertisement PepVPN Route Isolation Isolate PepVPN peers from each other. Received PepVPN routes will not be forwarded to other PepVPN peers to reduce bandwidth consumption..
20 BGP Click the Advanced tab from the top bar, and then click the Routing Protocols>BGP item on the sidebar to configure BGP. Click "x" to delete a BGP profile Click "Add" to add a new BGP profile BGP Name This field is for specifying a name to represent this profile. Enable When this box is checked, this BGP profile will be enabled. Otherwise, it will be disabled.
Autonomous System Neighbor's ASN Multihop/TTL Time-to-live (TTL) of BGP packet. Leave it blank if BGP neighbor is directly connected, otherwise you must specify a TTL value. Accurately, this option should be used if the configured neighbor IP address does not match the selected Interface's network subnets. TTL value must be between 2 to 255. Password AS-Path Prepending: Hold Time Optional password for MD5 authentication of BGP sessions.
Filter Mode This option selects the route import filter mode. None: all BGP routes will be accepted. Accept: Routes in "Restricted Networks" will be accepted, routes not in the list will be rejected. Reject: Routes in "Restricted Networks" will be rejected, routes not in the list will be accepted. Restricted Networks This specifies the network in the “route import” entry Exact Match: When this box is checked, only routes with the same Networks and Subnet Mask will be filtered.
Remote User Access Settings Enable VPN Type Click the checkbox to enable Remote User Access. Determine whether remote devices can connect to the Balance using L2TP with IPsec or PPTP. For greater security, we recommend you connect using L2TP with https://www.peplink.
IPsec. Preshared Key Listen On Connect to Network Enter your preshared key in the text field. Please note that remote devices will need this preshared key to access the Balance. This setting is for specifying the WAN IP addresses where the PPTP server of the router should listen on. Select the VLAN network for remore users to enable remote user access on. Authentication Determine the method of authenticating remote users. User Accounts This setting allows you to define the PPTP User Accounts.
In the diagram, the WAN ports of each Pepwave router connect to the router and to the modem. Both Pepwave routers connect to the same LAN switch via a LAN port. An elaboration on the technical details of the implementation of the virtual router redundancy protocol (VRRP, RFC 3768) by Pepwave routers follows: ● ● ● ● ● In an HA configuration, the two Pepwave routers communicate with each other using VRRP over the LAN.
Interface for Master Router Interface for Slave Router High Availability Enable Checking this box specifies that the Pepwave router is part of a high availability configuration. This number identifies a pair of Pepwave routers operating in a high availability Group Number configuration. The two Pepwave routers in the pair must have the same Group Number value. Preferred Role This setting specifies whether the Pepwave router operates in master or slave mode.
Administration functionality. This address should be unique within the LAN. IP Subnet Mask This setting specifies the subnet mask of the LAN. Important Note For Pepwave routers in NAT mode, the virtual IP (VIP) should be set as the default gateway for all hosts on the LAN segment. For example, a firewall sitting behind the Pepwave router should set its default gateway as the virtual IP instead of the IP of the master router. In drop-in mode, no other configuration needs to be set. https://www.peplink.
Please note that the drop-in WAN cannot be configured as a LAN bypass port while it is configured for high availability. 21.2 PPTP Server Pepwave routers feature a built-in PPTP server, which enables remote computers to conveniently and securely access the local network. PPTP server settings are located at Advanced>Misc. Settings>PPTP Server. Check the box to enable PPTP server functionality. All connected PPTP sessions are displayed at Status>Client List. Please refer to Section 22.3 for details.
PPTP Server Settings Listen On Authentication This setting is for specifying the WAN connection(s) and IP address(es) that the PPTP server should listen on. This setting is for specifying the user database source for PPTP authentication. Three sources can be selected: Local User Accounts, LDAP Server, or RADIUS Server. Local User Accounts - User accounts are stored in the Pepwave router locally. You can add/modify/delete accounts in the User Accounts table.
server.) RADIUS Server - Authenticate with an external RADIUS server. This has been tested with Microsoft Windows Internet Authentication Service and FreeRADIUS servers where passwords are NTLM hashed or in plain text. User Accounts This setting allows you to define PPTP user accounts for authentication via local user accounts. Click Add to input username and password to create an account. After adding the user accounts, you can click on a username to edit the account password.
server specified in Web Proxy Interception Settings will be intercepted. These connections will be redirected to a specified web proxy server and port number. Web proxy interception settings and proxy server settings for each WAN can be specified after selecting Enable. DNS Forwarding When this option is enabled, all outgoing DNS lookups will be intercepted and redirected to the built-in DNS name server.
Note If you want to route all SMTP connections only to particular WAN connection(s), you should create a custom rule in outbound policy (see Section 14.2). 21.4.2 Web Proxy Forwarding When this feature is enabled, the Pepwave router will intercept all outgoing connections destined for the proxy server specified in Web Proxy Interception Settings, choose a WAN connection with reference to the outbound policy, and then forward them to the specified web proxy server and port number.
specify the IP Address and Port of the server you wish to forward to the service to. 21.5 Service Passthrough Service passthrough settings can be found at Advanced>Misc. Settings>Service Passthrough. Some Internet services need to be specially handled in a multi-WAN environment. Pepwave routers can handle these services such that Internet applications do not notice being behind a multi-WAN router. Settings for service passthrough support are available here.
have an FTP server listening on a port number other than 21, you can check Define custom control ports and enter the port numbers in the text boxes. TFTP IPsec NAT-T The Pepwave router monitors outgoing TFTP connections and routes any incoming TFTP data packets back to the client. Select Enable if you want to enable TFTP passthrough support. This field is for enabling the support of IPsec NAT-T passthrough. UDP ports 500, 4500, and 10000 are monitored by default.
Type sentence types for sending the data (GPRMC, GPGGA, GPVTG, GPGSA, and GPGSV). Vehicle ID The vehicle ID will be appended in the last field of the NMEA sentence. Note that the NMEA sentence will become customized and non-standard. TAIP Sentence Type/TAIP ID (optional) If you’ve chosen to send GPS reports in TAIP format, select one or more sentence types for sending the data (PV—Position / Velocity Solution and CP—Compact Velocity Solution).
AP Controller The AP controller for managing Pepwave APs can be enabled by checking this box. When this option is enabled, the AP controller will wait for management connections originating from APs over the LAN on TCP and UDP port 11753. It will also wait for AP Management captive portal connections on TCP port 443. An extended DHCP option, CAPWAP Access Controller addresses (field 138), will be added to the DHCP server. A local DNS record, AP Controller, will be added to the local DNS proxy.
SSID Settings SSID Enable This setting specifies the SSID of the virtual AP to be scanned by Wi-Fi clients. Click the drop-down menu to apply a time schedule to this interface VLAN ID This setting specifies the VLAN ID to be tagged on all outgoing packets generated from this wireless network (i.e., packets that travel from the Wi-Fi segment through the Pepwave AP One unit to the Ethernet segment via the LAN port).
Data Rate A Select Auto to allow the Pepwave router to set the data rate automatically, or select Fixed and choose a rate from the displayed drop-down menu. Multicast FilterA This setting enables the filtering of multicast network traffic to the wireless SSID. Multicast RateA This setting specifies the transmit rate to be used for sending multicast network traffic. The selected Protocol and Channel Bonding settings will affect the rate options and values available here.
Security Policy This setting configures the wireless authentication and encryption methods. Available options are Open (No Encryption), WPA/WPA2 - Personal, WPA/WPA2 – Enterprise and Static WEP. Access Control The settings allow administrator to control access using MAC address filtering. Available options are None, Deny all except listed, Accept all except listed, and RADIUS MAC Authentication. Restricted Mode When WPA/WPA2 - Enterprise is configured, RADIUS-based 802.1 x authentication is enabled.
RADIUS Server Settings Host Secret Enter the IP address of the primary RADIUS server and, if applicable, the secondary RADIUS server. Enter the RADIUS shared secret for the primary server and, if applicable, the secondary RADIUS server. Authentication In field, enter the UDP authentication port(s) used by your RADIUS server(s) or click the Default button to enter 1812. Port Accounting Port In field, enter the UDP accounting port(s) used by your RADIUS server(s) or click the Default button to enter 1813.
AP Settings SSID These buttons specify which wireless networks will use this AP profile. You can also select the frequencies at which each network will transmit. Please note that the Peplink Balance does not detect whether the AP is capable of transmitting at both frequencies. Instructions to transmit at unsupported frequencies will be ignored by the AP. This drop-down menu specifies the national / regional regulations which the AP Operating Country should follow. https://www.peplink.
● If a North American region is selected, RF channels 1 to 11 will be available and the maximum transmission power will be 26 dBm (400 mW). ● If European region is selected, RF channels 1 to 13 will be available. The maximum transmission power will be 20 dBm (100 mW). NOTE: Users are required to choose an option suitable to local laws and regulations. Per FCC regulation, the country selection is not available on all models marketed in US. All US models are fixed to US channels only.
Max number of ClientsA This field determines the maximum clients that can be connected to APs under this profile. This field specifies the VLAN ID to tag to management traffic, such as AP to AP Management VLAN controller communication traffic. The value is 0 by default, meaning that no VLAN tagging will be applied. NOTE: change this value with caution as ID alterations may result in loss of connection to the AP controller.
Web Administration Settings Enable Web Access Protocol Check the box to allow the Pepwave router to manage the web admin access information of the AP. These buttons specify the web access protocol used for accessing the web admin of the AP. The two available options are HTTP and HTTPS. Management Port This field specifies the management port used for accessing the device. HTTP to HTTPS Redirection This option will be available if you have chosen HTTPS as the Web Access Protocol.
shown below: Wi-Fi Radio Settings Operating Country Wi-Fi Antenna This option sets the country whose regulations the Pepwave router follows. Choose from the router's internal or optional external antennas, if so equipped. Important Note Per FCC regulations, the country selection is not available on all models marketed in the US. All US models are fixed to US channels only. Wi-Fi AP Settings Protocol This option allows you to specify whether 802.11b and/or 802.
actual output power will be bound by the regulatory limits of the selected country. Beacon RateA Beacon IntervalA This option is for setting the time interval between each beacon. By default, 100ms is selected. DTIMA This field allows you to set the frequency for the beacon to include a delivery traffic indication message. The interval is measured in milliseconds. The default value is set to 1 ms. Slot TimeA This field is for specifying the wait time before the Router transmits a packet.
AP Controller License Limit This field displays the maximum number of AP your Balance router can control. You can purchase licenses to increase the number of AP you can manage. Frequency Underneath, there are two check boxes labeled 2.4 Ghz and 5 Ghz. Clicking either box will toggle the display of information for that frequency. By default, the graphs display the number of clients and data usage for both 2.4GHz and 5 GHz frequencies. SSID The colored boxes indicate the SSID to display information for.
period. Mouse over any line on the graph to see the data usage by each SSID for that point in time. Use the buttons next to Zoom to select the time scale you wish to view. In addition, you could use the sliders at the bottom to further refine your timescale. Events This event log displays all activity on your AP network, down to the client level. Click View Alerts to see only alerts, and click the More… link for additional records. 23.
Usage AP Name/Serial Number Online Status This field enables you to quickly find your device if you know its name or serial number. Fill in the field to begin searching. Partial names and serial numbers are supported. This button toggles whether your search will include offline devices. This table shows the detailed information on each AP, including channel, number of clients, upload traffic, and download traffic.
For easier network management, you can give each client a name and designate its location. You can also designate which firmware pack (if any) this client will follow, as well as the channels on which the client will broadcast. Click the icon to see a graph displaying usage: Click any point in the graphs to display detailed usage and client information for that device, using that SSID, at that point in time. On the Data Usage by menu, https://www.peplink.
you can display the information by SSID or by AP send/receive rate. Click the Event tab next to Wireless Usage to view a detailed event log for that particular device: 23.3 Wireless SSID In-depth SSID reports are available under AP > Controller Status > Wireless SSID. https://www.peplink.
Click the blue arrow on any SSID to obtain more detailed usage information on each SSID. 23.4 Wireless Client You can search for specific Wi-Fi users by navigating to AP > Controller Status > Wireless Client. Here, you will be able to see your network’s heaviest users as well as search for specific users. https://www.peplink.
Click the icon to bookmark specific users, and click the each user: icon for additional details about 23.5 Nearby Device A listing of near devices can be accessed by navigating to AP > Controller Status > Nearby Device. https://www.peplink.
Suspected Rogue Devices Hovering over the device MAC address will result in a popup with information on how this device was detected. Click the icons and the device will be moved to the bottom table of identified devices. 23.6 Event Log You can access the AP Controller Event log by navigating to AP > Controller Status > Event Log. https://www.peplink.
Events This event log displays all activity on your AP network, down to the client level. Use to filter box to search by MAC address, SSID, AP Serial Number, or AP Profile name. Click View Alerts to see only alerts, and click the More… link for additional records. 24 Toolbox Tools for managing firmware packs can be found at AP>Toolbox. Firmware Packs Here, you can manage the firmware of your AP. Clicking on will result in information regarding each firmware pack.
25 System Settings 25.1 Admin Security There are two types of user accounts available for accessing the web admin: admin and user. They represent two user levels: the admin level has full administration access, while the user level is read-only. The user level can access only the device's status information; users cannot make any changes on the device. Admin account UI User account UI A web login session will be logged out automatically when it has been idle longer than the Web Session Timeout.
Admin Settings Router Name This field allows you to define a name for this Pepwave router. By default, Router Name is set as MAX_XXXX, where XXXX refers to the last 4 digits of the unit’s serial number. Admin User Name Admin User Name is set as admin by default, but can be changed, if desired. Admin Password This field allows you to specify a new administrator password. Confirm Admin This field allows you to verify and confirm the new administrator password.
Confirm User Password This field allows you to verify and confirm the new user password. Web Session Timeout This field specifies the number of hours and minutes that a web session can remain idle before the Pepwave router terminates its access to the web admin interface. By default, it is set to 4 hours. Authentication by RADIUS With this box is checked, the web admin will authenticate using an external RADIUS server.
● HTTP/HTTPS This field is for specifying the port number on which the web admin interface can Web Admin Port be accessed. Web Admin Access This option is for specifying the network interfaces through which the web admin interface can be accessed: ● LAN only ● LAN/WAN If LAN/WAN is chosen, the WAN Connection Access Settings form will be displayed. LAN Connection Access Settings Allowed LAN Networks This field allows you to permit only specific networks or VLANs to access the Web UI.
● Allow access from the following IP subnets only - Restrict web admin access only from the defined IP subnets. When this is chosen, a text input area will be displayed beneath: The allowed IP subnet addresses should be entered into this text area. Each IP subnet must be in form of w.x.y.z/m, where w.x.y.z is an IP address (e.g., 192.168.0.0), and m is the subnet mask in CIDR format, which is between 0 and 32 inclusively (For example, 192.168.0.0/24).
inactive firmware, you can simply reboot your device with the inactive firmware and then perform the firmware upgrade. Important Note The firmware upgrade process may not necessarily preserve the previous configuration, and the behavior varies on a case-by-case basis. Consult the release notes for the particular firmware version before installing. Do not disconnect the power during firmware upgrade process. Do not attempt to upload a non-firmware file or a firmware file that is not supported by Peplink.
located at System > Schedule Enable scheduling, and then click on your schedule name or on the New Schedule button to begin. Edit Schedule Profile Enabling Name Schedule Click this checkbox to enable this schedule profile. Note that if this is disabled, then any associated features will also have their scheduling disabled. Enter your desired name for this particular schedule profile. Click the drop-down menu to choose pre-defined schedules as your starting point.
deleted. Schedule Map Click on the desired times to enable features at that time period. You can hold your mouse for faster entry. 25.5 Email Notification Email notification functionality provides a system administrator with up-to-date information on network status. The settings for configuring email notifications are found at System>Email Notification. Email Notification Settings Email Notification This setting specifies whether or not to enable email notification.
SMTP Port This field is for specifying the SMTP port number. By default, this is set to 25; when SSL Encryption is checked, the default port number will be set to 465. You may customize the port number by editing this field. Click Default to restore the number to its default setting. SMTP User Name / Password This setting specifies the SMTP username and password while sending email. These options are shown only if Require authentication is checked in the SMTP Server setting.
25.6 Event Log Event log functionality enables event logging at a specified remote syslog server. The settings for configuring the remote system log can be found at System>Event Log. Event Log Settings Remote Syslog This setting specifies whether or not to log events at the specified remote syslog server. Remote Syslog Host This setting specifies the IP address or hostname of the remote syslog server.
25.7 SNMP SNMP or simple network management protocol is an open standard that can be used to collect information about the Pepwave router. SNMP configuration is located at System>SNMP. SNMP Settings SNMP Device Name SNMP Port This field shows the router name defined at System>Admin Security. This option specifies the port which SNMP will use. The default port is 161. SNMPv1 This option allows you to enable SNMP version 1. SNMPv2 This option allows you to enable SNMP version 2.
https://www.peplink.
SNMP Community Settings Community Name This setting specifies the SNMP community name. This setting specifies a subnet from which access to the SNMP server is allowed. Allowed Source Enter subnet address here (e.g., 192.168.1.0) and select the appropriate subnet Subnet Address mask.
25.8 InControl InControl is a cloud-based service which allows you to manage all of your Peplink and Pepwave devices with one unified system. With it, you can generate reports, gather statistics, and configure your devices automatically. All of this is now possible with InControl. When this check box is checked, the device's status information will be sent to the Peplink InControl system. This device's usage data and configuration will be sent to the system if you enable the features in the system.
Configuration The Restore Factory Settings button is to reset the configuration to factory Restore Configuration to default settings. After clicking the button, you will need to click the Apply Factory Settings Changes button on the top right corner to make the settings effective. Download Active Click Download to backup the current active settings.
marked with (Running) is the current system boot up firmware. Please note that a firmware upgrade will always replace the inactive firmware partition. 26 Tools 26.1 Ping The ping test tool sends pings through a specified Ethernet interface or a SpeedFusionTM VPN connection. You can specify the number of pings in the field Number of times, to a maximum number of 10 times. Packet Size can be set to a maximum of 1472 bytes.
26.2 Traceroute Test The traceroute test tool traces the routing path to the destination through a particular Ethernet interface or a SpeedFusionTM connection. The traceroute test utility is located at System>Tools>Traceroute. Tip A system administrator can use the traceroute utility to analyze the connection path of a LAN/WAN connection. 26.3 PepVPN Test The PepVPN Test tool can help to test the throughput between different VPN peers.
26.4 Wake-on-LAN Peplink routers can send special “magic packets” to any client specified from the Web UI. To access this feature, navigate to System > Tools > Wake-on-LAN Select a client from the drop-down list and click Send to send a “magic packet” 26.5 CLI (Command Line Interface Support) The CLI (command line interface) can be accessed via SSH. This field enables CLI support. The below settings specify which TCP port and which interface(s) should accept remote SSH CLI access.
https://www.peplink.
27 Status 27.1 Device System information is located at Status>Device. System Information Router Name Model Product Code Hardware Revision Serial Number Firmware This is the name specified in the Router Name field located at System>Admin Security. This shows the model name and number of this device. If your model uses a product code, it will appear here. This shows the hardware version of this device. This shows the serial number of this device.
System Time This shows the current system time. Diagnostic Report The Download link is for exporting a diagnostic report file required for system investigation. Remote Assistance Click Turn on to enable remote assistance. The second table shows the MAC address of each LAN/WAN interface connected. To view your device’s End User License Agreement (EULA), click . Important Note If you encounter issues and would like to contact the Pepwave Support Team (http://www.pepwave.
This screen displays the number of sessions initiated by each application. Click on each service listing for additional information. This screen also indicates the number of sessions initiated by each WAN port. In addition, you can see which clients are initiating the most sessions. You can also perform a filtered search for specific sessions. You can filter by subnet, port, protocol, and interface. To perform a search, navigate to Status>Active Sessions>Search. https://www.peplink.
This Active Sessions section displays the active inbound/outbound sessions of each WAN connection on the Pepwave router. A filter is available to sort active session information. Enter a keyword in the field or check one of the WAN connection boxes for filtering. 27.3 Client List The client list table is located at Status>Client List. It lists DHCP and online client IP addresses, names (retrieved from the DHCP reservation table or defined by users), current download and upload rate, and MAC address.
If the PPTP server (see Section 19.2), SpeedFusionTM (see Section 12.1), or AP controller (see Section 20) is enabled, you may see the corresponding connection name listed in the Name field. 27.4 WINS Client The WINS client list table is located at Status>WINS Client. The WINS client table lists the IP addresses and names of WINS clients. This option will only be available when you have enabled the WINS server (navigation: Network>Interfaces>LAN).
Click to delete a single UPnP / NAT-PMP record in its corresponding row. To delete all records, click Delete All on the right-hand side below the table. Important Note UPnP / NAT-PMP records will be deleted immediately after clicking the button need to click Save or Confirm. or Delete All, without the 27.6 SpeedFusion Status Current SpeedFusionTM status information is located at Status>SpeedFusionTM.
Click the button for a chart displaying real-time throughput, latency, and drop-rate information for each WAN connection. When pressing the https://www.peplink.
After clicking the icon, the following menu appears: Select the L2 protocol (TCP/UDP), direction, and duration and click the Start button to begin the general throughput test. https://www.peplink.
The bandwidth bonding feature of PepVPN occurs when multiple WAN lines from one end merge with multiple WAN lines from the other end. For this to happen, each WAN line needs to form a connection with all the WAN lines on the opposite end. The function of the PepVPN analyzer is to report the throughput, packet loss, and latency of all possible combinations of connections. Please note that the PepVPN Analyzer will temporarily interrupt VPN connectivity and will restore after test.
"O" indicates that specific WAN / Tunnel is active for that particular test. "Tx Avg." is the averaged throughput across the full 10 seconds time, while "Tx Max." is the averaged throughput of the fastest 30% of time. 27.7 Event Log Event log information is located at Status>Event Log. The log section displays a list of events that has taken place on the Pepwave router. Check Auto Refresh to refresh log entries automatically. Click the Clear Log button to clear the log. https://www.peplink.
28 Bandwidth Status This section shows bandwidth usage statistics and is located at Status>Bandwidth. Bandwidth usage at the LAN while the device is switched off (e.g., LAN bypass) is neither recorded nor shown. https://www.peplink.
28.1 Real-Time The Data transferred since installation table indicates how much network traffic has been processed by the device since the first bootup. The Data transferred since last reboot table indicates how much network traffic has been processed by the device since the last bootup. 28.2 Hourly This page shows the hourly bandwidth usage for all WAN connections, with the option of viewing each individual connection. Select the desired connection to check from the drop-down menu. -in https://www.
28.3 Daily This page shows the daily bandwidth usage for all WAN connections, with the option of viewing each individual connection. Select the connection to check from the drop-down menu. If you have enabled the Bandwidth Monitoring feature, the Current Billing Cycle table for that WAN connection will be displayed. Click on a date to view the client bandwidth usage of that specific date. This feature is not available if you have selected to view the bandwidth usage of only a particular WAN connection.
the Bandwidth Monitoring feature, you can check the usage of each particular connection and view the information by Billing Cycle or by Calendar Month. Click the first two rows to view the client bandwidth usage in the last two months. This feature is not available if you have chosen to view the bandwidth of an individual WAN connection. The scale of the graph can be set to display megabytes (MB) or gigabytes (GB). All WAN Monthly Bandwidth Usage https://www.peplink.
Ethernet WAN Monthly Bandwidth Usage Tip By default, the scale of data size is in MB. 1GB equals 1024MB. https://www.peplink.
Appendix A. Restoration of Factory Defaults To restore the factory default settings on a Pepwave router, follow the steps below: 1. Locate the reset button on the front or back panel of the Pepwave router. 2. With a paperclip, press the reset button and hold it for at least 10 seconds, until the unit reboots itself. After the Pepwave router finishes rebooting, the factory default settings will be restored.
Appendix B: Declaration 1. The device supports time division technology 2. Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment.
3. ISED Warning Statement Industry Canada Statement This device complies with Industry Canada’s licence-exempt RSSs. Operation is subject to the following two conditions:(1) This device may not cause interference; and(2) This device must accept any interference, including interference that may cause undesired operation of the device. Le présent appareil est conforme aux CNR d'Industrie Canada applicables aux appareils radio exempts de licence.
conforme à la norme e.i.r.p. les limites spécifiées pour un fonctionnement point à point et non point à point, selon le cas. IC Radiation Exposure Statement This equipment complies with Innovation, Science and Economic Development Canada RF exposure limits set forth for an uncontrolled environment. This equipment should be installed and operated to ensure a minimum of 20 cm spacing to any person at all times.
Product standard to demonstrate the compliance of radio base stations and fixed terminal stations for wireless telecommunication systems with the basic restrictions or the reference levels related to human exposure to radio frequency electromagnetic fields (110MHz - 40 GHz) - General public - EN 300 328 V2.1.
- EN 301 489-17 V3.2.0: 2017 ElectroMagnetic Compatibility (EMC) standard for radio equipment and services; Part 17: Specific conditions for Broadband Data Transmission Systems; Harmonised Standard covering the essential requirements of article 3.1(b) of Directive 2014/53/EU - EN 301 489-19 V2.1.
[Spanish] la Directiva 1999/5/CE. Ελληνική [Greek] ΜΕ ΤΗΝ ΠΑΡΟΥΣΑ [name of manufacturer] ΔΗΛΩΝΕΙ ΟΤΙ [type of equipment] ΣΥΜΜΟΡΦΩΝΕΤΑΙ ΠΡΟΣ ΤΙΣ ΟΥΣΙΩΔΕΙΣ ΑΠΑΙΤΗΣΕΙΣ ΚΑΙ ΤΙΣ ΛΟΙΠΕΣ ΣΧΕΤΙΚΕΣ ΔΙΑΤΑΞΕΙΣ ΤΗΣ ΟΔΗΓΙΑΣ 1999/5/ΕΚ. Français [French] Par la présente [nom du fabricant] déclare que l'appareil [type d'appareil] est conforme aux exigences essentielles et aux autres dispositions pertinentes de la directive 1999/5/CE.
https://www.peplink.