Pepxim User Manual Pepwave Products: BR1-POWER Pepxim Products: SD-PMU-LTE Firmware 7 April 2019 Copyright & Trademarks Specifications are subject to change without notice. Copyright © 2019 Pepwave Ltd. All Rights Reserved. Pepwave / Pepxim / Peplink and the logos are trademarks of Pepwave Ltd. Other brands or products mentioned may be trademarks or registered trademarks of their respective owners.
Table of Contents Introduction and Scope 8 Glossary 9 Product Features Supported Network Features WAN LAN VPN Firewall Captive Portal Outbound Policy AP Controller QoS Other Supported Features 10 10 10 11 11 12 12 12 12 12 13 Mobile Router Overview SD-PMU-LTE / BR1-Power 14 14 Advanced Feature Summary Drop-in Mode and LAN Bypass: Transparent Deployment QoS: Clearer VoIP Per-User Bandwidth Control High Availability via VRRP USB Modem and Android Tethering Built-In Remote User VPN Support SIM-card USS
Connecting to the Web Admin Interface 22 Configuring the LAN Interface(s) Basic Settings Port Settings Captive Portal 23 23 34 34 Configuring the WAN Interface(s) Ethernet WAN DHCP Connection Static IP Connection PPPoE Connection L2TP Connection Cellular WAN Wi-Fi WAN Creating Wi-Fi Connection Profiles WAN Health Check Dynamic DNS Settings 37 38 40 41 42 44 45 51 58 60 62 Advanced Wi-Fi Settings 64 MediaFast Configuration Setting Up MediaFast Content Caching Scheduling Content Prefetching Viewing Me
Custom Rules for Outbound Policy Algorithm: Weighted Balance Algorithm: Persistence Algorithm: Enforced Algorithm: Priority Algorithm: Overflow Algorithm: Least Used Algorithm: Lowest Latency Expert Mode 88 88 90 91 91 92 92 93 93 Inbound Access Port Forwarding Service UPnP / NAT-PMP Settings 94 94 96 NAT Mappings 96 QoS User Groups Bandwidth Control Application Application Prioritization Prioritization for Custom Applications DSL/Cable Optimization 98 98 99 100 100 100 101 Firewall Outbound and Inb
Exempted Subnets URL Logging 108 109 OSPF & RIPv2 109 Remote User Access 111 Miscellaneous Settings High Availability PPTP Server Certificate Manager Service Forwarding SMTP Forwarding Web Proxy Forwarding DNS Forwarding Custom Service Forwarding Service Passthrough GPS Forwarding 113 113 117 119 119 120 121 121 121 122 123 AP Controller Wireless SSID Settings 124 124 129 AP Controller Status Info Access Point (Usage) Wireless SSID Wireless Client Nearby Device Event Log 135 135 137 139 139 141 1
Time Schedule Email Notification Event Log SNMP InControl Configuration Feature Add-ons Reboot 149 149 151 153 154 157 157 159 159 Tools Ping Traceroute Test PepVPN Test Wake-on-LAN CLI (Command Line Interface Support) 159 159 160 161 162 162 Status Device GPS Data Active Sessions Client List WINS Client UPnP / NAT-PMP SpeedFusion Status Event Log Bandwidth Status Real-Time Hourly Daily Monthly 164 164 165 165 167 168 168 169 173 174 174 175 176 177 Appendix B: Declaration 180 http://www.peplink.
http://www.peplink.
1 Introduction and Scope Pepxim / Peplink / Pepwave routers provide link aggregation and load balancing across multiple WAN connections, allowing a combination of technologies like 3G HSDPA, EVDO, 4G LTE, Wi-Fi, external WiMAX dongle, and satellite to be utilized to connect to the Internet. The MAX wireless SD-WAN router series has a wide range of products suitable for many different deployments and markets. Entry level SD-WAN models such as the MAX BR1 are suitable for SMEs or branch offices.
2 Glossary The following terms, acronyms, and abbreviations are frequently used in this manual: Term Definition 3G 3rd generation standards for wireless communications (e.g., HSDPA) 4G 4th generation standards for wireless communications (e.g.
TCP Transmission Control Protocol UDP User Datagram Protocol VPN Virtual Private Network VRRP Virtual Router Redundancy Protocol WAN Wide Area Network WINS Windows Internet Name Service WLAN Wireless Local Area Network 3 Product Features Pepxim routers enable all LAN users to share broadband Internet connections, and they provide advanced features to enhance Internet access. Our Max BR wireless routers support multiple SIM cards.
Wi-Fi WAN connection Network address translation (NAT)/port address translation (PAT) Inbound and outbound NAT mapping IPsec NAT-T and PPTP packet passthrough MAC address clone and passthrough Customizable MTU and MSS values WAN connection health check Dynamic DNS (supported service providers: changeip.com, dyndns.org, no-ip.org, tzo.com and DNS-O-Matic) ˗ Ping, DNS lookup, and HTTP-based health check ˗ ˗ ˗ ˗ ˗ ˗ ˗ ˗ 3.1.
3.1.4 Firewall ˗ ˗ ˗ ˗ ˗ Outbound (LAN to WAN) firewall rules Inbound (WAN to LAN) firewall rules per WAN connection Intrusion detection and prevention Specification of NAT mappings Outbound firewall rules can be defined by destination domain name 3.1.5 Captive Portal ˗ Splash screen of open networks, login page for secure networks ˗ Customizable built-in captive portal ˗ Supports linking to outside page for captive portal 3.1.
3.
4 Mobile Router Overview 4.1 SD-PMU-LTE / BR1-Power 4.1.1 Panel Appearance 4.1.2 LED Indicators Status OFF Red Green http://www.peplink.
4.1.3 Specifications WAN Interface 1x Embedded LTE Modem with Redundant SIM slots Power Input 1x Terminal Block, 1x DC Jack 10-50V DC Power Output 2x Terminal Blocks (back & front): 12/13.8/19/24/48/52V DC Stabalized Power 200W LAN Interface 4x 10/100/1000 ports Enclosure Indoor Metal Dimensions 7.5 x 9.0 x 1.5 inches 190 x 226 x 35 mm Weight 4.
5 Advanced Feature Summary 5.1 Drop-in Mode and LAN Bypass: Transparent Deployment As your organization grows, it needs more bandwidth. But modifying your network would require effort better spent elsewhere. In Drop-in Mode, you can conveniently install your Peplink router without making any changes to your network. And if the Peplink router loses power for any reason, LAN Bypass will safely and automatically bypass the Peplink router to resume your original network connection.
5.2 QoS: Clearer VoIP VoIP and videoconferencing are highly sensitive to latency. With QoS, Peplink routers can detect VoIP traffic and assign it the highest priority, giving you crystal-clear calls. 5.3 Per-User Bandwidth Control http://www.peplink.
With per-user bandwidth control, you can define bandwidth control policies for up to 3 groups of users to prevent network congestion. Define groups by IP address and subnet, and set bandwidth limits for every user in the group. 5.4 High Availability via VRRP When your organization has a corporate requirement demanding the highest availability with no single point of failure, you can deploy two Peplink routers in High Availability mode.
For increased WAN diversity, plug in a USB LTE modem as backup. Peplink routers are compatible with over 200 modem types. You can also tether to smartphones running Android 4.1.X and above. Compatible with: MAX 700, HD2 (all variants except IP67), HD4 (All variants) 5.6 Built-In Remote User VPN Support Use L2TP with IPsec to safely and conveniently connect remote clients to your private network. L2TP with IPsec is supported by most devices, but legacy devices can also connect using PPTP.
5.7 SIM-card USSD support Cellular-enabled routers can now use USSD to check their SIM card’s balance, process pre-paid cards, and configure carrier-specific services.Click here for full instructions on using USSD. 6 Installation The following section details connecting Pepxim routers to your network. 6.
˗ PC Card/Express Card WAN: A PC Card/ExpressCard for the corresponding card slot ˗ A computer installed with the TCP/IP network protocol and a supported web browser. Supported browsers include Microsoft Internet Explorer 8.0 or above, Mozilla Firefox 10.0 or above, Apple Safari 5.1 or above, and Google Chrome 18 or above. 6.2 Constructing the Network At a high level, construct the network according to the following steps: 1. 2. 3.
˗ LAN configuration For basic configuration, refer to Section 8, Connecting to the Web Admin Interface. For advanced configuration, go to Section 9, Configuring the LAN Interface(s). ˗ WAN configuration For basic configuration, refer to Section 8, Connecting to the Web Admin Interface. For advanced configuration, go to Section 9.2, Captive Portal. 7 Connecting to the Web Admin Interface 1. Start a web browser on a computer that is connected with the Pepwave router through the LAN. 2.
displayed The Dashboard shows current WAN, LAN, and Wi-Fi AP statuses. Here, you can change WAN connection priority and switch on/off the Wi-Fi AP. For further information on setting up these connections, please refer to Sections 8 and 9. Device Information displays details about the device, including model name, firmware version, and uptime. For further information, please refer to Section 22. Important Note Configuration changes (e.g. WAN, LAN, admin settings, etc.
page will result in the following dashboard: This represents the LAN interfaces that are active on your router (including VLAN). A grey “X” means that the VLAN is used in other settings and cannot be deleted. You can find which settings are using the VLAN by hovering over the grey “X”. Alternatively, a red “X” means that there are no settings using the VLAN.
Captive Portal Check this box to turn on captive portals. http://www.peplink.
Drop-in Mode Settings Enable Drop-in mode eases the installation of Peplink routers on a live network between the existing firewall and router, such that no configuration changes are required on existing equipment. Check the box to enable the drop-in mode feature, if available on your model. WAN for DropIn Mode Select the WAN port to be used for drop-in mode. If WAN 1 with LAN Bypass is selected, the high availability feature will be disabled automatically.
Bridge Spanning Tree Protocol Override IP Address when bridge connected Click the box will enable STP for this layer 2 profile bridge. Select "Do not override" if the LAN IP address and local DHCP server should remain unchanged after the Layer 2 PepVPN is up. If you choose to override IP address when the VPN is connected, the device will not act as a router, and most Layer 3 routing functions will cease to work.
DNS Servers This option allows you to input the DNS server addresses to be offered to DHCP clients. If Assign DNS server automatically is selected, the Pepwave router’s built-in DNS server address (i.e., LAN IP address) will be offered. WINS Server This option allows you to optionally specify a Windows Internet Name Service (WINS) server. You may choose to use the built-in WINS server or external WINS servers.
Static Route Settings Static Route This table is for defining static routing rules for the LAN segment. A static route consists of the network address, subnet mask, and gateway address. The address and subnet mask values are in w.x.y.z format. The local LAN subnet and subnets behind the LAN will be advertised to the VPN. Remote routes sent over the VPN will also be accepted. Any VPN member will be able to route to the local subnets. Press to create a new route. Press to remove a route.
To enable the DNS proxy feature, check this box, and then set up the feature at Network>LAN>DNS Proxy Settings. A DNS proxy server can be enabled to serve DNS requests originating from LAN/PPTP/SpeedFusionTM peers. Requests are forwarded to the DNS servers/resolvers defined for each WAN connection. Enable DNS Caching This field is to enable DNS caching on the built-in DNS proxy server. When the option is enabled, queried DNS replies will be cached until the records’ TTL has been reached.
Service add the networks. To delete an existing Bonjour listing, click To enable VLAN configuration, click the . button in the IP Settings section. To add a new LAN, click the New LAN button. To change LAN settings, click the name of the LAN to change under the LAN heading. The following settings are displayed when creating a new LAN or editing an existing LAN. IP Settings IP Address & Subnet Mask Enter the Pepwave router’s IP address and subnet mask values to be used on the LAN.
VLAN ID Inter-VLAN routing Captive Portal Enter a number for your VLAN. Check this box to enable routing between virtual LANs. Check this box to turn on captive portals. DHCP Server Settings DHCP Server When this setting is enabled, the Pepwave router’s DHCP server automatically assigns an IP address to each computer that is connected via LAN and configured to obtain an IP address via DHCP. The Pepwave router’s DHCP server can prevent IP address collisions on the LAN.
PC clients in the VPN can resolve the NetBIOS names of other clients in remote peers. If you have enabled this option, a list of WINS clients will be displayed at Status>WINS Clients. BOOTP Extended DHCP Option DHCP Reservation Check this box to enable BOOTP on older networks that still require it. In addition to standard DHCP options (e.g. DNS server address, gateway address, subnet mask), you can specify the value of additional extended DHCP options, as defined in RFC 2132.
Once DHCP is set up, configure LAN Physical Settings, Static Route Settings, WINS Server Settings, and DNS Proxy Settings as noted above. 8.2 Port Settings To configure port settings, navigate to Network > Port Settings On this screen, you can enable specific ports, as well as determine the speed of the LAN ports, whether each port is a trunk or access port, can well as which VLAN each link belongs to, if any. 8.
Enable Hostname Access Mode Check Enable and then, optionally, select the LANs/VLANs that will use the captive portal. To customize the portal’s form submission and redirection URL, enter a new URL in this field. To reset the URL to factory settings, click Default. Click Open Access to allow clients to freely access your router. Click User Authentication to force your clients to authenticate before accessing your router. This authenticates your clients through a RADIUS server.
The Portal Customization menu has two options: and . Clicking displays a pop-up previewing the captive portal that your clients will see. Clicking displays the following menu: Portal Customization Logo Image Message Terms & Conditions Click the Choose File button to select a logo to use for the built-in portal. If you have any additional messages for your users, enter them in this field. If you would like to use your own set of terms and conditions, please enter them here.
Custom Landing Page 9 Fill in this field to redirect clients to an external URL. Configuring the WAN Interface(s) WAN Interface settings are located at Network>WAN. To reorder WAN priority, drag on the appropriate WAN by holding the left mouse button, move it to the desired priority (the first one would be the highest priority, the second one would be lower priority, and so on), and drop it by releasing the mouse button.
9.1 Ethernet WAN Health Check Settings This field specifies the Health Check method to be used for this WAN connection. Disabled - The WAN connection is always considered to be up and will not be treated as down for any IP routing errors. ˗ PING - ICMP PING packets will be issued to test connectivity with configurable target IP addresses or host names. ˗ DNS Lookup - DNS lookups will be issued to test the connectivity with configurable target DNS server IP addresses.
Interval Health Check Retries This is the number of consecutive check failures before treating a connection as down. Recovery Retries This is the number of responses required after a health check failure before treating a connection as up again. Bandwidth Allowance Monitor Settings Bandwidth Allowance Monitor Check the box Enable to enable bandwidth usage monitoring on this WAN connection for each billing cycle.
Additional Public IP Settings If you have access to status public IP addresses,, you can assign them on this field. Dynamic DNS Settings This setting specifies the dynamic DNS service provider to be used for the WAN based on supported dynamic DNS service providers: ˗ changeip.com Dynamic DNS Service Provider ˗ dyndns.org ˗ no-ip.org ˗ tzo.com ˗ DNS-O-Matic Select Disabled to disable this feature. See Section 9.5 for configuration details. 9.1.
4. L2TP The DHCP connection method is suitable if the ISP provides an IP address automatically using DHCP (e.g., satellite modem, WiMAX modem, cable, Metro Ethernet, etc.). DHCP Connection Settings Routing Mode IP Address/ Subnet Mask/ Default Gateway Hostname (Optional) DNS Servers NAT allows substituting the real address in a packet with a mapped address that is routable on the destination network.
directly. Static IP Settings Routing Mode NAT allows substituting the real address in a packet with a mapped address that is routable on the destination network. By clicking the help icon in this field, you can display the IP Forwarding option, if your network requires it. IP Address / Subnet Mask / Default Gateway These settings allow you to specify the information required in order to communicate on the Internet via a fixed Internet IP address.
PPPoE Settings Routing Mode IP Address / Subnet Mask / Default Gateway PPPoE User Name / Password Confirm PPPoE Password NAT allows substituting the real address in a packet with a mapped address that is routable on the destination network. By clicking the help icon in this field, you can display the IP Forwarding option, if your network requires it. This information is obtained from the ISP automatically. Enter the required information in these fields in order to connect via PPPoE to the ISP.
in the DNS servers being assigned by the WAN DHCP server to be used for outbound DNS lookups over the connection. (The DNS servers are obtained along with the WAN IP address assigned from the DHCP server.) When Use the following DNS server address(es) is selected, you may enter custom DNS server addresses for this WAN connection into the DNS Server 1 and DNS Server 2 fields. 9.1.4 L2TP Connection L2TP has all the compatibility and convenience of PPTP with greater security.
Each ISP may provide a set of DNS servers for DNS lookups. This setting specifies the DNS (Domain Name System) servers to be used when a DNS lookup is routed through this connection. DNS Servers Selecting Obtain DNS server address automatically results in the DNS servers assigned by the PPPoE server to be used for outbound DNS lookups over the WAN connection. (The DNS servers are obtained along with the WAN IP address assigned from the PPPoE server.
Cellular Status IMSI This is the International Mobile Subscriber Identity which uniquely identifies the SIM card. This is applicable to 3G modems only. MEID Some Pepwave routers support both HSPA and EV-DO. For Sprint or Verizon Wireless EV-DO users, a unique MEID identifier code (in hexadecimal format) is used by the carrier to associate the EV-DO device with the user. This information is presented in hex and decimal format. ESN This serves the same purpose as MEID HEX but uses an older format.
Forwarding. Click the button to enable IP forwarding. Each ISP may provide a set of DNS servers for DNS lookups. This setting specifies the DNS (Domain Name System) servers to be used when a DNS lookup is routed through this connection. DNS Servers Selecting Obtain DNS server address automatically results in the DNS servers assigned by the PPPoE server to be used for outbound DNS lookups over the WAN connection. (The DNS servers are obtained along with the WAN IP address assigned from the PPPoE server.
Cellular Settings SIM Card Indicate which SIM card this cellular WAN will use. Only applies to cellular WAN with redundant SIM cards. http://www.peplink.
Preferred SIM Card 3G/2G If both cards were enabled on the above field, then you can designate the priority of the SIM card slots here. This drop-down menu allows restricting cellular to particular band. Click the enable the selection of specific bands. button to Authentication Choose from PAP Only or CHAP Only to use those authentication methods exclusively. Select Auto to automatically choose an authentication method. Data Roaming This checkbox enables data roaming on this particular SIM card.
General Settings Independent from Backup WANs If this is checked, the connection will be working independent from other Backup WAN connections. Those in Backup Priority will ignore the status of this WAN connection, and will be used when none of the other higher priority connections are available. Standby State This option allows you to choose whether to remain connected or disconnected when this WAN connection is no longer in the highest priority and has entered the standby state.
Health Check Retries This is the number of consecutive check failures before treating a connection as down. Recovery Retries This is the number of responses required after a health check failure before treating a connection as up again. Dynamic DNS Settings This setting specifies the dynamic DNS service provider to be used for the WAN based on supported dynamic DNS service providers: ˗ changeip.com Dynamic DNS Service Provider ˗ dyndns.org ˗ no-ip.org ˗ tzo.
WAN Connection Settings WAN Connection Name Operating Schedule Independent from Backup WANs Standby State Enter a name to represent this WAN connection. Click the drop-down menu to apply a time schedule to this interface. If this is checked, the connection will be working independent from other Backup WAN connections. Those in Backup Priority will ignore the status of this WAN connection, and will be used when none of the other higher priority connections are available.
Wi-Fi WAN Settings Channel Width Select the channel width for this Wi-Fi WAN. 20MHz will have greater support for older devices using 2.4Ghz, while 40MHz is appropriate for networks with newer devices that connect using 5Ghz Determine whether the channel will be automatically selected.
Beacon Miss Counter This sets the threshold for the number of missed beacons. Bandwidth Allowance Monitor Action Start Day Monthly Allowance If Error! Reference source not found. is enabled, you will be notified by email when usage hits 75% and 95% of the monthly allowance. If Disconnect when usage hits 100% of monthly allowance is checked, this WAN connection will be disconnected automatically when the usage hits the monthly allowance.
Health Check Settings Method This setting specifies the health check method for the WAN connection. This value can be configured as Disabled, PING, DNS Lookup, or HTTP. The default method is DNS Lookup. For mobile Internet connections, the value of Method can be configured as Disabled or SmartCheck. Health Check Disabled When Disabled is chosen in the Method field, the WAN connection will always be considered as up. The connection will NOT be treated as down in the event of IP routing errors.
DNS servers, DNS lookups will also be issued to some public DNS servers. A WAN connection will be treated as down only if there is also no response received from the public DNS servers. Connections will be considered as up if DNS responses are received from any one of the health check DNS servers, regardless of a positive or negative result. By default, the first two DNS servers of the WAN connection are used as the health check DNS servers.
Health Check Retries Recovery Retries This setting specifies the number of consecutive ping/DNS lookup timeouts after which the Peplink Balance will treat the corresponding WAN connection as down. Default health retries is set to 3. Using the default Health Retries setting of 3, the corresponding WAN connection will be treated as down after three consecutive timeouts.
Update All Hosts Hosts / Domain Check this box to automatically update all hosts. This setting specifies a list of hostnames or domains to be associated with the public Internet IP address of the WAN connection. Important Note In order to use dynamic DNS services, appropriate hostname registration(s), as well as a valid account with a supported dynamic DNS service provider, are required.
Wi-Fi Connection Profile Settings Type Network Name (SSID) Select whether the network will connect automatically or manually. Enter a name to represent this Wi-Fi connection. This option allows you to select which security policy is used for this wireless network. Available options: ˗ Open ˗ WEP Security ˗ WPA/WPA2 – Personal ˗ http://www.peplink.
9.4 WAN Health Check To ensure traffic is routed to healthy WAN connections only, the Pepwave router can periodically check the health of each WAN connection. The health check settings for each WAN connection can be independently configured via Network>WAN>Details. Health Check Settings Method This setting specifies the health check method for the WAN connection. This value can be configured as Disabled, PING, DNS Lookup, or HTTP. The default method is DNS Lookup.
Health Check Method: DNS Lookup DNS lookups will be issued to test connectivity with target DNS servers. The connection will be treated as up if DNS responses are received from one or both of the servers, regardless of whether the result was positive or negative. Health Check DNS Servers This field allows you to specify two DNS hosts’ IP addresses with which connectivity is to be tested via DNS lookup.
Other Health Check Settings Timeout This setting specifies the timeout in seconds for ping/DNS lookup requests. The default timeout is 5 seconds. Health Check Interval This setting specifies the time interval in seconds between ping or DNS lookup requests. The default health check interval is 5 seconds. Health Check Retries This setting specifies the number of consecutive ping/DNS lookup timeouts after which the Pepwave router will treat the corresponding WAN connection as down.
router), the public IP of each WAN will be automatically reported to the DNS service provider. Either upon a change in IP addresses or every 23 days without link reconnection, the Pepwave router will connect to the dynamic DNS service provider to perform an IP address update within the provider’s records. The settings for dynamic DNS service provider(s) and the association of hostname(s) are configured via Network>WAN>Details>Dynamic DNS Service Provider/Dynamic DNS Settings.
one host, use a carriage return to separate them. Important Note In order to use dynamic DNS services, appropriate host name registration(s) and a valid account with a supported dynamic DNS service provider are required. A dynamic DNS update is performed whenever a WAN’s IP address changes (e.g., the IP is changed after a DHCP IP refresh, reconnection, etc.). Due to dynamic DNS service providers’ policy, a dynamic DNS host will automatically expire if the host record has not been updated for a long time.
the US. All US models are fixed to US channels only. AP Settings (part 2) Protocol This option allows you to specify whether 802.11b and/or 802.11g client association requests will be accepted. Available options are 802.11ng and 802.11na. By default, 802.11ng is selected. Channel Width Available options are 20 MHz, 40 MHz, and Auto (20/40 MHz) . Default is Auto (20/40 MHz), which allows both widths to be used simultaneously. Channel This option allows you to select which 802.
Advanced Wi-Fi AP settings can be displayed by clicking the on the top right-hand corner of the Wi-Fi AP Settings section, which can be found at AP>Settings. Other models will display a separate section called Wi-Fi AP Advanced Settings, which can be found at Advanced>Wi-Fi Settings.
RTS Threshold A Fragmentation Threshold A This setting determines the maximum size of a packet before it gets fragmented into multiple pieces. Distance / Time Convertor Select the range you wish to cover with your Wi-Fi, and the router will make recommendations for the Slot Time and ACK Timeout. Slot Time A ACK Timeout A Frame Aggregation A A The RTS (Request to Clear) threshold determines the level of connection required before the AP starts sending data.
Web Administration Settings Enable Ticking this box enables web admin access for APs located on the WAN. Web Access Protocol Determines whether the web admin portal can be accessed thorugh HTTP or HTTPS Management Port Determines the port at which the management UI can be accessed. Admin Username Determines the username to be used for logging into the web admin portal Admin Password Determines the password for the web admin portal on external AP.
Output Power This option is for specifying the transmission output power for the Wi-Fi AP. There are 4 relative power levels available – Max, High, Mid, and Low. The actual output power will be bound by the regulatory limits of the selected country. Note that selecting the Boost option may cause the MAX’s radio output to exceed local regulatory limits. 11 MediaFast Configuration MediaFast settings can be configured from the Network menu. 11.
Subnet Content Type Check these boxes to cache the listed content types or leave boxes unchecked to disable caching for the listed types. Cache Lifetime Settings Enter a file extension, such as JPG or DOC. Then enter a lifetime in days to specify how long files with that extension will be cached. Add or delete entries using the controls on the right. 11.
incorrectly specified target or stop time. Result Last Download This field indicates whether downloads are in progress ( ). Check this field to ensure that the most recent download file size is within the expected range. A value that is too low might indicate an incomplete download or incorrectly specified download target, while a value that is too long could mean a download with an incorrectly specified target or stop time.
http://www.peplink.
12 Bandwidth Bonding SpeedFusionTM / PepVPN Pepwave bandwidth bonding SpeedFusionTM is our patented technology that enables our SDWAN routers to bond multiple Internet connections to increase site-to-site bandwidth and reliability. SpeedFusion functionality securely connects your Pepwave router to another Pepwave or Peplink device (Peplink Balance 210/310/380/580/710/1350 only). Data, voice, or video communications between these locations are kept confidential across the public Internet.
The local LAN subnet and subnets behind the LAN (defined under Static Route on the LAN settings page) will be advertised to the VPN. All VPN members (branch offices and headquarters) will be able to route to local subnets. Note that all LAN subnets and the subnets behind them must be unique. Otherwise, VPN members will not be able to access each other. All data can be routed over the VPN using the 256-bit AES encryption standard.
PepVPN Profile Settings Name This field is for specifying a name to represent this profile. The name can be any combination of alphanumeric characters (0-9, A-Z, a-z), underscores (_), dashes (-), and/or non-leading/trailing spaces ( ). Active When this box is checked, this VPN connection profile will be enabled. Otherwise, it will be disabled. Encryption By default, VPN traffic is encrypted with 256-bit AES. If Off is selected on both sides of a VPN connection, no encryption will be applied.
setting will be ignored. Enter Remote IDs either by typing out each Remote ID and Pre-shared Key, or by pasting a CSV. If you wish to paste a CSV, click the setting. Remote ID/Remote Certificate Allow Shared Remote ID NAT Mode Remote IP Address / Host Names (Optional) Cost Data Port Bandwidth Limit Cost WAN SmoothingA icon next to the “Remote ID / Preshared Key” These optional fields become available when X.509 is selected as the Peplink Balance’s VPN authentication method, as explained above.
Use IP ToS Checking this button enables the use of IP ToS header field. Latency Difference Cutoff Traffic will be stopped for links that exceed the specified millisecond value with respect to the lowest latency link. (e.g. Lowest latency is 100ms, a value of 500ms means links with latency 600ms or more will not be used) - Advanced feature, please click the button on the top right-hand corner to activate.
You could also specify a DNS server to resolve incoming DNS requests. Click the checkbox next to Backup Site to designate a backup SpeedFusion profile that will take over, should the main PepVPN connection fail. Outbound Policy/PepVPN Outbound Custom Rules Some models allow you to set outbound policy and custom outbound rules from Advanced>PepVPN. See Section 14 for more information on outbound policy settings.
PepVPN Settings A Handshake PortA To designate a custom handshake port (TCP), click the custom radio button and enter the port number you wish to designate. Backward Compatibility Determine the level of backward compatibility needed for PepVPN tunnels. The use of the Latest setting is recommended as it will improve the performance and resilience of SpeedFusion connections. Link Failure Detection Time The bonded VPN can detect routing failures on the path between two sites over each WAN connection.
12.2 The Pepwave Router Behind a NAT Router Pepwave routers support establishing SpeedFusionTM over WAN connections which are behind a NAT (network address translation) router. To enable a WAN connection behind a NAT router to accept VPN connections, you can configure the NAT router in front of the WAN connection to inbound port-forward TCP port 32015 to the Pepwave router.
12.3 SpeedFusionTM Status SpeedFusionTM status is shown in the Dashboard. The connection status of each connection profile is shown as below. After clicking the Status button at the top right corner of the SpeedFusionTM table, you will be forwarded to Status>SpeedFusionTM, where you can view subnet and WAN connection information for each VPN peer. Please refer to Section 22.6 for details.
over the VPN with a selection of encryption standards, such as 3DES, AES-128, and AES-256. To configure IPsec VPN on Pepwave devices that support it, navigate to Advanced>IPsec VPN. A NAT-Traversal option and list of defined IPsec VPN profiles will be shown. NAT-Traversal should be enabled if your system is behind a NAT router. Click the New Profile button to create new IPsec VPN profiles that make VPN connections to remote Pepwave, Cisco, or Juniper routers via available WAN connections.
http://www.peplink.
IPsec VPN Settings Name This field is for specifying a local name to represent this connection profile. Active When this box is checked, this IPsec VPN connection profile will be enabled. Otherwise, it will be disabled. Connect Upon Disconnection of Check this box and select a WAN to connect to this VPN automatically when the specified WAN is disconnected. Remote Gateway IP Address / Host Name Enter the remote peer’s public IP address. For Aggressive Mode, this is optional.
Pre-shared Key This defines the peer authentication pre-shared key used to authenticate this VPN connection. The connection will be up only if the pre-shared keys on each side match. Remote Certificate (pem encoded) Available only when X.509 Certificate is chosen as the Authentication method, this field allows you to paste a valid X.509 certificate. Local ID In Main Mode, this field can be left blank.
WAN Connection Priority WAN Connection Select the appropriate WAN connection from the drop-down menu. 14 Outbound Policy Management Pepwave routers can flexibly manage and load balance outbound traffic among WAN connections. Important Note Outbound policy is applied only when more than one WAN connection is active. The settings for managing and load balancing outbound traffic are located at Advanced>Outbound Policy or Advanced>PepVPN, depending on the model. 14.
There are three main selections for the outbound traffic policy: ˗ High Application Compatibility ˗ Normal Application Compatibility ˗ Custom Note that some Pepwave routers provide only the Send All Traffic To setting here. See Section 12.1 for details. Outbound Policy Settings High Application Compatibility Outbound traffic from a source LAN device is routed through the same WAN connection regardless of the destination Internet IP address and protocol.
http://youtu.be/rKH4AS_bQnE 14.2 Custom Rules for Outbound Policy Click in the Outbound Policy form. Choose Custom and press the Save button. 14.2.1 Algorithm: Weighted Balance This setting specifies the ratio of WAN connection usage to be applied on the specified IP protocol and port. This setting is applicable only when Algorithm is set to Weighted Balance. http://www.peplink.
The amount of matching traffic that is distributed to a WAN connection is proportional to the weight of the WAN connection relative to the total weight. Use the sliders to change each WAN’s weight. For example, with the following weight settings: ˗ Ethernet WAN1: 10 ˗ Ethernet WAN2: 10 ˗ Wi-Fi WAN: 10 ˗ Cellular 1: 10 ˗ Cellular 2: 10 ˗ USB: 10 Total weight is 60 = (10 +10 + 10 + 10 + 10 + 10). Matching traffic distributed to Ethernet WAN1 is 16.7% = (10 / 60 x 100%.
14.2.2 Algorithm: Persistence The configuration of persistent services is the solution to the few situations where link load distribution for Internet services is undesirable. For example, for security reasons, many ebanking and other secure websites terminate the session when the client computer’s Internet IP address changes mid-session. In general, different Internet IP addresses represent different computers.
By Destination: The same WAN connection will be used for traffic matching the rule, originating from the same machine, and going to the same destination. This option can better distribute loads to WAN connections when there are only a few client machines. The default mode is By Source. When there are multiple client requests, they can be distributed (persistently) to WAN connections with a weight.
