Vehicle LTE Router

AN-W02
User Manual
Vehicle LTE Router AN-W02
Chapter 1 Introduction ........................................................................................................................................... 7
1.1 Introduction .............................................................................................................................................. 7
1.2 Contents List ............................................................................................................................................ 8
1.2.1 Package Contents ........................................................................................................................... 8
1.3 Hardware Configuration .......................................................................................................................... 9
1.4 LED Indication ....................................................................................................................................... 11
1.5 Installation & Maintenance Notice ........................................................................................................ 12
1.5.1 SYSTEM REQUIREMENTS ..................................................................................................... 12
1.5.2 WARNING .................................................................................................................................. 12
1.5.3 HOT SURFACE CAUTION ....................................................................................................... 14
1.5.4 Product Information for CE RED Requirements ........................................................................ 15
1.6 Hardware Installation ............................................................................................................................. 18
1.6.1 Mount the Unit ............................................................................................................................ 18
1.6.2 Insert the SIM Card ..................................................................................................................... 18
1.6.3 Install the External RF Cable and Antenna ................................................................................. 19
1.6.4 Connecting DI/DO Devices ........................................................................................................ 20
1.6.5 Connecting Serial Device ........................................................................................................... 21
1.6.6 Connecting Power ....................................................................................................................... 22
1.6.7 Connecting to the Network or a Host ......................................................................................... 24
1.6.8 Setup by Configuring WEB UI ................................................................................................... 24
Chapter 2 Basic Network ..................................................................................................................................... 25
2.1 WAN & Uplink ...................................................................................................................................... 25
2.1.1 Physical Interface ........................................................................................................................ 26
2.1.2 Internet Setup .............................................................................................................................. 31
2.1.3 Load Balance ............................................................................................................................... 54
2.2 LAN & VLAN ....................................................................................................................................... 59
2.2.1 Ethernet LAN ............................................................................................................................... 59
2.2.2 VLAN ......................................................................................................................................... 62
2.2.3 DHCP Server............................................................................................................................... 75
2.3 WiFi........................................................................................................................................................ 83
2.3.1 WiFi Configuration ..................................................................................................................... 84
2.3.2 Wireless Client List ..................................................................................................................... 99
2
Vehicle LTE Router AN-W02
2.3.3 Advanced Configuration ........................................................................................................... 101
2.3.4 Uplink Profile............................................................................................................................ 103
2.4 IPv6 ...................................................................................................................................................... 107
2.4.1 IPv6 Configuration.................................................................................................................... 107
2.5 Port Forwarding .................................................................................................................................. 116
2.5.1 Configuration ............................................................................................................................ 117
2.5.2 Virtual Server & Virtual Computer ........................................................................................... 118
2.5.3 DMZ & Pass Through ............................................................................................................... 124
2.5.4 Special AP & ALG .................................................................................................................... 127
2.6 Routing................................................................................................................................................. 131
2.6.1 Static Routing............................................................................................................................ 132
2.6.2 Dynamic Routing ...................................................................................................................... 135
2.6.3 Routing Information.................................................................................................................. 143
2.7 DNS & DDNS..................................................................................................................................... 144
2.7.1 DNS & DDNS Configuration ................................................................................................... 144
2.8 QoS ..................................................................................................................................................... 148
2.8.1 QoS Configuration .................................................................................................................... 148
Chapter 3 Object Definition ............................................................................................................................... 157
3.1 Scheduling............................................................................................................................................ 157
3.1.1 Scheduling Configuration ......................................................................................................... 157
3.2 User ...................................................................................................................................................... 159
3.2.1 User List .................................................................................................................................... 159
3.2.2 User Profile ............................................................................................................................... 161
3.2.3 User Group ................................................................................................................................ 163
3.3 Grouping .............................................................................................................................................. 165
3.3.1 Host Grouping ........................................................................................................................... 165
3.4 External Server..................................................................................................................................... 167
3.5 Certificate ............................................................................................................................................. 170
3.5.1 Configuration ............................................................................................................................ 170
3.5.2 My Certificate ........................................................................................................................... 173
3.5.3 Trusted Certificate ..................................................................................................................... 180
3.5.4 Issue Certificate ........................................................................................................................ 186
3
Vehicle LTE Router AN-W02
Chapter 4 Field Communication ........................................................................................................................ 189
4.1 Bus & Protocol ..................................................................................................................................... 189
4.1.1 Port Configuration .................................................................................................................... 189
4.1.2 Virtual COM ............................................................................................................................. 191
Chapter 5 Security.............................................................................................................................................. 202
5.1 VPN...................................................................................................................................................... 202
5.1.1 IPSec ......................................................................................................................................... 203
5.1.2 OpenVPN .................................................................................................................................. 217
5.1.3 L2TP ......................................................................................................................................... 230
5.1.4 PPTP ......................................................................................................................................... 238
5.1.5 GRE........................................................................................................................................... 245
5.1.6 EoGRE ...................................................................................................................................... 249
5.2 Firewall ................................................................................................................................................ 253
5.2.1 Packet Filter .............................................................................................................................. 253
5.2.2 URL Blocking ........................................................................................................................... 258
5.2.3 MAC Control ............................................................................................................................ 262
5.2.4 Content Filter ............................................................................................................................ 265
5.2.5 Application Filter ...................................................................................................................... 269
5.2.6 IPS ............................................................................................................................................. 273
5.2.7 Options ...................................................................................................................................... 277
5.3 Authentication ...................................................................................................................................... 281
5.3.1 Captive Portal............................................................................................................................ 281
5.3.2 MAC Authentication ................................................................................................................. 286
Chapter 6 Administration ................................................................................................................................... 288
6.1 Configure & Manage ........................................................................................................................... 288
6.1.1 Command Script ....................................................................................................................... 289
6.1.2 TR-069 ...................................................................................................................................... 293
6.1.3 SNMP........................................................................................................................................ 298
6.1.4 Telnet & SSH ............................................................................................................................ 309
6.2 System Operation ................................................................................................................................. 313
6.2.1 Password & MMI ...................................................................................................................... 313
6.2.2 System Information ................................................................................................................... 317

4
Vehicle LTE Router AN-W02
6.2.3 System Time.............................................................................................................................. 318
6.2.4 System Log ............................................................................................................................... 323
6.2.5 Backup & Restore ..................................................................................................................... 328
6.2.6 Reboot & Reset ........................................................................................................................ 329
6.3 FTP ....................................................................................................................................................... 330
6.3.1 Server Configuration ................................................................................................................. 331
6.3.2 User Account ............................................................................................................................. 333
6.4 Diagnostic ............................................................................................................................................ 334
6.4.1 Diagnostic Tools ....................................................................................................................... 334
6.4.2 Packet Analyzer ........................................................................................................................ 335
Chapter 7 Service ............................................................................................................................................... 338
7.1 Cellular Toolkit .................................................................................................................................... 338
7.1.1 Data Usage ................................................................................................................................ 339
7.1.2 SMS........................................................................................................................................... 342
7.1.3 SIM PIN .................................................................................................................................... 346
7.1.4 USSD ........................................................................................................................................ 350
7.1.5 Network Scan ............................................................................................................................ 353
7.2 SMS & Event ....................................................................................................................................... 355
7.2.1 Configuration ............................................................................................................................ 357
7.2.2 Managing Events ...................................................................................................................... 364
7.2.3 Notifying Events ....................................................................................................................... 367
7.3 Location Tracking ................................................................................................................................. 370
7.3.1 GNSS ........................................................................................................................................ 371
7.3.2 Track Viewer ............................................................................................................................. 377
7.4 Power Control ....................................................................................................................................... 382
7.4.1 Ignition Sense............................................................................................................................ 382
Chapter 8 Status ................................................................................................................................................. 385
8.1 Dashboard ............................................................................................................................................ 385
8.1.1 Device Dashboard ..................................................................................................................... 385
8.2 Basic Network ...................................................................................................................................... 387
8.2.1 WAN & Uplink Status .............................................................................................................. 387
8.2.2 LAN & VLAN Status ............................................................................................................... 391
5
Vehicle LTE Router AN-W02
8.2.3 WiFi Status ................................................................................................................................ 392
8.2.4 DDNS Status ............................................................................................................................. 396
8.3 Security ................................................................................................................................................ 397
8.3.1 VPN Status ................................................................................................................................ 397
8.3.2 Firewall Status .......................................................................................................................... 401
8.4 Administration...................................................................................................................................... 405
8.4.1 Configure & Manage Status...................................................................................................... 405
8.4.2 Log Storage Status .................................................................................................................... 407
8.4.3 GNSS Status.............................................................................................................................. 408
8.5 Statistics & Report ............................................................................................................................... 409
8.5.1 Connection Session ................................................................................................................... 409
8.5.2 Network Traffic ......................................................................................................................... 410
8.5.3 Device Administration .............................................................................................................. 411
8.5.4 Cellular Usage ........................................................................................................................... 412
8.5.5 Portal Usage .............................................................................................................................. 413
Appendix A GPL WRITTEN OFFER ............................................................................................................... 414

6
Vehicle LTE Router AN-W02

Chapter 1 Introduction
1.1 Introduction
Congratulations on your purchase of this outstanding product: In-Vehicle Cellular Gateway. For In-vehicle WiFi
hotspot, In-vheicle telematics, and M2M (machine-to-Machine) applications, AN-W02 In-Vehicle Cellular
Gateway is absolutely the right choice.
With built-in world-class 4G LTE module (*1), you just need to insert SIM card from local mobile carrier to get
to Internet. By VPN tunneling technology, remote sites easily become a part of Intranet, and all data are
transmitted in a secure (256-bit AES encryption) link. The feature of DI/DO allows gateway to have real-time
response whenever events are detected by sensors.
The AN-W02 series products are loaded with luxuriant security features including VPN, firewall, NAT, port
forwarding, DHCP server and many other powerful features for complex and demanding in-vehicle and M2M-
IoT applications. DC 9-36V wide-range power design allows overcoming transient power in vehicles. Terminal
block also secures power lines from falling out while vehicles are moving on the road.

Main Features:
 Built-in high speed LTE modem with dual SIMs for uplink traffic failover.
 Equip gigabit Ethernet ports to connect other IP-based devices in vehicle.
 RS232 serial port for controlling legacy serial devices, such as ticketing/payment device or other
control unit.
 Digital I/O ports for integrating sensors (door sensor, passenger counting), panic button, switch, or
other alarm devices.
 Equip 802.11b/g/n/ac concurrent dualband WiFi access point especially suitable for WiFi hotspot
service in vehicle.
 Work with internal / external portal and RADIUS server for user authentication or push
advertisements.

Before you install and use this product, please read this manual in detail for fully exploiting the functions of
this product.

7
Vehicle LTE Router AN-W02

1.2 Contents List

1.2.1 Package Contents

#Standard Package

Items Description Contents Quantity

AN-W02
1 2 1pcs
In-Vehicle Cellular Gateway(* )

2 Cellular Antenna 2pcs

3 2.4G/5GHz WiFi Antenna 2pcs

4 8 pin Terminal Block 1pcs

5 Mounting Bracket 2pcs

2 The maximum power consumption of AN-W02 product is 20.0W.

8
Vehicle LTE Router AN-W02

1.3 Hardware Configuration

 Front View

LED USB Port SIM A Slot SIM B Slot Reset

Indicators Button

※Reset Button
The RESET button provides user with a quick and easy way to resort the default setting. Press the RESET button
continuously for 6 seconds, and then release it. The device will reset settings to factory default.

9
Vehicle LTE Router AN-W02
 Rear View

3G/4G (Main) 2.4G/5GHz 3G/4G (Aux) 2.4G/5GHz

Antenna WiFi Ant. Antenna WiFi Ant.

Auto MDI/MDIX RJ45 Ports GPS Antenna

2(3)xGE LAN to connect local (Optional)
devices

Power Terminal Block

※ GNSS Antenna
The GNSS Antenna is an optional accessory, and not included in the standard package. If you intend to use
the provided GNSS function, please purchase required GPS antenna and install it to the corresponding SMA
connector in advance.

There can be different type of GNSS antenna supported by the device for different H/W version. Refer to the
HW variant identifier printed on the device label for the purchased device.

10
Vehicle LTE Router AN-W02

1.4 LED Indication

LED Icon Indication LED Color Description

OFF: GNSS function is disabled.
GPS GPS Green Steady ON: Location is fixed.
Fast Flashing: Location is fixing.
OFF: Device is powered OFF or in standby mode.
Steady ON: Device is powered ON.
PWR Power Source Green Flash once a second: Device is at “Delay OFF” mode.
Fast Flashing: Firmware is upgrading or Device is in
recovery mode.
OFF: 2.4G WiFi is disabled.
2.4G 2.4G Green Steady ON: 2.4G WiFi is enabled.
Fast Flashing: Data is transmited/received thru 2.4G Wi-Fi.
OFF: 5G WiFi is disabled.
5G 5G Green Steady ON: 5G WiFi is enabled.
Fast Flashing: Data is transmited/received thru 5G Wi-Fi.
3 Steady ON: SIM Card A is inserted and used for 3G/4G connection.
SIM A SIM A (* ) Green
OFF: SIM card is not inserted or not used for 3G/4G connection.

Steady ON: SIM Card B is inserted and used for 3G/4G connection.
SIM B SIM B Green
OFF: SIM card is not inserted or not used for 3G/4G connection.

HIGH High LTE Signal Green Steady ON: 3G/4G signal strength is at high level.

LOW Low LTE Signal Green Steady ON: 3G/4G signal strength is at low level.

Steady ON: Ethernet connection of LAN or WAN is established.

WAN/LAN1~3 WAN/LAN 1/LAN 3 Green
Flash: Data packets are transfering.

3 The SIM LED indicates which SIM socket will be chosen for connection by system setting, no matter SIM card is inserted or not.
11
Vehicle LTE Router AN-W02

1.5 Installation & Maintenance Notice

1.5.1 SYSTEM REQUIREMENTS
 A Gigabit Ethernet RJ45 cable or DSL modem
 3G/4G cellular service subscription
Network Requirements
 IEEE 802.11b/g/n/ac wireless clients
 10/100/1000 Ethernet adapter on PC
Computer with the following:
 Windows®, Macintosh, or Linux-based operating
system
 An installed Ethernet adapter
Web-based Configuration Utility
Browser Requirements:
Requirements
 Internet Explorer 6.0 or higher
 Chrome 2.0 or higher
 Firefox 3.0 or higher
 Safari 3.0 or higher

1.5.2 WARNING

12
Vehicle LTE Router AN-W02
Federal Communication Commission Interference Statement
This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may
not cause harmful interference, and (2) this device must accept any interference received, including interference that may
cause undesired operation.

This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the
FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential
installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in
accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee
that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or
television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct
the interference by one of the following measures:

- Reorient or relocate the receiving antenna.

- Increase the separation between the equipment and receiver.
- Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
- Consult the dealer or an experienced radio/TV technician for help.

FCC Caution: Any changes or modifications not expressly approved by the party responsible for compliance could void the
user's authority to operate this equipment.
This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter.

FOR PORTABLE DEVICE USAGE (<20m from body/SAR needed)

Radiation Exposure Statement:

The product comply with the FCC portable RF exposure limit set forth for an uncontrolled environment and are safe for
intended operation as described in this manual. The further RF exposure reduction can be achieved if the product can be
kept as far as possible from the user body or set the device to lower output power if such function is available.

FOR MOBILE DEVICE USAGE (>20cm/low power)

Radiation Exposure Statement:

This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment. This
equipment should be installed and operated with minimum distance 20cm between the radiator & your body.

FOR COUNTRY CODE SELECTION USAGE (WLAN DEVICES)

Note: The country code selection is for non-US model only and is not available to all US model. Per FCC
regulation, all WiFi product marketed in US must fixed to US operation channels only.

13
Vehicle LTE Router AN-W02

1.5.3 HOT SURFACE CAUTION

CAUTION: The surface temperature for the metallic enclosure can be very high!
Especially after operating for a long time, installed at a closed cabinet
without air conditioning support, or in a high ambient temperature
space.
DO NOT touch the hot surface with your fingers while servicing!!

14
Vehicle LTE Router AN-W02

1.5.4 Product Information for CE RED Requirements

The following product information is required to be presented in product User Manual for latest CE RED
requirements. 4

(1) Frequency Band & Maximum Power

1.a Frequency Band for Cellular Connection (for EC25-E version)
Band number Operating Frequency Max output power
LTE FDD BAND 1 Uplink: 1920-1980 MHz
23.1 dBm
Downlink: 2110-2170 MHz
LTE FDD BAND 3 Uplink: 1710-1785 MHz
23.0 dBm
Downlink: 1805-1880 MHz
LTE FDD BAND 7 Uplink: 2500-2570 MHz
22.8 dBm
Downlink: 2620-2690 MHz
LTE FDD BAND 8 Uplink: 880-915 MHz
23.2 dBm
Downlink: 925-960 MHz
LTE FDD BAND 20 Uplink: 832-862 MHz
23.5 dBm
Downlink: 791-821 MHz
LTE FDD BAND 38 Uplink: 2570-2620 MHz
21.7 dBm
Downlink: 2570-2620 MHz
LTE FDD BAND 40 Uplink: 2300-2400 MHz
21.5 dBm
Downlink: 2300-2400 MHz
WCDMA BAND 1 Uplink: 1920-1980 MHz
Downlink: 2110-2170 MHz
23.3 dBm
WCDMA BAND 8 Uplink: 880-915 MHz
Downlink: 925-960 MHz
E-GSM Uplink: 880-915 MHz
32.9 dBm
Downlink: 925-960 MHz
DCS Uplink: 1710-1785 MHz
29.9 dBm
Downlink: 1805-1880 MHz

1.b Frequency Band for Cellular Connection (for ME3630 E1C version)
Band number Operating Frequency Max output power
LTE FDD BAND 1 Uplink: 1920-1980 MHz
Downlink: 2110-2170 MHz
LTE FDD BAND 3 Uplink: 1710-1785 MHz
Downlink: 1805-1880 MHz 23 ±2.7 dBm
LTE FDD BAND 7 Uplink: 2500-2570 MHz
Downlink: 2620-2690 MHz
LTE FDD BAND 8 Uplink: 880-915 MHz

4 The information presented in this section is ONLY valid for the EU/EFTA regional version. For those non-
CE/EFTA versions, please refer to the corresponding product specification.
15
Vehicle LTE Router AN-W02
Downlink: 925-960 MHz
LTE FDD BAND 20 Uplink: 832-862 MHz
Downlink: 791-821 MHz
WCDMA BAND 1 Uplink: 1920-1980 MHz
Downlink: 2110-2170 MHz
24 +1/-3 dBm
WCDMA BAND 8 Uplink: 880-915 MHz
Downlink: 925-960 MHz
E-GSM Uplink: 880-915 MHz
33 ±2 dBm
Downlink: 925-960 MHz
DCS Uplink: 1710-1785 MHz
30 ±2 dBm
Downlink: 1805-1880 MHz

1.c Frequency Band for Wi-Fi Connection

Band Operating Frequency Max. Output Power (EIRP)
2.4G 2.4 – 2.4835 GHz 100 mW
5G 5.15 – 5.25 GHz 200 mW

(2) 5150 ~ 5350MHz In Door Use Statements

This product equips the IEEE 802.11ac compliance 5GHz wireless radio module. According to the RED
requirement, the channels covered in the 5150 ~ 5350 MHz frequency band are In Door Use Only.

16
Vehicle LTE Router AN-W02
(3) Contries List for Restrictions (for products with 5GHz radio)

For EU/EFTA, this product can be used in all EU member states and EFTA countries.

AT BE BG CH CY CY DK
DE EE EL ES FI FR HR
HU IE IT LT LU LV MT
NL NO PL PT RO SI SK
SE TR UK

(4) RF Exposure Statements

The antenna of the product, under normal use condition, is at least 20 cm away from the body of user.

(5) Unit Mounting Notice

The product is suitable for mounting at heights <= 2m (approx. 6 ft), or in a cabinet.
Ensure the unit is fixed tightly to reduce the likelyhood of injury due to exposure to mechanical hazards if
dropped.

17
Vehicle LTE Router AN-W02

1.6 Hardware Installation

This chapter describes how to install and configure the hardware

1.6.1 Mount the Unit

The AN-W02 series products can be mounted on a wall, or horizontal plane with the mounting accessories
(brackets). The mounting accessories are not screwed on the product when out of factory. Please screw the
mounting brackets on the product first.

1.6.2 Insert the SIM Card

WARNING: BEFORE INSERTING OR CHANGING THE SIM CARD, PLEASE MAKE SURE THE
GATEWAY IS POWERED OFF.
The SIM card slots are located at the front side of the device housing. You need to unscrew and remove the
outer SIM card cover before installing or removing the SIM card. Please follow the instructions to insert or
eject a SIM card. After SIM card is well placed, screw back the outer SIM card cover.

Step 1: Step 2: Step 3:

Loosten the screws as Push the SIM card into the Push the inserted SIM card
below and remove the SIM slot A or slot B. again to eject it from the
SIM cover. SIM slot.

18
Vehicle LTE Router AN-W02

1.6.3 Install the External RF Cable and Antenna

As illustrated in Section 1.3, there are several SMA antenna Jacks for you to install the required RF cables and
antennas for the RF signal transmission and receiving. You have to purchase required RF cables and antennas
separately for a specific project or installation site to get excellent RF performance.

Since there is limited spacing for allocating all SMA antenna Jacks around the enclosure, the separation among
SMA Jacks (or direct-attached antennas) could be not the optimized arrangement. It is not recommended to
attach the SMA antennas directly to the SMA Jacks. It is very likely to get degraded RF performance at specific
circumstances. It depends heavily on the environment.

However, there are well-known rules of thumb for solving the antenna separation issue.

1: The horizontal distance between antennas should be greater than 1/4 of its wavelength, and there will be
best separation at 1/2 of its wavelength.

2. If multiple frequency antennas are near each other, then use spacing distance of the lower frequency
antenna, or even better try to satisfy the rule for both frequencies.

Wavelength Table for Major RF Category

1/2 Wave Length 1/4 Wave Length

RF Category Frequency Wavelength
(Best Separation) (Good Separation)
WiFi 802.11 5.8GHz 5.2cm 2.6cm 1.3cm

WiFi 802.11 2.4GHz 12.5cm 6.2cm 3.1cm

Celllular LTE 2600MHz 11.5cm 5.8cm 2.9cm

Cellular LTE 2100MHz 14.3cm 7.1cm 3.7cm

Cellular LTE 900MHz 33.3cm 16.6cm 8.3cm

Cellular LTE 700MHz 42.8cm 21.4cm 10.7cm

GPS 1.57GHz 19.0cm 9.5cm 4.7cm

For example, if you have a 900MHz LTE antenna and a WiFi 2.4GHz antenna, you would want them to be
separated by at least 8.3cm to get good antenna separation.

So, it is recommended to use some external RF cables to extend and separate the adjacent antennas and get
better antenna separation and RF performance, if required.

19
Vehicle LTE Router AN-W02

1.6.4 Connecting DI/DO Devices

There are two DI, and one DO ports together with power terminal block. Please refer to following specification
to connect DI and DO devices.
DI -2
DO
DI -1

Mode Specification
Trigger Voltage (high) Logic level 1: 5V~30V
Digital Input
Normal Voltage (low) Logic level 0: 0V~1.0V
Voltage Logic Level 1: Depends on external power source (*5)
(Relay Mode) (maximum voltage is 36V)
Digital Output Logic Level 0: Floating, External Pull-Down Resister
(10K Ohm, 1/2W) is required.
Maximum Current 1A@12V, or 0.33A@36V

Example of Connection Diagram

5 Power of DO is relayed from “PWR” pin in same 8-pin terminal block connector.
20
Vehicle LTE Router AN-W02

1.6.5 Connecting Serial Device

The AN-W02 series products provide one RS-232 port with TX and RX signals located in the terminal block
connector, as shown below. Connect the serial device to the unit TX/RX ports with the right pin assignments of
a RS-232 cable.

TX
RX

21
Vehicle LTE Router AN-W02

1.6.6 Connecting Power

The AN-W02 series product can be powered by connecting a power source to the terminal block. It supports
9V to 36V DC power input. Following picture is the power terminal block pin assignments. Please check
carefully and connect to the right power requirements and polarity.
PWR (DC+)
GND (DC -)
IGN

There are two ways of connecting power in vehicle depends on ignition sense feature is enabled or not.
If Ignition Sense is disabled (*6), please follow the diagram below for power connection.

The ignition sense feature is DISABLED by default.

With this default setting, power pin should be
connected to ACC power. DO NOT connect power
pin to constant power from car battery. Otherwise,

Attention this gateway device will drain battery power out.

6 The function of ignition sense is disabled by default. IGN pin won’t be used with this setting.
22
Vehicle LTE Router AN-W02

Besides, with a provision of IGN (Ignition Sense) Power Control function, the AN-W02 series product can be
powered by Car battery and operates with the benefits for delay OFF, and low battery shutdown feature. That
is, the gateway can still operate for a certain time period even the vehicle powerhas been switched off.

To use such function, please properly concect the PWR / GND / IGN ports to the pads located in vehicle fuse
panel (refer the the following diagram), and activate the Power Control (*7) function through web UI
configuration (refer to Section 7.4).

If PWR pin is connected to constant power from car

battery, please make sure IGN pin is well connected
to ACC pad and Ignition Sense feature (Service-
>Power Control->IgnitIon Sense) is ENABLED.
Otherwise, this gateway device may drain battery
Attention
power out.

7 If enabling ignition sense function, this gateway device won’t be powered on until voltage is detected on IGN pin.
23
Vehicle LTE Router AN-W02

1.6.7 Connecting to the Network or a Host

The AN-W02 series products provide three RJ45 ports to connect 10/100/1000Mbps Ethernet. It can auto
detect the transmission speed on the network and configure itself automatically. Connect one Ethernet cable
to the RJ45 port (LAN) of the device and plug another end of the Ethernet cable into your computer’s network
port. In this way, you can use the RJ45 Ethernet cable to connect to the host PC’s Ethernet port for configuring
the device.

1.6.8 Setup by Configuring WEB UI

You can browse web UI to configure the device.

Type in the IP Address (http://192.168.123.254)8

When you see the login page, enter the user name and password and then click ‘Login’ button.
The default setting for both username and password is ‘admin’ 9.

8 The default LAN IP address of this gateway is 192.168.123.254. If you change it, you need to login by using
the new IP address.
9 For security consideration, you are strongly recommended to change the login username and password from
default values. Refer to Section 6.1.2 for how to change the setting.
24
Vehicle LTE Router AN-W02

Chapter 2 Basic Network

2.1 WAN & Uplink

The gateway provides multiple WAN interfaces to let all client hosts in Intranet of the gateway access the
Internet via ISP. But ISPs in the world apply various connection protocols to let gateways or user's devices dial
in ISPs and then link to the Internet via different kinds of transmit media.

So, the WAN Connection lets you specify the WAN Physical Interface, WAN Internet Setup and WAN Load
Balance for Intranet to access Internet. For each WAN interface, you must specify its physical interface first
and then its Internet setup to connect to ISP. Besides, since the gateway has multiple WAN interfaces, you can
assign physical interface to participate in the Load Balance function.

25
Vehicle LTE Router AN-W02

2.1.1 Physical Interface

M2M gateways are usually equipped with various WAN interfacess to support different WAN connection
scenario for requirement. You can configure the WAN interface one by one to get proper internet connection
setup. Refer to the product specification for the available WAN interfaces in the product you purchased.

The first step to configure one WAN interface is to specify which kind of connection media to be used for the
WAN connection, as shown in "Physical Interface" page.

In "Physical Interface" page, there are two configuration windows, "Physical Interface List" and "Interface
Configuration". "Physical Interface List" window shows all the available physical interfaces. After clicking on
the "Edit" button for the interface in "Physical Interface List" window the "Interface Configuration" window
will appear to let you configure a WAN interface.

Physical Interface:
• Ethernet WAN: The gateway has one or more RJ45 WAN ports that can be configured to be WAN
connections. You can directly connect to external DSL modem or setup behind a firewall device.
• 3G/4G WAN: The gateway has one built-in 3G/4G cellular as WAN connection. For each cellular WAN,
there are 1 or 2 SIM cards to be inserted for special failover function.
• WiFi Uplink WAN: For the product with WiFi Uplink function, one or two WiFi modules can be configured
to be WAN connections. For the WiFi module with Uplink function activated, you can further create some
uplink profiles for ease of connecting to an uplink network.

26
Vehicle LTE Router AN-W02

 Please MUST POWER OFF the gateway before you

insert or remove SIM card.
 The SIM card can be damaged if you insert or
remove SIM card while the gateway is in operation.
Attention

Operation Mode:
There are three option items “Always on”, “Failover”, and “Disable” for the operation mode setting.

Always on: Set this WAN interface to be active all the time. When two or more WAN are established at
"Always on" mode, outgoing data will through these WAN connections base on load balance policies.

Failover:
A failover interface is a backup connection to the
primary. That means only when its primary WAN
connection is broken, the backup connection will be
started up to substitute the primary connection.
As shown in the diagram, WAN-2 is backup WAN for
WAN-1. WAN-1 serves as the primary connection with
operation mode "Always on". WAN-2 won’t be
activated until WAN-1 disconnected. When WAN-1
connection is recovered back with a connection, it will
take over data traffic again. At that time, WAN-2
connection will be terminated.

27
Vehicle LTE Router AN-W02
Seamless Failover:
In addition, there is a "Seamless" option for Failover
operation mode. When seamless option is activated
by checking on the "Seamless" box in configuration
window, both the primary connection and the
failover connection are started up after system
rebooting. But only the primary connection executes
the data transfer, while the failover one just keeps
alive of connection line. As soon as the primary
connection is broken, the system will switch,
meaning failover, the routing path to the failover
connection to save the dial up time of failover
connection since it has been alive.
When the “Seamless” enable checkbox is activated, it
can allow the Failover interface to be connected
continuously from system booting up. Failover WAN
interface just keeps connecting without data traffic.
The purpose is to shorten the switch time during failover process. So, when primary connection is
disconnected, failover interface will take over the data transfer mission instantly by only changing routing
path to the failover interface. The dialing-up time of failover connection is saved since it has been
connected beforehand.

VLAN Tagging
Sometimes, your ISP required a VLAN tag to be inserted into the WAN packets from Gateway for specific
services. Please enable VLAN tagging and specify tag in the WAN physical interface. Please be noted that only
Ethernet and ADSL physical interfaces support the feature. For the device with 3G/4G WAN only, it is disabled.

28
Vehicle LTE Router AN-W02

Physical Interface Setting

Go to Basic Network > WAN > Physical Interface tab.

The Physical Interface allows user to setup the physical WAN interface and to adjust WAN’s behavior.
Note: Numbers of available WAN Interfaces can be different for the purchased gateway.

When Edit button is applied, an Interface Configuration screen will appear. WAN-1 interface is used in this
example.

Interface Configuration:

Interface Configuration
Item Value setting Description
1. A Must fill setting Select one expected interface from the available interface dropdown list.
2. WAN-1 is the primary Depending on the gateway model, Disable and Failover options will be
Physical Interface
interface and is factory available only to multiple WAN gateways. WAN-2 ~ WAN-4 interfaces are
set to Always on. only available to multiple WAN gateway.
Operation Mode A Must fill setting Define the operation mode of the interface.

29
Vehicle LTE Router AN-W02
Select Always on to make this WAN always active.
Select Disable to disable this WAN interface.
Select Failover to make this WAN a Failover WAN when the primary or the
secondary WAN link failed. Then select the primary or the existed
secondary WAN interface to switch Failover from.

(Note: for WAN-1, only Always on option is available.)

Check Enable box to enter tag value provided by your ISP. Otherwise
uncheck the box.
VLAN Tagging Optional setting Value Range: 1 ~ 4095.

Note: This feature is NOT available for 3G/4G WAN connection.

30
Vehicle LTE Router AN-W02

2.1.2 Internet Setup

After specifying the physical interface for each WAN connection, administrator must configure their
connection profile to meet the dial in process of ISP, so that all client hosts in the Intranet of the gateway can
access the Internet.

In "Internet Setup" page, there are some configuration windows: "Internet Connection List", "Internet
Connection Configuration", "WAN Type Configuration" and related configuration windows for each WAN type.
For the Internet setup of each WAN interface, you must specify its WAN type of physical interface first and
then its related parameter configuration for that WAN type.

After clicking on the "Edit" button of a physical interface in "Internet Setup List" window, the "Internet
Connection Configuration" window will appear to let you specify which kind of WAN type that you will use for
that physical interface to make an Internet connection. Based on your chosen WAN type, you can configure
necessary parameters in each corresponding configuration window.

31
Vehicle LTE Router AN-W02

Internet Connection List - Ethernet WAN

WAN Type for Ethernet Interface:

Ethernet is the most common WAN and uplink interface for M2M gateways. Usually it is connected with xDSL
or cable modem for you to setup the WAN connection. There are various WAN types to connect with ISP.
• Static IP: Select this option if ISP provides a fixed IP to you when you subsribe the service. Usually is more
expensive but very importat for cooperate requirement.
• Dynamic IP: The assigned IP address for the WAN by a DHCP server is different every time. It is cheaper
and usually for consumer use.
• PPP over Ethernet: As known as PPPoE. This WAN type is widely used for ADSL connection. IP is usually
different for every dial up.
• PPTP: This WAN type is popular in some countries, like Russia.
• L2TP : This WAN type is popular in some countries, like Israel.

Configure Ethernet WAN Setting

When Edit button is applied, Internet Connection Configuration screen will appear. WAN-1 interface is used in
this example.

32
Vehicle LTE Router AN-W02
WAN Type = Dynamic IP

When you select it, "Dynamic IP WAN Type Configuration" will appear. Items and setting is explained below

Dynamic IP WAN Type Configuration

Item Value setting Description
Host Name An optional setting Enter the host name provided by your Service Provider.
Enter the MAC address that you have registered with your service provider.
ISP Registered MAC Or Click the Clone button to clone your PC’s MAC to this field.
An optional setting
Address Usually this is the PC’s MAC address assigned to allow you to connect to
Internet.

WAN Type= Static IP

When you select it, "Static IP WAN Type Configuration" will appear. Items and setting is explained below

33
Vehicle LTE Router AN-W02
Static IP WAN Type Configuration
Item Value setting Description
WAN IP Address A Must filled setting Enter the WAN IP address given by your Service Provider
WAN Subnet Mask A Must filled setting Enter the WAN subnet mask given by your Service Provider
WAN Gateway A Must filled setting Enter the WAN gateway IP address given by your Service Provider
Primary DNS A Must filled setting Enter the primary WAN DNS IP address given by your Service Provider
Secondary DNS An optional setting Enter the secondary WAN DNS IP address given by your Service Provider

WAN Type= PPPoE

When you select it, "PPPoE WAN Type Configuration" will appear. Items and setting is explained below

PPPoE WAN Type Configuration

Item Value setting Description
PPPoE Account A Must filled setting Enter the PPPoE User Name provided by your Service Provider.
PPPoE Password A Must filled setting Enter the PPPoE password provided by your Service Provider.
Primary DNS An optional setting Enter the IP address of Primary DNS server.
Secondary DNS An optional setting Enter the IP address of Secondary DNS server.
Service Name An optional setting Enter the service name if your ISP requires it
Assigned IP Address An optional setting Enter the IP address assigned by your Service Provider.

34
Vehicle LTE Router AN-W02
WAN Type= PPTP

When you select it, "PPTP WAN Type Configuration" will appear. Items and setting is explained below

PPTP WAN Type Configuration

Item Value setting Description
Select either Static or Dynamic IP address for PPTP Internet connection.
 When Static IP Address is selected, you will need to enter the WAN IP
Address, WAN Subnet Mask, and WAN Gateway.
 WAN IP Address (A Must filled setting): Enter the WAN IP
address given by your Service Provider.
IP Mode A Must filled setting
 WAN Subnet Mask (A Must filled setting): Enter the WAN
subnet mask given by your Service Provider.
 WAN Gateway (A Must filled setting): Enter the WAN gateway
IP address given by your Service Provider.
 When Dynamic IP is selected, there are no above settings required.
Server IP Enter the PPTP server name or IP Address.
A Must filled setting
Address/Name
PPTP Account A Must filled setting Enter the PPTP username provided by your Service Provider.
PPTP Password A Must filled setting Enter the PPTP connection password provided by your Service Provider.
Connection ID An optional setting Enter a name to identify the PPTP connection.
Select Enable to enable MPPE (Microsoft Point-to-Point Encryption)
MPPE An optional setting
security for PPTP connection.

35
Vehicle LTE Router AN-W02
WAN Type= L2TP

When you select it, "L2TP WAN Type Configuration" will appear. Items and setting is explained below

L2TP WAN Type Configuration

Item Value setting Description
Select either Static or Dynamic IP address for L2TP Internet connection.
 When Static IP Address is selected, you will need to enter the WAN IP
Address, WAN Subnet Mask, and WAN Gateway.
 WAN IP Address (A Must filled setting): Enter the WAN IP
address given by your Service Provider.
IP Mode A Must filled setting
 WAN Subnet Mask (A Must filled setting): Enter the WAN
subnet mask given by your Service Provider.
 WAN Gateway (A Must filled setting): Enter the WAN gateway
IP address given by your Service Provider.
 When Dynamic IP is selected, there are no above settings required.
Server IP Enter the L2TP server name or IP Address.
A Must filled setting
Address/Name
L2TP Account A Must filled setting Enter the L2TP username provided by your Service Provider.
L2TP Password A Must filled setting Enter the L2TP connection password provided by your Service Provider.
Enter the service port that the Internet service.
There are three options can be selected :
 Auto: Port will be automatically assigned.
Service Port A Must filled setting  1701 (For Cisco): Set service port to port 1701 to connect to
CISCO server.
 User-defined: enter a service port provided by your Service
Provider.
Select Enable to enable MPPE (Microsoft Point-to-Point Encryption)
MPPE An optional setting
security for PPTP connection.

36
Vehicle LTE Router AN-W02
Ethernet Connection Common Configuration

There are some important parameters to be setup no matter which Ethernet WAN type is selected. You should
follow up the rule to configure.

Connection Control.
Auto-reconnect: This gateway will establish
Internet connection automatically once it has
been booted up, and try to reconnect once the
connection is down. It’s recommended to choose
this scheme if for mission critical applications to
ensure full-time Internet connection.

Connect-on-demand: This gateway won’t start to

establish Internet connection until local data is
going to be sent to WAN side. After normal data
transferring between LAN and WAN sides, this
gateway will disconnect WAN connection if idle
time reaches value of Maximum Idle Time.

37
Vehicle LTE Router AN-W02

Manually: This gateway won’t start to establish

WAN connection until you press “Connect”
button on web UI. After normal data transferring
between LAN and WAN sides, this gateway will
disconnect WAN connection if idle time reaches
value of Maximum Idle Time.

Please be noted, if the WAN interface serves as the primary one for another WAN interface in Failover role,
the Connection Control parameter will not be available to you to configure as the system must set it to “Auto-
reconnect (Always on)”.

Network Monitoring
It is necessary to monitor connection status continuous.
To do it, "ICMP Check" and "FQDN Query" are used to
check. When there is trafiic of connection, checking
packet will waste bandwidth. Response time of replied
packets may also increase. To avoid "Network
Monitoring" work abnormally, enabling "Checking
Loading" option will stop connection check when there is
traffic. It will wait for another "Check Interval" and then
check loading again.
When you do “Network Monitoring”, if reply time longer
than "Latency" or even no response longer than
"Checking Timeout", "Fail" count will be increased. If it is
continuous and "Fail" count is more than "Fail Threshold",
gateway will do exception handing process and re-initial
this connection again . Otherwise, network monitoring
process will be start again.

38
Vehicle LTE Router AN-W02
Set up “Ethernet Common Configuration”
Ethernet WAN Common Configuration
Item Value setting Description
There are three connection modes.
 Auto-reconnect enables the router to always keep the Internet
connection on.
 Connect-on-demand enables the router to automatically re-
establish Internet connection as soon as user attempts to access
Connection Control A Must filled setting
the Internet. Internet connection will be disconnected when it has
been inactive for a specified idle time.
 Connect Manually allows user to connect to Internet manually.
Internet connection will be inactive after it has been inactive for
specified idle time.
Specify the maximum Idle time setting to disconnect the internet
1. An Optional setting connection when the connection idle timed out.
Maximum Idle Time 2. By default 600 Value Range: 300 ~ 86400.
seconds is filled-in Note: This field is available only when Connect-on-demand or Connect
Manually is selected as the connection control scheme.
Check the Enable box to enable the MTU (Maximum Transmission Unit)
limit, and specify the MTU for the 3G/4G connection.
1. An Optional setting
MTU Setup MTU refers to Maximum Transmission Unit. It specifies the largest packet
2. Uncheck by default
size permitted for Internet transmission.
Value Range: 1200 ~ 1500.
1. A Must filled setting MTU refers to Maximum Transmission Unit. It specifies the largest packet
2. Auto (value zero) is size permitted for Internet transmission.
MTU Setup set by default When set to Auto (value ‘0’), the router selects the best MTU for best
3. Manual set range Internet connection performance.
1200~1500
1. An optional setting Enable NAT to apply NAT on the WAN connection. Uncheck the box to
NAT 2. NAT is enabled by disable NAT function.
default
When the Network Monitoring feature is enabled, the gateway will use
DNS Query or ICMP to periodically check Internet connection –connected
or disconnected.
 Choose either DNS Query or ICMP Checking to detect WAN link.
With DNS Query, the system checks the connection by sending DNS
Query packets to the destination specified in Target 1 and Target 2.
With ICMP Checking, the system will check connection by sending
ICMP request packets to the destination specified in Target 1 and
Target 2.
1. An optional setting  Loading Check
Network Monitoring
2. Enabled by default Enable Loading Check allows the router to ignore unreturned DNS
Queries or ICMP requests when WAN bandwidth is fully occupied.
This is to prevent false link-down status.
 Check Interval defines the transmitting interval between two DNS
Query or ICMP checking packets.
 Check Timeout defines the timeout of each DNS query/ICMP.
 Latency Threshold defines the tolerance threshold of responding
time.
 Fail Threshold specifies the detected disconnection before the router
recognize the WAN link down status. Enter a number of detecting
39
Vehicle LTE Router AN-W02
disconnection times to be the threshold before disconnection is
acknowledged.
 Target1 (DNS1 set by default) specifies the first target of sending DNS
query/ICMP request.
 DNS1: set the primary DNS to be the target.
 DNS2: set the secondary DNS to be the target.
 Gateway: set the Current gateway to be the target.
 Other Host: enter an IP address to be the target.
 Target2 (None set by default) specifies the second target of sending
DNS query/ICMP request.
 None: to disable Target2.
 DNS1: set the primary DNS to be the target.
 DNS2: set the secondary DNS to be the target.
 Gateway: set the Current gateway to be the target.
 Other Host: enter an IP address to be the target.
Enable IGMP (Internet Group Management Protocol) would enable the
1. A Must filled setting router to listen to IGMP packets to discover which interfaces are connected
IGMP 2. Disable is set by to which device. The router uses the interface information generated by
default IGMP to reduce bandwidth consumption in a multi-access network
environment to avoid flooding the entire network.
Enable WAN IP Alias then enter the IP address provided by your service
1. An optional setting provider.
WAN IP Alias
2. Uncheck by default WAN IP Alias is used by the device router and is treated as a second set of
WAN IP to provide dual WAN IP address to your LAN network.
Save N/A Click Save to save the settings.
Undo N/A Click Undo to cancel the settings.

40
Vehicle LTE Router AN-W02

Internet Connection – 3G/4G WAN

Preferred SIM Card – Dual SIM Fail Over

For 3G/4G embedded device, one embedded cellular module can create only one WAN interface. This device
has featured by using dual SIM cards for one module with special fail-over mechanism. It is called Dual SIM
Failover. This feature is useful for ISP switch over when location is changed. Within “Dual SIM Failover”, there
are various usage scenarios, including "SIM-A First", "SIM-B First“ with “Failback” enabled or not, and “SIM-A
Only and “SIM-B Only”.

41
Vehicle LTE Router AN-W02
SIM-A/SIM-B only: When “SIM-A Only” or “SIM-B Only” is used, the specified SIM slot card is the only one to
be used for negotiation parameters between gateway device and cellular ISP.

SIM-A / SIM-B first without enable Failback

By default, “SIM-A First” scenario is used to connect to cellular ISP for
data transfer. In the case of “SIM-A First” or “SIM-B First” scenario, the
gateway will try to connect to the Internet by using SIM-A or SIM-B card
first. And when the connection is broken, the gateway will switch to use
the other SIM card for an alternate automatically and will not switch back
to use original SIM card except current SIM connection is also broken.
That is, SIM-A and SIM-B are used iteratively, but either one will keep
being used for data transfer when current connection is still alive.

SIM-A / SIM-B first with Failback enable

With Failback option enabled, “SIM-A First” scenario is
used to connect when the connection is broken, gateway
system will switch to use SIM-B. And when SIM-A
connection is recovered, it will switch back to use original
SIM-A card

Configure 3G/4G WAN Setting

When Edit button is applied, Internet Connection Configuration, and 3G/4G WAN Configuration screens will
appear.

42
Vehicle LTE Router AN-W02

3G/4G Connection Configuration

Item Value setting Description
1. A Must filled setting From the dropdown box, select Internet connection method for 3G/4G
WAN Type 2. 3G/4G is set by WAN Connection. Only 3G/4G is available.
default.
Choose which SIM card you want to use for the connection.
When SIM-A First or SIM-B First is selected, it means the connection is built
first by using SIM A/SIM B. And if the connection is failed, it will change to
the other SIM card and try to dial again, until the connection is up.
1. A Must filled setting When SIM-A only or SIM-B only is selected, it will try to dial up only using
2. By default SIM-A First the SIM card you selected.
Preferred SIM Card is selected When Failback is checked, it means if the connection is dialed-up not using
3. Failback is unchecked the main SIM you selected, it will failback to the main SIM and try to
by default establish the connection periodically.
Note_1: For the product with single SIM design, only SIM-A Only option is
available.
Note_2: Failback is available only when SIM-A First or SIM-B First is
selected.
Check the Enable box to activate the function.
By default, if you disabled the Auto Flight Mode, the cellular module will
always occupy a physical channel with cellular tower. It can get data
connection instantly, and receive managing SMS all the time on required.
If you enabled the Auto Flight Mode, the gateway will pop up a message
“Flight mode will cause cellular function to be malfunctioned when the
data session is offline.”, and it will make the cellular module into flight
The box is unchecked by
Auto Flight Mode mode and disconnected with cellular tower phycially. In, addition,
default
whenever the cellular module is going to be used for data connection to
backup the failed primary connection, the cellular module will be active to
connect with cellular tower and get the data connection for use, It takes
few more seconds.

Note: Keep it unchecked unless your cellular ISP asked the connected
gateway to enable the Auto Flight Mode.

Configure SIM-A / SIM-B Card

Here you can set configurations for the cellular connection according to your situation or requirement.

43
Vehicle LTE Router AN-W02

Note_1: Configurations of SIM-B Card follows the same rule of Configurations of SIM-A Card, here we list SIM-
A as the example.
Note_2: Both Connection with SIM-A Card and Connection with SIM-B Card will pop up only when the SIM-A
First or SIM-B First is selected, otherwise it only pops out one of them.

Connection with SIM-A/-B Card

Item Value setting Description
Select Auto to register a network automatically, regardless of the network
type.
Select 2G Only to register the 2G network only.
1. A Must filled setting Select 2G Prefer to register the 2G network first if it is available.
Network Type 2. By default Auto is Select 3G only to register the 3G network only.
selected Select 3G Prefer to register the 3G network first if it is available.
Select LTE only to register the LTE network only.

Note: Options may be different due to the specification of the module.

Specify the type of dial-up profile for your 3G/4G network. It can be
Manual-configuration, APN Profile List, or Auto-detection.

1. A Must filled setting Select Manual-configuration to set APN (Access Point Name), Dial Number,
Dial-Up Profile 2. By default Manual- Account, and Password to what your carrier provides.
configuration is selected Select APN Profile List to set more than one profile to dial up in turn, until
the connection is established. It will pop up a new filed, please go to Basic
Network > WAN & Uplink > Internet Setup > SIM-A APN Profile List for
details.
44
Vehicle LTE Router AN-W02
Select Auto-detection to automatically bring out all configurations needed
while dialing-up, by comparing the IMSI of the SIM card to the record listed
in the manufacturer’s database.

Note_1: You are highly recommended to select the Manual or APN Profile
List to specify the network for your subscription. Your ISP always provides
such network settings for the subscribers.
Note_2: If you select Auto-detection, it is likely to connect to improper
network, or failed to find a valid APN for your ISP.
1. A Must filled setting Enter the APN you want to use to establish the connection.
APN 2. String format : any This is a must-filled setting if you selected Manual-configuration as dial-up
text profile scheme.
1. A Must filled setting Specify the IP type of the network serveice provided by your 3G/4G
IP Type 2. By default IPv4 is network. It can be IPv4, IPv6, or IPv4/6.
selected
1. An Optional setting Enter the PIN (Personal Identification Number) code if it needs to unlock
PIN code 2. String format : your SIM card.
interger
Enter the optional Dial Number, Account, and Password settings if your ISP
Dial Number, 1. An Optional setting
provided such settings to you.
Account, 2. String format : any
Note: These settings are only displayed when Manual-configuration is
Password text
selected.
Select PAP (Password Authentication Protocol) and use such protocol to be
authenticated with the carrier’s server.
1. A Must filled setting
Select CHAP (Challenge Handshake Authentication Protocol) and use such
Authentication 2. By default Auto is
protocol to be authenticated with the carrier’s server.
selected
When Auto is selected, it means it will authenticate with the server either
PAP or CHAP.
When Dynamic IP is selected, it means it will get all IP configurations from
the carrier’s server and set to the device directly.
If you have specific application provided by the carrier, and want to set IP
1. A Must filled setting
configurations on your own, you can switch to Static IP mode and fill in all
IP Mode 2. By default Dynamic IP
parameters that required, such as IP address, subnet mask and gateway.
is selected
Note: IP Subnet Mask is a must filled setting, and make sure you have the
right configuration. Otherwise, the connection may get issues.
1. An Optional setting Enter the IP address to change the primary DNS (Domain Name Server)
Primary DNS 2. String format : IP setting. If it is not filled-in, the server address is given by the carrier while
address (IPv4 type) dialing-up.
1. An Optional setting Enter the IP address to change the secondary DNS (Domain Name Server)
Secondary DNS 2. String format : IP setting. If it is not filled-in, the server address is given by the carrier while
address (IPv4 type) dialing-up.
Check the box to establish the connection even the registration status is
The box is unchecked by roaming, not in home network.
Roaming
default
Note: It may cost additional charges if the connection is under roaming.

Create/Edit SIM-A / SIM-B APN Profile List

You can add a new APN profile for the connection, or modify the content of the APN profile you added. It is
available only when you select Dial-Up Profile as APN Profile List.
45
Vehicle LTE Router AN-W02

List all the APN profile you created, easily for you to check and modify. It is available only when you select
Dial-Up Profile as APN Profile List.
When Add button is applied, an APN Profile Configuration screen will appear.

SIM-A/-B APN Profile Configuration

Item Value setting Description
1. By default Profile-x is Enter the profile name you want to describe for this profile.
Profile Name listed
2. String format : any text
APN String format : any text Enter the APN you want to use to establish the connection.
1. A Must filled setting Specify the IP type of the network serveice provided by your 3G/4G
IP Type 2. By default IPv4 is network. It can be IPv4, IPv6, or IPv4/6.
selected
Enter the Account you want to use for the authentication.
Account String format : any text
Value Range: 0 ~ 53 characters.
Password String format : any text Enter the Password you want to use for the authentication.
1. A Must filled setting Select the Authentication method for the 3G/4G connection.
Authentication 2. By default Auto is It can be Auto, PAP, CHAP, or None.
selected
Enter the value for the dialing-up order. The valid value is from 1 to 16. It
1. A Must filled setting
Priority will start to dial up with the profile that assigned with the smallest number.
2. String format : integer
Value Range: 1 ~ 16.
The box is checked by Check the box to enable this profile.
Profile
default Uncheck the box to disable this profile in dialing-up action.
Save N/A Click the Save button to save the configuration.
Click the Undo button to restore what you just configured back to the
Undo N/A
previous setting.

46
Vehicle LTE Router AN-W02
When the Back button is clicked, the screen will return to the previous
Back N/A
page.

Setup 3G/4G Connection Common Configuration

Here you can change common configurations for 3G/4G WAN.

3G/4G Connection Common Configuration

Item Value setting Description
When Auto-reconnect is selected, it means it will try to keep the Internet
connection on all the time whenever the physical link is connected.
When Connect-on-demand is selected, it means the Internet connection
will be established only when detecting data traffic.
When Connect Manually is selected, it means you need to click the
By default Auto- Connect button to dial up the connection manually. Please go to Status >
Connection Control
reconnect is selected Basic Network > WAN & Uplink tab for details.

Note: If the WAN interface serves as the primary one for another WAN
interface in Failover role( and vice versa), the Connection Control
parameter will not be available on both WANs as the system must set it to
“Auto-reconnect”
Specify the maximum Idle time setting to disconnect the internet
1. An Optional setting connection when the connection idle timed out.
Maximum Idle Time 2. By default 600 Value Range: 300 ~ 86400.
seconds is filled-in Note: This field is available only when Connect-on-demand or Connect
Manually is selected as the connection control scheme.
1. A Must filled setting When (0) Always is selected, it means this WAN is under operation all the
Time Schedule 2. By default (0) Always time. Once you have set other schedule rules, there will be other options to
is selected select. Please go to Object Definition > Scheduling for details.
Check the Enable box to enable the MTU (Maximum Transmission Unit)
1. An Optional setting limit, and specify the MTU for the 3G/4G connection.
MTU Setup
2. Uncheck by default MTU refers to Maximum Transmission Unit. It specifies the largest packet
size permitted for Internet transmission.
47
Vehicle LTE Router AN-W02
Value Range: 1200 ~ 1500.
When Enable box is checked, it means the device will directly assign the
1. The box is unchecked
WAN IP to the first connected local LAN client.
by default
However, when an optional Fixed MAC is filled-in a non-zero value, it
IP Pass-through 2. String format for Fixed
means only the client with this MAC address can get the WAN IP address.
(Cellular Bridge) MAC:
MAC address, e.g.
Note: When the IP Pass-through is on, NAT and WAN IP Alias will be
00:50:18:aa:bb:cc
unavailable until the function is disabled again.
NAT Check by default Uncheck the box to disable NAT (Network Address Translation) function.
By default Disable is Select Auto to enable IGMP function.
IGMP
selected Check the Enable box to enable IGMP Proxy.
1. Unchecked by default Check the box to enable WAN IP Alias, and fill in the IP address you want to
WAN IP Alias 2. String format: IP assign.
address (IPv4 type)

Network Monitoring Configuration

Item Value setting Description
1. An optional setting Check the Enable box to activate the network monitoring function.
Network Monitoring
2. Box is checked by
Configuration
default
Choose either DNS Query or ICMP Checking to detect WAN link.
With DNS Query, the system checks the connection by sending DNS Query
packets to the destination specified in Target 1 and Target 2.
1. An Optional setting
With ICMP Checking, the system will check connection by sending ICMP
Checking Method 2. DNS Query is set by
request packets to the destination specified in Target 1 and Target 2.
default
Query Interval defines the transmitting interval between two DNS Query or
ICMP checking packets.
Check the Enable box to activate the loading check function.
Enable Loading Check allows the gateway to ignore unreturned DNS
1. An optional setting
queries or ICMP requests when WAN bandwidth is fully occupied. This is to
Loading Check 2. Box is checked by
prevent false link-down status.
default
Latency Threshold defines the tolerance threshold of responding time.
48
Vehicle LTE Router AN-W02
Fail Threshold specifies the detected disconnection before the router
recognize the WAN link down status. Enter a number of detecting
disconnection times to be the threshold before disconnection is
acknowledged.
Target1 specifies the first target of sending DNS query/ICMP request.
1. An Optional filled
DNS1: set the primary DNS to be the target.
setting
Target 1 DNS2: set the secondary DNS to be the target.
2. DNS1 is selected by
Gateway: set the Current gateway to be the target.
default
Other Host: enter an IP address to be the target.
Target1 specifies the second target of sending DNS query/ICMP request.
1. An Optional filled None: no second target is required.
setting DNS1: set the primary DNS to be the target.
Target 2
2. None is selected by DNS2: set the secondary DNS to be the target.
default Gateway: set the Current gateway to be the target.
Other Host: enter an IP address to be the target.
Save N/A Click Save to save the settings.
Undo N/A Click Undo to cancel the settings.

49
Vehicle LTE Router AN-W02

Internet Connection – WFi Uplink WAN

If the device connects to Internet through WiFi Uplink, this section will help you to complete WiFi Uplink
connection setup.

Go to Basic Network > WAN & Uplink > Internet Setup tab.

WiFi Uplink interface: The Uplink network is a wireless network, and the gateway can connect to the Uplink
network through WiFi connection.
If you have the access permission to a certain wireless network, you can setup a WiFi Uplink connection by
using the gateway device. This gateway can support 802.11ac/n/g/b data connection, and it can connect to a
wireless network (access point) under the regular infrastrature mode.

Configure WiFi Uplink Setting

When Edit button is applied, Internet Connection Configuration screen will appear. WAN-2 interface is used in
this example.

Internet Connection Configuration

Item Value setting Description
1. A Must filled setting. From the dropdown box, select Internet connection method for WiFi Uplink
WAN Type 2. Uplink is selected by Connection. Only Uplink is available.
default.

50
Vehicle LTE Router AN-W02
WiFi Uplink

WiFi Uplink WAN Type Configuration

Item Value setting Description
Display the information of AP for connecting.
You can Click the Scan button and select a AP for the uplink network.
Connect to AP N/A Besides, you can also create uplink profile(s) for ease of connecting to an
available Uplink network. Refer to Basic Network > WiFi > Uplink Profile
tab.
Select the expected network type for the WiFi Uplink connection. It can be
NAT Mode, Bridge Mode, or NAT Disable.
When NAT Mode is selected, the NAT function is activated on the Wireless
Uplink connection;
1. A Must filled setting When Bridge Mode is selected, the bridge function is activated on the
Network Type 2. NAT Mode is selected Wireless Uplink connection; The supporting of bridge mode depends on the
by default. product specification, if the purchased device doesn’t support the bridge
mode, it will be greyed out from selection.
When NAT Disable is selected, the NAT function is deactivated on the
Wireless Uplink connection, and it can function as a router with manually
configured routing setting.
Specify the IP mode for the wireless uplink Interface. It can be Dynamic IP
or Static IP.
When Dynamic IP is selected, the device will request a IP from the Uplink
1. A Must filled setting
Network as the IP for the uplink interface ;
IP Mode 2. Dynamic IP is selected
When Static IP is selected, you have to manually configure the IP address
by default.
settings for the uplink interface. The settings include IP address, subnet
mask, gateway, and primary/secondary DNS.

There are three connection modes.

 Auto-reconnect (Always on) enables the router to always keep
the Internet connection on.
 Connect-on-demand enables the router to automatically re-
establish Internet connection as soon as user attempts to access
Connection Control A Must filled setting
the Internet. Internet connection will be disconnected when it has
been inactive for a specified idle time.
 Connect Manually allows user to connect to Internet manually.
Internet connection will be inactive after it has been inactive for
specified idle time.
51
Vehicle LTE Router AN-W02
Specify the maximum Idle time setting to disconnect the internet
1. An Optional setting connection when the connection idle timed out.
Maximum Idle Time 2. By default 600 Value Range: 300 ~ 86400.
seconds is filled-in Note: This field is available only when Connect-on-demand or Connect
Manually is selected as the connection control scheme.
Click the Enable checkbox to activate the fast roaming function.
1. An Optional setting In addition, you can also specify a threshold value for changing from one AP
Fast Roaming 2. Unchecked is selected to another near-by AP. The default threshold value is 40%.
by default. Value Range: 30 ~ 60%.

1. An Optional setting You can specify up to three channels for WiFi Uplink fast roaming function.
Fast Roaming
2. N/A is selected by If you don’t specify any channel, the WiFi uplink will just operate on original
Channels
default. connection channel.

Network Minitoring

Network Monitoring Configuration

Item Value setting Description
1. An Optional setting Click the Enable checkbox to activate the function.
Network Minitoring
2.The box is checked by
Configuration
default.
Choose either DNS Query or ICMP Checking method and specify a
1. An Optional setting Query/Check Interval to detect WAN link.
Checking Method 2. DNS Query is selected
by default. With such configuration, the gateway will use DNS Query or ICMP Checking
to periodically check Internet connection –connected or disconnected.
Click the Enable checkbox to activate the function.
Enable Loading Check allows the gateway to ignore unreturned DNS
1. An optional setting Queries or ICMP requests when WAN bandwidth is fully occupied. This is to
Load Checking
2. Enabled by default. prevent false link-down status.
Latency Threshold defines the tolerance threshold of responding time.
Fail Threshold specifies the detected disconnection before the router
52
Vehicle LTE Router AN-W02
recognize the WAN link down status. Enter a number of detecting
disconnection times to be the threshold before disconnection is
acknowledged.
Specify a time interval as the DNS Query Interval.
Query Interval defines the transmitting interval between two DNS Query or
1. An Optional setting
ICMP checking packets.
Query Interval 2. 5 seconds is selected
With DNS Query, the system checks the connection by sending DNS Query
by default.
packets to the destination specified in Target 1 and Target 2.
Value Range: 2 ~ 14400.
Specify a time interval as the ICMP Checking Interval.
Query Interval defines the transmitting interval between two DNS Query or
1. An Optional setting
ICMP checking packets.
Check Interval 2. 5 seconds is selected
With ICMP Checking, the system will check connection by sending ICMP
by default.
request packets to the destination specified in Target 1 and Target 2.
Value Range: 2 ~ 14400.
1. An Optional setting Specify a time interval as the Latency Threshold.
Latency Threshold 2. 3000 ms is selected by Latency Threshold defines the tolerance threshold of responding time.
default.
Enter a number of detecting disconnection times to be the threshold
1. An Optional setting before disconnection is acknowledged.
Fail Threshold 2. 5 times is selected by Fail Threshold specifies the detected disconnection before the router
default. recognize the WAN link down status.
Value Range: 1 ~ 10.
Target1 (DNS1 set by default) specifies the first target of sending DNS
query/ICMP request.
1. An Optional setting
 DNS1: set the primary DNS to be the target.
Target 1 2. DNS1 is selected by
 DNS2: set the secondary DNS to be the target.
default.
 Gateway: set the Current gateway to be the target.
 Other Host: enter an IP address to be the target.
Target2 (None set by default) specifies the second target of sending DNS
query/ICMP request.
1. An Optional setting  None: to disable Target2.
Target 2 2. None is selected by  DNS1: set the primary DNS to be the target.
default.  DNS2: set the secondary DNS to be the target.
 Gateway: set the Current gateway to be the target.
 Other Host: enter an IP address to be the target.
Save N/A Click Save to save the settings.
Undo N/A Click Undo to cancel the settings.

53
Vehicle LTE Router AN-W02

2.1.3 Load Balance

When there aremultiple WAN interfaces, and when the bandwidth of one WAN connection is not enough for
the traffic loads from the Intranet to the Internet, the WAN load balance function can be considered to
enlarge the total WAN bandwidth.
Load Balance Strategy
There are three optional strategies for load balance: “By Smart Weight”, “By Specific Weight”, and “By User
Policy”. Administrator can select strategy according to application requirement and environment status. The
strategies are explained as below.

By Smart Weight
If based on "By Smart Weight" strategy, gateway
will take the line speed settings of all WAN
interfaces specified in "Physical Interface"
configuration page as default ratio for data
transfer. Based on the ratio of packet bytes via
these WAN interfaces in past period (maybe 5
minutes), system decides how many sessions will
be transferred via each WAN interface for next
period. Administrator may take it as a fast
approach to maximize the bandwidth utilization of
multiple WAN interfaces in gateway

54
Vehicle LTE Router AN-W02

By Specific Weight
When you select "By Specific Weight", you need to
set up ratio of WAN-1/WAN-2 to decide sessions
sent ratio. Total ratio should be 100%. Ratio is
usually defined based on practical WAN speed of
environment. Gateway's traffic control process will
operate routing adequately based on the
dedicated weights ratio on all WAN interfaces.

By User Policy
If "By User Policy" load balance strategy is
selected, it can allow you to mapping Source IP,
Destination IP, or Destination Port to assigned
WAN interfece. This IP address is not only a single
IP but also a subnet or IP range. Destination port
can be a single port or port range. You can select
one target for one mapping to setup IP address
and leave others just left as “any”/ ”All”. Besides
this, you can also set protocol as TCP, UDP or
both.

Diagrams shown on left side are examples user

policy. The first diagram illustrates example for
mapping various source IP subnets to different
WAN interface. All packets from different subnet
will be routed to the assigned WAN interfece.
Administrator can manage and balance the
loading among available WAN interfaces
accordingly.
The second diagram illustrates another example
for routing packets with designated destination IP
or domain name to a certain WAN interface.
If packets no belong to user policy rule, the
gateway just routes those packets based on
smart weight algorithm.

55
Vehicle LTE Router AN-W02

Load Balance Setting

Go to Basic Network > WAN & Uplink > Load Balance Tab.

The Load Balance function is used to manage balance bandwidth usage among multiple WAN connections.
When you choose "By Smart Weight" strategy, system will operate load balance function automatically based
on the embedded Smart Weight algorithm. However, when you choose "By Specific Weight" strategy, the
further "Weight Definition" configuration window will let you define the ratio of transferred sessions between
all WAN interfaces for data transfer. At last, when you choose "By User Policy" strategy, the further "User
Policy List" shows all defined user policy entries, and the "User Policy Configuration" window will let you
create and define one user policy for routing dedicated packet flow via one WAN interface.

Enable/Select Load Balance Strategy

Configuration
Item Value setting Description
Load Balance Unchecked by default Check the Enable box to activate Load Balance function.
There are up to three load balance strategies. Select the preferred one.
By Smart Weight: System will operate load balance function automatically
based on the embedded Smart Weight algorithm.
1. A Must filled setting
Load Balance By Specific Weight: System will adjust the ratio of transferred sessions among
2. By Smart Weight is
Strategy all WANs based on the specified weights for each WAN.
selected by default.
By User Policy: System will route traffics through available WAN interface based
on user defined rules.
Note: The number of available strategies depends on the model you purchased.
Save NA Click the Save button to save the configuration
Click the Undo button to restore what you just configured back to the previous
Undo NA
setting.

When By Specific Weight is selected, user needs to adjust the percentage of WAN loading. System will give a
value according to the bandwidth ratio of each WAN at first time and keep the value after clicking Save button.

56
Vehicle LTE Router AN-W02

Weight Definition
Item Value setting Description
WAN ID NA The Identifier for each available WAN interface..
Enter the weight ratio for each WAN interface.
1. A Must filled setting Initially, the bandwidth ratio of each WAN is set by default.
Weight 2. Set with bandwidth ratio Value Range: 1 ~ 99.
of each WAN by default.
Note: The sum of all weights can’t be greater than 100%.
Save NA Click the Save button to save the configuration
Click the Undo button to restore what you just configured back to the previous
Undo NA
setting.

When By User Policy is selected, a User Policy List screen will appear. With properly configured your policy
rules, system will route traffics through available WAN interface based on user defined rules

Create User Policy

When Add button is applied, User Policy Configuration screen will appear.

57
Vehicle LTE Router AN-W02
User Policy Configuration
Item Value setting Description
There are four options can be selected :
Any: No specific Source IP is provided. The traffic may come from any source
Subnet: Specify the Subnet for the traffics come from the subnet. Input format
Source IP 1. A Must filled setting
is : xxx.xxx.xxx.xxx/xx e.g. 192.168.123.0/24.
Address 2. Any is selected by default.
IP Range: Specify the IP Range for the traffics come from the IPs
Single IP: Specify a unique IP Address for the traffics come from the IP. Input
format is : xxx.xxx.xxx.xxx e.g. 192.168.123.101.
There are five options can be selected :
Any: No specific destination IP is provided. The traffic may come to any
destination.
Subnet: Specify the Subnet for the traffics come to the subnet. Input format is :
Destination IP 1. A Must filled setting
xxx.xxx.xxx.xxx/xx e.g. 192.168.123.0/24.
Address 2. Any is selected by default.
IP Range: Specify the IP Range for the traffics come to the IPs
Single IP: Specify a unique IP Address for the traffics come to the IP. Input
format is : xxx.xxx.xxx.xxx e.g. 192.168.123.101.
Domain Name: Specify the domain name for the traffics come to the domain
There are four options can be selected :
All: No specific destination port is provided.
Destination 1. A Must filled setting Port Range: Specify the Destination Port Range for the traffics
Port 2. All is selected by default. Single Port: Specify a unique destination Port for the traffics
Well-known Applications: Select the service port of well-known application
defined in dropdown list.
1. A Must filled setting There are three options can be selected. They are Both, TCP, and UDP.
Protocol 2. Both is selected by
default.
1. A Must filled setting User can select the interface that traffic should go.
WAN Interface 2. WAN-1 is selected by Note that the WAN interface dropdown list will only show the available WAN
default. interfaces.
Policy Unchecked by default Check the Enable checkbox to activate the policy rule.
Save NA Click the Save button to save the configuration
Click the Undo button to restore what you just configured back to the previous
Undo NA
setting.

58
Vehicle LTE Router AN-W02

2.2 LAN & VLAN

This section provides the configuration of LAN and VLAN. VLAN is an optional feature, and it depends on the
product specification of the purchased gateway.

2.2.1 Ethernet LAN

The Local Area Network (LAN) can be

used to share data or files among
computers attached to a network.
Following diagram illustrates the
network that wired and interconnects
computers.

Please follow the following instructions to do IPv4 Ethernet LAN Setup.

Configuration
Item Value setting Description
It shows the LAN IP mode for the gateway according the related configuration.
Static IP: If there is at least one WAN interface activated, the LAN IP mode is
IP Mode N/A fixed in Static IP mode.
Dynamic IP: If all the available WAN inferfaces are disabled, the LAN IP mode
can be Dynamic IP mode.
Enter the local IP address of this device.
The network device(s) on your network must use the LAN IP address of this
1. A Must filled setting
LAN IP device as their Default Gateway. You can change it if necessary.
2. 192.168.123.254 is set by
Address
default
Note: It’s also the IP address of web UI. If you change it, you need
to type new IP address in the browser to see web UI.
1. A Must filled setting Select the subnet mask for this gateway from the dropdown list.
Subnet Mask
2. 255.255.255.0 (/24) is set Subnet mask defines how many clients are allowed in one network or subnet.
59
Vehicle LTE Router AN-W02
by default The default subnet mask is 255.255.255.0 (/24), and it means maximum 254 IP
addresses are allowed in this subnet. However, one of them is occupied by LAN
IP address of this gateway, so there are maximum 253 clients allowed in LAN
network.
Value Range: 255.0.0.0 (/8) ~ 255.255.255.252 (/30).
Save N/A Click the Save button to save the configuration
Click the Undo button to restore what you just configured back to the previous
Undo N/A
setting.

Create / Edit Additional IP

This gateway provides the LAN IP alias function for some special management consideration. You can add
additional LAN IP for this gateway, and access to this gateway with the additional IP.

When Add button is applied, Additional IP Configuration screen will appear.

Configuration
Item Value setting Description
Name .1 An Optional Setting Enter the name for the alias IP address.
1. A Must filled setting
Interface Specify the Interface type. It can be lo or br0.
2. lo is set by default
1. An Optional setting
IP Address 2. 192.168.123.254 is set by Enter the addition IP address for this device.
default
Select the subnet mask for this gateway from the dropdown list.
1. A Must filled setting Subnet mask defines how many clients are allowed in one network or subnet.
Subnet Mask 2. 255.255.255.0 (/24) is set The default subnet mask is 255.255.255.0 (/24), and it means maximum 254 IP
by default addresses are allowed in this subnet. However, one of them is occupied by LAN
IP address of this gateway, so there are maximum 253 clients allowed in LAN
60
Vehicle LTE Router AN-W02
network.
Value Range: 255.0.0.0 (/8) ~ 255.255.255.255 (/32).
Save NA Click the Save button to save the configuration

61
Vehicle LTE Router AN-W02

2.2.2 VLAN
VLAN (Virtual LAN) is a logical network under a certain switch or router device to group client hosts with a
specific VLAN ID. This gateway supports both Port-based VLAN and Tag-based VLAN. These functions allow
you to divide local network into different “virtual LANs”. It is common requirement for some application
scenario. For example, there are various departments within SMB. All client hosts in the same department
should own common access privilege and QoS property. You can assign departments either by port-based
VLAN or tag-based VLAN as a group, and then configure it by your plan. In some cases, ISP may need router to
support “VLAN tag” for certain kinds of services (e.g. IPTV). You can group all devices required this service as
one tag-based VLAN.
If the gateway has only one physical Ethernet LAN port, only very limited configuration is available if you
enable the Port-based VLAN.

 Port-based VLAN
Port-based VLAN function can group Ethernet ports, Port-1 ~ Port-4, and WiFi Virtual Access Points, VAP-1 ~
VAP-8, together for differentiated services like Internet surfing, multimedia enjoyment, VoIP talking, and so on.
Two operation modes, NAT and Bridge, can be applied to each VLAN group. One DHCP server can be allocated
for a NAT VLAN group to let group host member get its IP address. Thus, each host can surf Internet via the
NAT mechanism of business access gateway. In bridge mode, Intranet packet flow is delivered out WAN trunk
port with VLAN tag to upper link for different services.

A port-based VLAN is a group of ports on an Ethernet or Virtual APs of Wired or Wireless Gateway that form a
logical LAN segment. Following is an example.
For example, in a company, administrator schemes out 3 network segments, Lobby/Meeting Room, Office,
and Data Center. In a Wireless Gateway, administrator can configure Lobby/Meeting Room segment with
VLAN ID 3. The VLAN group includes Port-3 and VAP-8 (SSID: Guest) with NAT mode and DHCP-3 server
equipped. He also configure Office segment with VLAN ID 2. The VLAN group includes Port-2 and VAP-1 (SSID:

62
Vehicle LTE Router AN-W02
Staff) with NAT mode and DHCP-2 server equipped. At last, administrator also configure Data Center segment
with VLAN ID 1. The VLAN group includes Port-1 with NAT mode to WAN interface as shown in following
diagram.

Above is the general case for 3 Ethernet LAN ports in the gateway. But if the device just has one Ethernet LAN
port, there will be only one VLAN group for the device. Under such situation, it still supports both the NAT and
Bridge mode for the Port-based VLAN configuration.

 Tag-based VLAN
Tag-based VLAN function can group Ethernet ports, Port-1 ~ Port-4, and WiFi Virtual Access Points, VAP-1 ~
VAP-8, together with different VLAN tags for deploying subnets in Intranet. All packet flows can carry with
different VLAN tags even at the same physical Ethernet port for Intranet. These flows can be directed to
different destination because they have differentiated tags. The approach is very useful to group some hosts
at different geographic location to be in the same workgroup.
Tag-based VLAN is also called a VLAN Trunk. The VLAN Trunk collects all packet flows with different VLAN IDs
from Router device and delivers them in the Intranet. VLAN membership in a tagged VLAN is determined by
VLAN ID information within the packet frames that are received on a port. Administrator can further use a
VLAN switch to separate the VLAN trunk to different groups based on VLAN ID. Following is an example.

63
Vehicle LTE Router AN-W02

For example, in a company, administrator schemes out 3 network segments, Lab, Meeting Rooms, and Office.
In a Security VPN Gateway, administrator can configure Office segment with VLAN ID 12. The VLAN group is
equipped with DHCP-3 server to construct a 192.168.12.x subnet. He also configure Meeting Rooms segment
with VLAN ID 11. The VLAN group is equipped with DHCP-2 server to construct a 192.168.11.x subnet for
Intranet only. That is, any client host in VLAN 11 group can’t access the Internet. At last, he configures Lab
segment with VLAN ID 10. The VLAN group is equipped with DHCP-1 server to construct a 192.168.10.x subnet.

64
Vehicle LTE Router AN-W02

 VLAN Groups Access Control

Administrator can specify the Internet access permission for all VLAN groups. He can also configure which
VLAN groups are allowed to communicate with each other.

VLAN Group Internet Access

Administrator can specify members of one VLAN group to be able to access Internet or not. Following is an
example that VLAN groups of VID is 2 and 3 can access Internet but the one with VID is 1 cannot access
Internet. That is, visitors in meeting room and staffs in office network can access Internet. But the
computers/servers in data center cannot access Internet since security consideration. Servers in data center
only for trusted staffs or are accessed in secure tunnels.

65
Vehicle LTE Router AN-W02
Inter VLAN Group Routing:
In Port-based tagging, administrator can specify member hosts of one VLAN group to be able to communicate
with the ones of another VLAN group or not. This is a communication pair, and one VLAN group can join many
communication pairs. But communication pair doesn’t have the transitive property. That is, A can
communicate with B, and B can communicate with C, it doesn’t imply that A can communicate with C. An
example is shown at following diagram. VLAN groups of VID is 1 and 2 can access each other but the ones
between VID 1 and VID 3 and between VID 2 and VID 3 can’t.

66
Vehicle LTE Router AN-W02

VLAN Setting

Go to Basic Network > LAN & VLAN > VLAN Tab.

The VLAN function allows you to divide local network into different virtual LANs. There are Port-based and
Tag-based VLAN types. Select one that applies.

Configuration
Item Value setting Description
VLAN Type Port-based is selected by Select the VLAN type that you want to adopt for organizing you local subnets.
default Port-based: Port-based VLAN allows you to add rule for each LAN port, and you
can do advanced control with its VLAN ID.
Tag-based: Tag-based VLAN allows you to add VLAN ID, and select member and
DHCP Server for this VLAN ID. Go to Tag-based VLAN List table.
Specify the VLAN ID range that is reserved for the system operation. For the
System
Port-based/Tag-based VLAN grouping, only use the ID outside the reserved
Reserved 1 ~ 5 is reserved by default
VLAN ID range.
Value Range: 1 ~ 4091.
Save NA Click the Save button to save the configuration

Port-based VLAN – Create/Edit VLAN Rules

The port-based VLAN allows you to custom each LAN port. There is a default rule shows the configuration of all
LAN ports. Also, if your device has a DMZ port, you will see DMZ configuration, too. The maxima rule numbers
is based on LAN port numbers.

When Add button is applied, Port-based VLAN Configuration screen will appear, which is including 3 sections:
Port-based VLAN Configuration, IP Fixed Mapping Rule List, and Inter VLAN Group Routing (enter through a
67
Vehicle LTE Router AN-W02
button)

Port-based VLAN - Configuration

Port-based VLAN Configuration (part-I)

Item Value setting Description
1. A Must filled setting Define the Name of this rule. It has a default text and cannot be modified.
Name 2. String format: already
have default texts
VLAN ID A Must filled setting Define the VLAN ID number, range is 1~4094.
The rule is activated according to VLAN ID and Port Members configuration
when Enable is selected.
Disable is selected by
VLAN Tagging
default.
The rule is activated according Port Members configuration when Disable is
selected.
NAT / Bridge NAT is selected by default. Select NAT mode or Bridge mode for the rule.
These boxes are unchecked Select which LAN port(s) and VAP(s) that you want to add to the rule.
Port Members
by default. Note: The available member list can be different for the purchased product.
Check the Enable box and select one of the defined DHCP Server for the List to
The box is unchecked by define the DHCP server for the VLAN group.
LAN to Join
default. If you enabled this function, all the rest settings will be greyed out, not required
to configured manually.
Save NA Click the Save button to save the configuration
Click the Undo button to restore what you just configured back to the previous
Undo NA
setting.

If you didn’t decide to bind the VLAN group to a pre-defined DHCP server, you have to further specify the
following settings.

68
Vehicle LTE Router AN-W02

Port-based VLAN Configuration (part-II)

Item Value setting Description
WAN & WAN All WANs is selected by Select which WAN or All WANs that allow accessing Internet.
VID to Join default. Note: If Bridge mode is selected, you need to select a WAN and enter a VID.
LAN IP Assign an IP Address for the DHCP Server that the rule used, this IP address is a
A Must filled setting
Address gateway IP.
255.255.255.0(/24) is Select a Subnet Mask for the DHCP Server.
Subnet Mask
selected by default.
Define the DHCP Server type.
There are three types you can select: Server, Relay, and Disable.
Relay: Select Relay to enable DHCP Relay function for the VLAN group, and you
DHCP Server
Server is selected by default. only need to fill the DHCP Server IP Address field.
/Relay
Server: Select Server to enable DHCP Server function for the VLAN group, and
you need to specify the DHCP Server settings.
Disable: Select Disable to disable the DHCP Server function for the VLAN group.
DHCP Server If you select Relay type of DHCP Server, assign a DHCP Server IP Address that
IP Address the gateway will relay the DHCP requests to the assigned DHCP server.
A Must filled setting
(for DHCP
Relay only)
DHCP Option If you select Relay type of DHCP Server, you can further enable the DHCP
82 Option 82 setting if the DHCP server support it.
An Optional filled setting
(for DHCP
Relay only)
DHCP Server Define name of the DHCP Server for the specified VLAN group.
A Must filled setting
Name
IP Pool A Must filled setting Define the IP Pool range.
69
Vehicle LTE Router AN-W02
There are Starting Address and Ending Address fields. If a client requests an IP
address from this DHCP Server, it will assign an IP address in the range of IP
pool.
Define a period of time for an IP Address that the DHCP Server leases to a new
Lease Time A Must filled setting
device. By default, the lease time is 86400 seconds.
String format can be any The Domain Name of this DHCP Server.
Domain Name
text Value Range: 0 ~ 31 characters.
Primary DNS IPv4 format The Primary DNS of this DHCP Server.
Secondary
IPv4 format The Secondary DNS of this DHCP Server.
DNS
Primary WINS IPv4 format The Primary WINS of this DHCP Server.
Secondary
IPv4 format The Secondary WINS of this DHCP Server.
WINS
Gateway IPv4 format The Gateway of this DHCP Server.
The box is unchecked by Click Enable box to activate this rule.
Enable
default.
Save NA Click the Save button to save the configuration
Click the Undo button to restore what you just configured back to the previous
Undo NA
setting.

70
Vehicle LTE Router AN-W02
Besides, you can add some IP rules in the IP Fixed Mapping Rule List if DHCP Server for the VLAN groups is
required.

When Add button is applied, Mapping Rule Configuration screen will appear.

Mapping Rule Configuration

Item Value setting Description
MAC Address A Must filled setting Define the MAC Address target that the DHCP Server wants to match.
Define the IP Address that the DHCP Server will assign.
If there is a request from the MAC Address filled in the above field, the DHCP
IP Address A Must filled setting
Server will assign this IP Address to the client whose MAC Address matched the
rule.
The box is unchecked by Click Enable box to activate this rule.
Enable
default.
Save NA Click the Save button to save the configuration

Note: ensure to always click on Apply button to apply the changes after the web browser refreshed taken you
back to the VLAN page.

71
Vehicle LTE Router AN-W02
Port-based VLAN – Inter VLAN Group Routing

Click VLAN Group Routing button, the VLAN Group Internet Access Definition and Inter VLAN Group Routing
screen will appear.

When Edit button is applied, a screen similar to this will appear.

Inter VLAN Group Routing

Item Value setting Description
By default, all boxes are checked means all VLAN ID members are allow to
VALN Group access WAN interface.
Internet All boxes are checked by If uncheck a certain VLAN ID box, it means the VLAN ID member can’t access
Access default. Internet anymore.
Definition Note: VLAN ID 1 is available always; it is the default VLAN ID of LAN rule. The
other VLAN IDs are available only when they are enabled.
Click the expected VLAN IDs box to enable the Inter VLAN access function.
By default, members in different VLAN IDs can’t access each other. The gateway
Inter VLAN The box is unchecked by
supports up to 4 rules for Inter VLAN Group Routing.
Group Routing default.
For example, if ID_1 and ID_2 are checked, it means members in VLAN ID_1 can
access members of VLAN ID_2, and vice versa.
Save N/A Click the Save button to save the configuration
72
Vehicle LTE Router AN-W02

Tag-based VLAN – Create/Edit VLAN Rules

The Tag-based VLAN allows you to customize each LAN port according to VLAN ID. There is a default rule
shows the configuration of all LAN ports and all VAPs. Also, if your device has a DMZ port, you will see DMZ
configuration, too. The router supports up to a maximum of 128 tag-based VLAN rule sets.

When Add button is applied, Tag-based VLAN Configuration screen will appear.

Tag-based VLAN Configuration (Part-I)

Item Value setting Description
Define the VLAN ID number, that is outside the system reserved range.
VALN ID A Must filled setting
Value Range: 1 ~ 4095.
Internet The box is checked by Click Enable box to allow the members in the VLAN group access to internet.
Access default.
Check the LAN port box(es) to join the VLAN group.
The boxes are unchecked by
Port Members Check the VAP box(es) to join the VLAN group.
default.
Note: Only the wireless gateway has the VAP list.
Bridge DHCP 1 is selected by Select a predefined DHCP Server , a New to defined a new DHCP server for
Interface default. these members of this VLAN group.
Click Save button to save the configuration
Save N/A
Note: After clicking Save button, always click Apply button to apply the settings.

If you select New to create a new DHCP server setting for the VLAN group, you have to further specify the
following configuration.

73
Vehicle LTE Router AN-W02

Tag-based VLAN Configuration (part-II)

Item Value setting Description
Assign an IP Address for the DHCP Server that the rule used, this IP address is a
IP Address A Must filled setting
gateway IP.
255.255.255.0(/24) is Select a Subnet Mask for the DHCP Server.
Subnet Mask
selected by default.
The box is unchecked by Check the box to enable the DHCP Relay function for the VLAN group, and you
DHCP Relay
default. only need to fill the DHCP Server IP Address field.
WAN-1 is selected by Select which WAN interface that allow accessing Internet.
WAN Interface
default.
DHCP Option If you select Relay type of DHCP Server, you can further enable the DHCP
An Optional filled setting
82 Option 82 setting if the DHCP server support it.
Save NA Click the Save button to save the configuration
Click the Undo button to restore what you just configured back to the previous
Undo NA
setting.

Tag-based VLAN Summary

The configured tag-based VLAN group information will be displayed in the following screen.

74
Vehicle LTE Router AN-W02

2.2.3 DHCP Server

 DHCP Server
The gateway supports up to 4 DHCP servers to fulfill the DHCP requests from different VLAN groups (please
refer to VLAN section for getting more usage details). And there is one default setting for whose LAN IP
Address is the same one of gateway LAN interface, with its default Subnet Mask setting as “255.255.255.0”,
and its default IP Pool ranges is from “.100” to “.200” as shown at the DHCP Server List page on gateway’s
WEB UI.

User can add more DHCP server configurations by clicking on the “Add” button behind “DHCP Server List”, or
clicking on the “Edit” button at the end of each DHCP Server on list to edit its current settings. Besides, user
can select a DHCP Server and delete it by clicking on the “Select” check-box and the “Delete” button.

75
Vehicle LTE Router AN-W02

 Fixed Mapping
User can assign fixed IP address to map the specific client MAC address by select them then copy, when targets
were already existed in the DHCP Client List, or to add some other Mapping Rules by manually in advance,
once the target's MAC address was not ready to connect.

76
Vehicle LTE Router AN-W02

DHCP Server Setting

Go to Basic Network > LAN & VLAN > DHCP Server Tab.

The DHCP Server setting allows user to create and customize DHCP Server policies to assign IP Addresses to
the devices on the local area network (LAN).

Create / Edit DHCP Server Policy

The gateway allows you to custom your DHCP Server Policy. If multiple LAN ports are available, you can define
one policy for each LAN (or VLAN group), and it supports up to a maximum of 4 policy sets.

When Add button is applied, DHCP Server Configuration screen will appear.

77
Vehicle LTE Router AN-W02
DHCP Server Configuration
Item Value setting Description
1. String format can be any
DHCP Server
text Enter a DHCP Server name. Enter a name that is easy for you to understand.
Name
2. A Must filled setting
LAN IP 1. IPv4 format.
The LAN IP Address of this DHCP Server.
Address 2. A Must filled setting
255.0.0.0 (/8) is set by
Subnet Mask The Subnet Mask of this DHCP Server.
default
1. IPv4 format. The IP Pool of this DHCP Server. It composed of Starting Address entered in this
IP Pool
2. A Must filled setting field and Ending Address entered in this field.
1. Numberic string format. The Lease Time of this DHCP Server.
Lease Time
2. A Must filled setting Value Range: 300 ~ 604800 seconds.
String format can be any
Domain Name The Domain Name of this DHCP Server.
text
Primary DNS IPv4 format The Primary DNS of this DHCP Server.
Secondary
IPv4 format The Secondary DNS of this DHCP Server.
DNS
Primary WINS IPv4 format The Primary WINS of this DHCP Server.
Secondary
IPv4 format The Secondary WINS of this DHCP Server.
WINS
Gateway IPv4 format The Gateway of this DHCP Server.
The box is unchecked by
Server Click Enable box to activate this DHCP Server.
default.
Save N/A Click the Save button to save the configuration
Click the Undo button to restore what you just configured back to the previous
Undo N/A
setting.
When the Back button is clicked the screen will return to the DHCP Server
Back N/A
Configuration page.

Create / Edit Mapping Rule List on DHCP Server

The gateway allows you to custom your Mapping Rule List on DHCP Server. It supports up to a maximum of 64
rule sets. When Fix Mapping button is applied, the Mapping Rule List screen will appear.

When Add button is applied, Mapping Rule Configuration screen will appear.

78
Vehicle LTE Router AN-W02

Mapping Rule Configuration

Item Value setting Description
1. MAC Address string
MAC Address format The MAC Address of this mapping rule.
2. A Must filled setting
1. IPv4 format.
IP Address The IP Address of this mapping rule.
2. A Must filled setting
The box is unchecked by
Rule Click Enable box to activate this rule.
default.
Save N/A Click the Save button to save the configuration
Click the Undo button to restore what you just configured back to the previous
Undo N/A
setting.
When the Back button is clicked the screen will return to the DHCP Server
Back N/A
Configuration page.

View / Copy DHCP Client List

When DHCP Client List button is applied, DHCP Client List screen will appear.

When the DHCP Client is selected and Copy to Fixed Mapping button is applied. The IP and MAC address of
DHCP Client will apply to the Mapping Rule List on specific DHCP Server automatically.

Enable / Disable DHCP Server Options

The DHCP Server Options setting allows user to set DHCP OPTIONS 66, 72, or 114. Click the Enable button to
activate the DHCP option function, and the DHCP Server will add the expected options in its sending out
DHCPOFFER DHCPACK packages.

79
Vehicle LTE Router AN-W02
Option Meaning RFC
66 TFTP server name [RFC 2132]
72 Default World Wide Web Server [RFC 2132]
114 URL [RFC 3679]

Create / Edit DHCP Server Options

The gateway supports up to a maximum of 99 option settings.

When Add/Edit button is applied, DHCP Server Option Configuration screen will appear.

DHCP Server Option Configuration

Item Value setting Description
1. String format can be any
Enter a DHCP Server Option name. Enter a name that is easy for you to
Option Name text
understand.
2. A Must filled setting.
DHCP Server Dropdown list of all available
Choose the DHCP server this option should apply to.
Select DHCP servers.
Choose the specific option from the dropdown list. It can be Option 66, Option
1. A Must filled setting. 72, Option 144, Option 42, Option 150, or Option 160.
Option Select 2. Option 66 is selected by Option 42 for ntp server;
default. Option 66 for tftp;
Option 72 for www;

80
Vehicle LTE Router AN-W02
Option 144 for url;
Each different options has different value types.
Single IP Address
66
Single FQDN
72 IP Addresses List, separated by “,”
Dropdown list of DHCP 114 Single URL
Type
server option value’s type
42 IP Addresses List, separated by “,”
150 IP Addresses List, separated by “,”
Single IP Address
160
Single FQDN
Should conform to Type :

1. IPv4 format Type Value

2. FQDN format Single IP Address IPv4 format
Value 3. IP list 66
4. URL format Single FQDN FQDN format
5. A Must filled setting 72 IP Addresses List, separated by “,” IPv4 format, separated by “,”

114 Single URL URL format

The box is unchecked by
Enable Click Enable box to activate this setting.
default.
Save NA Click the Save button to save the setting.
When the Undo button is clicked the screen will return back with nothing
Undo NA
changed.

Create / Edit DHCP Relay

The gateway supports up to a maximum of 6 DHCP Relay configurations.

When Add/Edit button is applied, DHCP Relay Configuration screen will appear.

81
Vehicle LTE Router AN-W02
DHCP Relay Configuration
Item Value setting Description
1. String format can be any
Enter a DHCP Relay name. Enter a name that is easy for you to understand.
Agent Name text
Value Range: 1~64 characters.
2. A Must filled setting.
1. A Must filled setting. Choose a LAN Interface for the dropdown list to apply with the DHCP Relay
LAN Interface
2. LAN is selected by default. function.
1. A Must filled setting.
Choose a WAN Interface for the dropdown list to apply with the DHCP Relay
WAN Interface 2. WAN-1 is selected by
function. It can be the available WAN interface(s), and L2TP connection.
default.
1. A Must filled setting. Assign a DHCP Server IP Address that the gateway will relay the DHCP requests
Server IP
2. null by default. to the assigned DHCP server via specified WAN interface.
Click Enable box to activate DHCP OPTION 82 function.
DHCP OPTION The box is unchecked by Option 82 is organized as a single DHCP option that contains circuit-ID
82 default. information known by the relay agent. If the relayed DHCP server required the
such information, you have to enable it, otherwise, just leave it as unchecked.
The box is unchecked by
Enable Click Enable box to activate this setting.
default.
Save NA Click the Save button to save the setting.
When the Undo button is clicked the screen will return back with nothing
Undo NA
changed.

82
Vehicle LTE Router AN-W02

2.3 WiFi

The gateway provides WiFi interface for mobile devices or BYOD devices to connect for Internet/Intranet
accessing. WiFi function is usually modulized design in a gateway, and there can be single or dual modules
within a gateway. The WiFi system in the gateway complies with IEEE 802.11ac/11n/11g/11b standard in
2.4GHz or 5GHz single band or 2.4G/5GHz concurrent dual bands of operation. There are several wireless
operation modes provided by this device. They are: “AP Router Mode”, “WDS Only Mode”, and “WDS Hybrid
Mode”. You can choose the expected mode from the wireless operation mode list.
There are some sub-sections for you to configure the WiFi function, including “Basic Configuration” and
“Advanced Configuration”. In Basic Configuration section, you have to finish almost all the settings for using
the WiFi function. And the Advanced Configuration section provides more parameters for advanced user to
fine tune the connectivity performance for the WiFi function.

83
Vehicle LTE Router AN-W02

2.3.1 WiFi Configuration

Due to optional module(s) and frequency band, you need to setup module one by one. For each module, you
need to specify the operation mode, and then setup the virtual APs for wireless access.

In addition, if you configured the WiFi Uplink function in the Basic Network > WAN & Uplink > Physical
Interface tab, the WiFi uplink function is activated. However, for the wireless LAN function of the module
worked under WiFi uplink operation, it also provides AP Router function for local wireless clients to connect to
wireless uplink network via the gateway.

Hereunder are the scenarios for each wireless operation mode, you can get how it works, and what is the
difference among them. To connect your wireless devices with the wireless gateway, make sure your
application scenario for WiFi network and choose the most adequate operation mode.

84
Vehicle LTE Router AN-W02
AP Router Mode
This mode allows you to get your wired and wireless
devices connected to form the Intranet of the wireless
gateway, and the Intranet will link to the Internet with
NAT mechanism of the gateway. So, this gateway is
working as a WiFi AP, but also a WiFi hotspot for
Internet accessing service. It means local WiFi clients
can associate to it, and go to Internet. With its NAT
mechanism, all of wireless clients don’t need to get
public IP addresses from ISP.

WDS Only Mode

WDS (Wireless Distributed System) Only mode
drives a WiFi gateway to be a bridge for its
wired Intranet and a repeater to extend
distance. You can use multiple WiFi gateways
as a WiFi repeater chain with all gateways
setup as "WDS Only" mode. All gateways can
communicate with each other through WiFi.
All wired client hosts within each gateway can
also communicate each other in the scenario.
Only one gateway within repeater chain can be
DHCP server to provide IP for all wired client
hosts of every gateway which being disabled
DHCP server. This gateway can be NAT router
to provide internet access
The diagram illustrates that there are two
wireless gateways 2, 3 running at "WDS Only"
mode. They both use channel 3 to link to local Gateway 1 through WDS. Both gateways connected by WDS
need to setup the remote AP MAC for each other. All client hosts under gateway 2, 3 can request IP address
from the DHCP server at gateway 1. Besides, wireless Gateway 1 also execute the NAT mechanism for all client
hosts Internet accessing.

85
Vehicle LTE Router AN-W02
WDS Hybrid Mode
WDS hybrid mode includes both WDS and
AP Router mode. WDS Hybrid mode can act
as an access point for its WiFi Intranet and a
WiFi bridge for its wired and WiFi Intranets
at the same time. Users can thus use the
features to build up a large wireless
network in a large space like airports, hotels
or campus.
The diagram illustrates Gateway 1, Gateway
2 and AP 1 connected by WDS. Each
gateway has access point function for WiFi
client access. Gateway 1 has DHCP server to
assign IP to each client hosts. All gateways
and AP are under WDS hybrid mode. To
setup WDS hybrid mode, it need to fill all
configuration items similar to that of AP-
router and WDS modes.

Multiple VAPs
VAP (Virtual Access Point) is function to
partition wireless network into multiple
broadcast domains. It can simulate
multiple APs in one physical AP. This
wireless gateway supports up to 8 VAPs.
For each VAP, you need to setup SSID,
authentication and encryption to control
Wi-Fi client access.
Besides, there is a VAP isolation option to
manage the access among VAPs. You can
allow or blocks communication for the
wireless clients connected to different
VAPs. As shown in the diagram, the
clients in VAP-1 and VAP-2 can
communicate to each other when VAP
Isolation is disabled.

86
Vehicle LTE Router AN-W02
Wi-Fi Security - Authentication & Encryption
Wi-Fi security provides complete
authentication and encryption
mechanisms to enhance the data security
while your data is transferred wirelessly
over the air. The wireless gateway
supports Shared, WPA-PSK / WPA2-PSK
and WPA / WPA2 authentication. You can
select one authentication scheme to
validate the wireless clients while they
are connecting to the AP. As to the data
encryption, the gateway supports WEP,
TKIP and AES. The selected encryption
algorithm will be applied to the data
while the wireless connection is
established.

87
Vehicle LTE Router AN-W02

WiFi Configuration Setting

The WiFi configuration allows user to configure 2.4GHz or 5GHz WiFi settings.

Go to Basic Network > WiFi > WiFi Module One Tab. If the gateway is equipped with two WiFi modules, there
will be another WiFi Module Two. You can do the similar configurations on both WiFi modules.

Basic Configuration

Basic Configuration
Item Value setting Description
Specify the intended operation band for the WiFi module.
Basically, this setting is fixed and cannot be changed once the module is integrated
Operation Band A Must filled setting into the product. However, there is some module with selectable band for user to
choose according to his network environment. Under such situation, you can specify
which operation band is suitable for the application.

Configure WiFi Setting

Configuring Wi-Fi Settings

Item Value setting Description
The box is checked by Check the Enable box to activate Wi-Fi function.
WiFi Module
default
Select a radio channel for the VAP. Each channel is corresponding to different radio
1. A Must filled setting.
band. The permissible channels depend on the Regulatory Domain.
Channel 2. Auto is selected be
There are two available options when Auto is selected:
default.
 By AP Numbers

88
Vehicle LTE Router AN-W02
The channel will be selected according to AP numbers (The less, the better).
 By Less Interference
The channel will be selected according to interference. (The lower, the better).
Specify the preferred WiFi System. The dropdown list of WiFi system is based on
IEEE 802.11 standard.
WiFi System A Must filled setting
 2.4G WiFi can select b, g and n only or mixed with each other.
 5G WiFi can select a, n and ac only or mixed with each other.
Specify the WiFi Operation Mode according to your application.
Go to the following table for AP Router Mode, WDS Only Mode, and WDS Hybrid
WiFi Operation
Mode settings.
Mode
Note: The available operation modes depend on the product specification.

In the following, the specific configuration description for each WiFi operation mode is given.

Note: If you configured the WiFi Uplink function in the Basic Network > WAN & Uplink > Physical Interface
tab, the WiFi uplink function is activated. However, for the wireless LAN function of the module worked under
WiFi uplink operation, the WiFi Operation Mode is fixed to WiFi Uplink, and also provides AP Router function
for local wireless clients to connect to wireless uplink network via the gateway.

AP Router Mode [WiFi Uplink Mode] & VAPs Configuration

For the AP Router mode, or WiFi Uplink mode, the device not only supports stations connection but also the
router function. The WAN port and the NAT function are enabled.

AP Router Mode
Item Value setting Description
The box is unchecked Check the Enable box to activate Green AP function.
Green AP
by default.
The box is checked by Check the Enable box to activate this function.
VAP Isolation
default. By default, the box is checked; it means that stations which associated to different
89
Vehicle LTE Router AN-W02
VAPs cannot communicate with each other.
Check the Enable box to enable the activate profile setting.
The box is unchecked
Profile
by default.
Note: This setting is only available in WiFi Uplink operation mode.
Apply a specific Time Schedule to this rule; otherwise leave it as (0) Always.
Time Schedule A Must filled setting If the dropdown list is empty ensure Time Schedule is pre-configured. Refer to Object
Definition > Scheduling > Configuration tab.

By default, VAP 1 is enabled and security key is required to connect to the gateway wirelessly to enhance the
security level and prevent unexpected access of un-authorized devices.
The default wifi key is printed on both the device label and the Security Card. It is created randomly and
differs from devices. So, you can connected to the VAP1 (SSID: Staff_2.4G) with the provided key.
However, it is strongly recommanded that you have to change the security key to a easy-to-remember one
by clicking the Edit button.

Click Add / Edit button in the VAP List screen to create or edit the settings for a VAP. A VAP Configuration
screen will appear.

For VAP 1:

For others:

90
Vehicle LTE Router AN-W02

VAP Configuration
Item Value setting Description
Enter the SSID for the VAP, and decide whether to broadcast the SSID or not.
1. String format : Any
SS ID The SSID is used for identifying from another AP, and client stations will associate
text
with AP according to SSID.
Check this box and enter a limitation to limit the maximum number of client
The box is unchecked station.
Max. STA
by default. The box is unchecked by default. It means no specila limitation on the number of
connected STAs.
For security, there are several authentication methods supported. Client stations
should provide the key when associate with this device.
When Open is selected
The check box named 802.1x shows up next to the dropdown list.
 802.1x (The box is unchecked by default)
When 802.1x is enabled, it means the client stations will be authenticated by
RADIUS server.
RADIUS Server IP (The default IP is 0.0.0.0)
RADIUS Server Port (The default value is 1812)
1. A Must filled setting RADIUS Shared Key
2. VAP1: WPA2-PSK is When Shared is selected
Authentication selected be default; The pre-shared WEP key should be set for authenticating.
Others: Open is When Auto is selected
selected be default. The device will select Open or Shared by requesting of client automatically.
The check box named 802.1x shows up next to the dropdown list.
 802.1x (The box is unchecked by default)
When 802.1x is enabled, it means the client stations will be authenticated by
RADIUS server.
RADIUS Server IP (The default IP is 0.0.0.0)
RADIUS Server Port (The default value is 1812)
RADIUS Shared Key
When WPA or WPA2 is selected
They are implementation of IEEE 802.11i. WPA only had implemented part of IEEE
91
Vehicle LTE Router AN-W02
802.11i, but owns the better compatibility.
WPA2 had fully implemented 802.11i standard, and owns the highest security.
 RADIUS Server
The client stations will be authenticated by RADIUS server.
RADIUS Server IP (The default IP is 0.0.0.0)
RADIUS Server Port (The default value is 1812)
RADIUS Shared Key
When WPA / WPA2 is selected
It owns the same setting as WPA or WPA2. The client stations can associate with
this device via WPA or WPA2.
When WPA-PSK or WPA2-PSK is selected
It owns the same encryption system as WPA or WPA2. The authentication uses
pre-shared key instead of RADIUS server.
When WPA-PSK / WPA2-PSK is selected
It owns the same setting as WPA-PSK or WPA2-PSK. The client stations can
associate with this device via WPA-PSK or WPA2-PSK.
Select a suitable encryption method and enter the required key(s).
The available method in the dropdown list depends on the Authentication you
selected.
None
It means that the device is open system without encrypting.
WEP
Up to 4 WEP keys can be set, and you have to select one as current key. The key
type can set to HEX or ASCII.
If HEX is selected, the key should consist of (0 to 9) and (A to F).
1. A Must filled setting.
If ASCII is selected, the key should consist of ASCII table.
2. VAP1: AES is
TKIP
Encryption selected be default;
TKIP was proposed instead of WEP without upgrading hardware. Enter a Pre-
Others: None is
shared Key for it. The length of key is from 8 to 63 characters.
selected be default.
AES
The newest encryption system in WiFi, it also designed for the fast 802.11n high
bitrates schemes. Enter a Pre-shared Key for it. The length of key is from 8 to 63
characters.
You are recommended to use AES encryption instead of any others for security.
TKIP / AES
TKIP / AES mixed mode. It means that the client stations can associate with this
device via TKIP or AES. Enter a Pre-shared Key for it. The length of key is from 8 to
63 characters.
VAP1: The box is Check the Enable box to activate this function.
checked by default; By default, the box is checked; it means that stations which associated to the same
STA Isolation
Others: unchecked by VAP cannot communicate with each other.
default.
VAP1: The box is Check the Enable box to activate this function.
checked by default; If the broadcast SSID option is enabled, it means the SSID will be broadcasted, and
Broadcast SSID
Others: unchecked by the stations can associate with this device by scanning SSID.
default.
VAP1: The box is Check the Enable box to activate this VAP.
checked by default;
Enable
Others: unchecked by
default.
Save N/A Click the Save button to save the current configuration.
Undo N/A Click the Undo button to restore configuration to previous setting before saving.
92
Vehicle LTE Router AN-W02
Apply N/A Click the Apply button to apply the saved configuration.

93
Vehicle LTE Router AN-W02
WDS Only Mode
For the WDS Only mode, the device only bridges the connected wired clients to another WDS-enabled WiFi
device which the device associated with. That is, it also means the no wireless clients stat can connect to this
device while WDS Only Mode is selected.

WDS Only Mode

Item Value setting Description
The box is Check the Enable box to activate Green AP function.
Green AP unchecked by
default.
Apply a specific Time Schedule to this rule; otherwise leave it as (0) Always.
A Must filled
Time Schedule If the dropdown list is empty ensure Time Schedule is pre-configured. Refer to Object
setting
Definition > Scheduling > Configuration tab.
Press the Scan button to scan the spatial AP information, and then select one from
Scan Remote AP’s
N/A the AP list, the MAC of selected AP will be auto filled in the following Remote AP
MAC List
MAC table.
A Must filled Enter the remote AP’s MAC manually, or via auto-scan approach, The device will
Remote AP MAC 1~4
setting bridge the traffic to the remote AP when associated successfully.

By default, VAP 1 is enabled and security key is required to connect to the gateway wirelessly to enhance the
security level and prevent unexpected access of un-authorized devices.
The default wifi key is printed on both the device label and the Security Card. It is created randomly and
differs from devices. So, you can connected to the VAP1 (SSID: Staff_2.4G) with the provided key.
However, it is strongly recommanded that you have to change the security key to a easy-to-remember one
by clicking the Edit button.

94
Vehicle LTE Router AN-W02
Under WDS Only mode, only VAP1 is available for further specifying the required authentication and
Encryption settings. Click Edit button in the VAP List screen and a VAP Configuration screen will appear for you
to configure the required settings

For the detail description about VAP configuration, please refer to the description stated in AP-Router section.

95
Vehicle LTE Router AN-W02
WDS Hybrid Mode
For the WDS Hybrid mode, the device bridges all the wired LAN and WLAN clients to another WDS or WDS
hybrid enabled WiFi devices which the device associated with.

WDS Hybrid Mode

Item Value setting Description
Check the Enable box to activate this function.
The box is checked by With the function been enabled, the device can auto-learn WDS peers without
Lazy Mode
default. manually entering other AP’s MAC address. But at least one of the APs has to fill
remote AP MAC addresses.
The box is unchecked Check the Enable box to activate Green AP function.
Green AP
by default.
Check the Enable box to activate this function.
The box is checked by
VAP Isolation By default, the box is checked; it means that stations which associated to different
default.
VAPs cannot communicate with each other.
Apply a specific Time Schedule to this rule; otherwise leave it as (0) Always.
Time Schedule A Must filled setting If the dropdown list is empty ensure Time Schedule is pre-configured. Refer to Object
Definition > Scheduling > Configuration tab.
Press the Scan button to scan the spatial AP information, and then select one from
Scan Remote AP’s Available when Lazy
the AP list, the MAC of selected AP will be auto filled in the following Remote AP
MAC List Mode disabled.
MAC table.
Remote AP MAC Available when Lazy Enter the remote AP’s MAC manually, or via auto-scan approach, The device will
1~4 Mode disabled. bridge the traffic to the remote AP when associated successfully.

By default, VAP 1 is enabled and security key is required to connect to the gateway wirelessly to enhance the
96
Vehicle LTE Router AN-W02
security level and prevent unexpected access of un-authorized devices.
The default wifi key is printed on both the device label and the Security Card. It is created randomly and
differs from devices. So, you can connected to the VAP1 (SSID: Staff_2.4G) with the provided key.
However, it is strongly recommanded that you have to change the security key to a easy-to-remember one
by clicking the Edit button.

Under WDS Hybrid mode, the VAP function is available and you can further specifying the required VAP
settings for connecting with wireless client devices.

Click Add / Edit button in the VAP List screen to create or edit the settings for a VAP. A VAP Configuration
screen will appear.

For VAP 1:

97
Vehicle LTE Router AN-W02
For others:

For the detail description about VAP configuration, please refer to the description stated in AP-Router section.

98
Vehicle LTE Router AN-W02

2.3.2 Wireless Client List

The Wireless Client List page shows the information of wireless clients which are associated with this device.

Go to Basic Network > WiFi > Wireless Client List Tab.

Select Target WiFi

Target Configuration
Item Value setting Description
Select the WiFi module to check the information of connected clients.
Module Select A Must filled setting.
For those single WiFi module products, this option is hidden.
Specify the intended operation band for the WiFi module.
Basically, this setting is fixed and cannot be changed once the module is
integrated into the product. However, there is some module with selectable
Operation Band A Must filled setting.
band for user to choose according to his network environment.
Under such situation, you can specify which operation band is suitable for the
application.
1. A Must filled Specify the VAP to show the associated clients information in the following Client List. By
setting. default, All VAP is selected.
Multiple AP Names
2. All is selected by
default.

Show Client List

The following Client List shows the information for wireless clients that is associated with the selected VAP(s).

Target Configuration
Item Value setting Description
IP Address It shows the Client’s IP address and the deriving method.
Configuration & N/A Dynamic means the IP address is derived from a DHCP server.
Address Static means the IP address is a fixed one that is self-filled by client.
Host Name N/A It shows the host name of client.
MAC Address N/A It shows the MAC address of client.
99
Vehicle LTE Router AN-W02
Mode N/A It shows what kind of Wi-Fi system the client used to associate with this device.
Rate N/A It shows the data rate between client and this device.
RSSI0, RSSI1 N/A It shows the RX sensitivity (RSSI) value for each radio path.
Signal N/A The signal strength between client and this device.
Interface N/A It shows the VAP ID that the client associated with.
Refresh N/A Click the Refresh button to update the Client List immediately.

100
Vehicle LTE Router AN-W02

2.3.3 Advanced Configuration

This device provides advanced wireless configuration for professional user to optimize the wireless
performance under the specific installation environment. Please note that if you are not familiar with the WiFi
technology, just leave the advanced configuration with its default values, or the connectivity and performance
may get worse with improper settings.

Go to Basic Network > WiFi > Advanced Configuration Tab.

Select Target WiFi

Target Configuration
Item Value setting Description
Select the WiFi module to check the information of connected clients.
Module Select A Must filled setting.
For those single WiFi module products, this option is hidden.
Specify the intended operation band for the WiFi module.
Basically, this setting is fixed and cannot be changed once the module is
Operation Band A Must filled setting.
integrated into the product. However, there is some module with selectable
band for user to choose according to his network environment.

Setup Advanced Configuration

101
Vehicle LTE Router AN-W02
Advanced Configuration
Item Value setting Description
The default setting is
It limits the available radio channel of this device.
Regulatory Domain according to where
The permissible channels depend on the Regulatory Domain.
the product sale to
It shows the time interval between each beacon packet broadcasted.
Beacon Interval 100
The beacon packet contains SSID, Channel ID and Security setting.
A DTIM (Delivery Traffic Indication Message) is a countdown informing
clients of the next window for listening to broadcast message. When the
DTIM Interval 3
device has buffered broadcast message for associated client, it sends the next
DTIM with a DTIM value.
RTS (Request to send) Threshold means when the packet size is over the
setting value, then active RTS technique.
RTS Threshold 2347
RTS/CTS is a collision avoidance technique.
It means RTS never activated when the threshold is set to 2347.
Wireless frames can be divided into smaller units (fragments) to improve
Fragmentation 2346
performance in the presence of RF interference at the limits of RF coverage.
The box is checked by WMM (Wi-Fi Multimedia) can help control latency and jitter when
WMM
default transmitting multimedia content over a wireless connection.
Short GI (Guard Interval) is defined to set the sending interval between each
By default 400ns is
Short GI packet. Note that lower Short GI could increase not only the transition rate
selected
but also error rate.
By default Best is It means the data transition rate. When Best is selected, the device will
TX Rate
selected choose a proper data rate according to signal strength.
By default Auto is
RF Bandwidth The setting of RF bandwidth limits the maximum data rate.
selected
By default 100% is Normally the wireless transmitter operates at 100% power. By setting the
Transmit Power
selected transmit power to control the Wi-Fi coverage.
When the client station associate with 2.4G Wi-Fi, the device will send the
The box is unchecked client to 5G Wi-Fi automatically if the client is available on accessing this 5G
5G Band Steering
by default Wi-Fi band.
This option is only available on the module that supports 5GHz band.
The WIDS (Wireless Intrusion Detection System) will analyze all packets and
The box is unchecked
WIDS make a statistic table in WiFi status.
by default
Go to Status > Basic Network > WiFi tab for detailed WIDS status.
Save N/A Click the Save button to save the current configuration.
Click the Undo button to restore configuration to previous setting before
Undo N/A
saving.

102
Vehicle LTE Router AN-W02

2.3.4 Uplink Profile

This device provides WiFi Uplink function for connecting to a wireless access point just like connected to a
wired WAN or cellular WAN connection. It can operate as a NAT gateway and link the devices wirelessly to the
uplink network or hosts.
To connect to the wireless access point, user has to enable the wireless Uplink function for a certain WiFi
Module (refer to Basic Network > WAN & Uplink > Physical Interface, Internet Setup tabs) first, and then
configure the Uplink profile(s) for the access point to be connected to in the Uplink Profile page.

Go to Basic Network > WiFi > Uplink Profile tab for configuring the Uplink Profile page.

Uplink Profile Setting

Setting
Item Value setting Description
1. A Must filled
Check the Enable box to activate the profile function.
setting.
Profile It is available only when the selected WiFi module is configured at WiFi Uplink
2. Unchecked by
mode.
default.
Select the WiFi module to check or configure the expected uplink profile(s).
Module Select A Must filled setting.
For those single WiFi module products, this option is hidden.
Specify the intended operation band for the WiFi module.
Basically, this setting is fixed and cannot be changed once the module is
integrated into the gateway product. However, there are some module with
Operation Band A Must filled setting.
selectable band for user to choose according to his network environment.
Under such situation, you can specify which operation band is suitable for the
application.
Specify the network selection methodology for connectin to an available wireless uplink
1. A Must filled network. It can be By Signal Strength or By User-defined priority.
When By Signal Strength is selected, the gateway will try to connect to the available
setting.
Priority uplink network whose wireless signal strength is the strongest.
2. By Signal Strength is When By User-defined is selected, the gateway will try to connect to the available uplink
selected by default. network whose priority is the highest (1 is the highest priority, and 16 is the lowest
priority).
After enabling Profile and connecting by a certain uplink profile, the profile name will be
Current Profile N/A
displayed.

103
Vehicle LTE Router AN-W02
Note: to apply the defined Uplink profile(s) for the gateway to find a best fit profile for connecting to a certain
uplink network, user has to Enable the Profile auto-connect function (Refer to Basic Network > WiFi >
(Module 1/ Module 2) WiFi Configuration tab.

Create/Edit Uplink Profile

The Profile List shows the settings for the created uplink profiles. The information includes Profile Name, SSID,
Channel, Authentication, Encryption, MAC Address, Signal Strength, Priority, and Enable.

When Add button is applied, Profile Configuration screen will appear.

Profile Configuration
Item Value setting Description
1. String format can be Enter a profile name for the uplink network specified below. It is a name that is
Profile Name any text easy for you to understand.
2. A Must filled setting Value Range: 1 ~ 64 characters.
Enter the SSID for the VAP, and decide whether to broadcast the SSID or not.
1. String format : Any
The SSID is used for identifying from another AP, and client stations will
text
Network ID (SSID) associate with AP according to SSID. If the broadcast SSID option is enabled, it
2. The box is checked
means the SSID will be broadcasted, and the stations can associate with this
by default.
device by scanning SSID.
1. A Must filled Select a radio channel for the VAP. Each channel is corresponding to different
setting. radio band. The permissible channels depend on the Regulatory Domain.
Channel
2. Auto is selected by There are two available options when Auto is selected:
default.  By AP Numbers

104
Vehicle LTE Router AN-W02
The channel will be selected according to AP numbers (The less, the
better).
 By Less Interference
The channel will be selected according to interference. (The lower, the
better).
Specify the authentication method for connecting with the uplink network. It
can be Open, Shared, WPA-SPK, or WPA2-PSK.
1. A Must filled setting When Open is selected, the preshared WEP key could be set for authentication;
Authentication 2. Open is selected by When Shared is selected, the preshared WEP key should be set for
default. authentication;
When WPA-PSK or WPA2-PSK is selected, The the TKIP or AES preshared key
should be set for authentication;
Select a suitable encryption method and enter the required key(s).
The available method in the dropdown list depends on the Authentication you
selected.
None
It means that the device is open system without encrypting.
WEP
Up to 4 WEP keys can be set, and you have to select one as current key. The key
1. A Must filled type can set to HEX or ASCII.
setting. If HEX is selected, the key should consist of (0 to 9) and (A to F).
Encryption
2. None is selected by If ASCII is selected, the key should consist of ASCII table.
default. TKIP
TKIP was proposed instead of WEP without upgrading hardware. Enter a
Preshared Key for it. The length of key is from 8 to 63 characters.
AES
The newest encryption system in WiFi, it also designed for the fast 802.11n high
bitrates schemes. Enter a Preshared Key for it. The length of key is from 8 to 63
characters.
You are recommended to use AES encryption instead of any others for security.
1. MAC Address string
Specify the MAC Address of the access point (with the Network ID) to be
MAC Address Format
connected to.
2. A Must fill setting
1. An Optional filled Specify a priority setting for the uplink profile when the By User-defined
Priority setting. methodology is selected. The priority value can be 1 ~ 16. 1 is the highest priority,
2. 16 is set by default. and 16 is the lowest priority).
The box is checked by Click the Enable box to activate this profile.
Enable
default.
Save N/A Click the Save button to save the configuration.
Click the Undo button to restore what you just configured back to the previous
Undo N/A
setting.
Back N/A When the Back button is clicked, the screen will return to the Profile List page.

Instead of manually enter the information for the uplink network, you can alslo click the Scan button to get the
available wireless networks around the device, and select one as the uplink network.

When the Scan button is applied, Wireless AP List will appear after few seconds.

105
Vehicle LTE Router AN-W02

Once you selected an AP from the AP list, the channel, SSID, Authentication, Encryption, and MAC address will
be automatically filled into the profile, you just have to enter a key for the uplink connection, if required.

106
Vehicle LTE Router AN-W02

2.4 IPv6
The growth of the Internet has created a need for more addresses than are possible with IPv4. IPv6 (Internet
Protocol version 6) is a version of the Internet Protocol (IP) intended to succeed IPv4, which is the protocol
currently used to direct almost all Internet traffic. IPv6 also implements additional features not present in IPv4.
It simplifies aspects of address assignment (stateless address auto-configuration), network renumbering and
router announcements when changing Internet connectivity providers.

2.4.1 IPv6 Configuration

The IPv6 Configuration setting allows user to set the IPv6 connection type to access the IPv6 network. This
gateway supports various types of IPv6 connection, including Static IPv6, DHCPv6, and PPPoEv6
Note: The available WAN connection types can be different, depending on the Interface type of WAN-1

107
Vehicle LTE Router AN-W02

IPv6 WAN Connection Type

Static IPv6
Static IPv6 does the same function as static IPv4. The static IPv6 provides manual setting of IPv6 address, IPv6
default gateway address, and IPv6 DNS.

Above diagram depicts the IPv6 IP addressing, type in the information provided by your ISP to setup the IPv6
network.

DHCPv6
DHCP in IPv6 does the same function as DHCP in IPv4. The DHCP server sends IP address, DNS server addresses
and other possible data to the DHCP client to configure automatically. The server also sends a lease time of
the address and time to re-contact the server for IPv6 address renewal. The client has then to resend a
request to renew the IPv6 address.

Above diagram depicts DHCP IPv6 IP addressing, the DHCPv6 server on the ISP side assigns IPv6 address, IPv6
default gateway address, and IPv6 DNS to client host’s automatically.
108
Vehicle LTE Router AN-W02

PPPoEv6
PPPoEv6 in IPv6 does the same function as PPPoE in IPv4. The PPPoEv6 server provides configuration
parameters based on PPPoEv6 client request. When PPPoEv6 server gets client request and successfully
authenticates it, the server sends IP address, DNS server addresses and other required parameters to
automatically configure the client.

The diagram above depicts the IPv6 addressing through PPPoE, PPPoEv6 server (DSLAM) on the ISP side
provides IPv6 configuration upon receiving PPPoEv6 client request. When PPPoEv6 server gets client request
and successfully authenticates it, the server sends IP address, DNS server addresses and other required
parameters to automatically configure the client.

109
Vehicle LTE Router AN-W02

IPv6 Configuration Setting

Go to Basic Network > IPv6 > Configuration Tab.

The IPv6 Configuration setting allows user to set the IPv6 connection type to access the IPv6 network.

IPv6 Configuration
Item Value setting Description
The box is unchecked
IPv6 Check the Enable box to activate the IPv6 function.
by default,
Define the selected IPv6 WAN Connection Type to establish the IPv6
connectivity via WAN-1 Interface.
1. A Must filled setting
Select Static IPv6 when your ISP provides you with a set IPv6 addresses.
WAN Connection 2. DHCPv6 is selected
Select DHCPv6 when your ISP provides you with DHCPv6 services.
Type by default
Select PPPoEv6 when your ISP provides you with PPPoEv6 account settings.

Note: The available WAN connection types can be different, depending on the
Interface type of WAN-1.

Static IPv6 WAN Type Configuration

Static IPv6 WAN Type Configuration

Item Value setting Description
110
Vehicle LTE Router AN-W02
IPv6 Address A Must filled setting Enter the WAN IPv6 Address for the router.
Subnet Prefix
A Must filled setting Enter the WAN Subnet Prefix Length for the router.
Length
Default Gateway A Must filled setting Enter the WAN Default Gateway IPv6 address.
Primary DNS An optional setting Enter the WAN primary DNS Server.
Secondary DNS An optional setting Enter the WAN secondary DNS Server.
The box is unchecked
MLD Snooping Enable/Disable the MLD Snooping function
by default

LAN Configuration

LAN Configuration
Item Value setting Description
Global Address A Must filled setting Enter the LAN IPv6 Address for the router.
Link-local Address Value auto-created Show the link-local address for LAN interface of router.

Then go to Address Auto-configuration (summary) for setting LAN environment.

If above setting is configured, click the Save button to save the configuration, and click the Reboot button to
reboot the router.

111
Vehicle LTE Router AN-W02
DHCPv6 WAN Type Configuration

DHCPv6 WAN Type Configuration

Item Value setting Description
The option [From
Select the [Specific DNS] option to active Primary DNS and Secondary DNS. Then
DNS Server] is selected by
fill the DNS information.
default
Can not modified by
Primary DNS Enter the WAN primary DNS Server.
default
Can not modified by
Secondary DNS Enter the WAN secondary DNS Server.
default
The box is unchecked
MLD Enable/Disable the MLD Snooping function
by default

LAN Configuration

LAN Configuration
Item Value setting Description
Global Address Value auto-created Enter the LAN IPv6 Address for the router.
Link-local Address Value auto-created Show the link-local address for LAN interface of router.

Then go to Address Auto-configuration (summary) for setting LAN environment.

If above setting is configured, click the Save button to save the configuration, and click Reboot button to
reboot the router.

112
Vehicle LTE Router AN-W02
PPPoEv6 WAN Type Configuration

PPPoEv6 WAN Type Configuration

Item Value setting Description
Enter the Account for setting up PPPoEv6 connection. If you want more
Account A Must filled setting information, please contact your ISP.
Value Range: 0 ~ 45 characters.
Enter the Password for setting up PPPoEv6 connection. If you want more
Password A Must filled setting
information, please contact your ISP.
Enter the Service Name for setting up PPPoEv6 connection. If you want more
A Must filled
Service Name information, please contact your ISP.
setting/Option
Value Range: 0 ~ 45 characters.
Connection Control Fixed value The value is Auto-reconnect(Always on).
Enter the MTU for setting up PPPoEv6 connection. If you want more
MTU A Must filled setting information, please contact your ISP.
Value Range: 1280 ~ 1492.
The box is unchecked
MLD Snooping Enable/Disable the MLD Snooping function
by default

LAN Configuration

LAN Configuration
Item Value setting Description
Global Address Value auto-created The LAN IPv6 Address for the router.
Link-local Address Value auto-created Show the link-local address for LAN interface of router.

Then go to Address Auto-configuration (summary) for setting LAN environment.

If above setting is configured, click the save button to save the configuration and click reboot button to reboot
113
Vehicle LTE Router AN-W02
the router.

Then go to Address Auto-configuration (summary) for setting LAN environment.

If above setting is configured, click the save button to save the configuration and click reboot button to reboot
the router.

Address Auto-configuration

Address Auto-configuration
Item Value setting Description
The box is unchecked
Auto-configuration Check to enable the Auto configuration feature.
by default
Define the selected IPv6 WAN Connection Type to establish the IPv6
connectivity.
Select Stateless to manage the Local Area Network to be SLAAC + RDNSS
Router Advertisement Lifetime (A Must filled setting): Enter the Router
Advertisement Lifetime (in seconds). 200 is set by default.
Value Range: 0 ~ 65535.
1. Only can be
selected when Auto-
Auto-configuration Select Stateful to manage the Local Area Network to be Stateful (DHCPv6).
configuration enabled
Type IPv6 Address Range (Start) (A Must filled setting): Enter the start IPv6 Address
2. Stateless is selected
for the DHCPv6 range for your local computers. 0100 is set by default.
by default
Value Range: 0001 ~ FFFF.

IPv6 Address Range (End) (A Must filled setting): Enter the end IPv6 Address for
the DHCPv6 range for your local computers. 0200 is set by default.
Value Range: 0001 ~ FFFF.

114
Vehicle LTE Router AN-W02
IPv6 Address Lifetime (A Must filled setting): Enter the DHCPv6 lifetime for your
local computers. 36000 is set by default.
Value Range: 0 ~ 65535.

115
Vehicle LTE Router AN-W02

2.5 Port Forwarding

Network address translation (NAT) is a methodology of remapping one IP address space into another by
modifying network address information in Internet Protocol (IP) datagram packet headers while they are in
transit across a traffic routing device. The technique was originally used for ease of rerouting traffic in IP
networks without renumbering every host. It has become a popular and essential tool in conserving global
address space allocations in face of IPv4 address exhaustion. The product you purchased embeds and activates
the NAT function. You also can disable the NAT function in [Basic Network]-[WAN & Uplink]-[Internet Setup]-
[WAN Type Configuration] page.

Usually all local hosts or servers behind corporate gateway are protected by NAT firewall. NAT firewall will filter
out unrecognized packets to protect your Intranet. So, all local hosts are invisible to the outside world. Port
forwarding or port mapping is function that redirects a communication request from one address and port
number combination to assigned one. This technique is most commonly used to make services on a host
residing on a protected or masqueraded (internal) network available to hosts on the opposite side of the
gateway (external network), by remapping the destination IP address and port number

There are several optional Port Forwarding related functions in this gateway. They are Virtual Server, Virtual
Computer, IP Translation, Special AP & ALG, DMZ and Pass Through, etc. The available functions might be
different for the purchased model.

116
Vehicle LTE Router AN-W02

2.5.1 Configuration

NAT Loopback
This feature allows you to access the WAN global IP address from your inside NAT local network. It is useful
when you run a server inside your network. For example, if you set a mail server at LAN side, your local
devices can access this mail server through gateway’s global IP address when enable NAT loopback feature. On
either side are you in accessing the email server, at the LAN side or at the WAN side, you don’t need to change
the IP address of the mail server.

Configuration Setting

Go to Basic Network > Port Forwarding > Configuration tab.

The NAT Loopback allows user to access the WAN IP address from inside your local network.

Enable NAT Loopback

Configuration
Item Value setting Description
NAT Loopback The box is checked by default Check the Enable box to activate this NAT function
Save N/A Click the Save button to save the settings.
Undo N/A Click the Undo button to cancel the settings

117
Vehicle LTE Router AN-W02

2.5.2 Virtual Server & Virtual Computer

There are some important Pot Forwarding functions implemented within the gateway, including "Virtual
Server", "NAT loopback" and "Virtual Computer".
It is necessary for cooperate staffs who travel outside and want to access various servers behind office
gateway. You can set up those servers by using "Virtual Server" feature. After trip, if want to access those
servers from LAN side by global IP, without change original setting, NAT Loopback can achieve it.
"Virtual computer" is a host behind NAT gateway whose IP address is a global one and is visible to the outside
world. Since it is behind NAT, it is protected by gateway firewall. To configure Virtual Computer, you just have
to map the local IP of the virtual computer to a global IP.

118
Vehicle LTE Router AN-W02

Virtual Server & NAT Loopback

"Virtual Server" allows you to access servers with the
global IP address or FQDN of the gateway as if they are
servers existed in the Internet. But in fact, these servers
are located in the Intranet and are physically behind the
gateway. The gateway serves the service requests by port
forwarding the requests to the LAN servers and transfers
the replies from LAN servers to the requester on the
WAN side. As shown in example, an E-mail virtual server
is defined to be located at a server with IP address
10.0.75.101 in the Intranet of Network-A, including SMTP
service port 25 and POP3 service port 110. So, the
remote user can access the E-mail server with the
gateway’s global IP 118.18.81.33 from its WAN side. But the real E-mail server is located at LAN side and the
gateway is the port forwarder for E-mail service.

NAT Loopback allows you to access the WAN global IP address from your inside NAT local network. It is useful
when you run a server inside your network. For example, if you set a mail server at LAN side, your local
devices can access this mail server through gateway’s global IP address when enable NAT loopback feature. On
either side are you in accessing the email server, at the LAN side or at the WAN side, you don’t need to change
the IP address of the mail server.

Virtual Computer
"Virtual Computer" allows you to assign LAN hosts to
global IP addresses, so that they can be visible to outside
world. While so, they are also protected by the gateway
firewall as being client hosts in the Intranet. For example,
if you set a FTP file server at LAN side with local IP
address 10.0.75.102 and global IP address 118.18.82.44,
a remote user can access the file server while it is hidden
behind the NAT gateway. That is because the gateway
takes care of all accessing to the IP address 118.18.82.44,
including to forward the access requests to the file
server and to send the replies from the server to outside
world.

119
Vehicle LTE Router AN-W02

Virtual Server & Virtual Computer Setting

Go to Basic Network > Port Forwarding > Virtual Server & Virtual Computer tab.

Enable Virtual Server and Virtual Computer

Configuration
Item Value setting Description
The box is unchecked by
Virtual Server Check the Enable box to activate this port forwarding function
default
The box is checked by
Virtual Computer Check the Enable box to activate this port forwarding function
default
Save N/A Click the Save button to save the settings.
Undo N/A Click the Undo button to cancel the settings.

Create / Edit Virtual Server

The gateway allows you to custom your Virtual Server rules. It supports up to a maximum of 20 rule-based
Virtual Server sets.

When Add button is applied, Virtual Server Rule Configuration screen will appear.

120
Vehicle LTE Router AN-W02

Virtual Server Rule Configuration

Item Value setting Description
Define the selected interface to be the packet-entering interface of the
gateway.
If the packets to be filtered are coming from WAN-x then select WAN-x for this
1. A Must filled setting field.
WAN Interface
2. Default is ALL. Select ALL for packets coming into the gateway from any interface.
It can be selected WAN-x box when WAN-x enabled.
Note: The available check boxes (WAN-1 ~ WAN-4) depend on the number of
WAN interfaces for the product.
This field is to specify the IP address of the interface selected in the WAN
Server IP A Must filled setting
Interface setting above.
When “ICMPv4” is selected
It means the option “Protocol” of packet filter rule is ICMPv4.
Apply Time Schedule to this rule, otherwise leave it as Always. (refer to
Scheduling setting under Object Definition)
Then check Enable box to enable this rule.

When “TCP” is selected

It means the option “Protocol” of packet filter rule is TCP.
Public Port selected a predefined port from Well-known Service, and Private
Protocol A Must filled setting Port is the same with Public Port number.
Public Port is selected Single Port and specify a port number, and Private Port
can be set a Single Port number.
Public Port is selected Port Range and specify a port range, and Private Port
can be selected Single Port or Port Range.
Value Range: 1 ~ 65535 for Public Port, Private Port.

When “UDP” is selected

It means the option “Protocol” of packet filter rule is UDP.
Public Port selected a predefined port from Well-known Service, and Private
121
Vehicle LTE Router AN-W02
Port is the same with Public Port number.
Public Port is selected Single Port and specify a port number, and Private Port
can be set a Single Port number.
Public Port is selected Port Range and specify a port range, and Private Port
can be selected Single Port or Port Range.
Value Range: 1 ~ 65535 for Public Port, Private Port.

When “TCP & UDP” is selected

It means the option “Protocol” of packet filter rule is TCP and UDP.
Public Port selected a predefined port from Well-known Service, and Private
Port is the same with Public Port number.
Public Port is selected Single Port and specify a port number, and Private Port
can be set a Single Port number.
Public Port is selected Port Range and specify a port range, and Private Port
can be selected Single Port or Port Range.
Value Range: 1 ~ 65535 for Public Port, Private Port.

When “GRE” is selected

It means the option “Protocol” of packet filter rule is GRE.

When “ESP” is selected

It means the option “Protocol” of packet filter rule is ESP.

When “SCTP” is selected

It means the option “Protocol” of packet filter rule is SCTP.

When “User-defined” is selected

It means the option “Protocol” of packet filter rule is User-defined.
For Protocol Number, enter a port number.
1. An optional filled setting Apply Time Schedule to this rule; otherwise leave it as (0)Always. (refer to
Time Schedule 2. (0)Always Is selected by Scheduling setting under Object Definition)
default.
1. An optional filled setting
Rule 2.The box is unchecked by Check the Enable box to activate the rule.
default.
Save N/A Click the Save button to save the settings.
Undo N/A Click the Undo button to cancel the settings.
Back N/A When the Back button is clicked the screen will return to previous page.

122
Vehicle LTE Router AN-W02
Create / Edit Virtual Computer

The gateway allows you to custom your Virtual Computer rules. It supports up to a maximum of 20 rule-based
Virtual Computer sets.

When Add button is applied, Virtual Computer Rule Configuration screen will appear.

Virtual Computer Rule Configuration

Item Value setting Description
Global IP A Must filled setting This field is to specify the IP address of the WAN IP.
Local IP A Must filled setting This field is to specify the IP address of the LAN IP.
Enable N/A Then check Enable box to enable this rule.
Save N/A Click the Save button to save the settings.

123
Vehicle LTE Router AN-W02

2.5.3 DMZ & Pass Through

DMZ (De Militarized Zone) Host is a host that is exposed to the Internet cyberspace but still within the
protection of firewall by gateway device. So, the function allows a computer to execute 2-way communication
for Internet games, Video conferencing, Internet telephony and other special applications. In some cases
when a specific application is blocked by NAT mechanism, you can indicate that LAN computer as a DMZ host
to solve this problem.
The DMZ function allows you to ask the gateway pass through all normal packets to the DMZ host behind the
NAT gateway only when these packets are not expected to receive by applications in the gateway or by other
client hosts in the Intranet. Certainly, the DMZ host is also protected by the gateway firewall. Activate the
feature and specify the DMZ host with a host in the Intranet when needed.

DMZ Scenario
When the network administrator wants to set up
some service daemons in a host behind NAT
gateway to allow remote users request for services
from server actively, you just have to configure this
host as DMZ Host. As shown in the diagram, there
is an X server installed as DMZ host, whose IP
address is 10.0.75.100. Then, remote user can
request services from X server just as it is provided
by the gateway whose global IP address is
118.18.81.33. The gateway will forward those
packets, not belonging to any configured virtual
server or applications, directly to the DMZ host.

124
Vehicle LTE Router AN-W02
VPN Pass through Scenario
Since VPN traffic is different from that of TCP or
UDP connection, it will be blocked by NAT gateway.
To support the pass through function for the VPN
connections initiating from VPN clients behind NAT
gateway, the gateway must implement some kind
of VPN pass through function for such application.
The gateway support the pass through function for
IPSec, PPTP, and L2TP connections, you just have
to check the corresponding checkbox to activate it.

DMZ & Pass Through Setting

Go to Basic Network > Port Forwarding > DMZ & Pass Through tab.

The DMZ host is a host that is exposed to the Internet cyberspace but still within the protection of firewall by
gateway device.

Enable DMZ and Pass Through

Configuration
Item Value setting Description
DMZ 1. A Must filled setting 2. Check the Enable box to activate the DMZ function
Default is ALL. Define the selected interface to be the packet-entering interface of the
gateway, and fill in the IP address of Host LAN IP in DMZ Host field
.
If the packets to be filtered are coming from WAN-x then select WAN-x for
this field.
Select ALL for packets coming into the router from any interfaces.
125
Vehicle LTE Router AN-W02
It can be selected WAN-x box when WAN-x enabled.

Note: The available check boxes (WAN-1 ~ WAN-4) depend on the number
of WAN interfaces for the product.
Pass Through Enable The boxes are checked by Check the box to enable the pass through function for the IPSec, PPTP, and
default L2TP.
With the pass through function enabled, the VPN hosts behind the gateway
still can connect to remote VPN servers.
Save N/A Click the Save button to save the settings.
Undo N/A Click the Undo button to cancel the settings

126
Vehicle LTE Router AN-W02

2.5.4 Special AP & ALG

As a NAT gateway, it doesn't allow an active connection request from outside world. All this kind of requests
will be ignored by the NAT gateway. But at the client hosts in the Intranet, users may use applications that
need more service ports to be allowed for passing through the NAT gateway. The "Special AP (application)"
feature in the gateway can solve this problem. That is, some applications require multiple connections, like
Internet games, Video conferencing, Internet telephony, etc. Because of the firewall function, these
applications cannot work with a pure NAT gateway. The Special AP feature allows some of these applications
to work with this product.
Besides, application-level gateway (ALG) allows customized NAT traversal filters to be plugged into the gateway
to support address and port translation for certain application layer "control/data" protocols such as FTP,
BitTorrent, SIP, RTSP, file transfer in IM applications, etc. In order for these protocols to work through NAT or a
firewall, either the application has to know about an address/port number combination that allows incoming
packets, or the NAT has to monitor the control traffic and open up port mappings (firewall pinhole)
dynamically as required. Legitimate application data can thus be passed through the security checks of the
firewall or NAT that would have otherwise restricted the traffic for not meeting its limited filter criteria.

Special AP

The Special AP feature allows you to request

the gateway open a pre-defined service
ports for incoming packets to pass through
once the trigger port is activated by local
hosts. As shown in the diagram, special AP
rule define port 554 as trigger port and
6970~6999 as incoming ports. With such
setting, local user at host 10.0.75.100 can
enjoy the music by using Quick Time
application, whose media server is located in
the Internet. When you open application, it
will activate Trigger Port and then incoming
data packet from remote application server will pass through incoming port 6970~6999.

127
Vehicle LTE Router AN-W02
SIP ALG
This gateway supports the SIP ALG feature to allow one SIP phone behind the NAT gateway can call another
SIP phone in the Internet, even the gateway executes its NAT mechanism between the Intranet and the
Internet. The NAT gateway monitors the control traffic and open up port mappings (firewall pinhole)
dynamically as required to know about an address/port number combination that allows incoming packets, so
it will support address and port translation for SIP application layer "control/data" protocols as shown in
following diagram. The NAT Gateway enables the SIP ALG feature, so it will monitor the SIP Phone #1 actions,
open up the required ports and make the address and port translation in a SIP voice communication.

As shown in the diagram, the calling starts

from the SIP Phone #1 to the SIP server via
the NAT gateway. Then the SIP server
invites the SIP Phone #2 and finally, the
SIP Phone #1 talks to the SIP Phone #2.
But for the NAT gateway, SIP Phone #2 is
an unknown host, so the active access
from the Phone #2 will be treated as
unexpected traffic and will be blocked out.
With the SIP ALG function enabled, the
NAT gateway will monitor the control
traffic for the SIP calls, and recognized the
traffic from SIP Phone #2 is part of the
connection sessions with SIP Phone #1.

128
Vehicle LTE Router AN-W02

Special AP & ALG Setting

Go to Basic Network > Port Forwarding > Special AP & ALG tab.

The Special AP setting allows some applications require multiple connections. The ALG setting allows user to
Support some SIP ALG, like STUN.

Enable Special AP & ALG

Configuration
Item Value setting Description
Special AP The box is checked by Check the Enable box to activate the Special AP function.
default
ALG Enable The box is checked by Check the Enable box to activate the SIP ALG function.
default
Save N/A Click the Save button to save the settings.
Undo N/A Click the Undo button to cancel the settings

Create / Edit Special AP Rule

The gateway allows you to custom your Special AP rules. It supports up to a maximum of 8 rule-based Special
AP sets.

When Add button is applied, Special AP Rule Configuration screen will appear.

129
Vehicle LTE Router AN-W02

IP Translation Configuration
Item Value setting Description
WAN Interface 1. A Must filled setting Check the interface box(es) to apply the Special AP rule.
2.All is checked by default. By default, All is checked, and the Special AP rule will be applied to all WAN
interfaces.
Trigger Port 1. A Must filled setting Enter the expected trigger port (or port range) if User-defined is selected in
2.User-defined is selected the dropdown list.
by default. If you select other popular application from the dropdown list, the
corresponding trigger port(s) and incoming ports will be defined
automatically.
Value Range: 1 ~ 65535.
Incoming Ports 1. A Must filled setting Enter the expected Incoming ports if User-defined is selected in the Trigger
Port dropdown list.
If you select other popular application from the dropdown list, the
corresponding incoming ports will be defined automatically.
Value Range: 1 ~ 65535; It can be a single port, multiple ports separated by
“,”, .or port range.
Time Schedule 1. An Must filled setting Apply Time Schedule to this rule, otherwise leave it as Always.
2.(0) Always is selected by If the dropdown list is empty ensure Time Schedule is pre-configured. Refer
default. to Object Definition > Scheduling > Configuration tab.
Rule The box is unchecked by Check the Enable box to activate the special AP rule.
default
Save N/A Click the Save button to save the settings.
Undo N/A Click the Undo button to cancel the settings

130
Vehicle LTE Router AN-W02

2.6 Routing

If you have more than one router and subnet, you will need to enable routing function to allow packets to find
proper routing path and allow different subnets to communicate with each other. Routing is the process of
selecting best paths in a network. It is performed for many kinds of networks, like electronic data networks
(such as the Internet), by using packet switching technology. The routing process usually directs forwarding on
the basis of routing tables which maintain a record of the routes to various network destinations. Thus,
constructing routing tables, which are held in the router's memory, is very important for efficient routing. Most
routing algorithms use only one network path at a time.

The routing tables record your pre-defined routing paths for some specific destination subnets. It is static
routing. However, if the contents of routing tables record the obtained routing paths from neighbor routers by
using some protocols, such as RIP, OSPF and BGP. It is dynamic routing. These both routing approaches will be
illustrated one after one. In addition, the gateway also built in one advanced configurable routing software
Quagga for more complex routing applications, you can configure it if required via Telnet CLI.

131
Vehicle LTE Router AN-W02

2.6.1 Static Routing

"Static Routing" function lets you define the routing paths for some dedicated hosts/servers or subnets to store
in the routing table of the gateway. The gateway routes incoming packets to different peer gateways based on
the routing table. You need to define the static routing information in gateway routing rule list.
When the administrator of the gateway wants to
specify what kinds of packets to be transferred via
which gateway interface and which peer gateway to
their destination. It can be carried out by the "Static
Routing" feature. Dedicated packet flows from the
Intranet will be routed to their destination via the pre-
defined peer gateway and corresponding gateway
interface that are defined in the system routing table
by manual.
As shown in the diagram, when the destination is
Google access, rule 1 set interface as ADSL, routing
gateway as IP-DSLAM gateway 192.168.121.253. All the
packets to Google will go through WAN-1. And the
same way applied to rule 2 of access Yahoo. Rule 2 sets
3G/4G as interface.

132
Vehicle LTE Router AN-W02

Static Routing Setting

Go to Basic Network > Routing > Static Routing Tab.

There are three configuration windows for static routing feature, including "Configuration", "Static Routing
Rule List" and "Static Routing Rule Configuration" windows. "Configuration" window lets you activate the
global static routing feature. Even there are already routing rules, if you want to disable routing temporarily,
just uncheck the Enable box to disable it. "Static Routing Rule List" window lists all your defined static routing
rule entries. Using "Add" or "Edit" button to add and create one new static routing rule or to modify an
existed one.
When "Add" or "Edit" button is applied, the "Static Routing Rule Configuration" window will appear to let you
define a static routing rule.

Enable Static Routing

Just check the Enable box to activate the "Static Routing" feature.

Static Routing
Item Value setting Description
The box is unchecked by
Static Routing Check the Enable box to activate this function
default

Create / Edit Static Routing Rules

The Static Routing Rule List shows the setup parameters of all static routing rule entries. To configure a static
routing rule, you must specify related parameters including the destination IP address and subnet mask of
dedicated host/server or subnet, the IP address of peer gateway, the metric and the rule activation.

The gateway allows you to custom your static routing rules. It supports up to a maximum of 64 rule sets. When
Add button is applied, Static Routing Rule Configuration screen will appear, while the Edit button at the end
133
Vehicle LTE Router AN-W02
of each static routing rule can let you modify the rule.

IPv4 Static Routing

Item Value setting Description
1. IPv4 Format
Destination IP Specify the Destination IP of this static routing rule.
2. A Must filled setting
255.255.255.0 (/24) is set by
Subnet Mask Specify the Subnet Mask of this static routing rule.
default
1. IPv4 Format
Gateway IP Specify the Gateway IP of this static routing rule.
2. A Must filled setting
Select the Interface of this static routing rule. It can be Auto, or the available
Interface Auto is set by default
WAN / LAN interfaces.
1. Numberic String Format The Metric of this static routing rule.
Metric
2. A Must filled setting Value Range: 0 ~ 255.
The box is unchecked by
Rule Click Enable box to activate this rule.
default.
Save NA Click the Save button to save the configuration
Click the Undo button to restore what you just configured back to the previous
Undo NA
setting.
When the Back button is clicked the screen will return to the Static Routing
Back NA
Configuration page.

134
Vehicle LTE Router AN-W02

2.6.2 Dynamic Routing

Dynamic Routing, also called adaptive routing, describes the capability of a system, through which routes are
characterized by their destination, to alter the path that the route takes through the system in response to a
change in network conditions.
This gateway supports dynamic routing protocols, including RIPv1/RIPv2 (Routing Information Protocol), OSPF
(Open Shortest Path First), and BGP (Border Gateway Protocol), for you to establish routing table
automatically. The feature of dynamic routing will be very useful when there are lots of subnets in your
network. Generally speaking, RIP is suitable for small network. OSPF is more suitable for medium network.
BGP is more used for big network infrastructure.

The supported dynamic routing protocols are described as follows.

135
Vehicle LTE Router AN-W02

RIP Scenario
The Routing Information Protocol (RIP) is one of the
oldest distance-vector routing protocols, which
employs the hop count as a routing metric. RIP
prevents routing loops by implementing a limit on the
number of hops allowed in a path from the source to a
destination. The maximum number of hops allowed
for RIP is 15. This hop limit, however, also limits the
size of networks that RIP can support. A hop count of
16 is considered an infinite distance, in other words
the route is considered unreachable. RIP implements
the split horizon, route poisoning and hold-down
mechanisms to prevent incorrect routing information
from being propagated.

OSPF Scenario
Open Shortest Path First (OSPF) is a routing protocol
that uses link state routing algorithm. It is the most
widely used interior gateway protocol (IGP) in large
enterprise networks. It gathers link state information
from available routers and constructs a topology map
of the network. The topology is presented as a routing
table which routes datagrams based solely on the
destination IP address.
Network administrator can deploy OSPF gateway in
large enterprise network to get its routing table from
the enterprise backbone, and forward routing
information to other routers, which are no linked to
the enterprise backbone. Usually, an OSPF network is
subdivided into routing areas to simplify
administration and optimize traffic and resource
utilization.
As shown in the diagram, OSPF gateway gathers routing information from the backbone gateways in area 0,
and will forward its routing information to the routers in area 1 and area 2 which are not in the backbone.

136
Vehicle LTE Router AN-W02

BGP Scenario
Border Gateway Protocol (BGP) is a standard exterior
gateway protocol designed to exchange routing and
reachability information between autonomous systems
(AS) on the Internet. It usually makes routing decisions
based on paths, network policies, or rule-sets.
Most ISPs use BGP to establish routing between one
another (especially for multi-homed). Very large private
IP networks also use BGP internally. The major BGP
gateway within one AS will links with some other
border gateways for exchanging routing information. It
will distribute the collected data in AS to all routers in
other AS.
As shown in the diagram, BGP 0 is gateway to dominate
AS0 (self IP is 10.100.0.1 and self ID is 100). It links with other BGP gateways in the Internet. The scenario is
like Subnet in one ISP to be linked with the ones in other ISPs. By operating with BGP protocol, BGP 0 can
gather routing information from other BGP gateways in the Internet. And then it forwards the routing data to
the routers in its dominated AS. Finally, the routers resided in AS 0 know how to route packets to other AS.

137
Vehicle LTE Router AN-W02

Dynamic Routing Setting

Go to Basic Network > Routing > Dynamic Routing Tab.

The dynamic routing setting allows user to customize RIP, OSPF, and BGP protocol through the router based
on their office setting.
In the "Dynamic Routing" page, there are several configuration windows for dynamic routing feature. They are
the "RIP Configuration" window, "OSPF Configuration" window, "OSPF Area List", "OSPF Area Configuration",
"BGP Configuration", "BGP Neighbor List" and "BGP Neighbor Configuration" window. RIP, OSPF and BGP
protocols can be configured individually.
The "RIP Configuration" window lets you choose which version of RIP protocol to be activated or disable it.
The "OSPF Configuration" window can let you activate the OSPF dynamic routing protocol and specify its
backbone subnet. Moreover, the "OSPF Area List" window lists all defined areas in the OSPF network.
However, the "BGP Configuration" window can let you activate the BGP dynamic routing protocol and specify
its self ID. The "BGP Neighbor List" window lists all defined neighbors in the BGP network.

RIP Configuration
The RIP configuration setting allows user to customize RIP protocol through the router based on their office
setting.

RIP Configuration
Item Value setting Description
Select Disable will disable RIP protocol.
RIP Enable Disable is set by default Select RIP v1 will enable RIPv1 protocol.
Select RIP v2 will enable RIPv2 protocol.

OSPF Configuration

The OSPF configuration setting allows user to customize OSPF protocol through the router based on their
office setting.

138
Vehicle LTE Router AN-W02

OSPF Configuration
Item Value setting Description
OSPF Disable is set by default Click Enable box to activate the OSPF protocol.
1. IPv4 Format
Router ID The Router ID of this router on OSPF protocol
2. A Must filled setting
The Authentication method of this router on OSPF protocol.
Select None will disable Authentication on OSPF protocol.
Select Text will enable Text Authentication with entered the Key in this field on
Authentication None is set by default
OSPF protocol.
Select MD5 will enable MD5 Authentication with entered the ID and Key in
these fields on OSPF protocol.
1. Classless Inter Domain
Routing (CIDR) Subnet
Backbone
Mask Notation. (Ex: The Backbone Subnet of this router on OSPF protocol.
Subnet
192.168.1.0/24)
2. A Must filled setting

Create / Edit OSPF Area Rules

The gateway allows you to custom your OSPF Area List rules. It supports up to a maximum of 32 rule sets.

When Add button is applied, OSPF Area Rule Configuration screen will appear.

139
Vehicle LTE Router AN-W02

OSPF Area Configuration

Item Value setting Description
1. Classless Inter Domain
Routing (CIDR) Subnet
Area Subnet Mask Notation. (Ex: The Area Subnet of this router on OSPF Area List.
192.168.1.0/24)
2. A Must filled setting
1. IPv4 Format
Area ID The Area ID of this router on OSPF Area List.
2. A Must filled setting
The box is unchecked by
Area Click Enable box to activate this rule.
default.
Save N/A Click the Save button to save the configuration

140
Vehicle LTE Router AN-W02
BGP Configuration

The BGP configuration setting allows user to customize BGP protocol through the router setting.

BGP Network Configuration

Item Value setting Description
BGP The box is unchecked by Check the Enable box to activate the BGP protocol.
default
ASN 1. Numberic String Format The ASN Number of this router on BGP protocol.
2. A Must filled setting Value Range: 1 ~ 4294967295.
Router ID 1. IPv4 Format The Router ID of this router on BGP protocol.
2. A Must filled setting

Create / Edit BGP Network Rules

The gateway allows you to custom your BGP Network rules. It supports up to a maximum of 32 rule sets.

When Add button is applied, BGP Network Configuration screen will appear.

Item Value setting Description

Network Subnet 1. IPv4 Format The Network Subnet of this router on BGP Network List. It composes of entered

141
Vehicle LTE Router AN-W02
2. A Must filled setting the IP address in this field and the selected subnet mask.
The box is unchecked by
Network Click Enable box to activate this rule.
default.
Save N/A Click the Save button to save the configuration

Create / Edit BGP Neighbor Rules

The gateway allows you to custom your BGP Neighbor rules. It supports up to a maximum of 32 rule sets.

When Add button is applied, BGP Neighbor Configuration screen will appear.

BGP Neighbor Configuration

Item Value setting Description
1. IPv4 Format
Neighbor IP The Neighbor IP of this router on BGP Neighbor List.
2. A Must filled setting
1. Numberic String Format The Remote ASN of this router on BGP Neighbor List.
Remote ASN
2. A Must filled setting Value Range: 1 ~ 4294967295.
The box is unchecked by
Neighbor Click Enable box to activate this rule.
default.
Save N/A Click the Save button to save the configuration

142
Vehicle LTE Router AN-W02

2.6.3 Routing Information

The routing information allows user to view the routing table and policy routing information. Policy Routing
Information is only available when the Load Balance function is enabled and the Load Balance Strategy is By
User Policy.

Go to Basic Network > Routing > Routing Information Tab.

Routing Table
Item Value setting Description
Destination IP N/A Routing record of Destination IP. IPv4 Format.
Subnet Mask N/A Routing record of Subnet Mask. IPv4 Format.
Gateway IP N/A Routing record of Gateway IP. IPv4 Format.
Metric N/A Routing record of Metric. Numeric String Format.
Interface N/A Routing record of Interface Type. String Format.

Policy Routing Information

Item Value setting Description
Policy Routing Source N/A Policy Routing of Source. String Format.
Source IP N/A Policy Routing of Source IP. IPv4 Format.
Destination IP N/A Policy Routing of Destination IP. IPv4 Format.
Destination Port N/A Policy Routing of Destination Port. String Format.
WAN Interface N/A Policy Routing of WAN Interface. String Format.

143
Vehicle LTE Router AN-W02

2.7 DNS & DDNS

How does user access your server if your WAN IP address changes all the time? One way is to register a new
domain name, and maintain your own DNS server. Another simpler way is to apply a domain name to a third-
party DDNS service provider. The service can be free or charged. If you want to understand the basic concepts
of DNS and Dynamic DNS, you can refer to Wikipedia website10,11.

2.7.1 DNS & DDNS Configuration

Dynamic DNS
To host your server on a changing IP address, you
have to use dynamic domain name service (DDNS).
Therefore, anyone wishing to reach your host only
needs to know the domain name. Dynamic DNS will
map the name of your host to your current IP
address, which changes each time you connect your
Internet service provider.

The Dynamic DNS service allows the gateway to alias

a public dynamic IP address to a static domain
name, allowing the gateway to be more easily
accessed from various locations on the Internet. As
shown in the diagram, user registered a domain
name to a third-party DDNS service provider (NO-IP) to use DDNS function. Once the IP address of designated
WAN interface has changed, the dynamic DNS agent in the gateway will inform the DDNS server with the new
IP address. The server automatically re-maps your domain name with the changed IP address. So, other hosts
or remote users in the Internet world are able to link to your gateway by using your domain name regardless of
the changing global IP address.

10 http://en.wikipedia.org/wiki/Domain_Name_System
11 http://en.wikipedia.org/wiki/Dynamic_DNS
144
Vehicle LTE Router AN-W02

DNS & DDNS Setting

Go to Basic Network > DNS & DDNS > Configuration Tab.

The DNS & DDNS setting allows user to setup Dynamic DNS feature and DNS redirect rules.

Setup Dynamic DNS

The gateway allows you to custom your Dynamic DNS settings.

DDNS (Dynamic DNS) Configuration

Item Value setting Description
The box is unchecked by
DDNS Check the Enable box to activate this function.
default
WAN Interface WAN 1 is set by default Select the WAN Interface IP Address of the gateway.
DynDNS.org (Dynamic) is Select your DDNS provider of Dynamic DNS. It can be DynDNS.org(Dynamic),
Provider
set by default DynDNS.org(Custom), NO-IP.com, etc...
1. String format can be any
Your registered host name of Dynamic DNS.
Host Name text
Value Range: 0 ~ 63 characters.
2. A Must filled setting
1. String format can be any
User Name / E-
text Enter your User name or E-mail addresss of Dynamic DNS.
Mail
2. A Must filled setting
1. String format can be any
Password / Key text Enter your Password or Key of Dynamic DNS.
2. A Must filled setting
Save N/A Click Save to save the settings
Undo N/A Click Undo to cancel the settings

145
Vehicle LTE Router AN-W02
Setup DNS Redirect

DNS redirect is a special function to redirect certain traffics to a specified host. Administator can manage the
internet / intranet traffics that are going to access some restricted DNS and force those traffics to be redirected
to a specified host.

DNS Redirect Configuration

Item Value setting Description
The box is unchecked by
DNS Redirect Check the Enable box to activate this function.
default
Save N/A Click Save to save the settings
Undo N/A Click Undo to cancel the settings

If you enabled the DNS Redirect function, you have to further specify the redirect rules. According to the rules,
the gateway can redirect the traffic that matched the DNS to corresponding pre-defined IP address.

When Add button is applied, Redirect Rule screen will appear.

Redirect Rule Configuration

Item Value setting Description
1. String format can be any Enter a domain name to be redirect. The traffic to specified domain name will
Domain Name
text be redirect to the following IP address.
146
Vehicle LTE Router AN-W02
2. A Must filled setting Value Range: at least 1 character is required; ‘*’ for any.
1. IPv4 format
IP Enter an IP Address as the target for the DNS redirect.
2. A Must filled setting
Specify when will the DNS redirect action can be applied.
1. A Must filled setting It can be Always, or WAN Block.
Condition 2. Always is selected by Always: The DNS redirect function can be applied to matched DNS all the time.
default. WAN Block: The DNS redirect function can be applied to matched DNS only
when the WAN connection is disconneced, or un-reachable.
1. String format can be any
Enter a brief description for this rule.
Description text
Value Range: 0 ~ 63 characters.
2. A Must filled setting
The box is unchecked by
Enable Click the Enable button to activate this rule.
default
Save N/A Click Save to save the settings
Undo N/A Click Undo to cancel the settings

147
Vehicle LTE Router AN-W02

2.8 QoS
The total amount of data traffic increases nowadays as the higher demand of mobile applications, like Game /
Chat / VoIP / P2P / Video / Web access. In order to pose new requirements for data transport, e.g. low latency,
low data loss, the entire network must ensure them via a connection service guarantee.

The main goal of QoS (Quality of Service) is prioritizing incoming data, and preventing data loss due to factors
such as jitter, delay and dropping. Another important aspect of QoS is ensuring that prioritizing one data flow
doesn’t interfere with other data flows. So, QoS helps to prioritize data as it enters your router. By attaching
special identification marks or headers to incoming packets, QoS determines which queue the packets enter,
based on priority. This is useful when there are certain types of data you want to give higher priority to, such as
voice packets given higher priority than Web data packets.

To utilize your network throughput completely, administrator must define bandwidth control rules carefully to
balance the utilization of network bandwidth for all users to access. It is indeed required that an access
gateway satisfies the requirements of latency-critical applications, minimum access right guarantee, fair
bandwidth usage for same subscribed condition and flexible bandwidth management. AN-W02 Security
Gateway provides a Rule-based QoS to carry out the requirements.

2.8.1 QoS Configuration

This gateway provides lots of flexible rules for you to set QoS policies. Basically, you need to know three parts
of information before you create your own policies. First, “who” needs to be managed? Second, “what” kind of
service needs to be managed? The last part is “how” you prioritize. Once you have this information, you can
continue to learn functions in this section in more detail.

QoS Rule Configuration

When you want to add a new QoS rule or edit one already existed, the "QoS Rule Configuration" window
shows up for you to configure. The parameters in a rule include the applied WAN interfaces, the dedicated
host group based on MAC address or IP address, the dedicated kind of service packets, the system resource to
be distributed, the corresponding control function for your specified resource, the packet flow direction, the
sharing method for the control function, the integrated time schedule rule and the rule activation. Following
diagram illustrates how to organize a QoS rule.

148
Vehicle LTE Router AN-W02

In above diagram, a QoS rule is organized by the premise part and the conclusion part. In the premise part,
you must specify the WAN interface, host group, service type in the packets, packet flow direction to be
watched and the sharing method of group control or individual control. However, in the conclusion part, you
must make sure which kind of system resource to distribute and the control function based on the chosen
system resource for the rule.
The Rule-based QoS has following features.
Multiple Group Categories
Specify the group category in a QoS rule for the target objects to be applied on.
Group Category can be based on VLAN ID, MAC Address, IP Address, Host Name or Packet Length.
Differentiated Services
Specify the service type in a QoS rule for the target packets to be applied on.
Differentiated services can be based on 802.1p, DSCP, TOS, VLAN ID, User-defined Services and Well-known
Services. Well-known services include FTP(21), SSH(TCP:22), Telnet(23), SMTP(25), DNS(53), TFTP(UDP:69),
HTTP(TCP:80), POP3(110), Auth(113), SFTP(TCP:115), SNMP&Traps(UDP:161-162), LDAP(TCP:389),
HTTPS(TCP:443), SMTPs(TCP:465), ISAKMP(500), RTSP(TCP:554), POP3s(TCP:995), NetMeeting(1720),
L2TP(UDP:1701) and PPTP(TCP:1723).
Available Control Functions
There are 4 resources can be applied in a QoS rule: bandwidth, connection sessions, priority queues and
DiffServ Code Point (DSCP). Control function that acts on target objects for specific services of packet flow is
based on these resources.

149
Vehicle LTE Router AN-W02
For bandwidth resource, control functions include guaranteeing bandwidth and limiting bandwidth. For
priority queue resource, control function is setting priority. For DSCP resource, control function is DSCP
marking. The last resource is Connection Sessions; the related control function is limiting connection sessions.
Individual / Group Control
One QoS rule can be applied to individual member or whole group in the target group. This feature depends
on model.
Outbound / Inbound Control
One QoS rule can be applied to the outbound or inbound direction of packet flow, even them both. This
feature depends on model.

Two QoS rule examples are listed as below.

QoS Rule Example #1 - Connection Sessions

When administrator wants to limit maximum connection sessions from some client hosts (IP
10.0.75.16~31) to 20000 to avoid resource unbalanced, he can setup this rule as above
configuration.
This rule defines that all client hosts, whose IP address is in the range of 10.0.75.16~31, can access
the Internet via "WAN-1" interface under the limitation of the maximum 20000 connection sessions
totally at any time

150
Vehicle LTE Router AN-W02
QoS Rule Example #2 – DifferServ Code Points

When the administrator of the gateway wants to convert the code point value, "IP Precedence
4(CS4)", in the packets from some client hosts (IP 10.0.75.196~199) to the code value, "AF
Class2(High Drop)", he can use the "Rule-based QoS" function to carry out this rule by defining an
QoS rule as shown in above configuration. Under such configuration, all packets from WAN
interfaces to LAN IP address 10.0.75.196 ~ 10.0.75.199 which have DiffServ code points with “IP
Precedence 4(CS4)” value will be modified by “DSCP Marking” control function with “AF Class 2(High
Drop)” value at any time.

151
Vehicle LTE Router AN-W02

QoS Configuration Setting

Go to Basic Network > QoS > Configuration tab.

In "QoS Configuration" page, there are some configuration windows for QoS function. They are the
"Configuration" window, “System Resource Configuration” window, "QoS Rule List" window, and "QoS Rule
Configuration" window.
The "Configuration" window can let you activate the Rule-based QoS function. In addition, you can also enable
the "Flexible Bandwidth Management" (FBM) feature for better utilization of system bandwidth by FBM
algorithm. Second, the “System Configuration” window can let you configure the total bandwidth and session
of each WAN. Third, the "QoS Rule List" window lists all your defined QoS rules. At last, the "QoS Rule
Configuration" window can let you define one QoS rule.

Enable QoS Function

Configuration
Item Value Setting Description
1. Software is selected Select the QoS Type from the dropdown list, and then click Enable box to
by default. activate the QoS function.
QoS Type
2. The box is unchecked The default QoS type is set to Software QoS. For some models, there is another
by default. option for Hardware QoS.
Flexible Click Enable box to activate the Flexible Bandwidth Management function.
The box is unchecked by
Bandwidth
default
Management
Save N/A Click the Save button to save the settings.

Check the "Enable" box to activate the "Rule-based QoS" function. Also enable the Flexible Bandwidth
Management (FBM) feature when needed. When FBM is enabled, system adjusts the bandwidth distribution
dynamically based on current bandwidth usage situation to reach maximum system network performance
while transparent to all users. Certainly, the bandwidth subscription profiles of all current users are
considered in system's automatic adjusting algorithm.

152
Vehicle LTE Router AN-W02
Setup System Resource

System Resource Configuration

Item Value Setting Description
Define the system queues that are available for the QoS settings.
1. A Must filled setting.
Type of System The supported type of system queues are Bandwidth Queue and Priority
2. Bandwidth Queue,
Queue Queues.
and 6 are set by default.
Value Range: 1 ~ 6.
Select the WAN interface and then the following WAN Interface Resource
screen will show the related resources for configuration.
 Bandwidth of Upstream / Downstream
Specify total upload / download bandwidth of the selected WAN.
Value Range:
WAN-1 is selected by
For Gigabit Ethernet:1~1024000Kbps, or 1~1000Mbps;
WAN Interface default.
For Fast Ethernet: 1~102400Kbps, or 1~100Mbps;
For 3G/4G: 1~153600Kbps, or 1~150Mbps.

 Total Connection Sessions

Specify total connection sessions of the selected WAN.
Value Range: 1 ~ 10000.
Save N/A Click the Save button to save the settings.

Each WAN interface should be configured carefully for its upstream bandwidth, downstream bandwidth and
maximum number of connection sessions.

153
Vehicle LTE Router AN-W02
Create / Edit QoS Rules

After enabled the QoS function and configured the system resources, you have to further specify some QoS
rules for provide better service on the interested traffics. The gateway supports up to a maximum of 128 rule-
based QoS rule sets.

When Add button is applied, QoS Rule Configuration screen will appear.

QoS Rule Configuration

Item Value setting Description
Interface 1. A Must filled Specify the WAN interface to apply the QoS rule.
setting. Select All WANs or a certain WAN-n to filter the packets entering to or leaving
2. All WANs is from the interface(s).
selected by default.
Group 1. A Must filled Specify the Group category for the QoS rule. It can be Src. MAC Address, IP, or
setting. Host Name.
2. Src. MAC Address
is selected by default. Select Src. MAC Address to prioritize packets based on MAC;

Select IP to prioritize packets based on IP address and Subnet Mask;

Select Host Name to prioritize packets based on a group of a pre-configured

group of host from the dropdown list. If the dropdown list is empty, ensure if any
group is pre-configured.

Note: The required host groups must be created in advance and corresponding

154
Vehicle LTE Router AN-W02
QoS checkbox in the Multiple Bound Services field is checked before the Host
Group option become available. Refer to Object Definition > Grouping > Host
Grouping.
Service 1. A Must filled Specify the service type of traffics that have to be applied with the QoS rule. It
setting. can be All, DSCP, TOS, User-defined Service, or Well-known Service.
2. All is selected by
default. Select All for all packets.

Select DSCP for DSCP type packets only.

Select TOS for TOS type packets only. You have to select a service type
(Minimize-Cost, Maximize-Reliability, Maximize-Throughput, or Minimize-
Delay) from the dropdown list as well.

Select User-defined Service for user-defined packets only. You have to define the
port range and protocol as well.

Select Well-known Service for specific application packets only. You have to
select the required service from the dropdown list as well.
Resource, and A Must filled setting Specify the Resource Type and corresponding Control function for the QoS rule.
Control Function The available Resource options are Bandwidth, Connection Sessions, Priority
Queues, and DiffServ Codepoints.

Bandwidth: Select Bandwidth as the resource type for the QoS Rule, and you
have to assign the min rate, max rate and rate unit as the bandwidth settings in
the Control Function / Set MINR & MAXR field.

Connection Sessions: Select Connection Sessions as the resource type for the
QoS Rule, and you have to assign supported session number in the Control
Function / Set Session Limitation field.

Priority Queues: Select Priority Queues as the resource type for the QoS Rule,
and you have to specify a priority queue in the Control Function / Set Priority
field.

DiffServ Code Points: Select DiffServ Code Points as the resource type for the
QoS Rule, and you have to select a DSCP marking from the Control Function /
DSCP Marking dropdown list.
Specify the traffic flow direction for the packets to apply the QoS rule.
It can be Outbound, Inbound, or Both.

Outbound: Select Outbound to prioritize the traffics going to the Internet via the
specified interface. Under such situation, the hosts specified in the Group field is
1. A Must filled a source group.
setting.
QoS Direction
2. Outbound is Inbound: Select Inbound to prioritize the traffics coming from the Internet via
selected by default. the specified interface. Under such situation, the hosts specified in the Group
field is a destination group.

Both: Select both to prioritize the traffics passing through the specified interface,
both Inbound and Outbound are considered. Under such situation, the hosts
specified in the Group field can be a source or destination group.

155
Vehicle LTE Router AN-W02
Specify the preferred sharing method for how to apply the QoS rule on the
selected group. It can be Individual Control or Group Control.
1. A Must filled
setting.
Sharing Method Individual Control: If Individual Control is selected, each host in the group will
2. Group Control is
have his own QoS service resource as specified in the rule.
selected by default.
Group Control: If Group Control is selected, all the group hosts share the same
QoS service resource.
1. A Must filled Apply Time Schedule to this rule; otherwise leave it as (0) Always. (refer to
setting. Object Definition > Scheduling > Configuration settings)
Time Schedule
2. (0) Always is
selected by default.
The box is unchecked Click Enable box to activate this QoS rule.
Rule Enable
by default.
Save N/A Click the Save button to save the settings.

156
Vehicle LTE Router AN-W02

Chapter 3 Object Definition

3.1 Scheduling

Scheduling provides ability of adding/deleting time schedule rules, which can be applied to other functionality.

3.1.1 Scheduling Configuration

Go to Object Definition > Scheduling > Configuration tab.

Button description
Item Value setting Description
Add N/A Click the Add button to configure time schedule rule
Delete N/A Click the Delete button to delete selected rule(s)

When Add button is applied, Time Schedule Configuration and Time Period Definition screens will appear.

Time Schedule Configuration

Item Value Setting Description
Rule Name String: any text Set rule name
Rule Policy Default Inactivate Inactivate/activate the function been applied to in the time period below

157
Vehicle LTE Router AN-W02

Time Period Definition

Item Value Setting Description
Week Day Select from menu Select everyday or one of weekday
Start Time Time format (hh :mm) Start time in selected weekday
End Time Time format (hh :mm) End time in selected weekday
Save N/A Click Save to save the settings
Undo N/A Click Undo to cancel the settings
Refresh N/A Click the Refresh button to refresh the time schedule list.

158
Vehicle LTE Router AN-W02

3.2 User

You can manage user account in this section, including user list, user profile and user group. User List shows
out all user accounts, and User Profile can let you add one new account or edit it. User Group offers you to
collect several user accounts to one group to own same properties and bound services. Certainly, one
individual user account also can be a unique group, like “Administrator” group.
User account database is embedded in the device and accessible by the AAA server, like RADIUS, for user
authentication. So, it has the following feature set.

 Supports Multiple User Levels in User Management

 One user account includes following information: name, password, user level, lease time, idle
timeout and the group that it belongs to.
 Support 4 different user levels: Admin, Staff, Guest and Passenger.
 Remaining lease time and idle time are kept for each user account after they have logged in the
gateway device successfully.
 Each individual can be one group by itself or join other defined groups to own common properties.
 Support the exporting and importing of user profiles.
 User groups with their owned name can be bound with multiple services, like X-Auth, NAS*,
RADIUS, VPN, Accounting & Billing, SNMPv3 and CLI.
 Administrator can define the access policy and bandwidth control in a flexible way for a user object
in a rule. The user object can be an individual user or a user group.

3.2.1 User List

User List can show the list of all user accounts and their status of on-line or offline in this window. You can add
one new rule by clicking on the “Add” command button. But also you can modify some existed user accounts
by clicking corresponding “Edit” command buttons at the end of each account record in the User List. Besides,
unnecessary accounts can be removed by checking the “Select” box for those accounts and then clicking on
the “Delete” command button at the User List caption. The showing of user status can be refreshed in a
period that is defined by you.
Go to Object Definition > User > User List tab.

User List displays the user name, user level, membership group name, IP address, on-line status and activity
status as following diagram.

There are some additional command buttons in the Actions field of User List table.
159
Vehicle LTE Router AN-W02
Edit: Click on the button to edit the user profile.
Disable: Click the button to disable the user account.
Logout: Click the button to logout the user account.
Detail: Click the button to show additional detail information except the ones in User List about the user
account, including Last Login Time, Lease Time, Expired Time, Idle Timeout and current Idle Time.
Select: Select the user account to delete.

When the Add button is applied, User Profile Configuration screen will appear. For the detail about the
configuration, please refer to the next section for User Profile.

160
Vehicle LTE Router AN-W02

3.2.2 User Profile

User Profile supports the adding of one new user account or the editing of existed user profiles. There are
some parameters need to be specified in one user profile. They are User Name, Password, User Level, Lease
Time, Idle Timeout, Group to, and the user profile enable.
Go to Object Definition > User > User Profile tab.

User Profile Configuration

Item Value setting Description
1. String format can
User Name be any text Enter the name of user account.
2. A Must filled setting
1. String format can
Password be any text Enter the password of user account.
2. A Must filled setting
Select a User Level for the user account. There are 4 available user levels for you
to select, including “Admin”, “Staff”, “Guest” and “Passenger”. Admin level of
user account can let the user configure the device with fully control ability.
Staff level of users can access both the Intranet resources and the Internet
1. Admin is selectedby
resources.
User Level default.
Guest level of user account can use limited bandwidth to access Internet, but
2. A Must filled setting
can’t access the Intranet.
Passenger level of user account is for mobile users to use the device to access
the Internet. He will use fair and average bandwidth utilization with other
passengers.
1. Number format can
Specify the lease time (in seconds) for the user account to login the device.
be any integer
Lease Time The device will logout the user account if he has logined for the time longer than
number.
the Lease Timeout.
2. An Optional setting
Idle Time 1. Number format can Specify the idle time (in seconds) for the user account.

161
Vehicle LTE Router AN-W02
be any integer The device will logout the user account if he is idle for the time longer than the
number. Idle Timeout.
2. An Optional setting
1. String format can
Group to be any text Enter a group name if you would like to collect the user in a certain user group.
2. An Optional setting
1. The box is checked
Profile by default. Check the Enable box to activate the user profile.
2. A Must filled setting
Save N/A Click the Save button to save the settings
Undo N/A Click the Undo button to cancel the settings

162
Vehicle LTE Router AN-W02

3.2.3 User Group

User Group supports the grouping of several user accounts to be one user group with common properties.
There are some parameters need to be specified in one user group. They are Group Name, Group Members,
Bound Services, QoS&BWM Property, Policy Routing Property and finally, the user group enable.
.
Go to Object Definition > User > User Group tab.

When the Add button is applied, User Group Configuration screen will appear.

User Profile Configuration

Item Value setting Description
1. String format can
Enter the name of user group.
Group Name be any text
Value Range: at least 1 character, ‘A’ ~ ’Z’, ‘a’ ~ ’z’, and ‘0’ ~ ’9’ are valid;
2. A Must filled setting
Multiple User
N/A Click the Choice button to select multiple user accounts to join the group.
Members
Multiple Bound Check the available service box(es) to bind with the user group. So, the bound
N/A
Services service can use the group object or all user account objects in the group.
Specify the preferred sharing method for how to apply a QoS rule on the
selected group, and define the guaranteed and limited bandwidth usage for the
1. A Must filled
group
QoS & BWM setting.
It can be Individual Control or Group Control.
Property 2. Individual Control
Individual Control: If Individual Control is selected, each user in the group will
is selected by default. have his own QoS service resource as specified in the rule.
Group Control: If Group Control is selected, the entire user group shares the
163
Vehicle LTE Router AN-W02
same QoS service resource.
1. A Must filled
Policy Routing setting. Specify the routing interface. All packets from the group members will be routed
Property 2. WAN-1 is selected via the specified interface.
by default.
1. The box is checked
Group by default. Check the Enable box to activate the user group.
2. A Must filled setting
Save N/A Click the Save button to save the settings
Undo N/A Click the Undo button to cancel the settings

164
Vehicle LTE Router AN-W02

3.3 Grouping

The Grouping function allows user to make group for some services.

3.3.1 Host Grouping

Go to Object Definition > Grouping > Host Grouping tab.

The Host Grouping function allows user to make host group for some services, such as QoS, Firewall, and
Communication Bus. The supported service types could be different for the purchased product.

When Add button is applied, Host Group Configuration screen will appear.

Host Group Configuration

Item Value setting Description
1. String format can
Group Name be any text Enter a group name for the rule. It is a name that is easy for you to understand.
2. A Must filled setting
Select the group type for the host group. It can be IP Address-based, MAC
1. IP Address-based is
Address-based, or Host Name-based.
Group Type selected by default.
When IP Address-based is selected, only IP address can be added in Member to
2. A Must filled setting
Join.

165
Vehicle LTE Router AN-W02
When MAC Address-based is selected, only MAC address can be added in
Member to Join.
When Host Name-based is selected, only host name can be added in Member
to Join.
Note: The available Group Type can be different for the purchased model.
Add the members to the group in this field.
You can enter the member information as specified in the Member Type above,
Member to Join N/A and press the Join button to add.
Only one member can be add at a time, so you have to add the members to the
group one by one.
Member List NA This field will indicate the hosts (members) contained in the group.
Binding the services that the host group can be applied. If you enable the
The boxes are Firewall, the produced group can be used in firewall service. Same as by enable
Bound Services
unchecked by default QoS, or other available service types.
Note: The supported service type can be different for the purchased product.
The box is unchecked Check the Enable checkbox to activate the host group rule. So that the group
Group
by default can be bound to selected service(s) for further configuration.
Save N/A Click Save to save the settings
Undo N/A Click Undo to cancel the settings

166
Vehicle LTE Router AN-W02

3.4 External Server

Go to Object Definition > External Server > External Server tab.

The External Server setting allows user to add external server.

Create External Server

When Add button is applied, External Server Configuration screen will appear.

167
Vehicle LTE Router AN-W02
External Server Configuration
Item Value setting Description
1. String format can be
Sever Name any text Enter a server name. Enter a name that is easy for you to understand.
2. A Must filled setting
Specify the Server Type of the external server, and enter the required settings
for the accessing the server.
Email Server (A Must filled setting) :
When Email Server is selected, User Name, and Password are also required.
User Name (String format: any text)
Password (String format: any text)
RADIUS Server (A Must filled setting) :
When RADIUS Server is selected, the following settings are also required.
Primary :
Shared Key (String format: any text)
Authentication Protocol (By default CHAP is selected)
Session Timeout (By default 1)
The values must be between 1 and 60.
Idle Timeout: (By default 1)
The values must be between 1 and 15.
Secondary :
Shared Key (String format: any text)
Authentication Protocol (By default CHAP is selected)
Session Timeout (By default 1)
Server Type A Must filled setting
The values must be between 1 and 60.
Idle Timeout: (By default 1)
The values must be between 1 and 15.
Active Directory Server (A Must filled setting) :
When Active Directory Server is selected, Domain setting is also required.
Domain (String format: any text)

LDAP Server (A Must filled setting) :

When LDAP Server is selected, the following settings are also required.
Base DN (String format: any text)
Identity (String format: any text)
Password (String format: any text)

UAM Server (A Must filled setting) :

When UAM Server is selected, the following settings are also required.
Login URL (String format: any text)
Shared Secret (String format: any text)
NAS/Gateway ID (String format: any text)
Location ID (String format: any text)
Location Name (String format: any text)

168
Vehicle LTE Router AN-W02
TACACS+ Server (A Must filled setting) :
When TACACS+ Server is selected, the following settings are also required.
Shared Key (String format: any text)
Session Timeout (String format: any number)
The values must be between 1 and 60.
SCEP Server (A Must filled setting) :
When SCEP Server is selected, the following settings are also required.
Path (String format: any text, By default cgi-bin is filled)
Application (String format: any text, By default pkiclient.exe is filled)
FTP(SFTP) Server (A Must filled setting) :
When FTP(SFTP) Server is selected, the following settings are also required.
User Name (String format: any text)
Password (String format: any text)
Protocol (Select FTP or SFTP)
Encryprion (Select Plain, Explicit FTPS or Implicit FTPS)
Transfer mode (Select Passive or Active)
Server IP/FQDN A Must filled setting Specify the IP address or FQDN used for the external server.
Specify the Port used for the external server. If you selected a certain server
type, the default server port number will be set.
For Email Server 25 will be set by default;
For Syslog Server, port 514 will be set by default;
For RADIUS Server, port 1812, 1823 will be set by default;
For Active Directory Server, port 389 will be set by default;
Server Port A Must filled setting
For LDAP Server, port 389 will be set by default;
For UAM Server, port 3990, 4990 will be set by default;
For TACACS+ Server, port 49 will be set by default;
For SCEP Server, port 80 will be set by default;
For FTP(SFTP) Server, port 21 will be set by default;
Value Range: 1 ~ 65535.
1. A Must filled setting Specify the accounting port used if you selected external RADIUS server.
Account Port
2. 1813 is set by default Value Range: 1 ~ 65535.
The box is checked by
Server Click Enable to activate this External Server.
default
Save N/A Click Save to save the settings
Undo N/A Click Undo to cancel the settings
Refresh N/A Click the Refresh button to refresh the external server list.

169
Vehicle LTE Router AN-W02

3.5 Certificate
In cryptography, a public key certificate (also known as a digital certificate or identity certificate) is an
electronic document used to prove ownership of a public key. The certificate includes information about the
key, information about its owner's identity, and the digital signature of an entity that has verified the
certificate's contents are genuine. If the signature is valid, and the person examining the certificate trusts the
signer, then they know they can use that key to communicate with its owner12.
In a typical public-key infrastructure (PKI) scheme, the signer is a certificate authority (CA), usually a company
such as VeriSign which charges customers to issue certificates for them. In a web of trust scheme, the signer is
either the key's owner (a self-signed certificate) or other users ("endorsements") whom the person examining
the certificate might know and trust. The device also plays as a CA role.
Certificates are an important component of Transport Layer Security (TLS, sometimes called by its older name
SSL), where they prevent an attacker from impersonating a secure website or other server. They are also used
in other important applications, such as email encryption and code signing. Here, it can be used in IPSec
tunneling for user authentication.

3.5.1 Configuration
The configuration setting allows user to create Root Certificate Authority (CA) certificate and configure to set
enable of SCEP. Root CA is the top-most certificate of the tree, the private key of which is used to "sign" other
certificates.

Go to Object Definition > Certificate > Configuration tab.

Create Root CA

When Generate button is applied, Root CA Certificate Configuration screen will appear. The required
information to be filled for the root CA includes the name, key, subject name and validity.

12 http://en.wikipedia.org/wiki/Public_key_certificate.
170
Vehicle LTE Router AN-W02

Root CA Certificate Configuration

Item Value setting Description
1. String format can be any
Name text Enter a Root CA Certificate name. It will be a certificate file name
2. A Must filled setting
This field is to specify the key attribute of certificate.
Key Type to set public-key cryptosystems. It only supports RSA now.
Key Length to set s the size measured in bits of the key used in a cryptographic
Key A Must filled setting
algorithm.
Digest Algorithm to set identifier in the signature algorithm identifier of
certificates
This field is to specify the information of certificate.
Country(C) is the two-letter ISO code for the country where your organization is
located.
State(ST) is the state where your organization is located.
Subject Name A Must filled setting Location(L) is the location where your organization is located.
Organization(O) is the name of your organization.
Organization Unit(OU) is the name of your organization unit.
Common Name(CN) is the name of your organization.
Email is the email of your organization. It has to be email address style.
Validity Period A Must filled setting This field is to specify the validity period of certificate.

171
Vehicle LTE Router AN-W02
Setup SCEP

SCEP Configuration
Item Value setting Description
The box is unchecked by
SCEP Check the Enable box to activate SCEP function.
default
Automatically When SCEP is activated, check the Enable box to activate this function.
The box is unchecked by
re-enroll aging It will be automatically check which certificate is aging. If certificate is aging, it
certificates default
will activate SCEP function to re-enroll automatically.
Save N/A Click Save to save the settings
Undo N/A Click Undo to cancel the settings

172
Vehicle LTE Router AN-W02

3.5.2 My Certificate
My Certificate includes a Local Certificate List. Local Certificate List shows all generated certificates by the root
CA for the gateway. And it also stores the generated Certificate Signing Requests (CSR) which will be signed by
other external CAs. The signed certificates can be imported as the local ones of the gateway.

Self-signed Certificate Usage Scenario

Scenario Application Timing

When the enterprise gateway owns the root CA and VPN tunneling function, it can generate its own
local certificates by being signed by itself or import any local certificates that are signed by other
external CAs. Also import the trusted certificates for other CAs and Clients. In addition, since it has the
root CA, it also can sign Certificate Signing Requests (CSR) to form corresponding certificates for others.
These certificates can be used for two remote peers to make sure their identity during establishing a
VPN tunnel.
Scenario Description
Gateway 1 generates the root CA and a local certificate (HQCRT) signed by itself. Import a trusted
certificate (BranchCRT) –a BranchCSR certificate of Gateway 2 signed by root CA of Gateway 1.
Gateway 2 creates a CSR (BranchCSR) to let the root CA of the Gateway 1 sign it to be the BranchCRT
certificate. Import the certificate into the Gateway 2 as a local certificate. In addition, also import the
certificates of the root CA of the Gateway 1 into the Gateway 2 as the trusted ones. (Please also refer
to following two sub-sections)
Establish an IPSec VPN tunnel with IKE and X.509 protocols by starting from either peer, so that all
173
Vehicle LTE Router AN-W02
client hosts in these both subnets can communicate with each other.
Parameter Setup Example
For Network-A at HQ
Following tables list the parameter configuration as an example for the "My Certificate" function used
in the user authentication of IPSec VPN tunnel establishing, as shown in above diagram. The
configuration example must be combined with the ones in following two sections to complete the
whole user scenario.
Use default value for those parameters that are not mentioned in the tables.

Configuration Path [IPSec]-[Configuration]

IPSec ■ Enable

Configuration Path [IPSec]-[Tunnel Configuration]

Tunnel ■ Enable
Tunnel Name s2s-101
Interface WAN 1
Tunnel Scenario Site to Site
Operation Mode Always on

Configuration Path [IPSec]-[Local & Remote Configuration]

Local Subnet 10.0.76.0
Local Netmask 255.255.255.0
Full Tunnel Disable
Remote Subnet 10.0.75.0
Remote Netmask 255.255.255.0
Remote Gateway 118.18.81.33

Configuration Path [IPSec]-[Authentication]

Key Management IKE+X.509 Local Certificate: HQCRT Remote Certificate: BranchCRT
Local ID User Name Network-A
Remote ID User Name Network-B

Configuration Path [IPSec]-[IKE Phase]

Negotiation Mode Main Mode
X-Auth None

174
Vehicle LTE Router AN-W02
For Network-B at Branch Office
Following tables list the parameter configuration as an example for the "My Certificate" function used
in the user authentication of IPSec VPN tunnel establishing, as shown in above diagram. The
configuration example must be combined with the ones in following two sections to complete the
whole user scenario.
Use default value for those parameters that are not mentioned in the tables.

Configuration Path [IPSec]-[Configuration]

IPSec ■ Enable

Configuration Path [IPSec]-[Tunnel Configuration]

Tunnel ■ Enable
Tunnel Name s2s-102
Interface WAN 1
Tunnel Scenario Site to Site
Operation Mode Always on

Configuration Path [IPSec]-[Local & Remote Configuration]

Local Subnet 10.0.75.0
Local Netmask 255.255.255.0
Full Tunnel Disable
Remote Subnet 10.0.76.0
Remote Netmask 255.255.255.0
Remote Gateway 203.95.80.22

Configuration Path [IPSec]-[Authentication]

Key Management IKE+X.509 Local Certificate: BranchCRT Remote Certificate: HQCRT
Local ID User Name Network-B
Remote ID User Name Network-A

Configuration Path [IPSec]-[IKE Phase]

Negotiation Mode Main Mode
X-Auth None

Scenario Operation Procedure

In above diagram, "Gateway 1" is the gateway of Network-A in headquarters and the subnet of its
Intranet is 10.0.76.0/24. It has the IP address of 10.0.76.2 for LAN interface and 203.95.80.22 for WAN-
1 interface. "Gateway 2" is the gateway of Network-B in branch office and the subnet of its Intranet is
175
Vehicle LTE Router AN-W02
10.0.75.0/24. It has the IP address of 10.0.75.2 for LAN interface and 118.18.81.33 for WAN-1 interface.
They both serve as the NAT security gateways.
Gateway 1 generates the root CA and a local certificate (HQCRT) that is signed by itself. Import the
certificates of the root CA and HQCRT into the "Trusted CA Certificate List" and "Trusted Client
Certificate List" of Gateway 2.
Gateway 2 generates a Certificate Signing Request (BranchCSR) for its own certificate (BranchCRT)
(Please generate one not self-signed certificate in the Gateway 2, and click on the "View" button for
that CSR. Just downloads it). Take the CSR to be signed by the root CA of Gateway 1 and obtain the
BranchCRT certificate (you need rename it). Import the certificate into the "Trusted Client Certificate
List" of the Gateway 1 and the "Local Certificate List" of Gateway 2.
Gateway 2 can establish an IPSec VPN tunnel with "Site to Site" scenario and IKE and X.509 protocols to
Gateway 1.
Finally, the client hosts in two subnets of 10.0.75.0/24 and 10.0.76.0/24 can communicate with each
other.

176
Vehicle LTE Router AN-W02

My Certificate Setting

Go to Object Definition > Certificate > My Certificate tab.

The My Certificate setting allows user to create local certificates. In "My Certificate" page, there are two
configuration windows for the "My Certificate" function. The "Local Certificate List" window shows the stored
certificates or CSRs for representing the gateway. The "Local Certificate Configuration" window can let you fill
required information necessary for corresponding certificate to be generated by itself, or corresponding CSR
to be signed by other CAs.

Create Local Certificate

When Add button is applied, Local Certificate Configuration screen will appear. The required information to be
filled for the certificate or CSR includes the name, key and subject name. It is a certificate if the "Self-signed"
box is checked; otherwise, it is a CSR.

177
Vehicle LTE Router AN-W02
Local Certificate Configuration
Item Value setting Description
Name 1. String format can be any Enter a certificate name. It will be a certificate file name
text If Self-signed is checked, it will be signed by root CA. If Self-signed is not
2. A Must filled setting checked, it will generate a certificate signing request (CSR).
Key A Must filled setting This field is to specify the key attributes of certificate.
Key Type to set public-key cryptosystems. Currently, only RSA is supported.
Key Length to set the length in bits of the key used in a cryptographic algorithm.
It can be 512/768/1024/1536/2048.
Digest Algorithm to set identifier in the signature algorithm identifier of
certificates. It can be MD5/SHA-1.
Subject Name A Must filled setting This field is to specify the information of certificate.
Country(C) is the two-letter ISO code for the country where your organization is
located.
State(ST) is the state where your organization is located.
Location(L) is the location where your organization is located.
Organization(O) is the name of your organization.
Organization Unit(OU) is the name of your organization unit.
Common Name(CN) is the name of your organization.
Email is the email of your organization. It has to be email address setting only.
Extra Attributes A Must filled setting This field is to specify the extra information for generating a certificate.
Challenge Password for the password you can use to request certificate
revocation in the future.
Unstructured Name for additional information.
SCEP Enrollment A Must filled setting This field is to specify the information of SCEP.
If user wants to generate a certificate signing request (CSR) and then signed by
SCEP server online, user can check the Enable box.

Select a SCEP Server to identify the SCEP server for use. The server detailed
information could be specified in External Servers. Refer to Object Definition >
External Server > External Server. You may click Add Object button to
generate, and the settings are the same as those defined in Section 3.4 External
Server.

Select a CA Certificate to identify which certificate could be accepted by SCEP

server for authentication. It could be generated in Trusted Certificates.

Select an optional CA Encryption Certificate, if it is required, to identify which

certificate could be accepted by SCEP server for encryption data information. It
could be generated in Trusted Certificates.

Fill in optional CA Identifier to identify which CA could be used for signing

certificates.
Save N/A Click the Save button to save the configuration.
Back N/A When the Back button is clicked, the screen will return to previous page.

178
Vehicle LTE Router AN-W02
When Import button is applied, an Import screen will appear. You can import a certificate from an existed
certificate file, or directly paste a PEM encoded string as the certificate.

Import
Item Value setting Description
Import A Must filled setting Select a certificate file from user’s computer, and click the Apply button to
import the specified certificate file to the gateway.
PEM Encoded 1. String format can be any This is an alternative approach to import a certificate.
text You can directly fill in (Copy and Paste) the PEM encoded certificate string, and
2. A Must filled setting click the Apply button to import the specified certificate to the gateway.
Apply N/A Click the Apply button to import the certificate.
Cancel N/A Click the Cancel button to discard the import operation and the screen will
return to the My Certificates page.

179
Vehicle LTE Router AN-W02

3.5.3 Trusted Certificate

Trusted Certificate includes Trusted CA Certificate List, Trusted Client Certificate List, and Trusted Client Key
List. The Trusted CA Certificate List places the certificates of external trusted CAs. The Trusted Client
Certificate List places the others' certificates what you trust. And the Trusted Client Key List places the others’
keys what you trusted.

Self-signed Certificate Usage Scenario

Scenario Application Timing (same as the one described in "My Certificate" section)
When the enterprise gateway owns the root CA and VPN tunneling function, it can generate its own
local certificates by being signed by itself. Also imports the trusted certificates for other CAs and
Clients. These certificates can be used for two remote peers to make sure their identity during
establishing a VPN tunnel.
Scenario Description (same as the one described in "My Certificate" section)
Gateway 1 generates the root CA and a local certificate (HQCRT) signed by itself. Import a trusted
certificate (BranchCRT) –a BranchCSR certificate of Gateway 2 signed by root CA of Gateway 1.
Gateway 2 creates a CSR (BranchCSR) to let the root CA of the Gateway 1 sign it to be the
BranchCRT certificate. Import the certificate into the Gateway 2 as a local certificate. In addition,
also imports the certificates of the root CA of Gateway 1 into the Gateway 2 as the trusted ones.
(Please also refer to "My Certificate" and "Issue Certificate" sections).
Establish an IPSec VPN tunnel with IKE and X.509 protocols by starting from either peer, so that all
client hosts in these both subnets can communicate with each other.
Parameter Setup Example (same as the one described in "My Certificate" section)
180
Vehicle LTE Router AN-W02
For Network-A at HQ
Following tables list the parameter configuration as an example for the "Trusted Certificate"
function used in the user authentication of IPSec VPN tunnel establishing, as shown in above
diagram. The configuration example must be combined with the ones in "My Certificate" and "Issue
Certificate" sections to complete the setup for the whole user scenario.

Configuration Path [Trusted Certificate]-[Trusted Client Certificate List]

Command Button Import

Configuration Path [Trusted Certificate]-[Trusted Client Certificate Import from a File]

File BranchCRT.crt

For Network-B at Branch Office

Following tables list the parameter configuration as an example for the "Trusted Certificate"
function used in the user authentication of IPSec VPN tunnel establishing, as shown in above
diagram. The configuration example must be combined with the ones in "My Certificate" and
"Issued Certificate" sections to complete the setup for the whole user scenario.

Configuration Path [Trusted Certificate]-[Trusted CA Certificate List]

Command Button Import

Configuration Path [Trusted Certificate]-[Trusted CA Certificate Import from a File]

File HQRootCA.crt

Configuration Path [Trusted Certificate]-[Trusted Client Certificate List]

Command Button Import

Configuration Path [Trusted Certificate]-[Trusted Client Certificate Import from a File]

File HQCRT.crt

Scenario Operation Procedure (same as the one described in "My Certificate" section)
In above diagram, the "Gateway 1" is the gateway of Network-A in headquarters and the subnet of
its Intranet is 10.0.76.0/24. It has the IP address of 10.0.76.2 for LAN interface and 203.95.80.22 for
WAN-1 interface. The "Gateway 2" is the gateway of Network-B in branch office and the subnet of
its Intranet is 10.0.75.0/24. It has the IP address of 10.0.75.2 for LAN interface and 118.18.81.33 for
WAN-1 interface. They both serve as the NAT security gateways.
In Gateway 2 import the certificates of the root CA and HQCRT that were generated and signed by
Gateway 1 into the "Trusted CA Certificate List" and "Trusted Client Certificate List" of Gateway 2.
181
Vehicle LTE Router AN-W02
Import the obtained BranchCRT certificate (the derived BranchCSR certificate after Gateway 1’s root
CA signature) into the "Trusted Client Certificate List" of the Gateway 1 and the "Local Certificate
List" of the Gateway 2. For more details, refer to the Network-B operation procedure in "My
Certificate" section of this manual.
Gateway 2 can establish an IPSec VPN tunnel with "Site to Site" scenario and IKE and X.509
protocols to Gateway 1.
Finally, the client hosts in two subnets of 10.0.75.0/24 and 10.0.76.0/24 can communicate with each
other.

182
Vehicle LTE Router AN-W02

Trusted Certificate Setting

Go to Object Definition > Certificate > Trusted Certificate tab.

The Trusted Certificate setting allows user to import trusted certificates and keys.

Import Trusted CA Certificate

When Import button is applied, a Trusted CA import screen will appear. You can import a Trusted CA
certificate from an existed certificate file, or directly paste a PEM encoded string as the certificate.

Trusted CA Certificate List

Item Value setting Description
Import from a A Must filled setting Select a CA certificate file from user’s computer, and click the Apply button to
File import the specified CA certificate file to the gateway.
Import from a 1. String format can be any This is an alternative approach to import a CA certificate.
PEM text You can directly fill in (Copy and Paste) the PEM encoded CA certificate string,
2. A Must filled setting and click the Apply button to import the specified CA certificate to the gateway.
Apply N/A Click the Apply button to import the certificate.
Cancel N/A Click the Cancel button to discard the import operation and the screen will
return to the Trusted Certificates page.

Instead of importing a Trusted CA certificate with mentioned approaches, you can also get the CA certificate
from the SECP server.
If SCEP is enabled (Refer to Object Definition > Certificate > Configuration), you can click Get CA button, a Get
CA Configuration screen will appear.

183
Vehicle LTE Router AN-W02

Get CA Configuration
Item Value setting Description
SCEP Server A Must filled setting Select a SCEP Server to identify the SCEP server for use. The server detailed
information could be specified in External Servers. Refer to Object Definition >
External Server > External Server. You may click Add Object button to
generate.
CA Identifier 1. String format can be any Fill in optional CA Identifier to identify which CA could be used for signing
text certificates.
Save N/A Click Save to save the settings.
Close N/A Click the Close button to return to the Trusted Certificates page.

Import Trusted Client Certificate

When Import button is applied, a Trusted Client Certificate Import screen will appear. You can import a
Trusted Client Certificate from an existed certificate file, or directly paste a PEM encoded string as the
certificate.

Trusted Client Certificate List

184
Vehicle LTE Router AN-W02
Item Value setting Description
Import from a A Must filled setting Select a certificate file from user’s computer, and click the Apply button to import the
File specified certificate file to the gateway.
Import from a 1. String format can be any This is an alternative approach to import a certificate.
PEM text You can directly fill in (Copy and Paste) the PEM encoded certificate string, and click the
2. A Must filled setting Apply button to import the specified certificate to the gateway.
Apply N/A Click the Apply button to import certificate.
Cancel N/A Click the Cancel button to discard the import operation and the screen will return to the
Trusted Certificates page.

Import Trusted Client Key

When Import button is applied, a Trusted Client Key Import screen will appear. You can import a Trusted
Client Key from an existed file, or directly paste a PEM encoded string as the key.

Trusted Client Key List

Item Value setting Description
Import from a A Must filled setting Select a certificate key file from user’s computer, and click the Apply button to import
File the specified key file to the gateway.
Import from a 1. String format can be any This is an alternative approach to import a certificate key.
PEM text You can directly fill in (Copy and Paste) the PEM encoded certificate key string, and click
2. A Must filled setting the Apply button to import the specified certificate key to the gateway.
Apply N/A Click the Apply button to import the certificate key.
Cancel N/A Click the Cancel button to discard the import operation and the screen will return to the
Trusted Certificates page.

185
Vehicle LTE Router AN-W02

3.5.4 Issue Certificate

When you have a Certificate Signing Request (CSR) that needs to be certificated by the root CA of the device,
you can issue the request here and let Root CA sign it. There are two approaches to issue a certificate. One is
from a CSR file importing from the managing PC and another is copy-paste the CSR codes in gateway’s web-
based utility, and then click on the "Sign" button.
If the gateway signs a CSR successfully, the "Signed Certificate View" window will show the resulted certificate
contents. In addition, a "Download" button is available for you to download the certificate to a file in the
managing PC.

Self-signed Certificate Usage Scenario

Scenario Application Timing (same as the one described in "My Certificate" section)
When the enterprise gateway owns the root CA and VPN tunneling function, it can generate its own
local certificates by being signed by itself. Also imports the trusted certificates for other CAs and
Clients. These certificates can be used for two remote peers to make sure their identity during
establishing a VPN tunnel.

Scenario Description (same as the one described in "My Certificate" section)

Gateway 1 generates the root CA and a local certificate (HQCRT) signed by itself. Also imports a
trusted certificate (BranchCRT) –a BranchCSR certificate of Gateway 2 signed by root CA of Gateway
1.
Gateway 2 creates a CSR (BranchCSR) to let the root CA of the Gateway 1 sign it to be the
BranchCRT certificate. Import the certificate into the Gateway 2 as a local certificate. In addition,
186
Vehicle LTE Router AN-W02
also imports the certificates of the root CA of the Gateway 1 into the Gateway 2 as the trusted ones.
(Please also refer to "My Certificate" and "Trusted Certificate" sections).
Establish an IPSec VPN tunnel with IKE and X.509 protocols by starting from either peer, so that all
client hosts in these both subnets can communicate with each other.

Parameter Setup Example (same as the one described in "My Certificate" section)
For Network-A at HQ
Following tables list the parameter configuration as an example for the "Issue Certificate" function
used in the user authentication of IPSec VPN tunnel establishing, as shown in above diagram. The
configuration example must be combined with the ones in "My Certificate" and "Trusted
Certificate" sections to complete the setup for whole user scenario.

Configuration Path [Issue Certificate]-[Certificate Signing Request Import from a File]

Browse C:/BranchCSR
Command Button Sign

Configuration Path [Issue Certificate]-[Signed Certificate View]

Command Button Download (default name is "issued.crt")

Scenario Operation Procedure (same as the one described in "My Certificate" section)
In above diagram, the "Gateway 1" is the gateway of Network-A in headquarters and the subnet of
its Intranet is 10.0.76.0/24. It has the IP address of 10.0.76.2 for LAN interface and 203.95.80.22 for
WAN-1 interface. The "Gateway 2" is the gateway of Network-B in branch office and the subnet of
its Intranet is 10.0.75.0/24. It has the IP address of 10.0.75.2 for LAN interface and 118.18.81.33 for
WAN-1 interface. They both serve as the NAT security gateways.
Gateway 1 generates the root CA and a local certificate (HQCRT) that is signed by itself. Import the
certificates of the root CA and HQCRT into the "Trusted CA Certificate List" and "Trusted Client
Certificate List" of Gateway 2.
Gateway 2 generates a Certificate Signing Request (BranchCSR) for its own certificate BranchCRT to
be signed by root CA (Please generate one not self-signed certificate in the Gateway 2, and click on
the "View" button for that CSR. Just downloads it). Take the CSR to be signed by the root CA of the
Gateway 1 and obtain the BranchCRT certificate (you need rename it). Import the certificate into
the "Trusted Client Certificate List" of the Gateway 1 and the "Local Certificate List" of the Gateway
2.
Gateway 2 can establish an IPSec VPN tunnel with "Site to Site" scenario and IKE and X.509
protocols to Gateway 1.
Finally, the client hosts in two subnets of 10.0.75.0/24 and 10.0.76.0/24 can communicate with each
other.

187
Vehicle LTE Router AN-W02

Issue Certificate Setting

Go to Object Definition > Certificate > Issue Certificate tab.

The Issue Certificate setting allows user to import Certificate Signing Request (CSR) to be signed by root CA.

Import and Issue Certificate

Certificate Signing Request (CSR) Import from a File

Item Value setting Description
Certificate Signing
Select a certificate signing request file you’re your
Request (CSR) Import A Must filled setting
from a File computer for importing to the gateway.
Certificate Signing
1. String format can be any text Enter (copy-paste) the certificate signing request PEM
Request (CSR) Import
from a PEM 2. A Must filled setting encoded certificate to the gateway.
When root CA is exist, click the Sign button sign and
Sign N/A
issue the imported certificate by root CA.

188
Vehicle LTE Router AN-W02

Chapter 4 Field Communication

4.1 Bus & Protocol

The gateway may equip a serial port for various serial communication use through connecting the RS-232 or
RS-485 serial device to an IP-based Ethernet LAN. These communication protocols make user access serial
devices anywhere over a local LAN or the Internet easily.

4.1.1 Port Configuration

Before using the supported field communication function, like Virtual COM, you need to configure the physical
communication port first.
The port configuration screen allows user to configure the operation mode and physical layer settings for each
serial interface, and also can quick switch from one communication protocol to another for the serial port. The
number of ports and type of the supported protocols could be different for the purchased gateway model.

Port Configuration Setting

Go to Field Communication > Bus & Protocol > Port Configuration tab.

In "Port Configuration" page, there is only one configuration window for the serial port settings. The
"Configuration" window can let you specify serial port parameters including the operation mode being
"Virtual COM" or disabled, the interface, the baud rate, the data bit length, the stop bit length, the flow
control being "RTS/CTS", "DTS/DSR" or "None", and the parity.

Port Configuration Window

Item Value setting Description
Serial Port N/A It displays the serial port ID of the serial port.
The number of serial ports varies from the purchased model.
Operation Mode Disable is set by default Select the operation mode for the serial interface.
189
Vehicle LTE Router AN-W02
It can be Disable or Virtual COM.
Interface RS-232 is set by default Select the physical interface type for connecting to the access device(s) with the
same interface specification.
Depending on the purchase model, the supported interface type could be RS-
232 or RS-485.
Baud Rate 19200 is set by default Select the appropriate baud rate for serial device communication.
RS-232: 1200 / 2400 / 4800 / 9600 / 19200 / 38400 / 57600 / 115200
RS-485 can use higher baud rate for 230400 and 460800. It depends on the
cable length and the installed environment. The longer cable, the lower baud
rate for it.
Data Bits 8 is set by default Select 8 or 7 for data bits.
Stop Bits 1 is set by default Select 1 or 2 for stop bits.

Flow Control None is set by default Select None / RTS, CTS / DTS, DSR for Flow Control in RS-232 mode.
The supporting of Flow Control depends on the purchased model.
Parity None is set by default Select None / Even / Odd for Parity bit.
Action Click Edit button to change the operation mode, or modify the parameters
N/A
mentioned above for the serial interface communication.
Save N/A Click Save button to save the settings.
Undo N/A Click Undo button to cancel the settings.

190
Vehicle LTE Router AN-W02

4.1.2 Virtual COM

Create a virtual COM port on user’s PC/Host to provide access to serial device connected to the serial port on
gateway. Therefore, users can access, control, and manage the connected serial device through Internet (fixed
line, or cellular network) anywhere. This application is also known as Ethernet pass-through communication.

Virtual COM setting screen enables user to connect a Virtual COM port based device to the Internet. It allows
user to access serial data remotely. There are Disable, TCP Client, TCP Server, UDP, and RFC2217 modes for
remote accessing the connected serial device. These operation modes are illustrated as below.

TCP Client Mode

When the administrator expects the gateway to
actively establish a TCP connection to a pre-defined
host computer when serial data arrives, the
operation mode for the "Virtual COM" function is
required to be "TCP Client" and when the connection
control of virtual COM is "On-demand", once the
gateway receives data from the connected serial
device, it will establish a TCP connection to transfer
the received serial data to the remote host. Besides,
after the data has been transferred, the gateway
automatically disconnects the established TCP
session from the host computer by using the TCP
alive check timeout or idle timeout settings.

191
Vehicle LTE Router AN-W02
TCP Server Mode
When the administrator expects the gateway to wait
passively for the serial data requests from the Host
Device (usually we use a computer to play as a Host),
and the Host will establish a TCP connection to get
data from the serial device, the operation mode for
the "Virtual COM" function is required to be "TCP
Server". In this mode, the gateway provides a unique
"IP: Port" address on a TCP/IP network. It supports up
to 4 simultaneous connections, so that multiple hosts
can collect data from the same serial device at the
same time. After the data has been transferred, the
TCP connection will be automatically disconnected
from the host computer by using the TCP alive check
timeout or idle timeout settings.

UDP Mode
If both the Remote Host Computer and the serial
device are expected to initiate a data transfer when it
requires doing that, the operation mode for the
"Virtual COM" function in the gateway is required to
be "UDP". In this mode, the UDP data can be
transferred between the gateway and multiple host
computers from either peer, making this mode ideal
for message display applications.
The remote host computer can directly send UDP
data to the serial device via the gateway, and also
receive UDP data from the serial device via the
gateway at the same time. The gateway supports up
to 4 legal hosts to connect simultaneously to the serial device via the gateway.

192
Vehicle LTE Router AN-W02
RFC-2217 Mode
RFC-2217 defines general COM port control
options based on telnet protocol. A host
computer with RFC-2217 driver installed can
monitor and manage the remote serial device
attached to the gateway’s serial port, as though
they were connected to the local serial
port. When a virtual serial port on the local
serial device is being created, it is required to
specify the IP-address of the host computers to
establish connection with.
Any 3rd party driver supporting RFC2217 can be
used to install in the host computer, the driver
establishes a transparent connection between
host and serial device by mapping the IP:Port of
the gateway’s serial port to a virtual local COM
port on the host computer.
The host computer can directly send data to the serial device via the gateway, and also receive data from the
serial device via the gateway at the same time. The gateway supports up to 4 Internet host computers.

193
Vehicle LTE Router AN-W02

Virtual COM Setting

Virtual COM setting screen enables user to connect a Virtual COM port based device to the Internet. It allows
user to access serial data remotely. There are Disable, TCP Client, TCP Server, UDP, and RFC2217 modes for
remote accessing the connected serial device. By default, it is configured in Disable mode.

To use the Virtual COM function, you have to specify the operation mode for the multi-function serial port first.
Go to Field Communication > Bus & Protocol > Port Configuration tab, select the Virtual COM as expected
operation mode, and finish the related port configuration as well.
After that, go to Field Communication > Bus & Protocol > Virtual COM tab for detailed configuration of Virtual
COM setting.

Enable TCP Client Mode

Configure the gateway as the TCP (Transmission Control Protocol) Client. In TCP Client mode, device initiates a
TCP connection with a TCP server when there is data to transmit. Device disconnects from the server when the
connection is Idle for a specified period. You may also enable full time connection with the TCP server.

Enable TCP Client Mode Window

Item Value setting Description
Operation Mode A Must filled setting Select TCP Client.
Connection Control Always on is set by Choose Always on for a TCP full time connection. Otherwise, choose On-
default Demand to initiate TCP connection only when required to transmit and
disconnect at idle timeout.
Connection Idle 1. 0 is set by default Enter the idle timeout in minutes.
Timeout 2. Range 0 to 3600 sec. The idle timeout is used to disconnect the TCP connection when idle time
elapsed .
Idle timeout is only available when On-Demand is selected in the Connection
Control field.
Value Range: 0 ~ 3600 seconds.
Alive Check Timeout 1. 0 is set by default Enter the time period of alive check timeout. The TCP connection will be
2. Range 0 to 3600 sec. terminated if it doesn’t receive response of alive-check longer than this
timeout setting
Alive check timeout is only available when On-Demand is selected in the
Connection Control field.
Value Range: 0 ~ 3600 seconds.
Enable The box is unchecked by Check the Enable box to activate the corresponding serial port in specified
default. operation mode.
Save N/A Click the Save button to save the configuration

194
Vehicle LTE Router AN-W02

195
Vehicle LTE Router AN-W02
Specify Data Packing Parameters

Data Packing Configuration

Item Value setting Description
Data Buffer 1.An optional filled setting Enter the data buffer length for the serieal port.
Length 2.Default value is 0 Value Range: 0 ~ 1024.
Delimiter 1.An optional filled setting Check the Enable box to activate the Delimiter character 1, and enter the Hex
Character 1 2.Default value is 0 code for it.
Value Range: 0x00 ~ 0xFF.
Delimiter 1.An optional filled setting Check the Enable box to activate the Delimiter character 2, and enter the Hex
Character 2 2.Default value is 0 code for it.
Value Range: 0x00 ~ 0xFF.
Data Timeout 1.An optional filled setting Enter the data timeout interval for transmitting serial data through the port.
Transmit 2.Default value is 0 By default, it is set to 0 and the timeout function is disabled.
Value Range: 0 ~ 1000ms.
Save N/A Click the Save button to save the configuration

Specify Remote TCP Server

Specify TCP Server Window

Item Value setting Description
To Remote Host A Must filled setting Press Edit button to enter IP address or FQDN of the remote TCP server to
transmit serial data.
Remote Port 1.A Must filled setting Enter the TCP port number. This is the listen port of the remote TCP server.
2.Default value is 4001 Value Range: 1 ~ 65535.
Serial Port SPort-0 is set by default Apply the TCP server connection for a selected serial port. Up to 4 TCP servers
can be configured at the same time for each serial port.
196
Vehicle LTE Router AN-W02
Definition The box is unchecked by Check the Enable box to enable the TCP server configuration.
Enable default
Save N/A Click the Save button to save the configuration

Enable TCP Server Mode

Configure the gateway as the TCP (Transmission Control Protocol) Server. The TCP Server waits for connections
to be initiated by a remote TCP client device to receive serial data. The setting allows user to specify specific
TCP clients or allow any to send serial data for serial data transmission bandwidth control and access control.
The TCP Server supports up to 128 simultaneous connections to receive serial data from multiple TCP clients.

Enable TCP Server Mode Window

Item Value setting Description
Operation Mode A Must filled setting Select TCP Server mode.
Listen Port 4001 is set by default Indicate the listening port of TCP connection.
Value Range: 1 ~ 65535.
Trust Type Allow All is set by Choose Allow All to allow any TCP clients to connect. Otherwise choose
default Specific IP to limit certain TCP clients.
Max Connection 1. Max. 128 connections Set the maximum number of concurrent TCP connections. Up to 128
2. 1 is set by default simultaneous TCP connections can be established.
Value Range: 1 ~ 128.
Connection Idle 1. 0 is set by default Enter the idle timeout in minutes.
Timeout 2. Range 0 to 3600 sec. The idle timeout is used to disconnect the TCP connection when idle time
elapsed .
Idle timeout is only available when On-Demand is selected in the Connection
Control field.
Value Range: 0 ~ 3600 seconds.
Alive Check Timeout 1. 0 is set by default Enter the time period of alive check timeout. The TCP connection will be
2. Range 0 to 3600 sec. terminated if it doesn’t receive response of alive-check longer than this
timeout setting
Alive check timeout is only available when On-Demand is selected in the
Connection Control field.
Value Range: 0 ~ 3600 seconds.
Enable The box is unchecked by Check the Enable box to activate the corresponding serial port in specified
default. operation mode.
Save N/A Click Save button to save the settings.

197
Vehicle LTE Router AN-W02
Specify TCP Clients for TCP Server Access

If you selected Specific IPs as the trust Type, the Trusted IP Definition window appears. The settings are valid
for both TCP Server and RFC-2217 modes.

Specify TCP Clients Window

Item Value setting Description
Host A Must filled setting Enter the IP address range of allowed TCP clients.
Serial Port The box is unchecked by Check the box to specify the rule for selected Serial Port.
default
Definition The box is unchecked by Check the Enable box to enable the rule.
Enable default
Save N/A Click Save to save the settings
Undo N/A Click Undo to cancel the settings

Enable UDP Mode

UDP (User Datagram Protocol) enables applications using UDP socket programs to communicate with the serial
ports on the serial server. The UDP mode provides connectionless communications, which enable you to multicast
data from the serial device to multiple host computers, and vice versa, making this mode ideal for message display
applications.

198
Vehicle LTE Router AN-W02
Enable UDP Mode Window
Item Value setting Description
Operation Mode A Must filled setting Select UDP mode.
Listen Port 4001 is set by default Indicate the listening port of UDP connection.
Value Range: 1 ~ 65535
Enable The box is unchecked by Check the Enable box to activate the corresponding serial port in specified
default. operation mode.
Save N/A Click Save to save the settings
Undo N/A Click Undo to cancel the settings

Specify Remote UDP

Specify Remote UDP hosts Window

Item Value setting Description
Host A Must filled setting Press Edit button to enter IP address range of remote UDP hosts.
Remote Port 4001 is set by default Indicate the UDP port of peer UDP hosts.
Value Range: 1 ~ 65535
Serial Port SPort-0 is set by default Apply the UDP hosts for a selected serial port. Up to 4 UDP servers can be
configured at the same time for each serial port.
Definition The box is unchecked by Check the Enable box to enable the rule.
Enable default
Save N/A Click Save to save the settings
Undo N/A Click Undo to cancel the settings

199
Vehicle LTE Router AN-W02
Enable RFC-2217 Mode

RFC-2217 defines general COM port control options based on telnet protocol. With the RFC-2217 mode,
remote host can monitor and manage remote serially attached devices, as though they were connected to the
local serial port. When a virtual serial port on the local serial device is being created, it is required to specify
the IP-address of the remote hosts to establish connection with.

Enable RFC-2217 Mode Window

Item Value setting Description
Operation Mode A Must filled setting Select RFC-2217 mode.
Listen Port 4001 is set by default Indicate the listening port of RFC-2217 connection.
Value Range: 1 ~ 65535
Trust Type Allow All is set by Choose Allow All to allow any clients to connect. Otherwise choose Specific IP
default to limit certain clients.
Connection Idle 1. 0 is set by default Enter the idle timeout in minutes.
Timeout 2. Range 0 to 3600 sec. The idle timeout is used to disconnect the TCP connection when idle time
elapsed .
Idle timeout is only available when On-Demand is selected in the Connection
Control field.
Value Range: 0 ~ 3600 seconds.
Alive Check Timeout 1. 0 is set by default Enter the time period of alive check timeout. The TCP connection will be
2. Range 0 to 3600 sec. terminated if it doesn’t receive response of alive-check longer than this
timeout setting
Alive check timeout is only available when On-Demand is selected in the
Connection Control field.
Value Range: 0 ~ 3600 seconds.
Enable The box is unchecked by Check the Enable box to activate the corresponding serial port in specified
default. operation mode.
Save N/A Click Save to save the settings
Undo N/A Click Undo to cancel the settings

200
Vehicle LTE Router AN-W02
Specify Remote Host for Access

If you selected Specific IPs as the trust Type, the Trusted IP Definition window appears. The settings are valid
for both TCP Server and RFC-2217 modes.

Specify RFC-2217 Clients for Access Window

Item Value setting Description
Host A Must filled setting Enter the IP address range of allowed clients.
Serial Port The box is unchecked by Check the box to specify the rule for selected Serial Port.
default
Definition The box is unchecked by Check the Enable box to enable the rule.
Enable default
Save N/A Click Save to save the settings
Undo N/A Click Undo to cancel the settings

201
Vehicle LTE Router AN-W02

Chapter 5 Security

5.1 VPN
A virtual private network (VPN) extends a private network across a public network, such as the Internet. It
enables a computer to send and receive data across shared or public networks as if it were directly connected
to the private network, while benefitting from the functionality, security and management policies of the
private network. This is done by establishing a virtual point-to-point connection through the use of dedicated
connections, encryption, or a combination of the two. The tunnel technology supports data confidentiality,
data origin authentication and data integrity of network information by utilizing encapsulation protocols,
encryption algorithms, and hashing algorithms.

The product series supports different tunneling technologies to establish secure tunnels between multiple
sites for data transferring, such as IPSec, OpenVPN, L2TP (over IPSec), PPTP and GRE. Besides, some advanced
functions, like Full Tunnel, Tunnel Failover, Tunnel Load Balance, NetBIOS over IPSec, NAT Traversal and
Dynamic VPN, are also supported.

202
Vehicle LTE Router AN-W02

5.1.1 IPSec

Internet Protocol Security (IPSec) is a protocol suite for securing Internet Protocol (IP) communications by
authenticating and encrypting each IP packet of a communication session. IPSec includes protocols for
establishing mutual authentication between agents at the beginning of the session and negotiation of
cryptographic keys to be used during the session.

An IPSec VPN tunnel is established between IPSec client and server. Sometimes, we call the IPSec VPN client as
the initiator and the IPSec VPN server as the responder. This gateway can be configured as different roles and
establish number of tunnels with various remote devices. Before going to setup the VPN connections, you may
need to decide the scenario type for the tunneling.

IPSec Tunnel Scenarios

To build IPSec tunnel, you need to fill in
remote gateway global IP, and optional
subnet if the hosts behind IPSec peer
can access to remote site or hosts.
Under such configuration, there are
four scenarios:
Site to Site: You need to setup remote
gateway IP and subnet of both
gateways. After the IPSec tunnel
established, hosts behind both
gateways can communication each
other through the tunnel.
Site to Host: Site to Host is suitable for tunneling between clients in a subnet and an application server (host).
203
Vehicle LTE Router AN-W02
As in the diagram, the clients behind the M2M gateway can access to the host "Host-DC" located in the
control center through Site to Host VPN tunnel.
Host to Site: On the contrast, for a single host (or mobile user to) to access the resources located in an
intranet, the Host to Site scenario can be applied.
Host to Host: Host to Host is a special configuration for building a VPN tunnel between two single hosts.

Site to Site with "Full Tunnel" enabled

In "Site to Site" scenario, client hosts in remote site can
access the enterprise resources in the Intranet of HQ
gateway via an established IPSec tunnel, as described
above. However, Internet access originates from
remote site still go through its regular WAN connection.
If you want all packets from remote site to be routed
via this IPSec tunnel, including HQ server access and
Internet access, you can just enable the “Full Tunnel"
setting. As a result, every time users surfs web or
searching data on Internet, checking personal emails, or
HQ server access, all traffics will go through the secure
IPSec tunnel and route by the Security Gateway in
control center.

Site to Site with "Hub and Spoke" mechanism

For a control center to manage the secure Intranet
among all its remote sites, there is a simple
configuration, called Hub and Spoke, for the whole
VPN network. A Hub and Spoke VPN Network is set
up in organizations with centralized control center
over all its remote sites, like shops or offices. The
control center acts as the Hub role and the remote
shops or Offices act as Spokes. All VPN tunnels from
remote sites terminate at this Hub, which acts as a
concentrator. Site-to-site connections between
spokes do not exist. Traffic originating from one
spoke and destined for another spoke has to go via
the Hub. Under such configuration, you don’t need
to maintain VPN tunnels between each two remote
clients.

204
Vehicle LTE Router AN-W02
Dynamic VPN Server Scenario
Dynamic VPN Server Scenario is an efficient way to
build multiple tunnels with remote sites, especially
for mobile clients with dynamic IP. In this scenario,
gateway can only be role of server (responder), and
it must have a “Static IP” or “FQDN”. It can allow
many VPN clients (initiators) to connect to with
various tunnel scenarios. In short, with a simple
Dynamic VPN server setting, many VPN clients can
connect to the server. But, in comparison to the Hub
and Spoke mechanism, it is not allowed to directly
communicate between any two clients via the
Dynamic VPN server.
For the purchased gateway, you can configure one
Dynamic VPN server for each WAN interface.

205
Vehicle LTE Router AN-W02

IPSec Setting

Go to Security > VPN > IPSec tab.

The IPSec Setting allows user to create and configure IPSec tunnels.

Enable IPSec

Configuration Window
Item Value setting Description
IPsec Unchecked by default Click the Enable box to enable IPSec function.
NetBIOS over IPSec Unchecked by default Click the Enable box to enable NetBIOS over IPSec function.

NAT Traversal Checked by default Click the Enable box to enable NAT Traversal function.

Max. Concurrent Depends on Product The specified value will limit the maximum number of simultaneous IPSec
IPSec Tunnels specification. tunnel connection. The default value can be different for the purchased model.
Save N/A Click Save to save the settings
Undo N/A Click Undo to cancel the settings

Create/Edit IPSec tunnel

Ensure that the IPSec enable box is checked to enable before further configuring the IPSec tunnel settings.

When Add/Edit button is applied, a series of configuration screens will appear. They are Tunnel Configuration,
Local & Remote Configuration, Authentication, IKE Phase, IKE Proposal Definition, IPSec Phase, and IPSec
Proposal Definition. You have to configure the tunnel details for both local and remote VPN devices.

206
Vehicle LTE Router AN-W02

Tunnel Configuration Window

Item Value setting Description
Tunnel Unchecked by default Check the Enable box to activate the IPSec tunnel
1. A Must fill setting
Enter a tunnel name. Enter a name that is easy for you to identify.
Tunnel Name 2. String format can be
Value Range: 1 ~ 19 characters.
any text
1. A Must fill setting
Select the interface on which IPSec tunnel is to be established. It can be the
Interface 2. WAN 1 is selected
available WAN and LAN interfaces.
by default
Select an IPSec tunneling scenario from the dropdown box for your application.
Select Site-to-Site, Site-to-Host, Host-to-Site, or Host-to-Host. If LAN interface
1. A Must fill setting
is selected, only Host-to-Host scenario is available.
2. Site to site is
Tunnel Scenario
selected by default
With Site-to-Site or Site-to-Host or Host-to-Site, IPSec operates in tunnel mode.
The difference among them is the number of subnets. With Host-to-Host, IPSec
operates in transport mode.
Select from the dropdown box to define the size of Tunel TCP MSS.
1. An optional setting
Select Auto, and all devices will adjust this parameter automatically.
Tunel TCP MSS 2. Auto is set by
Select Manual, and specify an expected vaule for Tunel TCP MSS.
default
Value Range: 64 ~ 1500 bytes.
Select from the dropdown box to setup your gateway for Hub-and-Spoke IPSec
VPN Deployments.
1. An optional setting Select None if your deployments will not support Hub or Spoke encryption.
Hub and Spoke 2. None is set by Select Hub for a Hub role in the IPSec design.
default Select Spoke for a Spoke role in the IPSec design.
Note: Hub and Spoke are available only for Site-to-Site VPN tunneling specified
in Tunnel Scenario. It is not available for Dynamic VPN tunneling application.
1. A Must fill setting Define operation mode for the IPSec Tunnel. It can be Always On, or Failover.
Operation Mode
2. Alway on is selected If this tunnel is set as a failover tunnel, you need to further select a primary

207
Vehicle LTE Router AN-W02
by default tunnel from which to failover to.
Note: Failover mode is not available for the gateway with single WAN.
1. A Must fill setting
Encapsulation Select the Encapsulation Protocol from the dropdown box for this IPSec tunnel.
2. ESP is selected by
Protocol Available encapsulations are ESP and AH.
default

Local & Remote Configuration Window

Item Value setting Description
Specify the Local Subnet IP address and Subnet Mask.
Click the Add or Delete button to add or delete a Local Subnet.

Note_1: When Dynamic VPN option in Tunnel Scenario is selected, there will be
A Must fill setting
Local Subnet List only one subnet available.
Note_2: When Host-to-Site or Host-to-Host option in Tunnel Scenario is
selected, Local Subnet will not be available.
Note_3: When Hub and Spoke option in Hub and Spoke is selected, there will be
only one subnet available.
Click Enable box to activate the Redirect Traffic function.

Note: Redirect Traffic is available only for Host-to-Site specified in Tunnel

Redirect Traffic Unchecked by default Scenario. By default, it is disabled, so it can prevent the un-expected and
dangerous access to the peer subnet. If you enable such function, all the
network devices behind the VPN host (actually, it is an NAT gateway) can access
to the peer subnet with the host IP.
Click Enable box to enable Full Tunnel.
Full Tunnel Unchecked by default
Note: Full tunnel is available only for Site-to-Site specified in Tunnel Scenario.
208
Vehicle LTE Router AN-W02
Specify the Remote Subnet IP address and Subnet Mask.
Remote Subnet List A Must fill setting
Click the Add or Delete button to add or delete Remote Subnet setting.
1. A Must fill setting.
Remote Gateway 2. Format can be a Specify the Remote Gateway.
ipv4 address or FQDN

Authentication Configuration Window

Item Value setting Description
Select Key Management from the dropdown box for this IPSec tunnel.
IKE+Pre-shared Key: user needs to set a key (8 ~ 32 characters).
1. A Must fill setting IKE+X.509: user needs Certificate to authenticate. IKE+X.509 will be available
Key Management 2. Pre-shared Key 8 to only when Certificate has been configured properly. Refer to Certificate section
32 characters. of this manual and also Object Definition > Certificate in web-based utility.
Manually: user needs to enter key ID to authenticate. Manual key configuration
will be explained in the following Manual Key Management section.
Specify the Local ID for this IPSec tunnel to authenticate.
Select User Name for Local ID and enter the username. The username may
include but can’t be all numbers.
Local ID An optional setting
Select FQDN for Local ID and enter the FQDN.
Select User@FQDN for Local ID and enter the User@FQDN.
Select Key ID for Local ID and enter the Key ID (English alphabet or number).
Specify the Remote ID for this IPSec tunnel to authenticate.
Select User Name for Remote ID and enter the username. The username may
include but can’t be all numbers.
Select FQDN for Local ID and enter the FQDN.
Remote ID An optional setting
Select User@FQDN for Remote ID and enter the User@FQDN.
Select Key ID for Remote ID and enter the Key ID (English alphabet or number).
Note: Remote ID will be not available when Dynamic VPN option in Tunnel
Scenario is selected.

209
Vehicle LTE Router AN-W02

IKE Phase Window

Item Value setting Description
1. A must fill setting Specify the IKE version for this IPSec tunnel. Select v1 or v2
IKE Version 2. v1 is selected by Note: IKE versions will not be available when Dynamic VPN option in Tunnel
default Scenario is selected, or AH option in Encapsulation Protocol is selected.
Main Mode is set by Specify the Negotiation Mode for this IPSec tunnel. Select Main Mode or
Negotiation Mode
default default Aggressive Mode.
Specify the X-Auth role for this IPSec tunnel. Select Server, Client, or None.
Selected None no X-Auth authentication is required.
Selected Server this gateway will be an X-Auth server. Click on the X-Auth
None is selected by Account button to create remote X-Auth client account.
X-Auth
default Selected Client this gateway will be an X-Auth client. Enter User name and
Password to be authenticated by the X-Auth server gateway.
Note: X-Auth Client will not be available for Dynamic VPN option selected in
Tunnel Scenario.
1. Checked by default Click Enable box to enable DPD function. Specify the Timeout and Delay time in
Dead Peer Detection
2. Default Timeout seconds.
(DPD)
180s and Delay 30s Value Range: 0 ~ 999 seconds for Timeout and Delay.
1. A Must fill setting
Phase1 Key Life Specify the Phase1 Key Life Time.
2. Default 3600s
Time Value Range: 30 ~ 86400.
3. Max. 86400s

210
Vehicle LTE Router AN-W02

IKE Proposal Definition Window

Item Value setting Description
Specify the Phase 1 Encryption method. It can be DES / 3DES / AES-auto / AES-
128 / AES-192 / AES-256.

Specify the Authentication method. It can be None / MD5 / SHA1 / SHA2-256.

IKE Proposal
A Must fill setting
Definition
Specify the DH Group. It can be None / Group1 / Group2 / Group5 / Group14 /
Group15 / Group16 / Group17 / Group18.

Check Enable box to enable this setting

IPSec Phase Window

Item Value setting Description
1. A Must fill setting
2. 28800s is set by Specify the Phase2 Key Life Time in second.
Phase2 Key Life Time
default Value Range: 30 ~ 86400.
3. Max. 86400s

211
Vehicle LTE Router AN-W02

IPSec Proposal Definition Window

Item Value setting Description
Specify the Encryption method. It can be None / DES / 3DES / AES-auto / AES-
128 / AES-192 / AES-256.
Note: None is available only when Encapsulation Protocol is set as AH; it is not
available for ESP Encapsulation.

Specify the Authentication method. It can be None / MD5 / SHA1 / SHA2-256.

IPSec Proposal
A Must fill setting Note: None and SHA2-256 are available only when Encapsulation Protocol is set
Definition
as ESP; they are not available for AH Encapsulation.

Specify the PFS Group. It can be None / Group1 / Group2 / Group5 / Group14 /
Group15 / Group16 / Group17 / Group18.

Click Enable to enable this setting

Save N/A Click Save to save the settings
Undo N/A Click Undo to cancel the settings
Back N/A Click Back to return to the previous page.

Manual Key Management

When the Manually option is selected for Key Management as described in Authentication Configuration
Window, a series of configuration windows for Manual IPSec Tunnel configuration will appear. The
configuration windows are the Local & Remote Configuration, the Authentication, and the Manual Proposal.

Authentication Window
Item Value setting Description
212
Vehicle LTE Router AN-W02
Select Key Management from the dropdown box for this IPSec tunnel.
Key Management A Must fill setting
In this section Manually is the option selected.
Specify the Local ID for this IPSec tunnel to authenticate.
Local ID An optional setting
Select the Key ID for Local ID and enter the Key ID (English alphabet or number).
Specify the Remote ID for this IPSec tunnel to authenticate.
Remote ID An optional setting
Select Key ID for Remote ID and enter the Key ID (English alphabet or number).

Local & Remote Configuration Window

Item Value setting Description
Local Subnet A Must fill setting Specify the Local Subnet IP address and Subnet Mask.
Local Netmask A Must fill setting Specify the Local Subnet Mask.
Remote Subnet A Must fill setting Specify the Remote Subnet IP address
Remote Netmask A Must fill setting Specify the Remote Subnet Mask.
1. A Must fill setting
Remote Gateway 2. An IPv4 address or Specify the Remote Gateway. The Remote Gateway
FQDN format
Under the Manually Key Management authentication configuration, only one subnet is supported for both
Local and Remote IPSec peer.

Manual Proposal Window

Item Value setting Description
Outbound SPI Hexadecimal format Specify the Outbound SPI for this IPSec tunnel.

213
Vehicle LTE Router AN-W02
Value Range: 0 ~ FFFF.
Specify the Inbound SPI for this IPSec tunnel.
Inbound SPI Hexadecimal format
Value Range: 0 ~ FFFF.
Specify the Encryption Method and Encryption key.
Available encryption methods are DES/3DES/AES-128/AES-192/AES-256.
1. A Must fill setting The key length for DES is 16, 3DES is 48, AES-128 is 32, AES-192 is 48, and AES-
Encryption
2. Hexadecimal format 256 is 64.
Note: When AH option in Encapsulation is selected, encryption will not be
available.
Specify the Authentication Method and Authentication key.
Available encryptions are None/MD5/SHA1/SHA2-256.
1. A Must fill setting
Authentication The key length for MD5 is 32, SHA1 is 40, and SHA2-256 is 64.
2. Hexadecimal format
Note: When AH option in Encapsulation Protocol is selected, None option in
Authentication will not be available.
Save N/A Click Save to save the settings
Undo N/A Click Undo to cancel the settings
Back N/A Click Back to return to the previous page.

Create/Edit Dynamic VPN Server List

Similar to create an IPSec VPN Tunnel for site/host to site/host scenario, when Edit button is applied a series
of configuration screen will appear. They are Tunnel Configuration, Local & Remote Configuration,
Authentication, IKE Phase, IKE Proposal Definition, IPSec Phase, and IPSec Proposal Definition. You have to
configure the tunnel details for the gateway as a Dynamic VPN server.

Note: For the purchased gateway, you can configure one Dynamic VPN server for each WAN interface.

214
Vehicle LTE Router AN-W02
Tunnel Configuration Window
Item Value setting Description
Tunnel Unchecked by default Check the Enable box to activate the Dynamic IPSec VPN tunnel.
1. A Must fill setting
Enter a tunnel name. Enter a name that is easy for you to identify.
Tunnel Name 2. String format can be
Value Range: 1 ~ 19 characters.
any text
1. A Must fill setting
Interface 2. WAN 1 is selected Select WAN interface on which IPSec tunnel is to be established.
by default
1. A Must fill setting
Tunnel Scenario 2. Dynamic VPN is The IPSec tunneling scenario is fixed to Dynamic VPN.
selected by default
1. A Must fill setting
The available operation mode is Always On. Failover option is not available for
Operation Mode 2. Alway on is selected
the Dynamic IPSec scenario.
by default
1. A Must fill setting
Encapsulation Select the Encapsulation Protocol from the dropdown box for this IPSec tunnel.
2. ESP is selected by
Protocol Available encapsulations are ESP and AH.
default

Local & Remote Configuration Window

Item Value setting Description
Local Subnet A Must fill setting Specify the Local Subnet IP address.
Local Netmask A Must fill setting Specify the Local Subnet Mask.

Authentication Configuration Window

Item Value setting Description
Key Management 1. A Must fill setting Select Key Management from the dropdown box for this IPSec tunnel.

215
Vehicle LTE Router AN-W02
2. Pre-shared Key 8 to IKE+Pre-shared Key: user needs to set a key (8 ~ 32 characters).
32 characters.
Specify the Local ID for this IPSec tunnel to authenticate.
Select User Name for Local ID and enter the username. The username may
include but can’t be all numbers.
Local ID An optional setting
Select FQDN for Local ID and enter the FQDN.
Select User@FQDN for Local ID and enter the User@FQDN.
Select Key ID for Local ID and enter the Key ID (English alphabet or number).
Specify the Remote ID for this IPSec tunnel to authenticate.
Select User Name for Remote ID and enter the username. The username may
include but can’t be all numbers.
Select FQDN for Local ID and enter the FQDN.
Remote ID An optional setting
Select User@FQDN for Remote ID and enter the User@FQDN.
Select Key ID for Remote ID and enter the Key ID (English alphabet or number).
Note: Remote ID will be not available when Dynamic VPN option in Tunnel
Scenario is selected.

For the rest IKE Phase, IKE Proposal Definition, IPSec Phase, and IPSec Proposal Definition settings, they are the
same as that of creating an IPSec Tunnel described in previous section. Please refer to the related description.

216
Vehicle LTE Router AN-W02

5.1.2 OpenVPN
OpenVPN is an application that implements virtual private network (VPN) techniques for creating secure
point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It
uses a custom security protocol that utilizes SSL/TLS for key exchange. It is capable of traversing network
address translators (NATs) and firewalls.

OpenVPN allows peers to authenticate each other using a Static Key (pre-shared key) or certificates. When
used in a multi-client-server configuration, it allows the server to release an authentication certificate for
every client, using signature and certificate authority. It uses the OpenSSL encryption library extensively, as
well as the SSLv3/TLSv1 protocol, and contains many security and control features.

OpenVPN Tunneling is a Client and Server based tunneling technology. The OpenVPN Server must have a
Static IP or a FQDN, and maintain a Client list. The OpenVPN Client may be a mobile user or mobile site with
public IP or private IP, and requesting the OpenVPN tunnel connection. The product supports both OpenVPN
Server and OpenVPN Client features to meet different application requirements.

There are two OpenVPN connection scenarios. They are the TAP and TUN scenarios. The product can create
either a layer-3 based IP tunnel (TUN), or a layer-2 based Ethernet TAP that can carry any type of Ethernet
traffic. In addition to configuring the device as a Server or Client, you have to specify which type of OpenVPN
connection scenario is to be adopted.

OpenVPN TUN Scenario

The term "TUN" mode is referred to routing mode and
operates with layer 3 packets. In routing mode, the VPN
client is given an IP address on a different subnet than
the local LAN under the OpenVPN server. This virtual
subnet is created for connecting to any remote VPN
computers. In routing mode, the OpenVPN server
creates a "TUN" interface with its own IP address pool
which is different to the local LAN. Remote hosts that
dial-in will get an IP address inside the virtual network
and will have access only to the server where OpenVPN
resides.

If you want to offer remote access to a VPN server from

client(s), and inhibit the access to remote LAN resources
under VPN server, OpenVPN TUN mode is the simplest
solution.

As shown in the diagram, the M2M-IoT Gateway is configured as an OpenVPN TUN Client, and connects to an
OpenVPN UN Server. Once the OpenVPN TUN connection is established, the connected TUN client will be
217
Vehicle LTE Router AN-W02
assigned a virtual IP (10.8.0.2) which is belong to a virtual subnet that is different to the local subnet in Control
Center. With such connection, the local networked devices will get a virtual IP 10.8.0.x if its traffic goes
through the OpenVPN TUN connection when Redirect Internet Traffic settings is enabled; Besides, the SCADA
Server in Control Center can access remote attached serial device(s) with the virtual IP address (10.8.0.2).

OpenVPN TAP Scenario

The term "TAP" is referred to bridge mode and operates

with layer 2 packets. In bridge mode, the VPN client is
given an IP address on the same subnet as the LAN
resided under the OpenVPN server. Under such
configuration, the OpenVPN client can directly access to
the resources in LAN. If you want to offer remote access
to the entire remote LAN for VPN client(s), you have to
setup OpenVPN in “TAP” bridge mode.

As shown in the diagram, the M2M-IoT Gateway is

configured as an OpenVPN TAP Client, and connects to an
OpenVPN TAP Server. Once the OpenVPN TAP connection
is established, the connected TAP client will be assigned a
virtual IP (192.168.100.210) which is the same subnet as
that of local subnet in Control Center. With such connection, the SCADA Server in Control Center can access
remote attached serial device(s) with the virtual IP address (192.168.100.210).

218
Vehicle LTE Router AN-W02

Open VPN Setting

Go to Security > VPN > OpenVPN tab.

The OpenVPN setting allows user to create and configure OpenVPN tunnels.

Enable OpenVPN

Enable OpenVPN and select an expected configuration, either server or client, for the gateway to operate.

Configuration
Item Value setting Description
OpenVPN The box is unchecked by Check the Enable box to activate the OpenVPN function.
default
Server/ Server Configuration is When Server is selected, as the name indicated, server configuration will be
Client selected by default. displayed below for further setup.
When Client is selected, you can specify the client settings in another client
configuration window.

219
Vehicle LTE Router AN-W02
As an OpenVPN Server

If Server is selected, an OpenVPN Server Configuration screen will appear. OpenVPN Server Configuration
window can let you enable the OpenVPN server function, specify the virtual IP address of OpenVPN server,
when remote OpenVPN clients dial in, and the authentication protocol.

The OpenVPN Server supports up to 4 TUN / TAP tunnels at the same time.

OpenVPN Server Configuration

220
Vehicle LTE Router AN-W02
Item Value setting Description
OpenVPN Server The box is unchecked by Click the Enable to activate OpenVPN Server functions.
default.
Protocol 1. A Must filled setting Define the selected Protocol for connecting to the OpenVPN Server.
2. By default TCP is  Select TCP , or UDP
selected. -> The TCP protocol will be used to access the OpenVPN Server, and Port will be
set as 4430 automatically.
 Select UDP
-> The UDP protocol will be used to access the OpenVPN Server, and Port will be
set as 1194 automatically.
Port 1. A Must filled setting Specify the Port for connecting to the OpenVPN Server.
2. By default 4430 is set. Value Range: 1 ~ 65535.
Tunnel Scenario 1. A Must filled setting Specify the type of Tunnel Scenario for connecting to the OpenVPN Server. It
2. By default TUN is can be TUN for TUN tunnel scenario, or TAP for TAP tunnel scenario.
selected.
Authorization 1. A Must filled setting Specify the authorization mode for the OpenVPN Server.
Mode 2. By default Static Key  TLS
is selected. ->The OpenVPN will use TLS authorization mode, and the following items CA
Cert., Server Cert. and DH PEM will be displayed.
CA Cert. could be generated in Certificate. Refer to Object Definition >
Certificate > Trusted Certificate.
Server Cert. could be generated in Certificate. Refer to Object Definition >
Certificate > My Certificate.
 Static Key
->The OpenVPN will use static key (pre-shared) authorization mode, and the
following items Local Endpoint IP Address, Remote Endpoint IP Address and
Static Key will be displayed.
Note: Static Key will be available only when TUN is chosen in Tunnel Scenario.
Local Endpoint A Must filled setting Specify the virtual Local Endpoint IP Address of this OpenVPN gateway.
IP Address Value Range: The IP format is 10.8.0.x, the range of x is 1~254.
Note: Local Endpoint IP Address will be available only when Static Key is chosen
in Authorization Mode.
Remote A Must filled setting Specify the virtual Remote Endpoint IP Address of the peer OpenVPN gateway.
Endpoint IP Value Range: The IP format is 10.8.0.x, the range of x is 1~254.
Address Note: Remote Endpoint IP Address will be available only when Static Key is
chosen in Authorization Mode.
Static Key A Must filled setting Specify the Static Key.
Note: Static Key will be available only when Static Key is chosen in Authorization
Mode.
Server Virtual IP A Must filled setting Specify the Server Virtual IP.
Value Range: The IP format is 10.y.0.0, the range of y is 1~254.
Note: Server Virtual IP will be available only when TLS is chosen in Authorization
Mode.
DHCP-Proxy 1. A Must filled setting Check the Enable box to activate the DHCP-Proxy Mode.
Mode 2. The box is checked by Note: DHCP-Proxy Mode will be available only when TAP is chosen in Tunnel
default. Device.
IP Pool A Must filled setting Specify the virtual IP pool setting for the OpenVPN server. You have to specify
the Starting Address and Ending Address as the IP address pool for the
OpenVPN clients.
Note: IP Pool will be available only when TAP is chosen in Tunnel Device, and
DHCP-Proxy Mode is unchecked (disabled).

221
Vehicle LTE Router AN-W02
Gateway A Must filled setting Specify the Gateway setting for the OpenVPN server. It will be assigned to the
connected OpenVPN clients.
Note: Gateway will be available only when TAP is chosen in Tunnel Device, and
DHCP-Proxy Mode is unchecked (disabled).
Netmask By default - select one - is Specify the Netmask setting for the OpenVPN server. It will be assigned to the
selected. connected OpenVPN clients.
Value Range: 255.255.255.0/24 (only support class C)

Note_1: Netmask will be available when TAP is chosen in Tunnel Device, and
DHCP-Proxy Mode is unchecked (disabled).
Note_2: Netmask will also be available when TUN is chosen in Tunnel Device.
Redirect Default 1. An Optional setting. Check the Enable box to activate the Redirect Default Gateway function.
Gateway 2. The box is unchecked by
default.
Encryption 1. A Must filled setting. Specify the Encryption Cipher from the dropdown list.
Cipher 2. By default Blowfish is It can be Blowfish/AES-256/AES-192/AES-128/None.
selected.
Hash Algorithm By default SHA-1 is Specify the Hash Algorithm from the dropdown list.
selected. It can be SHA-1/MD5/MD4/SHA2-256/SHA2-512/None/Disable.
LZO By default Adaptive is Specify the LZO Compression scheme.
Compression selected. It can be Adaptive/YES/NO/Default.
Persis Key 1. An Optional setting. Check the Enable box to activate the Persis Key function.
2. The box is checked by
default.
Persis Tun 1. An Optional setting. Check the Enable box to activate the Persis Tun function.
2. The box is checked by
default.
Advanced N/A Click the Edit button to specify the Advanced Configuration setting for the
Configuration OpenVPN server.
If the button is clicked, Advanced Configuration will be displayed below.
Save N/A Click Save to save the settings.
Undo N/A Click Undo to cancel the changes.

222
Vehicle LTE Router AN-W02
When Advanced Configuration is selected, an OpenVPN Server Advanced Configuration screen will appear.

OpenVPN Server Advanced Configuration

Item Value setting Description
TLS Cipher 1. A Must filled setting. Specify the TLS Cipher from the dropdown list.
2. TLS-RSA-WITH-AES128- It can be None / TLS-RSA-WITH-RC4-MD5 / TLS-RSA-WITH-AES128-SHA / TLS-
SHA is selected by default RSA-WITH-AES256-SHA / TLS-DHE-DSS-AES128-SHA / TLS-DHE-DSS-AES256-
SHA.
Note: TLS Cipher will be available only when TLS is chosen in Authorization
Mode.
TLS Auth. Key 1. An Optional setting. Specify the TLS Auth. Key.
2. String format: any text Note: TLS Auth. Key will be available only when TLS is chosen in Authorization
Mode.
Client to Client The box is checked by Check the Enable box to enable the traffics among different OpenVPN Clients.
default Note: Client to Client will be available only when TLS is chosen in Authorization
Mode
Duplicate CN The box is checked by Check the Enable box to activate the Duplicate CN function.
default Note: Duplicate CN will be available only when TLS is chosen in Authorization
Mode
Tunnel MTU 1. A Must filled setting Specify the Tunnel MTU.
2. The value is 1500 by Value Range: 0 ~ 1500.
default
Tunnel UDP 1. A Must filled setting Specify the Tunnel UDP Fragment. By default, it is equal to Tunnel MTU.
Fragment 2. The value is 1500 by Value Range: 0 ~ 1500.
default Note: Tunnel UDP Fragment will be available only when UDP is chosen in
223
Vehicle LTE Router AN-W02
Protocol.
Tunnel UDP 1. An Optional setting. Check the Enable box to activate the Tunnel UDP MSS-Fix Function.
MSS-Fix 2. The box is unchecked by Note: Tunnel UDP MSS-Fix will be available only when UDP is chosen in
default. Protocol.
CCD-Dir Default 1. An Optional setting. Specify the CCD-Dir Default File.
File 2. String format: any text Value Range: 0 ~ 256 characters.
Client 1. An Optional setting. Specify the Client Connection Script.
Connection 2. String format: any text Value Range: 0 ~ 256 characters.
Script
Additional 1. An Optional setting. Specify the Additional Configuration.
Configuration 2. String format: any text Value Range: 0 ~ 256 characters.

224
Vehicle LTE Router AN-W02
As an OpenVPN Client

If Client is selected, an OpenVPN Client List screen will appear.

When Add button is applied, OpenVPN Client Configuration screen will appear. OpenVPN Client Configuration
window let you specify the required parameters for an OpenVPN VPN client, such as "OpenVPN Client Name",
"Interface", "Protocol", "Tunnel Scenario", "Remote IP/FQDN", "Remote Subnet", "Authorization Mode",
"Encryption Cipher", "Hash Algorithm" and tunnel activation.

225
Vehicle LTE Router AN-W02

OpenVPN Client Configuration

Item Value setting Description
OpenVPN Client A Must filled setting The OpenVPN Client Name will be used to identify the client in the tunnel list.
Name Value Range: 1 ~ 32 characters.
Interface 1. A Must filled setting Define the physical interface to be used for this OpenVPN Client tunnel.
2. By default WAN-1 is
selected.
Protocol 1. A Must filled setting Define the Protocol for the OpenVPN Client.
2. By default TCP is  Select TCP
selected. ->The OpenVPN will use TCP protocol, and Port will be set as 443 automatically.
 Select UDP
-> The OpenVPN will use UDP protocol, and Port will be set as 1194
automatically.
Port 1. A Must filled setting Specify the Port for the OpenVPN Client to use.
2. By default 443 is Value Range: 1 ~ 65535.
set.
Tunnel Scenario 1. A Must filled setting Specify the type of Tunnel Scenario for the OpenVPN Client to use. It can be
2. By default TUN is TUN for TUN tunnel scenario, or TAP for TAP tunnel scenario.
selected.
Remote IP/FQDN A Must filled setting Specify the Remote IP/FQDN of the peer OpenVPN Server for this OpenVPN
Client tunnel.
Fill in the IP address or FQDN.
Remote Subnet 1. An Optional setting. Check the Enable box to activate remote subnet function, and specify Remote
2. The box is Subnet of the peer OpenVPN Server for this OpenVPN Client tunnel.
unchecked by default. Fill in the remote subnet address and remote subnet mask.
Redirect Internet 1. An Optional setting. Check the Enable box to activate the Redirect Internet Traffic function.
Traffic 2. The box is
unchecked by default.
NAT 1. An Optional setting. Check the Enable box to activate the NAT function.
2. The box is
unchecked by default.
Authorization Mode 1. A Must filled setting Specify the authorization mode for the OpenVPN Server.
2. By default TLS is  TLS
selected. ->The OpenVPN will use TLS authorization mode, and the following items CA
Cert., Client Cert. and Client Key will be displayed.
CA Cert. could be selected in Trusted CA Certificate List. Refer to Object
Definition > Certificate > Trusted Certificate.
Client Cert. could be selected in Local Certificate List. Refer to Object Definition
> Certificate > My Certificate.
Client Key could be selected in Trusted Client key List. Refer to Object Definition
> Certificate > Trusted Certificate.
 Static Key
->The OpenVPN will use static key authorization mode, and the following items
Local Endpoint IP Address, Remote Endpoint IP Address and Static Key will be
displayed.
Local Endpoint IP A Must filled setting Specify the virtual Local Endpoint IP Address of this OpenVPN gateway.
Address Value Range: The IP format is 10.8.0.x, the range of x is 1~254.
Note: Local Endpoint IP Address will be available only when Static Key is chosen
in Authorization Mode.

226
Vehicle LTE Router AN-W02
Remote Endpoint IP A Must filled setting Specify the virtual Remote Endpoint IP Address of the peer OpenVPN gateway.
Address Value Range: The IP format is 10.8.0.x, the range of x is 1~254.
Note: Remote Endpoint IP Address will be available only when Static Key is
chosen in Authorization Mode.
Static Key A Must filled setting Specify the Static Key.
Note: Static Key will be available only when Static Key is chosen in Authorization
Mode.
Encryption Cipher By default Blowfish is Specify the Encryption Cipher.
selected. It can be Blowfish/AES-256/AES-192/AES-128/None.
Hash Algorithm By default SHA-1 is Specify the Hash Algorithm.
selected. It can be SHA-1/MD5/MD4/SHA2-256/SHA2-512/None/Disable.
LZO Compression By default Adaptive is Specify the LZO Compression scheme.
selected. It can be Adaptive/YES/NO/Default.
Persis Key 1. An Optional setting. Check the Enable box to activate the Persis Key function.
2. The box is checked
by default.
Persis Tun 1. An Optional setting. Check the Enable box to activate the Persis Tun function.
2. The box is checked
by default.
Advanced N/A Click the Edit button to specify the Advanced Configuration setting for the
Configuration OpenVPN server.
If the button is clicked, Advanced Configuration will be displayed below.
Tunnel The box is unchecked Check the Enable box to activate this OpenVPN tunnel.
by default
Save N/A Click Save to save the settings.
Undo N/A Click Undo to cancel the changes.
Back N/A Click Back to return to last page.

227
Vehicle LTE Router AN-W02
When Advanced Configuration is selected, an OpenVPN Client Advanced Configuration screen will appear.

OpenVPN Advanced Client Configuration

Item Value setting Description
TLS Cipher 1. A Must filled setting. Specify the TLS Cipher from the dropdown list.
2. TLS-RSA-WITH- It can be None / TLS-RSA-WITH-RC4-MD5 / TLS-RSA-WITH-AES128-SHA / TLS-
AES128-SHA is selected RSA-WITH-AES256-SHA / TLS-DHE-DSS-AES128-SHA / TLS-DHE-DSS-AES256-
by default SHA.
Note: TLS Cipher will be available only when TLS is chosen in Authorization
Mode.
TLS Auth. Key 1. An Optional setting. Specify the TLS Auth. Key for connecting to an OpenVPN server, if the server
2. String format: any text required it.
Note: TLS Auth. Key will be available only when TLS is chosen in Authorization
Mode.

228
Vehicle LTE Router AN-W02
User Name An Optional setting. Enter the User account for connecting to an OpenVPN server, if the server
required it.
Note: User Name will be available only when TLS is chosen in Authorization
Mode.
Password An Optional setting. Enter the Password for connecting to an OpenVPN server, if the server
required it.
Note: User Name will be available only when TLS is chosen in Authorization
Mode.
Bridge TAP to By default VLAN 1 is Specify the setting of “Bridge TAP to” to bridge the TAP interface to a certain
selected local network interface or VLAN.
Note: Bridge TAP to will be available only when TAP is chosen in Tunnel
Scenario and NAT is unchecked.
Firewall Protection The box is unchecked by Check the box to activate the Firewall Protection function.
default. Note: Firewall Protection will be available only when NAT is enabled.
Client IP Address By default Dynamic IP is Specify the virtual IP Address for the OpenVPN Client.
selected It can be Dynamic IP/Static IP.
Tunnel MTU 1.A Must filled setting Specify the value of Tunnel MTU.
2.The value is 1500 by Value Range: 0 ~ 1500.
default
Tunnel UDP The value is 1500 by Specify the value of Tunnel UDP Fragment.
Fragment default Value Range: 0 ~ 1500.
Note: Tunnel UDP Fragment will be available only when UDP is chosen in
Protocol.
Tunnel UDP MSS- The box is unchecked by Check the Enable box to activate the Tunnel UDP MSS-Fix function.
Fix default. Note: Tunnel UDP MSS-Fix will be available only when UDP is chosen in
Protocol.
nsCerType The box is unchecked by Check the Enable box to activate the nsCerType Verification function.
Verification default. Note: nsCerType Verification will be available only when TLS is chosen in
Authorization Mode.
TLS Renegotiation The value is 3600 by Specify the time interval of TLS Renegotiation Time.
Time (seconds) default Value Range: -1 ~ 86400.
Connection The value is -1 by default Specify the time interval of Connection Retry.
Retry(seconds) The default -1 means that it is no need to execute connection retry.
Value Range: -1 ~ 86400, and -1 means no retry is required.
DNS By default Automatically Specify the setting of DNS.
is selected It can be Automatically/Manually.
Additional An Optional setting. Enter optional configuration string here. Up to 256 characters is allowable.
Configuration Value Range: 0 ~ 256characters.
Save N/A Click Save to save the settings.
Undo N/A Click Undo to cancel the changes.
Back N/A Click Back to return to last page.

229
Vehicle LTE Router AN-W02

5.1.3 L2TP

Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as
part of the delivery of services by ISPs. It does not provide any encryption or confidentiality by itself. Rather, it
relies on an encryption protocol that it passes within the tunnel to provide privacy. This Gateway can behave
as a L2TP server and a L2TP client both at the same time.

L2TP Server: It must have a static IP or a FQDN for clients to create L2TP tunnels. It also maintains “User
Account list” (user name/ password) for client login authentication; There is a virtual IP pool to assign virtual IP
to each connected L2TP client.

L2TP Client: It can be mobile users or gateways in remote offices with dynamic IP. To setup tunnel, it should
get “user name”, “password” and server’s global IP. In addition, it is required to identify the operation mode
for each tunnel as main connection, failover for another tunnel, or load balance tunnel to increase overall
bandwidth. It needs to decide “Default Gateway” or “Remote Subnet” for packet flow. Moreover, you can also
define what kind of traffics will pass through the L2TP tunnel in the “Default Gateway / Remote Subnet”
parameter.
230
Vehicle LTE Router AN-W02
Besides, for the L2TP client peer, a Remote
Subnet item is required. It is for the Intranet of
L2TP server peer. So, at L2TP client peer, the
packets whose destination is in the dedicated
subnet will be transferred via the L2TP tunnel.
Others will be transferred based on current
routing policy of the gateway at L2TP client
peer. But, if you entered 0.0.0.0/0 in the
Remote Subnet field, it will be treated as a
"Default Gateway" setting for the L2TP client
peer, all packets, including the Internet
accessing of L2TP client peer, will go through
the established L2TP tunnel. That means the
remote L2TP server peer controls the flow of
any packets from the L2TP client peer.
Certainly, those packets come through the
L2TP tunnel.

231
Vehicle LTE Router AN-W02

L2TP Setting

Go to Security > VPN > L2TP tab.

The L2TP setting allows user to create and configure L2TP tunnels.

Enable L2TP

Enable L2TP Window

Item Value setting Description
L2TP Unchecked by default Click the Enable box to activate L2TP function.
Specify the role of L2TP. Select Server or Client role your gateway will take.
Client/Server A Must filled setting
Below are the configuration windows for L2TP Server and for Client.
Save N/A Click Save button to save the settings

As a L2TP Server

When select Server in Client/Server, the L2TP server Configuration will appear.

232
Vehicle LTE Router AN-W02

L2TP Server Configuration

Item Value setting Description
The box is unchecked When click the Enable box
L2TP Server
by default It will active L2TP server
When click the Enable box.
The box is unchecked
L2TP over IPSec It will enable L2TP over IPSec and need to fill in the Pre-shared Key (8~32
by default
characters).
Specify the L2TP server Virtual IP
Server Virtual IP A Must filled setting
It will set as this L2TP server local virtual IP
Specify the L2TP server starting IP of virtual IP pool
IP Pool Starting 1. A Must filled setting
It will set as the starting IP which assign to L2TP client
Address 2. 10 is set by default.
Value Range: 1 ~ 254.
Specify the L2TP server ending IP of virtual IP pool
IP Pool Ending 1. A Must filled setting
It will set as the ending IP which assign to L2TP client
Address 2. 17 is set by default.
Value Range: >= Starting Address, and < (Starting Address + 8) or 254.
Select single or multiple Authentication Protocols for the L2TP server with
Authentication
A Must filled setting which to authenticate L2TP clients. Available authentication protocols are PAP /
Protocol
CHAP / MS-CHAP / MS-CHAP v2.
Specify whether to support MPPE Protocol. Click the Enable box to enable
MPPE and from dropdown box to select 40 bits / 56 bits / 128 bits.
MPPE Encryption A Must filled setting
Note: when MPPE Encryption is enabled, the Authentication Protocol PAP /
CHAP options will not be available.
Specify the Service Port which L2TP server use.
Service Port A Must filled setting
Value Range: 1 ~ 65535.
Save N/A Click the Save button to save the configuration.
Undo N/A Click the Undo button to recovery the configuration.

L2TP Server Status

Item Value setting Description
It displays the User Name, Remote IP, Remote Virtual IP, and Remote Call ID of
L2TP Server Status N/A the connected L2TP clients.
Click the Refresh button to renew the L2TP client information.

233
Vehicle LTE Router AN-W02

User Account List Window

Item Value setting Description
This is the L2TP authentication user account entry. You can create and add
accounts for remote clients to establish L2TP VPN connection to the gateway
device.
Click Add button to add user account. Enter User name and password. Then
Max.of 10 user
User Account List check the enable box to enable the user.
accounts
Click Save button to save new user account.
The selected user account can permanently be deleted by clicking the Delete
button.
Value Range: 1 ~ 32 characters.

As a L2TP Client

When select Client in Client/Server, a series L2TP Client Configuration will appear.

L2TP Client Configuration

Item Setting Value setting Description
L2TP Client The box is unchecked
Check the Enable box to enable L2TP client role of the gateway.
by default
Save N/A Click Save button to save the settings.
Undo N/A Click Undo button to cancel the settings.

234
Vehicle LTE Router AN-W02
Create/Edit L2TP Client

When Add/Edit button is applied, a series of configuration screen will appear. You can add up to 8 L2TP
Clients.

L2TP Client Configuration

Item Setting Value setting Description
Enter a tunnel name. Enter a name that is easy for you to identify.
Tunnel Name A Must filled setting
Value Range: 1 ~ 32 characters.
Interface A Must filled setting Define the selected interface to be the used for this L2TP tunnel
235
Vehicle LTE Router AN-W02
(WAN-1 is available only when WAN-1 interface is enabled)
The same applies to other WAN interfaces (e.g. WAN-2).
1. A Must filled setting Define operation mode for the L2TP Tunnel. It can be Always On, or Failover.
2. Alwasy on is If this tunnel is set as a failover tunnel, you need to further select a primary
Operation Mode
selected by default tunnel from which to failover to.
Note: Failover mode is not available for the gateway with single WAN.
The box is unchecked Check the Enable box to activate L2TP over IPSec, and further specify a Pre-
L2TP over IPSec
by default shared Key (8~32 characters).
Remote LNS
A Must filled setting Enter the public IP address or the FQDN of the L2TP server.
IP/FQDN
1. A Must filled setting
Enter the Remote LNS Port for this L2TP tunnel.
Remote LNS Port 2. 1701 is set by
Value Range: 1 ~ 65535.
default
Enter the User Name for this L2TP tunnel to be authenticated when connect to
User Name A Must filled setting L2TP server.
Value Range: 1 ~ 32 characters.
Enter the Password for this L2TP tunnel to be authenticated when connect to
Password A Must filled setting
L2TP server.
Tunneling The box is unchecked
Enter the Tunneling Password for this L2TP tunnel to authenticate.
Password(Optional) by default
Specify the remote subnet for this L2TP tunnel to reach L2TP server.
The Remote Subnet format must be IP address/netmask (e.g. 10.0.0.2/24).
It is for the Intranet of L2TP VPN server. So, at L2TP client peer, the packets
whose destination is in the dedicated subnet will be transferred via the L2TP
VPN tunnel. Others will be transferred based on current routing policy of the
security gateway at L2TP client peer.
Remote Subnet A Must filled setting
If you entered 0.0.0.0/0 in the Remote Subnet field, it will be treated as a
default gateway setting for the L2TP client peer, all packets, including the
Internet accessing of L2TP Client peer, will go through the established L2TP VPN
tunnel. That means the remote L2TP VPN server controls the flow of any
packets from the L2TP client peer. Certainly, those packets come through the
L2TP VPN tunnel.
1. A Must filled setting Specify one ore multiple Authentication Protocol for this L2TP tunnel.
Authentication
2. Unchecked by Available authentication methods are PAP / CHAP / MS-CHAP / MS-CHAP v2.
Protocol
default
1. Unchecked by Specify whether L2TP server supports MPPE Protocol. Click the Enable box to
default enable MPPE.
MPPE Encryption
2. an optional setting Note: when MPPE Encryption is enabled, the Authentication Protocol PAP /
CHAP options will not be available.
1. Auto is set by Specify the LCP Echo Type for this L2TP tunnel. It can be Auto, User-defined, or
default Disable.
Auto: the system sets the Interval and Max. Failure Time.
LCP Echo Type
User-defined: enter the Interval and Max. Failure Time. The default value for
Interval is 30 seconds, and Maximum Failure Times is 6 Times.
Disable: disable the LCP Echo.
236
Vehicle LTE Router AN-W02
Value Range: 1 ~ 99999 for Interval Time, 1~999 for Failure Time.
Specify the Service Port for this L2TP tunnel to use. It can be Auto, (1701) for
Cisco), or User-defined.
Auto: The system determines the service port.
Service Port A Must filled setting 1701 (for Cisco): The system use port 1701 for connecting with CISCO L2TP
Server.
User-defined: Enter the service port. The default value is 0.
Value Range: 0 ~ 65535.
Tunnel Unchecked by default Check the Enable box to enable this L2TP tunnel.
Save N/A Click Save button to save the settings.
Undo N/A Click Undo button to cancel the settings.
Back N/A Click Back button to return to the previous page.

237
Vehicle LTE Router AN-W02

5.1.4 PPTP

Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. PPTP uses a
control channel over TCP and a GRE tunnel operating to encapsulate PPP packets. It is a client-server based
technology. There are various levels of authentication and encryption for PPTP tunneling, usually natively as
standard features of the Windows PPTP stack. The security gateway can play either "PPTP Server" role or
"PPTP Client" role for a PPTP VPN tunnel, or both at the same time for different tunnels. PPTP tunnel process
is nearly the same as L2TP.

PPTP Server: It must have a static IP or a FQDN for clients to create PPTP tunnels. It also maintains “User
Account list” (user name / password) for client login authentication; There is a virtual IP pool to assign virtual
IP to each connected PPTP client.

PPTP Client: It can be mobile users or gateways in remote offices with dynamic IP. To setup tunnel, it should
238
Vehicle LTE Router AN-W02
get “user name”, “password” and server’s global IP. In addition, it is required to identify the operation mode
for each tunnel as main connection, failover for another tunnel, or load balance tunnel to increase overall
bandwidth. It needs to decide “Default Gateway” or “Remote Subnet” for packet flow. Moreover, you can also
define what kind of traffics will pass through the PPTP tunnel in the “Default Gateway / Remote Subnet”
parameter.

Besides, for the PPTP client peer, a Remote

Subnet item is required. It is for the Intranet of
PPTP server peer. So, at PPTP client peer, the
packets whose destination is in the dedicated
subnet will be transferred via the PPTP tunnel.
Others will be transferred based on current
routing policy of the gateway at PPTP client
peer. But, if you entered 0.0.0.0/0 in the
Remote Subnet field, it will be treated as a
"Default Gateway" setting for the PPTP client
peer, all packets, including the Internet
accessing of PPTP client peer, will go through
the established PPTP tunnel. That means the
remote PPTP server peer controls the flow of
any packets from the PPTP client peer. Certainly, those packets come through the PPTP tunnel.

239
Vehicle LTE Router AN-W02

PPTP Setting

Go to Security > VPN > PPTP tab.

The PPTP setting allows user to create and configure PPTP tunnels.

Enable PPTP

Enable PPTP Window

Item Value setting Description
PPTP Unchecked by default Click the Enable box to activate PPTP function.
Specify the role of PPTP. Select Server or Client role your gateway will take.
Client/Server A Must fill setting
Below are the configuration windows for PPTP Server and for Client.
Save N/A Click Save button to save the settings.

As a PPTP Server

The gateway supports up to a maximum of 10 PPTP user accounts.

When Server in the Client/Server field is selected, the PPTP server configuration window will appear.

240
Vehicle LTE Router AN-W02
PPTP Server Configuration Window
Item Value setting Description
PPTP Server Unchecked by default Check the Enable box to enable PPTP server role of the gateway.
1. A Must fill setting Specify the PPTP server Virtual IP address. The virtual IP address will serve as
Server Virtual IP 2. Default is the virtual DHCP server for the PPTP clients. Clients will be assigned a virtual IP
192.168.0.1 address from it after the PPTP tunnel has been established.
This is the PPTP server’s Virtual IP DHCP server. User can specify the first IP
IP Pool Starting 1. A Must fill setting
address for the subnet from which the PPTP client’s IP address will be assigned.
Address 2. Default is 10
Value Range: 1 ~ 254.
This is the PPTP server’s Virtual IP DHCP server. User can specify the last IP
IP Pool Ending 1. A Must fill setting
address for the subnet from which the PPTP client’s IP address will be assigned.
Address 2. Default is 17
Value Range: >= Starting Address, and < (Starting Address + 8) or 254.
1. A Must fill setting Select single or multiple Authentication Protocols for the PPTP server with
Authentication
2. Unchecked by which to authenticate PPTP clients. Available authentication protocols are PAP /
Protocol
default CHAP / MS-CHAP / MS-CHAP v2.
Specify whether to support MPPE Protocol. Click the Enable box to enable
1. A Must fill setting
MPPE and from dropdown box to select 40 bits / 56 bits / 128 bits.
MPPE Encryption 2. Unchecked by
Note: when MPPE Encryption is enabled, the Authentication Protocol PAP /
default
CHAP options will not be available.
Save N/A Click Save button to save the settings.
Undo N/A Click Undo button to cancel the settings.

PPTP Server Status Window

Item Value setting Description
It displays the User Name, Remote IP, Remote Virtual IP, and Remote Call ID of
PPTP Server Status N/A the connected PPTP clients.
Click the Refresh button to renew the PPTP client information.

241
Vehicle LTE Router AN-W02

User Account List Window

Item Value setting Description
This is the PPTP authentication user account entry. You can create and add
accounts for remote clients to establish PPTP VPN connection to the gateway
device.
Click Add button to add user account. Enter User name and password. Then
Max.of 10 user
User Account List check the enable box to enable the user.
accounts
Click Save button to save new user account.
The selected user account can permanently be deleted by clicking the Delete
button.
Value Range: 1 ~ 32 characters.

As a PPTP Client

When select Client in Client/Server, a series PPTP Client Configuration will appear.

PPTP Client Configuration

Item Value setting Description
PPTP Client Unchecked by default Check the Enable box to enable PPTP client role of the gateway.
Save N/A Click Save button to save the settings.
Undo N/A Click Undo button to cancel the settings.

Create/Edit PPTP Client

When Add/Edit button is applied, a series PPTP Client Configuration will appear.

242
Vehicle LTE Router AN-W02

PPTP Client Configuration Window

Item Value setting Description
A Must fill setting Enter a tunnel name. Enter a name that is easy for you to identify.
Tunnel Name
Value Range: 1 ~ 32 characters.
1. A Must fill setting Define the selected interface to be the used for this PPTP tunnel
Interface 2. WAN1 is selected by (WAN-1 is available only when WAN-1 interface is enabled)
default The same applies to other WAN interfaces (e.g. WAN-2).
1. A Must fill setting Define operation mode for the PPTP Tunnel. It can be Always On, or Failover.
2. Alwasy on is If this tunnel is set as a failover tunnel, you need to further select a primary
Operation Mode
selected by default tunnel from which to failover to.
Note: Failover mode is not available for the gateway with single WAN.
1. A Must fill setting. Enter the public IP address or the FQDN of the PPTP server.
Remote IP/FQDN 2. Format can be a
ipv4 address or FQDN
A Must fill setting Enter the User Name for this PPTP tunnel to be authenticated when connect to
User Name PPTP server.
Value Range: 1 ~ 32 characters.
A Must fill setting Enter the Password for this PPTP tunnel to be authenticated when connect to
Password
PPTP server.
A Must fill setting Specify the remote subnet for this PPTP tunnel to reach PPTP server.
The Remote Subnet format must be IP address/netmask (e.g. 10.0.0.2/24).
Remote Subnet
It is for the Intranet of PPTP VPN server. So, at PPTP client peer, the packets
whose destination is in the dedicated subnet will be transferred via the PPTP
243
Vehicle LTE Router AN-W02
VPN tunnel. Others will be transferred based on current routing policy of the
security gateway at PPTP client peer.

If you entered 0.0.0.0/0 in the Remote Subnet field, it will be treated as a

default gateway setting for the PPTP client peer, all packets, including the
Internet accessing of PPTP Client peer, will go through the established PPTP VPN
tunnel. That means the remote PPTP VPN server controls the flow of any
packets from the PPTP client peer. Certainly, those packets come through the
PPTP VPN tunnel.
1. A Must fill setting Specify one ore multiple Authentication Protocol for this PPTP tunnel.
Authentication
2. Unchecked by Available authentication methods are PAP / CHAP / MS-CHAP / MS-CHAP v2.
Protocol
default
1. Unchecked by Specify whether PPTP server supports MPPE Protocol. Click the Enable box to
default enable MPPE.
MPPE Encryption
2. an optional setting Note: when MPPE Encryption is enabled, the Authentication Protocol PAP /
CHAP options will not be available.
Auto is set by default Specify the LCP Echo Type for this PPTP tunnel. It can be Auto, User-defined, or
Disable.
Auto: the system sets the Interval and Max. Failure Time.
LCP Echo Type User-defined: enter the Interval and Max. Failure Time. The default value for
Interval is 30 seconds, and Maximum Failure Times is 6 Times.
Disable: disable the LCP Echo.
Value Range: 1 ~ 99999 for Interval Time, 1~999 for Failure Time.
Tunnel Unchecked by default Check the Enable box to enable this PPTP tunnel.
Save N/A Click Save button to save the settings.
Undo N/A Click Undo button to cancel the settings.
Back N/A Click Back button to return to the previous page.

244
Vehicle LTE Router AN-W02

5.1.5 GRE

Generic Routing Encapsulation (GRE) is a tunneling protocol developed by Cisco Systems that encapsulates a
wide variety of network layer protocols inside virtual point-to-point links over an Internet Protocol
internetwork.
Deploy a M2M gateway for remote site and establish a virtual private network with control center by using
GRE tunneling. So, all client hosts behind M2M gateway can make data communication with server hosts
behind control center gateway.

GRE Tunneling is similar to IPSec Tunneling, client requesting the tunnel establishment with the server. Both
the client and the server must have a Static IP or a FQDN. Any peer gateway can be worked as either a client
or a server, even using the same set of configuration rule.

GRE Tunnel Scenario

To setup a GRE tunnel, each peer needs to
setup its global IP as tunnel IP and fill in the
other's global IP as remote IP.
Besides, each peer must further specify the
Remote Subnet item. It is for the Intranet of
GRE server peer. So, at GRE client peer, the
packets whose destination is in the dedicated
subnet will be transferred via the GRE tunnel.
Others will be transferred based on current
routing policy of the gateway at GRE client peer.
But, if you entered 0.0.0.0/0 in the Remote
Subnet field, it will be treated as a "Default
Gateway" setting for the GRE client peer, all
packets, including the Internet accessing of GRE
client peer, will go through the established GRE
tunnel. That means the remote GRE server peer controls the flow of any packets from the GRE client peer.
Certainly, those packets come through the GRE tunnel.
245
Vehicle LTE Router AN-W02
If the GRE server supports DMVPN Hub function, like Cisco router as the VPN concentrator, the GRE client can
active the DMVPN spoke function here since it is implemented by GRE over IPSec tunneling.

GRE Setting

Go to Security > VPN > GRE tab.

The GRE setting allows user to create and configure GRE tunnels.

Enable GRE

Enable GRE Window

Item Value setting Description
GRE Tunnel Unchecked by default Click the Enable box to enable GRE function.
Max. Concurrent Depends on Product The specified value will limit the maximum number of simultaneous GRE tunnel
GRE Tunnels specification. connection. The default value can be different for the purchased model.
Save N/A Click Save button to save the settings
Undo N/A Click Undo button to cancel the settings

Create/Edit GRE tunnel

When Add/Edit button is applied, a GRE Rule Configuration screen will appear.

246
Vehicle LTE Router AN-W02

GRE Rule Configuration Window

Item Value setting Description
Enter a tunnel name. Enter a name that is easy for you to identify.
Tunnel Name A Must fill setting
Value Range: 1 ~ 9 characters.
1. A Must fill setting
Select the interface on which GRE tunnel is to be established. It can be the
Interface 2. WAN 1 is selected
available WAN and LAN interfaces.
by default
Define operation mode for the GRE Tunnel. It can be Always On, or Failover.
1. A Must fill setting
If this tunnel is set as a failover tunnel, you need to further select a primary
Operation Mode 2. Alway on is selected
tunnel from which to failover to.
by default
Note: Failover mode is not available for the gateway with single WAN.
Tunnel IP An Optional setting Enter the Tunnel IP address and corresponding subnet mask.
Enter the Remote IP address of remote GRE tunnel gateway. Normally this is the
Remote IP A Must fill setting
public IP address of the remote GRE gateway.
1. A Must filled setting MTU refers to Maximum Transmission Unit. It specifies the largest packet size
MTU 2. Auto (value zero) is permitted for Internet transmission.
set by default When set to Auto (value ‘0’), the router selects the best MTU for best Internet

247
Vehicle LTE Router AN-W02
connection performance.
Value Range: 0 ~ 1500.
Enter the Key for the GRE connection.
Key An Optional setting
Value Range: 0 ~ 9999999999.
1. A Must fill setting Specify TTL hop-count value for this GRE tunnel.
TTL
2. 1 to 255 range Value Range: 1 ~ 255.
Check the Enable box to enable Keep alive function.
1. Unchecked by
Select Ping IP to keep live and enter the IP address to ping.
Keep alive default
Enter the ping time interval in seconds.
2. 5s is set by default
Value Range: 5 ~ 999 seconds.
Specify the remote subnet for this GRE tunnel.
The Remote Subnet format must be IP address/netmask (e.g. 10.0.0.2/24).
It is for the Intranet of GRE server peer. So, at GRE client peer, the packets
whose destination is in the dedicated subnet will be transferred via the GRE
tunnel. Others will be transferred based on current routing policy of the security
gateway at GRE client peer.
Remote Subnet A Must fill setting
If you entered 0.0.0.0/0 in the Remote Subnet field, it will be treated as a
default gateway setting for the GRE client peer, all packets, including the
Internet accessing of GRE client peer, will go through the established GRE
tunnel. That means the remote GRE server peer controls the flow of any packets
from the GRE client peer. Certainly, those packets come through the GRE
tunnel.
Specify whether the gateway will support DMVPN Spoke for this GRE tunnel.
DMVPN Spoke Unchecked by default
Check Enable box to enable DMVPN Spoke.
IPSec Pre-shared Enter a DMVPN spoke authentication Pre-shared Key (8~32 characters).
A Must fill setting
Key Note: Pre-shared Key is available only when DMVPN Spoke is enabled.
Check Enable box to enable NAT-Traversal.
IPSec NAT Traversal Unchecked by default
Note: IPSec NAT Traversal will not be available when DMVPN is not enabled.
Specify IPSec Encapsulation Mode from the dropdown box. There are Transport
IPSec Encapsulation mode and Tunnel mode supported.
Unchecked by default
Mode Note: IPSec Encapsulation Mode will not be available when DMVPN is not
enabled.
Tunnel Unchecked by default Check Enable box to enable this GRE tunnel.
Save N/A Click Save button to save the settings.
Undo N/A Click Undo button to cancel the settings.
Back N/A Click Back button to return to the previous page.

248
Vehicle LTE Router AN-W02

5.1.6 EoGRE

The Generic Routing Encapsulation (GRE) is a tunneling protocol developed by Cisco Systems that
encapsulates a wide variety of network layer protocols inside virtual point-to-point links over an Internet
Protocol internetwork.
Ethernet over GRE (EoGRE) is a tunnel protocol that enables tunneling of layer 2 packets encapsulated in a
GRE header over IP core networks. It is a new aggregation solution designed for aggregating WiFi traffic from
hotspots. This solution enables a CPE or gateway devices to bridge the Ethernet traffic coming from an end
host and encapsulate the traffic in Ethernet packets over an GRE tunnel. When the GRE tunnels terminate on a
service provider broadband network gateway, the end host’s traffic also terminates, and the end host initiates
subscriber sessions.

EoGRE Setting

Go to Security > VPN > EoGRE tab.

The EoGRE setting allows user to create and configure EoGRE tunnels.

Enable EoGRE

Enable GRE Window

Item Value setting Description
EoGRE Tunnel Unchecked by default Click the Enable box to enable EoGRE function.
Max. Concurrent
Depends on Product The specified value will limit the maximum number of simultaneous EoGRE
EoGRE Tunnels
249
Vehicle LTE Router AN-W02
specification. tunnel connections. The default value can be different for the purchased model.
Save N/A Click Save button to save the settings
Undo N/A Click Undo button to cancel the settings

Create/Edit EoGRE tunnel

When Add/Edit button is applied, EoGRE Rule Configuration screens will appear.

EoGRE Rule Configuration Window

Item Value setting Description
Enter a tunnel name. Enter a name that is easy for you to identify.
Tunnel Name A Must fill setting
Value Range: 1 ~ 8 characters.
1. A Must fill setting
Select the interface on which EoGRE tunnel is to be established. It can be the
Interface 2. WAN 1 is selected
available WAN interfaces.
by default
Tunnel IP An Optional setting Enter the Tunnel IP address and corresponding subnet mask.
Enter the Remote IP address of remote EoGRE tunnel gateway. Normally this is
Remote IP A Must fill setting
the public IP address of the remote EoGRE gateway.
MTU refers to Maximum Transmission Unit. It specifies the largest packet size
MTU An Optional setting permitted for Internet transmission.
Value Range: 1 ~ 1500.
Enter the Key for the EoGRE connection.
Key An Optional setting
Value Range: 0 ~ 4294967295.
Specify TTL hop-count value for this GRE tunnel.
TTL An Optional setting
Value Range: 1 ~ 255.
Port-based VLAN ID 1. A Must fill setting Select a Port-based VLAN ID for aggregating its traffic to the EoGRE tunnel. It
250
Vehicle LTE Router AN-W02
Interface 2. None is selected by can be None, or all available Port –based VLAN IDs. For creating the Port-based
default VLAN ID, refer to Basic Network > LAN & VLAN > VLAN.

If VLAN type is tag-based VLAN, it will be grayed out. You can also aggregate
tag-based VLAN group to an EoGRE tunnel with specifying additional TAG ID
listing below.
Tunnel Unchecked by default Check Enable box to enable this EoGRE tunnel.
Save N/A Click Save button to save the settings.
Undo N/A Click Undo button to cancel the settings.
Back N/A Click Back button to return to the previous page.

Define EoGRE TAG ID Listing

In addition, to aggregate Tag-based VLAN traffic to an EoGRE tunnel, you have to define a TAG ID List for the
tunnel. Up to 40 TAG IDs can be defined for a tunnel, each TAG can be regard as a sub-tunnel.

When Add/Edit button is applied, a TAG ID Configuration screen will appear.

TAG ID Configuration Window

Item Value setting Description
Enter a Tag ID that is going to be bound to a specified Tag-based VLAN ID.
TAG ID A Must fill setting
Value Range: 1 ~ 4094.
MTU refers to Maximum Transmission Unit. It specifies the largest packet size
MTU An Optional setting permitted for Internet transmission.
Value Range: 1 ~ 1500, and shouldn’t be greater than that of the EoGRE Tunnel.
Select a Tag-based VLAN ID on which EoGRE tunnel is to be established. It can
1. A Must fill setting be None, or all available Tag –based VLAN IDs. If VLAN type is port-based VLAN,
Tag-based VLAN ID
2. None is selected by it will be grayed out.
Interface
default For creating the Port-based VLAN ID, refer to Basic Network > LAN & VLAN >
VLAN.
Enable Unchecked by default Check Enable box to enable this TAG rule.
251
Vehicle LTE Router AN-W02
Save N/A Click Save button to save the settings.
Undo N/A Click Undo button to cancel the settings.
Back N/A Click Back button to return to the previous page.

252
Vehicle LTE Router AN-W02

5.2 Firewall

The firewall functions include Packet Filter, URL Blocking, Content Filter, MAC Control, Application Filter, IPS
and some firewall options. The supported function can be different for the purchased gateway.

5.2.1 Packet Filter

253
Vehicle LTE Router AN-W02
"Packet Filter" function can let you define some filtering rules for incoming and outgoing packets. So the
gateway can control what packets are allowed or blocked to pass through it. A packet filter rule should
indicate from and to which interface the packet enters and leaves the gateway, the source and destination IP
addresses, and destination service port type and port number. In addition, the time schedule to which the rule
will be active.

Packet Filter with White List Scenario

As shown in the diagram, specify "Packet Filter Rule
List" as white list (Allow those match the following
rules) and define the rules. Rule-1 is to allow HTTP
packets to pass, and Rule-2 is to allow HTTPS packets
to pass.
Under such configuration, the gateway will allow only
HTTP and HTTPS packets, issued from the IP range
192.168.123.200 to 250, which are targeted to TCP
port 80 or 443 to pass the WAN interface.

Packet Filter Setting

Go to Security > Firewall > Packet Filter Tab.

The packet filter setting allows user to create and customize packet filter policies to allow or reject specific
inbound/outbound packets through the router based on their office setting.

Enable Packet Filter

Configuration Window
Item Name Value setting Description
Packet Filter The box is unchecked by Check the Enable box to activate Packet Filter function

254
Vehicle LTE Router AN-W02
default
When Deny those match the following rules is selected, as the name suggest,
Deny those match the
Black List / packets specified in the rules will be blocked –black listed. In contrast, with
following rules is set by
White List Allow those match the following rules, you can specifically white list the
default
packets to pass and the rest will be blocked.
The box is unchecked by
Log Alert Check the Enable box to activate Event Log.
default
Save N/A Click Save to save the settings
Undo N/A Click Undo to cancel the settings

Create/Edit Packet Filter Rules

The gateway allows you to customize your packet filtering rules. It supports up to a maximum of 20 filter rule
sets.

When Add button is applied, Packet Filter Rule Configuration screen will appear.

Packet Filter Rule Configuration

Item Name Value setting Description
Rule Name 1. String format can be Enter a packet filter rule name. Enter a name that is easy for you to remember.
255
Vehicle LTE Router AN-W02
any text Value Range: 1 ~ 30 characters.
2. A Must filled setting
Define the selected interface to be the packet-entering interface of the router.
If the packets to be filtered are coming from LAN to WAN then select LAN for
1. A Must filled setting this field. Or VLAN-1 to WAN then select VLAN-1 for this field. Other examples
From Interface 2. By default Any is are VLAN-1 to VLAN-2. VLAN-1 to WAN.
selected Select Any to filter packets coming into the router from any interfaces.
Please note that two identical interfaces are not accepted by the router. e.g.,
VLAN-1 to VLAN-1.
Define the selected interface to be the packet-leaving interface of the router. If
the packets to be filtered are entering from LAN to WAN then select WAN for
1. A Must filled setting this field. Or VLAN-1 to WAN then select WAN for this field. Other examples are
To Interface 2. By default Any is VLAN-1 to VLAN-2. VLAN-1 to WAN.
selected Select Any to filter packets leaving the router from any interfaces.
Please note that two identical interfaces are not accepted by the router. e.g.,
VLAN-1 to VLAN-1.
This field is to specify the Source IP address.
Select Any to filter packets coming from any IP addresses.
Select Specific IP Address to filter packets coming from an IP address.
1. A Must filled setting
Select IP Range to filter packets coming from a specified range of IP address.
Source IP 2. By default Any is
Select IP Address-based Group to filter packets coming from a pre-defined
selected
group. Note: group must be pre-defined before this option become available.
Refer to Object Definition > Grouping > Host grouping. You may also access to
create a group by the Add Rule shortcut button.
This field is to specify the Destination IP address.
Select Any to filter packets that are entering to any IP addresses.
Select Specific IP Address to filter packets entering to an IP address entered in
this field.
1. A Must filled setting Select IP Range to filter packets entering to a specified range of IP address
Destination IP 2. By default Any is entered in this field.
selected Select IP Address-based Group to filter packets entering to a pre-defined group
selected. Note: group must be pre-defined before this selection become
available. Refer to Object Definition > Grouping > Host grouping. You may also
access to create a group by the Add Rule shortcut button. Setting done through
the Add Rule button will also appear in the Host grouping setting screen.
This field is to specify the Source MAC address.
Select Any to filter packets coming from any MAC addresses.
1. A Must filled setting Select Specific MAC Address to filter packets coming from a MAC address.
Source MAC 2. By default Any is Select MAC Address-based Group to filter packets coming from a pre-defined
selected group selected. Note: group must be pre-defined before this selection become
available. Refer to Object Definition > Grouping > Host grouping. You may also
access to create a group by the Add Rule shortcut button.
For Protocol, select Any to filter any protocol packets
1. A Must filled setting
Then for Source Port, select a predefined port dropdown box when Well-known
Protocol 2. By default Any(0) is
Service is selected, otherwise select User-defined Service and specify a port
selected
range.
256
Vehicle LTE Router AN-W02
Then for Destination Port, select a predefined port dropdown box when Well-
known Service is selected, otherwise select User-defined Service and specify a
port range.
Value Range: 1 ~ 65535 for Source Port, Destination Port.
For Protocol, select ICMPv4 to filter ICMPv4 packets
For Protocol, select TCP to filter TCP packets
Then for Source Port, select a predefined port dropdown box when Well-known
Service is selected, otherwise select User-defined Service and specify a port
range.
Then for Destination Port, select a predefined port dropdown box when Well-
known Service is selected, otherwise select User-defined Service and specify a
port range.
Value Range: 1 ~ 65535 for Source Port, Destination Port.
For Protocol, select UDP to filter UDP packets
Then for Source Port, select a predefined port dropdown box when Well-known
Service is selected, otherwise select User-defined Service and specify a port
range.
Then for Destination Port, select a predefined port dropdown box when Well-
known Service is selected, otherwise select User-defined Service and specify a
port range.
Value Range: 1 ~ 65535 for Source Port, Destination Port.
For Protocol, select GRE to filter GRE packets
For Protocol, select ESP to filter ESP packets
For Protocol, select SCTP to filter SCTP packets
For Protocol, select User-defined to filter packets with specified port number.
Then enter a pot number in Protocol Number box.
Apply Time Schedule to this rule, otherwise leave it as Always.
Time Schedule A Must filled setting If the dropdown list is empty ensure Time Schedule is pre-configured. Refer to
Object Definition > Scheduling > Configuration tab.
The box is unchecked by
Rule Click Enable box to activate this rule then save the settings.
default.
Save N/A Click Save to save the settings
Undo N/A Click Undo to cancel the settings
When the Back button is clicked the screen will return to the Packet Filter
Back N/A
Configuration page.

257
Vehicle LTE Router AN-W02

5.2.2 URL Blocking

"URL Blocking" function can let you define blocking or allowing rules for incoming and outgoing Web request
packets. With defined rules, gateway can control the Web requests containing the complete URL, partial
domain name, or pre-defined keywords. For example, one can filter out or allow only the Web requests based
on domain input suffixes like .com or .org or keywords like “bct” or “mpe”.

An URL blocking rule should specify the URL, partial domain name, or included keywords in the Web requests
from and to the gateway and also the destination service port. Besides, a certain time schedule can be applied
to activate the URL Blocking rules during pre-defined time interval(s).

The gateway will logs and displays the disallowed web accessing requests that matched the defined URL
blocking rule in the black-list or in the exclusion of the white-list.

When you choose "Allow all to pass except those match the following rules" for the "URL Blocking Rule List",
you are setting the defined URL blocking rules to belong to the black list. The packets, listed in the rule list, will
be blocked if one pattern in the requests matches to one rule. Other Web requests can pass through the
gateway. In contrast, when you choose "Deny all to pass except those match the following rules" for the "URL
Blocking Rule List", you are setting the defined packet filtering rules to belong to the white list. The Web
requests, listed in the rule, will be allowed if one pattern in the requests matches to one rule. Other Web
requests will be blocked.

URL Blocking Rule with Black List

When the administrator of the gateway wants to
block the Web requests with some dedicated
patterns, he can use the "URL Blocking" function
to block specific Web requests by defining the
black list as shown in above diagram. Certainly,
when the administrator wants to allow only the
Web requests with some dedicated patterns to
go through the gateway, he can also use the
"URL Blocking" function by defining the white
list to meet the requirement.
As shown in the diagram, enable the URL
blocking function and create the first rule to
deny the Web requests with "sex" or "sexygirl" patterns and the other to deny the Web requests with
"playboy" pattern to go through the gateway. System will block the Web requests with "sex", "sexygirl" or
"playboy" patterns to pass through the gateway.

258
Vehicle LTE Router AN-W02

URL Blocking Setting

Go to Security > Firewall > URL Blocking Tab.

In "URL Blocking" page, there are three configuration windows. They are the "Configuration" window, "URL
Blocking Rule List" window, and "URL Blocking Rule Configuration" window.
The "Configuration" window can let you activate the URL blocking function and specify to black listing or to
white listing the packets defined in the "URL Blocking Rule List" entry. In addition, log alerting can be enabled
to record on-going events for any disallowed Web request packets. Refer to "System Status" in "6.1.1 System
Related" section in this user manual for how to view recorded log.
The "URL Blocking Rule List" window lists all your defined URL blocking rule entry. And finally, the "URL
Blocking Rule Configuration" window can let you define URL blocking rules. The parameters in a rule include
the rule name, the Source IP or MAC, the URL/Domain Name/Keyword, the destination service ports, the
integrated time schedule rule and the rule activation.

Enable URL Blocking

Configuration
Item Value setting Description
The box is unchecked Check the Enable box to activate URL Blocking function.
URL Blocking
by default
Specify the URL Blocking Policy, either Black List or White List.
Black List: When Deny those match the following rules is selected, as the name
Deny those match the
Black List / suggest, the matched Web request packets will be blocked.
following rules is set
White List White List: When Allow those match the following rules is selected, the matched
by default
Web request packets can pass through the Gateway, and the others that don’t match
the rules will be blocked.
The box is unchecked Check the Enable box to activate Event Log.
Log Alert
by default
Save NA Click Save button to save the settings
Undo NA Click Undo button to cancel the settings

Create/Edit URL Blocking Rules

The Gateway supports up to a maximum of 20 URL blocking rule sets. Ensure that the URL Blocking is enabled before we
can create blocking rules.

259
Vehicle LTE Router AN-W02

When Add button is applied, the URL Blocking Rule Configuration screen will appear.

URL Blocking Rules Configuration

Item Value setting Description
1. String format can be any Specify an URL Blocking rule name. Enter a name that is easy for you to
Rule Name text understand.
2. A Must filled setting
This field is to specify the Source IP address.
 Select Any to filter packets coming from any IP addresses.
 Select Specific IP Address to filter packets coming from an IP address entered in
this field.
Source IP 1. A Must filled setting
 Select IP Range to filter packets coming from a specified range of IP address
2. Any is set by default
entered in this field.
 Select IP Address-based Group to filter packets coming from a pre-defined
group selected. Note: group must be pre-defined before this option become
available. Refer to Object Definition > Grouping > Host grouping.
This field is to specify the Source MAC address.
 Select Any to filter packets coming from any MAC addresses.
 Select Specific MAC Address to filter packets coming from a MAC address
Source MAC 1. A Must filled setting
entered in this field.
2. Any is set by default
 Select MAC Address-based Group to filter packets coming from a pre-defined
group selected. Note: group must be pre-defined before this selection become
available. Refer to Object Definition > Grouping > Host grouping.
1. A Must filled setting Specify URL, Domain Name, or Keyword list for URL checking.
URL / Domain
2. Supports up to a  In the Black List mode, if a matched rule is found, the packets will be dropped.
Name /
maximum of 10 Keywords  In the White List mode, if a matched rule is found, the packets will be accepted
Keyword
in a rule by using the and the others which don’t match any rule will be dropped.
260
Vehicle LTE Router AN-W02
delimiter “;”.
This field is to specify the Destination Port number.
Destination 1. A Must filled setting  Select Any to filter packets going to any Port.
Port 2. Any is set by default  Select Specific Service Port to filter packets going to a specific Port entered in this field.
 Select Port Range to filter packets going to a specific range of Ports entered in this field.
Apply a specific Time Schedule to this rule; otherwise leave it as (0) Always.
Time
A Must filled setting If the dropdown list is empty ensure Time Schedule is pre-configured. Refer to Object
Schedule Rule
Definition > Scheduling > Configuration tab.
The box is unchecked by Click the Enable box to activate this rule.
Rule
default.
Save NA Click the Save button to save the settings.
Undo NA Click the Undo button to cancel the changes.
Back NA Click the Back button to return to the URL Blocking Configuration page.

261
Vehicle LTE Router AN-W02

5.2.3 MAC Control

"MAC Control" function allows you to assign the accessibility to the gateway for different users based on
device’s MAC address. When the administrator wants to reject the traffics from some client hosts with specific
MAC addresses, he can use the "MAC Control" function to reject with the black list configuration.

MAC Control with Black List Scenario

As shown in the diagram, enable the MAC control
function and specify the "MAC Control Rule List" is
a black list, and configure one MAC control rule for
the gateway to deny the connection request from
the "JP NB" with its own MAC address
20:6A:6A:6A:6A:6B.
System will block the connecting from the "JP NB"
to the gateway but allow others.

262
Vehicle LTE Router AN-W02

MAC Control Setting

Go to Security > Firewall > MAC Control Tab.

The MAC control setting allows user to create and customize MAC address policies to allow or reject packets
with specific source MAC address.

Enable MAC Control

Configuration Window
Item Value setting Description
The box is unchecked by
MAC Control Check the Enable box to activate the MAC filter function
default
When Deny MAC Address Below is selected, as the name suggest, packets
Black List / Deny MAC Address Below specified in the rules will be blocked –black listed. In contrast, with Allow MAC
White List is set by default Address Below, you can specifically white list the packets to pass and the rest
will be blocked.
The box is unchecked by
Log Alert Check the Enable box to activate to activate Event Log.
default
Known MAC Select a MAC Address from LAN Client List. Click the Copy to to copy the
N/A
from LAN PC List selected MAC Address to the filter rule.
Save N/A Click Save to save the settings
Undo N/A Click Undo to cancel the settings

263
Vehicle LTE Router AN-W02
Create/Edit MAC Control Rules

The gateway supports up to a maximum of 20 filter rule sets. Ensure that the MAC Control is enabled before
we can create control rules.

When Add button is applied, Filter Rule Configuration screen will appear.

MAC Control Rule Configuration

Item Value setting Description
1. String format can be any
Rule Name text Enter a MAC Control rule name. Enter a name that is easy for you to remember.
2. A Must fill setting
MAC Address 1. MAC Address string
(Use: to Format Specify the Source MAC Address to filter rule.
Compose) 2. A Must fill setting
Apply Time Schedule to this rule; otherwise leave it as (0) Always.
Time Schedule A Must fill setting If the dropdown list is empty, ensure Time Schedule is pre-configured. Refer to
Object Definition > Scheduling > Configuration tab
The box is unchecked by
Enable Click Enable box to activate this rule, and then save the settings.
default.
Save N/A Click Save to save the settings
Undo N/A Click Undo to cancel the settings
Back N/A Click Back to return to the MAC Control Configuration page.

264
Vehicle LTE Router AN-W02

5.2.4 Content Filter

"Content Filter" function can block HTML requests with some specific extension file names, like ".exe", ".bat"
(applications), "mpeg” (video), and so on. It also blocks HTML requests with some script types, like Java Applet,
Java Scripts, cookies and Active X.

Content Filter Scenario

When the administrator of the
gateway wants to block the Web
requests for dedicated contents or
objects, he can use the "Web Content
Filters" function to carry out such
request blocking.

As shown in the diagram, enable the

Web content filters function to check
and filter out Web requests on
Cookie, Java and ActiveX objects.
And then define further with objects
in the “Web Content Filter List” that
may include extension ".exe" and
".com". System will block requests
containing objects with extension
".exe" or ".com".

265
Vehicle LTE Router AN-W02

Content Filter Setting

Go to Security > Firewall > Content Filter Tab.

There are three configuration windows for the filtering function. They are the "Configuration" window,
"Content Filter List" window, and "Content Filter Configuration" window.
The "Configuration" window can let you activate the web content filtering function. Besides, some popular
script types, like Java Applet, Java Scripts, cookies and Active X are in the window and you can check their
boxes to enable the gateway to filter out the web requests with corresponding patterns.

Web Content Filters Tab

Item Value setting Description
Web Content The box is unchecked by Check the Enable box to activate this content filter function.
Filter default.
Check the Cookie box to activate this filter function, as the name suggests, this
pattern matching rule define as the packet with the keyword “Cookie:”.
Check the Java box to activate this filter function, as the name suggests,
this pattern matching rule define as the packet with the keyword “.js”, “.class”,
1. A Must filled setting.
Popular File “.jar”, “.jsp”, “ .java”, “.jse”, “.jcm”, “.jtk” , or ”.jad”.
2. The boxes are
Extension List Check the ActiveX box to activate this filter function, as the name suggests, this
unchecked by default
pattern matching rule define as the packet with the keyword “.ocx”, “.cab”,
“.ole”, “.olb”, “.com”, “.vbs”, “.vrm”, or “.viv”.
If one of the matching rules is found, the packets with http header will be
dropped.
The box is unchecked by Check the Enable box to activate Event Log.
Log Alert
default.

Create/Edit Content Filter Rule

The gateway supports up to a maximum of 20 filter rule sets. Ensure that the Content Filer is enabled before
we can create filter rules.
The "Web Content Filter List" window lists all your defined file extension lists that are used by the gateway to
filter out unwanted Web requests, and the "Content Filter Configuration" window can let you define one web
Content Filter rule.

266
Vehicle LTE Router AN-W02

When Add button is applied, Content Filter Configuration screen will appear.

Content Filter Configuration

Item Value setting Description
1. String format can be any Enter a content filter rule name that is easy for you to understand.
Rule Name text.
2. A Must filled setting.
Specify the Source IP address to apply with the content filter rule.
It can be Any, Specific IP Address, IP Range, or IP Address-based Group.
Select Any to filter packets coming from any IP addresses.
Select Specific IP Address to filter packets coming from an IP address entered in
this field.
1. A Must filled setting. Select IP Range to filter packets coming from a specified range of IP address
Source IP 2. Any is selected by entered in this field.
default. Select IP Address-based Group to filter packets coming from a pre-defined
group selected.
Note: Group must be pre-defined before this selection become available. Refer
to Object Definition > Grouping > Host Grouping Tab. You may also access to
create a group by the Add Rule shortcut button. Setting done through the Add
Rule button will also appear in the Host grouping setting screen.
Specify the Source MAC address to apply with the content filter rule.
Select Any to filter packets coming from any MAC addresses.
1. A Must filled setting.
Select Specific MAC Address to filter packets coming from a MAC address
Source MAC 2. Any is selected by
entered in this field.
default.
Select MAC Address-based Group to filter packets coming from a pre-defined
group selected.

267
Vehicle LTE Router AN-W02
Note: Group must be pre-defined before this selection become available. Refer
to Object Definition > Grouping > Host Grouping Tab. You may also access to
create a group by the Add Rule shortcut button. Setting done through the Add
Rule button will also appear in the Host grouping setting screen.
User-defined Specify file extension list for the content filter rule. It supports up to a maximum
File Extension of 10 file extensions in a rule by using the delimiter “;”.
A Must filled setting
List (Use ; to
If a matching rule is found, the packets with http header will be dropped.
Concatenate)
1. A Must filled setting. Apply Time Schedule to this rule, otherwise leave it as Always.
Time Schedule 2.(0) Always is selected by If the dropdown list is empty, ensure Time Schedule is pre-configured. Refer to
default Object Definition > Scheduling > Configuration tab.
The box is unchecked by Click the Enable box to activate this rule.
Rule
default.
Save N/A Click the Save button to save the configuration.
Click the Undo button to restore what you just configured back to the previous
Undo N/A
setting.
When the Back button is clicked, the screen will return to the Content Filter
Back N/A
Configuration page.

268
Vehicle LTE Router AN-W02

5.2.5 Application Filter

Application Filter function can categorize Internet Protocol packets based on their application layer data and
allow or deny their passing of gateway. It supports the application filters for various Internet chat software,
P2P download, Proxy, and A/V streaming. You can select the applications to be blocked after the function is
enabled, and may also specify schedule rule to apply.

Application Filter Scenario

When the administrator of the gateway
wants to block some P2P or Stream
applications, he can use the "Application
Filters" function.
As shown in the diagram, the Gateway is the
gateway as a NAT router. Specify IP Range
192.168.123.200~250, and enable the
Application filters function “BT(BitTorrent,
BitSpirit, BitComet)”, “eDonkey/eMule/
Shareaza”, “MMS”, “RTSP”, “PPStream”,
“PPSLive” and “Qvcd” by checking the
"Enable" box. The gateway will block those
applications to internet.

Application Filter Setting

Go to Security > Firewall > Application Filter Tab.

The Application Filter setting allows user to create and customize Application Filter policies to reject packets
related to specific applications through the router based on their office setting.

Application Filters
Item Setting Value setting Description

269
Vehicle LTE Router AN-W02
Application The box is unchecked by
Check the Enable box to activate this application filter function.
Filter default.
The box is unchecked by
Log Alert Check the Enable box to activate Event Log.
default.

Create/Edit Application Filter Rules

The gateway supports up to a maximum of 20 filter rule sets. Ensure that the Application Filers is enabled
before we can create filter rules.

When Add button is applied, Filter Rule Configuration screen will appear.

Application Filter Rule Configuration

Item Value setting Description
1. String format can be any Enter an application filter rule name that is easy for you to understand.
Rule Name
text.
270
Vehicle LTE Router AN-W02
2. A Must filled setting.
Specify the Source IP address to apply with the application filter rule.
It can be Any, Specific IP Address, IP Range, or IP Address-based Group.
Select Any to filter packets coming from any IP addresses.
Select Specific IP Address to filter packets coming from an IP address entered in
this field.
1. A Must filled setting. Select IP Range to filter packets coming from a specified range of IP address
Source IP
2. Any is selected by entered in this field.
default. Select IP Address-based Group to filter packets coming from a pre-defined
group selected.
Note: Group must be pre-defined before this selection become available. Refer
to Object Definition > Grouping > Host Grouping Tab. You may also access to
create a group by the Add Rule shortcut button. Setting done through the Add
Rule button will also appear in the Host grouping setting screen.
Specify the Source MAC address to apply with the application filter rule.
Select Any to filter packets coming from any MAC addresses.
Select Specific MAC Address to filter packets coming from a MAC address
entered in this field.
Source MAC 1. A Must filled setting. Select MAC Address-based Group to filter packets coming from a pre-defined
2. Any is selected by default. group selected.
Note: Group must be pre-defined before this selection become available. Refer
to Object Definition > Grouping > Host Grouping Tab. You may also access to
create a group by the Add Rule shortcut button. Setting done through the Add
Rule button will also appear in the Host grouping setting screen.
Check the box(es) to activate the application filter function you want on this
All boxes are unchecked by
Chat Software rule.
default.
The available chat applications include QQ, Skype, Facebook, Aliww, and Line.
Check the box(es) to activate the application filter function you want on this
All boxes are unchecked by rule.
P2P Software
default. The available P2P applications include BT, eDonkey/eMule, HTTP Multiple
Thread Download, Thunder, and Baofeng.
Check the box(es) to activate the application filter function you want on this
All boxes are unchecked by
Proxy rule.
default.
The available proxy applications include HTTP proxy, and SOCKS 4/5 proxy.
Check the box(es) to activate the application filter function you want on this
All boxes are unchecked by rule.
Streaming
default. The available streaming applications include MMS, RTSP, PPStream,
PPLive(PPTV), and Qvod.
1. A Must filled setting. Apply Time Schedule to this rule; otherwise leave it as (0) Always.
Time Schedule 2.(0) Always is selected by If the dropdown list is empty, ensure Time Schedule is pre-configured. Refer to
default Object Definition > Scheduling > Configuration tab.
The box is unchecked by Click the Enable box to activate this rule.
Rule
default.
Save N/A Click the Save button to save the configuration.
Click the Undo button to restore what you just configured back to the previous
Undo N/A
setting.
271
Vehicle LTE Router AN-W02
When the Back button is clicked, the screen will return to the Application Filter
Back N/A
Configuration page.

272
Vehicle LTE Router AN-W02

5.2.6 IPS

To provide application servers in the Internet, administrator may need to open specific ports for the services.
However, there are some risks to always open service ports in the Internet. In order to avoid such attack risks,
it is important to enable IPS functions.
Intrusion Prevention System (IPS) is network security appliances that monitor network and/or system
activities for malicious activity. The main functions of IPS are to identify malicious activity, log information
about this activity, attempt to block/stop it and report it. You can enable the IPS function and check the listed
intrusion activities when needed. You can also enable the log alerting so that system will record Intrusion
events when corresponding intrusions are detected.

IPS Scenario
As shown in the diagram, the gateway serves
as an E-mail server, Web Server and also
provides TCP port 8080 for remote
administration. So, remote users or unknown
users can request those services from Internet.
With IPS enabled, the gateway can detect
incoming attack packets, including the TCP
ports (25, 80, 110, 443 and 8080) with services.
It will block the attack packets and let the
normal access to pass through the gateway

273
Vehicle LTE Router AN-W02

IPS Setting

Go to Security > Firewall > IPS Tab.

The Intrusion Prevention System (IPS) setting allows user to customize intrusion prevention rules to prevent
malicious packets.

Enable IPS Firewall

Configuration Window
Item Value setting Description
The box is unchecked by
IPS Check the Enable box to activate IPS function
default
The box is unchecked by
Log Alert Check the Enable box to activate to activate Event Log.
default
Save N/A Click Save to save the settings
Undo N/A Click Undo to cancel the settings

Setup Intrusion Prevention Rules

The router allows you to select intrusion prevention rules you may want to enable. Ensure that the IPS is
enabled before we can enable the defense function.

274
Vehicle LTE Router AN-W02

Setup Intrusion Prevention Rules

Item Name Value setting Description
SYN Flood Click Enable box to activate this intrusion prevention rule and
Defense 1. A Must filled setting enter the traffic threshold in this field.
UDP Flood 2. The box is unchecked by default. Click Enable box to activate this intrusion prevention rule and
Defense 3. Traffic threshold is set to 300 by default enter the traffic threshold in this field.
4. The value range can be from 10 to Click Enable box to activate this intrusion prevention rule and
ICMP Flood
10000. enter the traffic threshold in this field.
Defense
Value Range: 10 ~ 10000.
1. A Must filled setting
Port Scan 2. The box is unchecked by default. Click Enable box to activate this intrusion prevention rule and
Defection 3. Traffic threshold is set to 200 by default enter the traffic threshold in this field.
4. The value range can be from 10 to Value Range: 10 ~ 10000.
10000.
Block Land
Attack
Block Ping of
Death
The box is unchecked by default. Click Enable box to activate this intrusion prevention rule.
Block IP Spoof
Block TCP Flag
Scan
Block Smurf

275
Vehicle LTE Router AN-W02
Block
Traceroute
Block Fraggle
Attack
1. A Must filled setting
2. The box is unchecked by default. Click Enable box to activate this intrusion prevention rule and
ARP Spoofing
3. Traffic threshold is set to 300 by default enter the traffic threshold in this field.
Defence
4. The value range can be from 10 to Value Range: 10 ~ 10000.
10000.
Save NA Click Save to save the settings
Undo NA Click Undo to cancel the settings

276
Vehicle LTE Router AN-W02

5.2.7 Options

There are some additional useful firewall options in this page.

“Stealth Mode” lets gateway not to respond to port scans from the WAN so that makes it less susceptible to
discovery and attacks on the Internet. ”SPI” enables gateway to record the packet information like IP address,
port address, ACK, SEQ number and so on while they pass through the gateway, and the gateway checks every
incoming packet to detect if this packet is valid.

“Discard Ping from WAN” makes any host on the WAN side can`t ping this gateway. And finally, “Remote
Administrator Hosts” enables you to perform administration task from a remote host. If this feature is enabled,
only specified IP address(es) can perform remote administration.

277
Vehicle LTE Router AN-W02
Enable SPI Scenario
As shown in the diagram, Gateway has the IP
address of 118.18.81.200 for WAN interface and
192.168.1.253 for LAN interface. It serves as a NAT
gateway. Users in Network-A initiate to access
cloud server through the gateway. Sometimes,
unknown users will simulate the packets but use
different source IP to masquerade. With the SPI
feature been enabled at the gateway, it will block
such packets from unknown users.

Discard Ping from WAN & Remote Administrator Hosts Scenario

“Discard Ping from WAN” makes any host on the
WAN side can`t ping this gateway reply any ICMP
packets. Enable the Discard Ping from WAN function
to prevent security leak when local users surf the
internet.
Remote administrator knows the gateway’s global IP,
and he can access the Gateway GUI via TCP port
8080.

Firewall Options Setting

Go to Security > Firewall > Options Tab.

The firewall options setting allows network administrator to modify the behavior of the firewall and to enable
Remote Router Access Control.

Enable Firewall Options

278
Vehicle LTE Router AN-W02

Firewall Options
Item Value setting Description
The box is unchecked by
Stealth Mode Check the Enable box to activate the Stealth Mode function
default
The box is checked by
SPI Check the Enable box to activate the SPI function
default
Discard Ping The box is unchecked by
Check the Enable box to activate the Discard Ping from WAN function
from WAN default

Define Remote Administrator Host

The router allows network administrator to manage router remotely. The network administrator can assign
specific IP address and service port to allow accessing the router.

Remote Administrator Host Definition

Item Value setting Description
Protocol HTTP is set by default Select HTTP or HTTPS method for router access.
This field is to specify the remote host to assign access right for remote access.
Select Any IP to allow any remote hosts
IP A Must filled setting Select Specific IP to allow the remote host coming from a specific subnet. An IP
address entered in this field and a selected Subnet Mask to compose the
subnet.

279
Vehicle LTE Router AN-W02
1. 80 for HTTP by default
This field is to specify a Service Port to HTTP or HTTPS connection.
Service Port 2. 443 for HTTPS by
Value Range: 1 ~ 65535.
default
Enabling the The box is unchecked by
Click Enable box to activate this rule.
rule default.
Save N/A Click Enable box to activate this rule then save the settings.
Undo N/A Click Undo to cancel the settings

280
Vehicle LTE Router AN-W02

5.3 Authentication
To approve or confirm the truth of a certain object, you have to configure the required settings in the
Authentication page. The supported functions could be Captive Portal and MAC Authentication, and the
available function might be different for the purchased gateway. With proper configuration, whenever a
certain object is accessing the portal or is asked for authentication to get access to internet, the specified
authentication server is responsible for the authentication.

5.3.1 Captive Portal

A captive portal is a portal web page that is displayed before a user can browse Internet. The portal is often
used to present a login page. This is done by intercepting most packets, regardless of address or port, until the
user opens a browser and tries to access the web. At that time the browser is redirected to a web page which
may require authentication and/or payment, or simply display an acceptable use policy and require the user to
agree. Captive portals are used at many Wi-Fi hotspot services, and can be used to control wired access (e.g.
apartment houses, hotel rooms, business centers, "open" Ethernet jacks) as well. 13

The gateway supports the Captive Portal function to ask guests or passengers to pass the authentication
process before they can surf the Internet via the gateway. There are two approaches, including external captive
portal and internal captive portal.

For external captive portal, you must specify external RADIUS (Remote Authentication Dial In User Service)
server and external UAM (Universal Access Method) server. In contrast, for internal captive portal, you will
only select “Internal RADIUS Server” option for user authentication. The user account database can be an
embedded database, an external AD database or an external LDAP database. However, the UAM server is not
necessary for this case and that the captive portal Web site is embedded in the device.
Note: Internal captive portal may NOT be supported by the purchased gateway. It depends on the product
specification.

External Captive Portal

For external captive portal, you must specify external RADIUS (Remote Authentication Dial In User Service)
server and external UAM (Universal Access Method) server.

Before enabling the external Captive Portal function, please go to [Object Definition]-[External Server] to
setup external server objects, like RADIUS server and UAM server. Then return to configure Captive Portal
function back in this page to specific WAN Interface, select external Authentication Server and UAM Server
from the pre-defined external server object list.

13 http://en.wikipedia.org/wiki/Captive_portal
281
Vehicle LTE Router AN-W02
Internal Captive Portal
In contrast, for internal captive portal, you will
only select “Internal RADIUS Server” option for
user authentication. The user account database
can be an embedded database, an external AD
database or an external LDAP database.
However, the UAM server is not necessary for
this case and that the captive portal Web site is
embedded in the device.

Before enabling internal Captive Portal

function, please go to [Object Definition]-
[External Server] to define some external
server objects, like LDAP server or AD server if
necessary. Then return to configure Captive
Portal function back in this page to specific
WAN Interface, select “Internal RADIUS Server”
option for user authentication and specify its
user database to be the embedded one, an
external LDAP server or an external AD server
from the pre-defined external server object list.

NOTE: All Internet Packets will be forwarded to Captive Portal Web site of
the gateway when Captive portal feature is enabled. Please make sure that
at least one user account is created.

Once the user authentication process completes successfully, the gateway redirects the web page to the
requested one. Furthermore, the gateway also records the MAC address of guest client host and allows its
incoming Internet access requests.
Each account has its own lease time and it will not be reused for authentication once the lease time has run
out. The client host with that account will be rejected to surf the Internet.
However, there is a timeout setting for each account. When the client host with that account has been idle at
the Internet surfing for a while that reaches the timeout setting, the gateway will re-authenticate the client
host for further Internet connection.

282
Vehicle LTE Router AN-W02

Captive Portal Setting

Go to Security > Authentication > Captive Portal tab.

The gateway supports the Captive Portal function to ask connecting users to pass the authentication process
before they can surf the Internet via the gateway. The Captive Portal will re-direct user to a login page when
user try to access the Internet.

Captive Portal Configuration

Item Value setting Description
Captive Portal The box is unchecked by Check the Enable box to activate the Captive Portal function.
default
WAN Interface 1. A Must filled setting. Specify a WAN Interface for the authenticated clients or hosts.
2. WAN-1 is selected by All the traffics coming from the hosts will be directed to the specified WAN
default. interface.
LAN Subnet 1. A Must filled setting. Specify the LAN subnet which is to be bound with captive portal function.
2. DHCP-1 is selected by It can be DHCP-1 ~ DHCP-4, if you configured the corresponding DHCP servers in
283
Vehicle LTE Router AN-W02
default. Basic Network > LAN & VLAN > DHCP Server.
If DHCP-1 is selected, users connected to the physical LAN port which bound the
DHCP-1 server, will be re-directed to a login page when accessing the Internet.
Web Portal 1. A Must filled setting. Specify which kind of authentication server is to be used for captive portal
2. The default setting function. It can be Internal, External, or Terms and Conditions Only , and
depends on the product depends on the product specification. Not all products with internal option.
specification. It can be When External is selected, there is no Customize login page to be configured,
Internal or External. but user must specify external UAM Server and Authentication Server for
authentication.
When Internal is selected, user just needs to specify an Authentication Server
and the portal login page can be edited in Customize login page.
Customize login N/A Customize login page is available only when Internal, or Terms and Conditions
page Only Web Portal is selected.

Click the Download Default CSS and Logo button to download the default CSS
file and Logo of login page for the internal authentication server.
Click the Download Current CSS and Logo button to download the current CSS
file and Logo of login page for the internal authentication server.
User can edit the CSS file or Logo downloaded from above buttons and upload
them by Upload CSS and Logo files button.
MAC Whitelist Optional setting Specify a MAC whitelist for the client devices that will not be subjected to the
(Separated by,) captive portal authentication function.
The MAC(s) filled in this field can access Internet directly, instead of been re-
direct to the login page.
Walled-Garden Optional setting Specify the host IP(s) for the devices that will not be subjected to the captive
Hosts portal authentication function.
(Separated by;) The IP(s) filled in this field can access Internet directly, instead of been re-direct
to the login page.
Walled-Garden Optional setting Specify the domain name(s) for the devices that will not be subjected to the
domains captive portal authentication function.
(Separated by;) The domain names(s) filled in this field can access Internet directly, instead of
been re-direct to the login page.
Authentication A Must filled setting Select the type of authentication server and corresponding user database.
Server
If Web Portal is Internal, the Internal RADIUS Server is used to authentication by
default, and there are three databases you can choose.
When Embedded DataBase is selected, the login IDs and Passwords are created
in Object Definition > User > User Profile tab.
When External LDAP is selected, the login IDs and passwords are from an
external LDAP server. Please specify it as well.
When External AD is selected, the login IDs and passwords are from an external
AD server. Please specify it as well.

If Web Portal is External, the External RADIUS Server is used to authentication

by default, user need to specify the external RADIUS server.
The external radius server can be added by pressing AddObject button directly
or added in Object Definition > External Server > External Server tab.
UAM Server A Must filled setting UAM Server is available only when External Web Portal is selected.

Click Enable box and specify an external UAM server from the external server
list.
The UAM Server can be added by pressing AddObject button directly or added
in Object Definition > External Server > External Server tab.
284
Vehicle LTE Router AN-W02
Save N/A Click the Save button to save changes
Refresh N/A Click the Refresh button to refresh current page

285
Vehicle LTE Router AN-W02

5.3.2 MAC Authentication

For some application, a RADIUS server is used to authenticate the Internet accessing permission. For those
authorized devices (MACs), they are allowed to access internet, and on the other hand, for those not
authorized devices, the internet accessing traffics will be blocked.
This gateway supports such MAC authentication function, the administrator has to configure the settings and
create a permissible user account list for those authorized devices. When the MAC Authentication function is
enabled, the traffics from the specified interface(s) will be applied with the MAC Authentication process
transparently. The gateway will interact with the RADIUS server, and provide the corresponding user
information for authentication process.

Go to Security > Authentication > MAC Authentication tab.

Enable MAC Authentication

Configuration
Item Value setting Description
MAC The box is unchecked by Check the Enable box to activate the MAC Authentication function.
Authentication default.
Radius Server A Must filled setting. Specify an external RADIUS server for authentication.
When the MAC Authentication is enabled, the gateway sends out the
connecting client’s information to the RADIUS server for authentication.
LAN Interface A Must filled setting. Select the network interface(s) to apply the MAC Authentication function.
It can be LAN or VLAN(s) (port-based). At least, one interface should be
selected.
Note: DON’T choose the interface which RADIUS server in it.
Client Connection A Must filled setting. Specify the idle time (in seconds) for a client connection.
Idle Time If a client didn’t access network for the specified idle time period, its
authentication will be invalided consequently.
Save N/A Click the Save button to save changes
Refresh N/A Click the Refresh button to refresh current page

Create/Edit User List

There is a User List for listing the information of the available users. Administrator can create, edit, delete, or
even search with a certain key and filter function to quick access to the information you are looking for.

286
Vehicle LTE Router AN-W02

User List
Item Value setting Description
Nickname N/A It displays the nickname for a user.
User Name N/A It displays the MAC address for a user.
Password N/A It displays the password for a user.
Add N/A Add information of new device authentication
Delete N/A Delete information of exists device authentication
Filter N/A Search information of exists device authentication
Previous N/A Navigation Button of authentication list
Next N/A Navigation Button of authentication list

When Add button is applied, User Configuration screen will appear.

User List
Item Value setting Description
Nickname 1. A Must filled setting. Enter a nickname for the user that is easy for you to understand.
2. String format can be Value Range: 1 ~ 64 characters.
any text (max. 64
characters).
User Name 1.A Must filled setting. Enter the MAC address for the user.
2. MAC address format. Value Range: 0 ~ 17 characters, MAC format with ‘:’ or ‘-‘.
Password 1. A Must filled setting. Enter the password for the user.
2. String format can be
any text (max. 64
characters).
Save N/A Click the Save button to save changes.

To make sure the MAC authentication function can work properly on those authorized users (MACs),
administrator has to create the corresponding user information in the User List. Otherwise, even for those
authorized users, the authentication result will be false, and there will be no internet access for the users.

287
Vehicle LTE Router AN-W02

Chapter 6 Administration

6.1 Configure & Manage

Configure & Manage refers to enterprise-wide administration of distributed systems including (and commonly
in practice) computer systems. Centralized management has a time and effort trade-off that is related to the
size of the company, the expertise of the IT staff, and the amount of technology being used. This device
supports many system management protocols, such as Command Script, TR-069, SNMP, and Telnet with CLI.
You can setup those configurations in the "Configure & Manage" section.

288
Vehicle LTE Router AN-W02

6.1.1 Command Script

Command script configuration is the application that allows administrator to setup the pre-defined
configuration in plain text style and apply configuration on startup.
Go to Administration > Command Script > Configuration Tab.

Enable Command Script Configuration

Configuration
Item Value setting Description
The box is unchecked by
Configuration Check the Enable box to activate the Command Script function.
default
Click the Via Web UI or Via Storage button to backup the existed command
Backup Script N/A
script in a .txt file. You can specify the script file name in Script Name below.
Click the Via Web UI or Via Storage button to Upload the existed command
Upload Script N/A
script from a specified .txt file.
Specify a script file name for script backup, or display the selected upload script
1.An Optional setting
Script Name file name.
2.Any valid file name
Value Range: 0 ~ 32 characters.
1.An Optional setting Specify the version number for the applied Command script.
Version
2.Any string Value Range: 0 ~ 32 characters.
1.An Optional setting
Description Enter a short description for the applied Command script.
2.Any string
Update time N/A It records the upload time for last commad script upload.

289
Vehicle LTE Router AN-W02
Edit/Backup Plain Text Command Script

You can edit the plain text configuration settings in the configuration screen as above.
Plain Text Configuration
Item Value setting Description
Clean NA Clean text area. (You should click Save button to further clean the configuration
already saved in the system.)
Backup NA Backup and download configuration.
Save NA Save configuration

The supported plain text configuration items are shown in the following list. For the settings that can be
executed with standard Linux commands, you can put them in a script file, and apply to the system configure
with STARTUP command. For those configurations without corresponding Linux command set to configure,
you can configure them with proprietary command set.
Configuration Content
Key Value setting Description
OPENVPN_ENABLED 1 : enable Enable or disable OpenVPN Client function.
0 : disable
OPENVPN_DESCRIPTION A Must filled Specify the tunnel name for the OpenVPN Client connection.
Setting
OPENVPN_PROTO udp Define the Protocol for the OpenVPN Client.
tcp  Select TCP or TCP /UDP
->The OpenVPN will use TCP protocol, and Port will be set as 443
automatically.
 Select UDP
-> The OpenVPN will use UDP protocol, and Port will be set as 1194
automatically.
OPENVPN_PORT A Must filled Specify the Port for the OpenVPN Client to use.
Setting
OPENVPN_REMOTE_IPADDR IP or FQDN Specify the Remote IP/FQDN of the peer OpenVPN Server for this
OpenVPN Client tunnel.
Fill in the IP address or FQDN.
OPENVPN_PING_INTVL seconds Specify the time interval for OpenVPN keep-alive checking.
OPENVPN_PING_TOUT seconds Specify the timeout value for OpenVPN Client keep-alive checking.
OPENVPN_COMP Adaptive Specify the LZO Compression algorithm for OpenVPN client.
OPENVPN_AUTH Static Key/TLS Specify the authorization mode for the OpenVPN tunnel.
290
Vehicle LTE Router AN-W02
 TLS
->The OpenVPN will use TLS authorization mode, and the following
items CA Cert., Client Cert. and Client Key need to specify as well.
OPENVPN_CA_CERT A Must filled Specify the Trusted CA certificate for the OpenVPN client. It will go
Setting through Base64 Conversion.
OPENVPN_LOCAL_CERT A Must filled Specify the local certificate for OpenVPN client. It will go through
Setting Base64 Conversion.
OPENVPN_LOCAL_KEY A Must filled Specify the local key for the OpenVPN client. It will go through Base64
Setting Conversion.
OPENVPN_EXTRA_OPTS Options Specify the extra options setting for the OpenVPN client.
IP_ADDR1 Ip Ethernet LAN IP
IP_NETM1 Net mask Ethernet LAN MASK
PPP_MONITORING 1 : enable When the Network Monitoring feature is enabled, the router will use
0 : disable DNS Query or ICMP to periodically check Internet connection –
connected or disconnected.
PPP_PING 0 : DNS Query With DNS Query, the system checks the connection by sending DNS
1 : ICMP Query Query packets to the destination specified in PPP_PING_IPADDR.
With ICMP Query, the system will check connection by sending ICMP
request packets to the destination specified in PPP_PING_IPADDR.
PPP_PING_IPADDR IP Specify an IP address as the target for sending DNS query/ICMP
request.
PPP_PING_INTVL seconds Specify the time interval for between two DNS Query or ICMP
checking packets.
STARTUP Script file For the configurations that can be configured with standard Linux
commands, you can put them in a script file, and apply the script file
with STARTUP command.
For example,
STARTUP=#!/bin/sh
STARTUP=echo “startup done” > /tmp/demo

Plain Text System Configuration with Telnet

In addition to the web-style plain text configuration as mentioned above, the gateway system also allow the
configuration via Telnet CLI. Administrator can use the proprietary telnet command “txtConfig” and related
action items to perform the plain system configuration.

The command format is: txtConfig (action) [option]

Action Option Description

clone Output file Duplicate the configuration content from database and stored as a
configuration file.
(ex: txtConfig clone /tmp/config)
The contents in the configuration file are the same as the plain text commands
mentioned above. This action is exactly the same as performing the “Backup”
plain text configuration.
commit a existing file Commit the configuration content to database.
(ex: txtConfig commit /tmp/config)
enable NA Enable plain text system config.
291
Vehicle LTE Router AN-W02
(ex: txtConfig enable)
disable NA Disable plain text system config.
(ex: txtConfig disable)
run_immediately NA Apply the configuration content that has been committed in database.
(ex: txtConfig run_immediately)
run_immediately a existing file Assign a configuration file to apply.
(ex: txtConfig run_immediately /tmp/config)

292
Vehicle LTE Router AN-W02

6.1.2 TR-069
TR-069 (Technical Report 069) is a Broadband Forum technical specification entitled CPE WAN Management
Protocol (CWMP). It defines an application layer protocol for remote management of end-user devices, like this
gateway device. As a bidirectional SOAP/HTTP-based protocol, it provides the communication between
customer-premises equipment (CPE) and Auto Configuration Servers (ACS). The Security Gateway is such CPE.

TR-069 is a customized feature for ISP. It is not recommend that you change the configuration for this. If you
have any problem in using this feature for device management, please contact with your ISP or the ACS
provider for help. At the right upper corner of TR-069 Setting screen, one “[Help]” command let you see the
same message about that.

Scenario - Managing deployed gateways through an ACS Server

Scenario Application Timing

When the enterprise data center wants to use an ACS server to manage remote gateways
geographically distributed elsewhere in the world, the gateways in all branch offices must have an
embedded TR-069 agent to communicate with the ACS server. So that the ACS server can configure,
FW upgrade and monitor these gateways and their corresponding Intranets.
Scenario Description
The ACS server can configure, upgrade with latest FW and monitor these gateways.
Remote gateways inquire the ACS server for jobs to do in each time period.
The ACS server can ask the gateways to execute some urgent jobs.
Parameter Setup Example
293
Vehicle LTE Router AN-W02
Following tables list the parameter configuration as an example for the Gateway 1 in above diagram
with "TR-069" enabling.
Use default value for those parameters that are not mentioned in the tables.

Configuration Path [TR-069]-[Configuration]

TR-069 ■ Enable
ACS URL http://qa.acslite.com/cpe.php
ACS User Name ACSUserName
ACS Password ACSPassword
ConnectionRequest Port 8099
ConnectionRequest User Name ConnReqUserName
ConnectionRequest Password ConnReqPassword
Inform ■ Enable Interval 900

Scenario Operation Procedure

In above diagram, the ACS server can manage multiple gateways in the Internet. The "Gateway 1" is
one of them and has 118.18.81.33 IP address for its WAN-1 interface.
When all remote gateways have booted up, they will try to connect to the ACS server.
Once the connections are established successfully, the ACS server can configure, upgrade with latest
FW and monitor these gateways.
Remote gateways inquire the ACS server for jobs to do in each time period.
If the ACS server needs some urgent jobs to be done by the gateways, it will issue the "Connection
Request" command to those gateways. And those gateways make immediate connections in
response to the ACS server’s immediate connection request for executing the urgent jobs.

294
Vehicle LTE Router AN-W02

TR-069 Setting

Go to Administration > Configure & Manage > TR-069 tab.

In "TR-069" page, there is only one configuration window for TR-069 function. In the window, you must
specify the related information for your security gateway to connect to the ACS. Drive the function to work by
specifying the URL of the ACS server, the account information to login the ACS server, the service port and the
account information for connection requesting from the ACS server, and the time interval for job inquiry.
Except the inquiry time, there are no activities between the ACS server and the gateways until the next inquiry
cycle. But if the ACS server has new jobs that are expected to do by the gateways urgently, it will ask these
gateways by using connection request related information for immediate connection for inquiring jobs and
executing.

Enable TR-069

TR-069

Item Value setting Description

295
Vehicle LTE Router AN-W02

The box is unchecked by

TR-069 Check the Enable box to activate TR-069 function.
default

When you finish set basic network WAN-1 ~ WAN-n, you can choose WAN-1 ~
WAN-n
WAN-1 is selected by
Interface When you finish set Security > VPN > IPSec/OpenVPN/PPTP/L2TP/GRE, you
default.
can choose IPSec/OpenVPN/PPTP/L2TP/GRE tunnel, the interface just like
“IPSec #1”
Select the TR-069 dat model for the remote management.
Standard : the ACS Server is a standard one, which is fully comply with TR-
ACS Cloud Data Model
Data Model 069.
is selected by default.
ACS Cloud Data Model : Select this data model if you intend to use Cloud ACS
Server to managing the deployed gateways.
ACS URL A Must filled setting You can ask ACS manager provide ACS URL and manually set
ACS Username A Must filled setting You can ask ACS manager provide ACS username and manually set
ACS Password A Must filled setting You can ask ACS manager provide ACS password and manually set
You can ask ACS manager provide ACS ConnectionRequest Port and manually
ConnectionRequest 1. A Must filled setting.
set
Port 2. By default 8099 is set.
Value Range: 0 ~ 65535.
ConnectionRequest You can ask ACS manager provide ACS ConnectionRequest Username and
A Must filled setting
UserName manually set
ConnectionRequest You can ask ACS manager provide ACS ConnectionRequest Password and
A Must filled setting
Password manually set
1. The box is checked by
When the Enable box is checked, the gateway (CPE) will periodicly send
Inform default.
inform message to ACS Server according to the Interval setting.
2. The Interval value is
Value Range: 0 ~ 86400 for Inform Interval.
300 by default.
You can leave it as default or select an expected certificate and key from the
The default box is drop down list.
Certification Setup
selected by default Refer to Object Definition > Certificate Section for the Certificate
configuration.
Save N/A Click Save to save the settings.
Undo N/A Click Undo to cancel the modifications.

When you finish set ACS URL ACS Username ACS Password, your gateway (CPE, Client Premium Equipment)
can send inform to ACS Server.
When you finish set ConnectionRequest Port ConnectionRequest Username ConnectionRequest Password,
ACS Server can ask the gateway (CPE) to send inform to ACS Server.

Enable STUN Server

296
Vehicle LTE Router AN-W02

STUN Settings Configuration

Item Value setting Description

The box is checked by

STUN Check the Enable box to activate STUN function.
default

1. String format: any

Specify the IP address for the expected STUN Server.
Server Address IPv4 address
2. It is an optional item.
Specify the port number for the expected STUN Server.
1. An optional setting
Server Port
2.3478 is set by default
Value Range: 1 ~ 65535.
Specify the keep alive time period for the connection with STUN Server.
1. An optional setting
Keep Alive Period
2.0 is set by default
Value Range: 0 ~ 65535.
Save N/A Click Save to save the settings.
Undo N/A Click Undo to cancel the modifications.

297
Vehicle LTE Router AN-W02

6.1.3 SNMP
In brief, SNMP, the Simple Network Management Protocol, is a protocol designed to give a user the capability
to remotely manage a computer network by polling and setting terminal values and monitoring network
events.

In typical SNMP uses, one or more administrative computers, called managers, have the task of monitoring or
managing a group of hosts or devices on a computer network. Each managed system executes, at all times, a
software component called an agent which reports information via SNMP to the manager.

SNMP agents expose management data on the managed systems as variables. The protocol also permits active
management tasks, such as modifying and applying a new configuration through remote modification of these
variables. The variables accessible via SNMP are organized in hierarchies. These hierarchies, and other
metadata (such as type and description of the variable), are described by Management Information Bases
(MIBs).

The device supports several public MIBs and one private MIB for the SNMP agent. The supported MIBs are as
follow: MIB-II (RFC 1213, Include IPv6), IF-MIB, IP-MIB, TCP-MIB, UDP-MIB, SMIv1 and SMIv2,
SNMPv2-TM and SNMPv2-MIB, and AMIB (a Proprietary MIB)

SNMP Management Scenario

Scenario Application Timing

There are two application scenarios of SNMP Network Management Systems (NMS). Local NMS is in
298
Vehicle LTE Router AN-W02
the Intranet and manage all devices that support SNMP protocol in the Intranet. Another one is the
Remote NMS to manage some devices whose WAN interfaces are connected together by using a
switch or a router with UDP forwarding. If you want to manage some devices and they all have
supported SNMP protocol, use either one application scenario, especially the management of
devices in the Intranet. In managing devices in the Internet, the TR-069 is the better solution. Please
refer to last sub-section.
Scenario Description
The NMS server can monitor and configure the managed devices by using SNMP protocol, and those
devices are located at where UDP packets can reach from NMS.
The managed devices report urgent trap events to the NMS servers.
Use SNMPv3 version of protocol can protected the transmitting of SNMP commands and responses.
The remote NMS with privilege IP address can manage the devices, but other remote NMS can't.
Parameter Setup Example
Following tables list the parameter configuration as an example for the Gateway 1 in above diagram
with "SNMP" enabling at LAN and WAN interfaces.
Use default value for those parameters that are not mentioned in the tables.

Configuration Path [SNMP]-[Configuration]

SNMP Enable ■ LAN ■ WAN
Supported Versions ■ v1 ■ v2c ■ v3
Get / Set Community ReadCommunity / WriteCommunity
Trap Event Receiver 1 118.18.81.11
WAN Access IP Address 118.18.81.11

Configuration Path [SNMP]-[User Privacy Definition]

ID 1 2 3
User Name UserName1 UserName2 UserName3
Password Password1 Password2 Disable
Authentication MD5 SHA-1 Disable
Encryption DES Disable Disable
Privacy Mode authPriv authNoPriv noAuthNoPriv
Privacy Key 12345678 Disable Disable
Authority Read/Write Read Read
Enable ■ Enable ■ Enable ■ Enable

Scenario Operation Procedure

In above diagram, the NMS server can manage multiple devices in the Intranet or a UDP-reachable
network. The "Gateway 1" is one of the managed devices, and it has the IP address of 10.0.75.2 for
LAN interface and 118.18.81.33 for WAN-1 interface. It serves as a NAT router.
299
Vehicle LTE Router AN-W02
At first stage, the NMS manager prepares related information for all managed devices and records
them in the NMS system. Then NMS system gets the status of all managed devices by using SNMP
get commands.
When the manager wants to configure the managed devices, the NMS system allows him to do that
by using SNMP set commands. The "UserName1" account is used if the manager uses SNMPv3
protocol for configuring the "Gateway 1". Only the "UserName1" account can let the "Gateway 1"
accept the configuration from the NMS since the authority of the account is "Read/Write".
Once a managed device has an urgent event to send, the device will issue a trap to the Trap Event
Receivers. The NMS itself could be one among them.
If you want to secure the transmitted SNMP commands and responses between the NMS and the
managed devices, use SNMPv3 version of protocol.
The remote NMS without privilege IP address can't manage the "Gateway 1", since "Gateway 1"
allows only the NMS with privilege IP address can manage it via its WAN interface.

300
Vehicle LTE Router AN-W02

SNMP Setting

Go to Administration > Configure & Manage > SNMP tab.

The SNMP allows user to configure SNMP relevant setting which includes interface, version, access control
and trap receiver.

Enable SNMP

SNMP
Item Value setting Description
Select the interface for the SNMP and enable SNMP functions.
When Check the LAN box, it will activate SNMP functions and you can access
1.The boxes are
SNMP Enable SNMP from LAN side;
unchecked by default
When Check the WAN box, it will activate SNMP functions and you can access
SNMP from WAN side.
1.A Must filled setting Specify the WAN interface that a remote SNMP host can access to the device.
WAN Interface 2. ALL WANs is By default, All WANs is selected, and there is no limitation for the WAN
selected by default inferface.
Select the version for the SNMP
When Check the v1 box.
1.A Must filled setting It means you can access SNMP by version 1.
Supported Versions 2.The boxes are When Check the v2c box.
unchecked by default It means you can access SNMP by version 2c.
When Check the v3 box.
It means you can access SNMP by version 3.
Specify the Remote Access IP for WAN.
Select Specific IP Address, and fill in a certain IP address. It means only this IP
1. String format: any
address can access SNMP from LAN/WAN side.
IPv4 address
Remote Aceess IP Select IP Range, and fill in a range of IP addresses. It means the IP address
2. It is an optional
within specified range can access SNMP from LAN/WAN side.
item.

If you left it as blank, it means any IP address can access SNMP from WAN side.
301
Vehicle LTE Router AN-W02
1. String format: any
Specify the SNMP Port.
port number
You can fill in any port number. But you must ensure the port number is not to
SNMP Port 2. The default SNMP
be used.
port is 161.
Value Range: 1 ~ 65535.
3. A Must filled setting
Save N/A Click Save to save the settings
Undo N/A Click Undo to cancel the settings

Create/Edit Multiple Community

The SNMP allows you to custom your access control for version 1 and version 2 user. The router supports up to
a maximum of 10 community sets.

When Add button is applied, Multiple Community Rule Configuration screen will appear.

Multiple Community Rule Configuration

Item Value setting Description
1. Read Only is
Specify this version 1 or version v2c user’s community that will be allowed Read
selected by default
Only (GET and GETNEXT) or Read-Write (GET, GETNEXT and SET) access
Community 2. A Must filled setting
respectively.
3. String format: any
The maximum length of the community is 32.
text
1.The box is checked
Enable Click Enable to enable this version 1 or version v2c user.
by default
Click the Save button to save the configuration. But it does not apply to SNMP
Save N/A functions. When you return to the SNMP main page. It will show “Click on save
button to apply your changes” remind user to click main page Save button.
Undo N/A Click the Undo button to cancel the settings.
Back N/A Click the Back button to return to last page.

302
Vehicle LTE Router AN-W02

Create/Edit User Privacy

The SNMP allows you to custom your access control for version 3 user. The router supports up to a maximum
of 128 User Privacy sets.

When Add button is applied, User Privacy Rule Configuration screen will appear.

User Privacy Rule Configuration

Item Value setting Description
User Name 1. A Must filled setting Specify the User Name for this version 3 user.
2. String format: any Value Range: 1 ~ 32 characters.
text
Password 1. String format: any When your Privacy Mode is authNoPriv or authPriv, you must specify the
text Password for this version 3 user.
Value Range: 8 ~ 64 characters.
Authentication 1. None is selected by When your Privacy Mode is authNoPriv or authPriv, you must specify the
default Authentication types for this version 3 user.
Selected the authentication types MD5/ SHA-1 to use.
Encryption 1. None is selected by When your Privacy Mode is authPriv, you must specify the Encryption
default protocols for this version 3 user.
Selected the encryption protocols DES / AES to use.

303
Vehicle LTE Router AN-W02
Privacy Mode 1. noAuthNoPriv is Specify the Privacy Mode for this version 3 user.
selected by default Selected the noAuthNoPriv.
You do not use any authentication types and encryption protocols.
Selected the authNoPriv.
You must specify the Authentication and Password.
Selected the authPriv.
You must specify the Authentication, Password, Encryption and Privacy Key.
Privacy Key 1. String format: any When your Privacy Mode is authPriv, you must specify the Privacy Key (8 ~ 64
text characters) for this version 3 user.
Authority 1. Read is selected by Specify this version 3 user’s Authority that will be allowed Read Only (GET and
default GETNEXT) or Read-Write (GET, GETNEXT and SET) access respectively.
OID Filter Prefix 1. The default value is The OID Filter Prefix restricts access for this version 3 user to the sub-tree
1 rooted at the given OID.
2. A Must filled setting Value Range: 1 ~2080768.
3. String format: any
legal OID
Enable 1.The box is checked Click Enable to enable this version 3 user.
by default
Save N/A Click the Save button to save the configuration. But it does not apply to SNMP
functions. When you return to the SNMP main page. It will show “Click on save
button to apply your changes” remind user to click main page Save button.
Undo N/A Click the Undo button to cancel the settings
Back N/A Click the Back button to return the last page.

Create/Edit Trap Event Receiver

The SNMP allows you to custom your trap event receiver. The router supports up to a maximum of 4 Trap
Event Receiver sets.

When Add button is applied, Trap Event Receiver Rule Configuration screen will appear. The default SNMP
Version is v1. The configuration screen will provide the version 1 must filled items.

304
Vehicle LTE Router AN-W02

When you selected v2c, the configuration screen is exactly the same as that of v1, except the version.
When you selected v3, the configuration screen will provide more setting items for the version 3 Trap.

Trap Event Receiver Rule Configuration

Item Value setting Description
1. A Must filled setting
Specify the trap Server IP or FQDN.
Server IP 2. String format: any
The DUT will send trap to the server IP/FQDN.
IPv4 address or FQDN
1. String format: any
Specify the trap Server Port.
port number
You can fill in any port number. But you must ensure the port number is not to
Server Port 2. The default SNMP
be used.
trap port is 162
Value Range: 1 ~ 65535.
3. A Must filled setting

305
Vehicle LTE Router AN-W02
Select the version for the trap
Selected the v1.
The configuration screen will provide the version 1 must filled items.
1. v1 is selected by
SNMP Version Selected the v2c.
default
The configuration screen will provide the version 2c must filled items.
Selected the v3.
The configuration screen will provide the version 3 must filled items.
1. A v1 and v2c Must
filled setting Specify the Community Name for this version 1 or version v2c trap.
Community Name
2. String format: any Value Range: 1 ~ 32 characters.
text
1. A v3 Must filled
setting Specify the User Name for this version 3 trap.
User Name
2. String format: any Value Range: 1 ~ 32 characters.
text
1. A v3 Must filled
When your Privacy Mode is authNoPriv or authPriv, you must specify the
setting
Password Password for this version 3 trap.
2. String format: any
Value Range: 8 ~ 64 characters.
text
Specify the Privacy Mode for this version 3 trap.
Selected the noAuthNoPriv.
1. A v3 Must filled
You do not use any authentication types and encryption protocols.
setting
Privacy Mode Selected the authNoPriv.
2. noAuthNoPriv is
You must specify the Authentication and Password.
selected by default
Selected the authPriv.
You must specify the Authentication, Password, Encryption and Privacy Key.
1. A v3 Must filled
When your Privacy Mode is authNoPriv or authPriv, you must specify the
setting
Authentication Authentication types for this version 3 trap.
2. None is selected by
Selected the authentication types MD5/ SHA-1 to use.
default
1. A v3 Must filled
When your Privacy Mode is authPriv, you must specify the Encryption
setting
Encryption protocols for this version 3 trap.
2. None is selected by
Selected the encryption protocols DES / AES to use.
default
1. A v3 Must filled
setting When your Privacy Mode is authPriv, you must specify the Privacy Key (8 ~ 64
Privacy Key
2. String format: any characters) for this version 3 trap.
text
1.The box is checked
Enable Click Enable to enable this trap receiver.
by default
Click the Save button to save the configuration. But it does not apply to SNMP
Save N/A functions. When you return to the SNMP main page. It will show “Click on save
button to apply your changes” remind user to click main page Save button.
Undo N/A Click the Undo button to cancel the settings.
Back N/A Click the Back button to return the last page.

306
Vehicle LTE Router AN-W02

Specify SNMP MIB-2 System

If required, you can also specify the required onformation the the MIB-2 System.

SNMP MIB-2 System Configuration

Item Value setting Description
sysContact 1. An Optional filled Specify the contact information forMIB-2 system.
setting Value Range: 0 ~ 64 characters.
2. String format: any
text
sysLocation 1. An Optional filled Specify the location information forMIB-2 system.
setting Value Range: 0 ~ 64 characters.
2. String format: any
text

Edit SNMP Options

If you use some particular private MIB, you must fill the enterprise name, number and OID.

Options
307
Vehicle LTE Router AN-W02
Item Value setting Description
1. The default value is
Default
Specify the Enterprise Name for the particular private MIB.
Enterprise Name 2. A Must filled setting
Value Range: 1 ~ 10 characters, and only string with A~Z, a~z, 0~9, ’–‘, ‘_’.
3. String format: any
text
The default value is
12823
(Default Enterprise
Specify the Enterprise Number for the particular private MIB.
Enterprise Number Number)
Value Range: 1 ~2080768.
2. A Must filled setting
3. String format: any
number
1. The default value is
1.3.6.1.4.1.12823.4.4.9 Specify the Enterprise OID for the particular private MIB.
(Default Enterprise OID) The range of the each OID number is 1-2080768.
Enterprise OID
2. A Must filled setting The maximum length of the enterprise OID is 31.
3. String format: any The seventh number must be identical with the enterprise number.
legal OID
Click the Save button to save the configuration and apply your changes to
Save N/A
SNMP functions.
Undo N/A Click the Undo button to cancel the settings.

308
Vehicle LTE Router AN-W02

6.1.4 Telnet & SSH

A command-line interface (CLI), also known as command-line user interface, and console user interface are
means of interacting with a computer program where the user (or client) issues commands to the program in
the form of successive lines of text (command lines). The interface is usually implemented with a command
line shell, which is a program that accepts commands as text input and converts commands to appropriate
operating system functions. Programs with command-line interfaces are generally easier to automate via
scripting. The device supports both Telnet and SSH (Secure Shell) CLI with default service port 23 and 22,
respectively.

Telnet & SSH Scenario

Scenario Application Timing

When the administrator of the gateway wants to manage it from remote site in the Intranet or
Internet, he may use "Telnet with CLI" function to do that by using "Telnet" or "SSH" utility.

Scenario Description
The Local Admin or the Remote Admin can manage the Gateway by using "Telnet" or "SSH" utility
with privileged user name and password.
The data packets between the Local Admin and the Gateway or between the Remote Admin and the
Gateway can be plain texts or encrypted texts. Suggest they are plain texts in the Intranet for Local
Admin to use "Telnet" utility, and encrypted texts in the Internet for Remote Admin to use "SSH"
309
Vehicle LTE Router AN-W02
utility.

Parameter Setup Example

Following table lists the parameter configuration as an example for the Gateway in above diagram
with "Telnet with CLI" enabling at LAN and WAN interfaces.
Use default value for those parameters that are not mentioned in the table.

Configuration Path [Telnet & SSH]-[Configuration]

Telnet LAN: ■ Enable WAN:  Enable
Service Port: 23
SSH LAN: ■ Enable WAN: ■ Enable
Service Port: 22

Scenario Operation Procedure

In above diagram, "Local Admin" or "Remote Admin" can manage the "Gateway" in the Intranet or
Internet. The "Gateway" is the gateway of Network-A, and the subnet of its Intranet is 10.0.75.0/24.
It has the IP address of 10.0.75.2 for LAN interface and 118.18.81.33 for WAN-1 interface. It serves
as a NAT gateway.
The "Local Admin" in the Intranet uses "Telnet" utility with privileged account to login the Gateway.
Or the "Remote Admin" in the Internet uses "SSH" utility with privileged account to login the
Gateway.
The administrator of the gateway can control the device as like he is in front of the gateway.

310
Vehicle LTE Router AN-W02

Telnet & SSH Setting

Go to Administration > Configure & Manage > Telnet & SSH tab.

The Telnet & SSH setting allows administrator to access this device through the traditional Telnet or SSH
Telnet program. Before you can telnet (login) to the device, please configure the related settings and
password with care. The password management part allows you to set root password for logging telnet and
SSH.

Configuration
Item Value setting Description
Telnet 1. The LAN Enable box is Check the Enable box to activate the Telnet function for connecting from LAN or WAN
checked by default. interfaces.
2. By default Service You can set which number of Service Port you want to provide for the corresponding
service.
Port is 23.
Value Range: 1 ~65535.
SSH 3. The LAN Enable box is Check the Enable box to activate the SSH Telnet function for connecting from LAN or
checked by default. WAN interfaces.
4. By default Service You can set which number of Service Port you want to provide for the corresponding
service.
Port is 22.
Value Range: 1 ~65535.
Save N/A Click Save to save the settings
Undo N/A Click Undo to cancel the settings

311
Vehicle LTE Router AN-W02
Configuration
Item Value setting Description
root 1. String: any text but no Type old password and specify new password to change root password.
blank character Note_1: You are highly recommended to change the default telnet password with
2. The default password yours before the device is deployed.
Note_2: If you have trouble for the default password for previous FW version, please
for telnet is
check the corresponding User Manual to get the correct one.
‘wirelessm2m’.
Save N/A Click Save to save the settings
Undo N/A Click Undo to cancel the settings

312
Vehicle LTE Router AN-W02

6.2 System Operation

System Operation allows the network administrator to manage system, settings such as web-based utility
access password change, system information, system time, system log, firmware/configuration backup &
restore, and reset & reboot.

6.2.1 Password & MMI

Go to Administration > System Operation > Password & MMI tab.

Setup Host Name

Host Name screen allows network administrator to setup / change the host name of the gateway. Click the
Modify button and provide the new username setting.

Username Configuration
Item Value setting Description
1. An Optional setting
Host Name Enter the host name of the gateway.
2. It is blanked by default
Save N/A Click Save button to save the settings
Undo N/A Click Undo button to cancel the settings

Change UserName

Username screen allows network administrator to change the web-based MMI login account to access
gateway. Click the Modify button and provide the new username setting.

313
Vehicle LTE Router AN-W02
Username Configuration
Item Value setting Description
1. The default Username
Username for web-based MMI is Display the current MMI login account (Username).
‘admin’.
New Username String: any text Enter new Username to replace the current setting.
Enter current password to verify if you have the permission to change the
Password String: any text
username setting.
Save N/A Click Save button to save the settings
Undo N/A Click Undo button to cancel the settings

Change Password

Change password screen allows network administrator to change the web-based MMI login password to
access gateway.

Password Configuration
Item Value setting Description
1. String: any text
2. The default password
Old Password Enter the current password to enable you unlock to change password.
for web-based MMI is
‘admin’.
New Password String: any text Enter new password
New Password
String: any text Enter new password again to confirm
Confirmation
Save N/A Click Save button to save the settings
Undo N/A Click Undo button to cancel the settings

Change MMI Setting for Accessing

This is the gateway’s web-based MMI access which allows administrator to access the gateway for
management. The gateway’s web-based MMI will automatically logout when the idle time has elapsed. The
setting allows administrator to enable automatic logout and set the logout idle time. When the login timeout
314
Vehicle LTE Router AN-W02
is disabled, the system won’t logout the administrator automatically.

MMI Configuration
Item Value setting Description
Enter the login trial counting value.
Value Range: 3 ~ 10.
If someone tried to login the web GUI with incorrect password for more
Login 3 times is set by default
than the counting value, an warning message “Already reaching maximum
Password-Guessing times, please wait a few seconds!” will be displayed
and ignore the following login trials.
The Enable box is Check the Enable box to activate the auto logout function, and specify the
Login Timeout checked, and 300 is set maximum idle time as well.
by default. Value Range: 30 ~ 65535.
http/https is selected by Select the protocol that will be used for GUI access. It can be http/https,
GUI Access Protocol
default. http only, or https only.
If the https Access Protocol is selected, the HTTPs Certificate Setup option
will be available for further configuration.
HTTPs Certificate The default box is You can leave it as default or select a expected certificate and key from the
Setup selected by default drop down list.
Refer to Object Definition > Certificate Section for the Certificate
configuration.
The box is unchecked by Check the box (gzip, or deflate) if any comprerssion method is preferred.
http Compression
default.
1. An Optional setting
http Binding 2. DHCP-1 is checked by Select the DHCP Server to bind with http access.
default
System Boot Mode Normal Mode is selected Select the system boot mode that will be adopted to boot up the device.
315
Vehicle LTE Router AN-W02
by default. Normal Mode: It takes longer boot up time, about 200 seconds, with
complete firmware image check during the device booting.
Fast Mode: It takes shorter boot up time, about 120 seconds, without
checking the firmwareimage during the device booting.
Quick Mode: It takes shorter boot up time, about 90 seconds, without
checking the firmware image and create the internal database for
User/Group/Captive Portal functions.

Note: Use Quick Mode with care, once selected, the User/Group/Captive
Portal function will become non-functional.
Save N/A Click Save button to save the settings
Undo N/A Click Undo button to cancel the settings

316
Vehicle LTE Router AN-W02

6.2.2 System Information

System Information screen gives network administrator a quick look up on the device information for the
purchades gateway.

Go to Administration > System Operation > System Information tab.

System Information
Item Value Setting Description
Model Name N/A It displays the model name of this product.
Device Serial
N/A It displays the serial number of this product.
Number
Kernel Version N/A It displays the Linux kernel version of the product
FW Version N/A It displays the firmware version of the product
Memory Usage N/A It displays the percentage of device memory utilization.
System Time N/A It displays the current system time that you browsed this web page.
Device Up-Time N/A It displays the statistics for the device up-time since last boot up.
Refresh N/A Click the Refresh button to update the system Information immediately.

317
Vehicle LTE Router AN-W02

6.2.3 System Time

The gateway provides manually setup and auto-synchronized approaches for the administrator to setup the
system time for the gateway. The time supported synchronization methods can be Time Server, Manual, PC,
Cellular Module, or GPS Signal. Select the method first, and then configure rest settings.
Instead of manually configuring the system time for the gateway, there are two simple and quick solutions for
you to set the correct time information and set it as the system time for the gateway.
The first one is “Sync with Timer Server”. Based on your selection of time zone and time server in above time
information configuration window, system will communicate with time server by NTP Protocol to get system
date and time after you click on the Synchronize immediately button.
The second one is “Sync with my PC”. Select the method and the system will synchronize its date and time to
the time of the administration PC.

Go to Administration > System Operation > System Time tab.

Synchronize with Time Server

System Time Information

Item Value Setting Description
1. A Must-filled item.
Synchronization
2. Time Server is Select the Time Server as the synchronization method for the system time.
method
selected by default.
1. A Must-filled item.
Time Zone 2. GMT+00 :00 is Select a time zone where this device locates.
selected by default.
1. A Must-filled item. Enter the IP or FQDN for the NTP time server you expected, or leave it as auto
Auto-
2. Auto is selected by mode so that the available server will be used for time synchronization one by
synchronization
default. one.
318
Vehicle LTE Router AN-W02
Check the Enable button to activate the daylight saving function.
Daylight Saving 1. It is an optional item.
When you enabled this function, you have to specify the start date and end date
Time 2. Un-checked by default
for the daylight saving time duration.
Check the Enable button to activate the NTP Service function.
1. It is an optional item.
NTP Service When you enabled this function, the gateway can provide NTP server service for
2. Un-checked by default
its local connected devices.
Synchronize Click the Active button to synchronize the system time with specified time
N/A
immediately server immediately.
Save N/A Click the Save button to save the settings.
Refresh N/A Click the Refresh button to update the system time immediately.

Note: Remember to select a correct time zone for the device, otherwise, you will just get the UTC
(Coordinated Universal Time) time, not the local time for the device.

Synchronize with Manually Setting

System Time Information

Item Value Setting Description
1. A Must-filled item.
Synchronization Select the Manual as the synchronization method for the system time. It means
2. Time Server is
method administrator has to set the Date & Time manually.
selected by default.
1. A Must-filled item.
Time Zone 2. GMT+00 :00 is Select a time zone where this device locates.
selected by default.
Check the Enable button to activate the daylight saving function.
Daylight Saving 1. It is an optional item.
When you enabled this function, you have to specify the start date and end date
Time 2. Un-checked by default
for the daylight saving time duration.
Set Date & Time Manually set the date (Year/Month/Day) and time (Hour:Minute:Second) as the
1. It is an optional item.
Manually system time.
1. It is an optional item. Check the Enable button to activate the NTP Service function.
NTP Service
2. Un-checked by default When you enabled this function, the gateway can provide NTP server service for

319
Vehicle LTE Router AN-W02
its local connected devices.
Save N/A Click the Save button to save the settings.

Synchronize with PC

System Time Information

Item Value Setting Description
1. A Must-filled item.
Synchronization Select PC as the synchronization method for the system time to let system
2. Time Server is
method synchronize its date and time to the time of the administration PC.
selected by default.
Check the Enable button to activate the NTP Service function.
1. It is an optional item.
NTP Service When you enabled this function, the gateway can provide NTP server service for
2. Un-checked by default
its local connected devices.
Synchronize Click the Active button to synchronize the system time with specified time
N/A
immediately server immediately.
Save N/A Click the Save button to save the settings.
Refresh N/A Click the Refresh button to update the system time immediately.

320
Vehicle LTE Router AN-W02
Synchronize with Cellular Time Service

System Time Information

Item Value Setting Description
Select Cellular Module as the synchronization method for the system time to let
1. A Must-filled item.
Synchronization system synchronize its date and time to the time provided from the connected
2. Time Server is
method mobile ISP.
selected by default.
Note: this option is only available for the product with Cellular WAN interface.
1. A Must-filled item.
Time Zone 2. GMT+00 :00 is Select a time zone where this device locates.
selected by default.
Check the Enable button to activate the NTP Service function.
1. It is an optional item.
NTP Service When you enabled this function, the gateway can provide NTP server service for
2. Un-checked by default
its local connected devices.
Synchronize Click the Active button to synchronize the system time with specified time
N/A
immediately server immediately.
Save N/A Click the Save button to save the settings.
Refresh N/A Click the Refresh button to update the system time immediately.

321
Vehicle LTE Router AN-W02
Synchronize with GPS Time Service

System Time Information

Item Value Setting Description
Select GPS Signal as the synchronization method for the system time to let
1. A Must-filled item.
Synchronization system synchronize its date and time to the time provided from the GNSS
2. Time Server is
method service.
selected by default.
Note: this option is only available for the product with GNSS interface.
1. A Must-filled item.
Time Zone 2. GMT+00 :00 is Select a time zone where this device locates.
selected by default.
Check the Enable button to activate the NTP Service function.
1. It is an optional item.
NTP Service When you enabled this function, the gateway can provide NTP server service for
2. Un-checked by default
its local connected devices.
Synchronize Click the Active button to synchronize the system time with specified time
N/A
immediately server immediately.
Save N/A Click the Save button to save the settings.
Refresh N/A Click the Refresh button to update the system time immediately.

322
Vehicle LTE Router AN-W02

6.2.4 System Log

System Log screen contains various event log tools facilitating network administrator to perform local event
logging and remote reporting.

Go to Administration > System Operation > System Log tab.

View & Email Log History

View button is provided for network administrator to view log history on the gateway. Email Now button
enables administrator to send instant Email for analysis.

View & Email Log History

Item Value setting Description
View button N/A Click the View button to view Log History in Web Log List Window.
Email Now
N/A Click the Email Now button to send Log History via Email instantly.
button

323
Vehicle LTE Router AN-W02

Web Log List Window

Item Value Setting Description
Time column N/A It displays event time stamps
Log column N/A It displays Log messages

Web Log List Button Description

Item Value setting Description
Previous N/A Click the Previous button to move to the previous page.
Next N/A Click the Next button to move to the next page.
First N/A Click the First button to jump to the first page.
Last N/A Click the Last button to jump to the last page.
Download N/A Click the Download button to download log to your PC in tar file format.
Clear N/A Click the Clear button to clear all log.
Back N/A Click the Back button to return to the previous page.

Web Log Type Category

Web Log Type Category screen allows network administrator to select the type of events to log and be
displayed in the Web Log List Window as described in the previous section. Click on the View button to view
Log History in the Web Log List window.

324
Vehicle LTE Router AN-W02
Web Log Type Category Setting Window
Item Value Setting Description
System Checked by default Check to log system events and to display in the Web Log List window.
Attacks Checked by default Check to log attack events and to display in the Web Log List window.
Drop Checked by default Check to log packet drop events and to display in the Web Log List window.
Login message Checked by default Check to log system login events and to display in the Web Log List window.
Debug Un-checked by default Check to log debug events and to display in the Web Log List window.

Email Alert

Email Alert screen allows network administrator to select the type of event to log and be sent to the destined
Email account.

Email Alert Setting Window

Item Value Setting Description
Check Enable box to enable sending event log messages to destined Email
Enable Un-checked by default
account defined in the E-mail Addresses blank space.
Select one email server from the Server dropdown box to send Email. If none
has been available, click the Add Object button to create an outgoing Email
Server N/A server.
You may also add an outgoing Email server from Object Definition > External
Server > External Server tab.
Enter the recipient’s Email address. Separate Email addresses with comma ‘,’ or
String : email format
E-mail address semicolon ‘ ;’
Enter the Email address in the format of ‘[email protected]’
Subject String : any text Enter an Email subject that is easy for you to identify on the Email client.
Select the type of events to log and be sent to the designated Email account.
Log type category Default unchecked
Available events are System, Attacks, Drop, Login message, and Debug.

325
Vehicle LTE Router AN-W02
Syslogd
Syslogd screen allows network administrator to select the type of event to log and be sent to the designated
Syslog server.

Syslogd Setting Window

Item Value Setting Description
Enable Un-checked by default Check Enable box to activate the Syslogd function, and send event logs to a syslog server
Select one syslog server from the Server dropdown box to sent event log to.
If none has been available, click the Add Object button to create a system log server.
Server N/A
You may also add an system log server from the Object Definition > External Server >
External Server tab.
Log type Select the type of event to log and be sent to the destined syslog server. Available
Un-checked by default
category events are System, Attacks, Drop, Login message, and Debug.

Log to Storage
Log to Storage screen allows network administrator to select the type of events to log and be stored at an
internal or an external storage.

Log to Storage Setting Window

Item Value Setting Description
Enable Un-checked by default Check to enable sending log to storage.
Internal is selected by
Select Device Select internal or external storage.
default
Log file name Un-checked by default Enter log file name to save logs in designated storage.
Split file Enable Un-checked by default Check enable box to split file whenever log file reaching the specified limit.
Enter the file size limit for each split log file.
Split file Size 200 KB is set by default
Value Range: 10 ~1000.
Interval Enable Un-checked by default Check enable box to enable the log interval setting.
Enter the log interval setting.
Log Interval 1440 is set by default
Value Range: 1 ~10080 Minute.
Log type category Un-checked by default Check which type of logs to send: System, Attacks, Drop, Login message, Debug

326
Vehicle LTE Router AN-W02
Log to Storage Button Description
Item Value setting Description
Download log N/A Click the Download log file button to download log files to a log.tar file.
file

327
Vehicle LTE Router AN-W02

6.2.5 Backup & Restore

In the Backup & Restore window, you can upgrade the device firmware when new firmware is available and
also backup / restore the device configuration.
In addition to the factory default settings, you can also customize a special configuration setting as a
customized default value. With this customized default value, you can reset the device to the expected default
setting if needed.

Go to Administration > System Operation > Backup & Restore tab.

FW Backup & Restore

Item Value Setting Description
If new firmware is available, click the FW Upgrade button to upgrade the device
firmware via Web UI, or Via Storage.
Via Web UI is selected by After clicking on the “FW Upgrade” command button, you need to specify the
FW Upgrade
default file name of new firmware by using “Browse” button, and then click “Upgrade”
button to start the FW upgrading process on this device. If you want to upgrade
a firmware which is from GPL policy, please check “Accept unofficial firmware”
You can backup or restore the device configuration settings by clicking the Via
Backup Web UI button.
Download is selected by
Configuration Download: for backup the device configuration to a config.bin file.
Settings default
Upload: for restore a designated configuration file to the device.
Via Web UI: to retrieve the configuration file via Web GUI.
Chick the Enable button to activate the customized default setting function.
Auto Restore The Enable box is Once the function is activated, you can save the expected setting as a
Configuration unchecked by default customized default setting by clicking the Save Conf. button, or clicking the
Clean Conf. button to erase the stored customized configuration.

328
Vehicle LTE Router AN-W02

6.2.6 Reboot & Reset

For some special reason or situation, you may need to reboot the gateway or reset the device configuration to
its default value. In addition to perform these operations through the Power ON/OFF, or pressing the reset
button on the device panel, you can do it through the web GUI too.

Go to Administration > System Operation > Reboot & Reset tab.

In the Reboot & Reset window, you can reboot this device by clicking the “Reboot” button, and reset this
device to default settings by clicking the “Reset” button.

System Operation Window

Item Value Setting Description
Chick the Reboot button to reboot the gateway immediately or on a pre-defined
time schedule.
Now is selected by Now: Reboot immediately
Reboot
default Time Schedule: Select a pre-defined auto-reboot time schedule rule to reboot
the auto device on a designated tim. To define a time schedule rule, go to
Object Definition > Scheduling > Configuration tab.
Reset to Default N/A Click the Reset button to reset the device configuration to its default value.

329
Vehicle LTE Router AN-W02

6.3 FTP
The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a
client and server on a computer network. FTP is built on a client-server model architecture and uses separate
control and data connections between the client and the server. FTP users may authenticate themselves with
a clear-text sign-in protocol, normally in the form of a username and password, but can connect anonymously
if the server is configured to allow it.
For secure transmission that protects the username and password, and encrypts the content, FTP is
often secured with SSL/TLS (FTPS). Besides, SSH File Transfer Protocol (SFTP) is sometimes also used instead,
but is technologically different.
This gateway embedded FTP / SFTP server for administrator to download the log files to his computer or
database. In the following two sections, you can configure the FTP server and create the user accounts that
can login to the server. After login to the FTP server, you can browse the log directory and have the
permission to download the stored log files and delete the files you have downloaded to make more storage
space for further data logs.
The available log files can be system logs (refer to Administration > System Operation > System Log), Network
Packets (refer to Administrator > Diagnostic > Packet Analyzer), Data Log (refer to Field Communication > Data
Logging > Log File Management), and GNSS Log (refer to Service > Location Tracking > GNSS). With proper
configuration for the various log functions that supported on your purchased product, you can download the
log via FTP / SFTP connections.

330
Vehicle LTE Router AN-W02

6.3.1 Server Configuration

This section allows user to setup the embedded FTP and SFTP server for retrieving the interested fog files.

Go to Administration > FTP > Server Configuration tab.

Enable FTP Server

Configuration
Item Value setting Description
Check Enable box to activate the embedded FTP Server function.
With the FTP Server enabled, you can retrieve or delete the stored log files via
The box is unchecked by
FTP FTP connection.
default.
Note: The embedded FTP Server is only for log downloading, so no any write
permission is implemented for user file upload to the storage.
Specify a port number for FTP connection. The gateway will listen for incoming
FTP Port Port 21 is set by default FTP connections on the specified port.
Value Range: 1 ~ 65535.
300 seconds is set by Specify the maximum timeout interval for the FTP connection. Supported range
Timeout
default. is 60 to 7200 seconds.
Max. Specify the maximum number of clients from the same IP address for the FTP
2 Clients are set by
Connections per connection. Up to 5 clients from the same IP address is supported.
default.
IP
5 Clients are set by Specify the maximum number of clients for the FTP connection. Up to 32 clients
Max. FTP Clients
default. is supported.
331
Vehicle LTE Router AN-W02
Check the Enable box to activate the support of PASV mode for a FTP
PASV Mode Optional setting
connection from FTP clients.
Port Range of Port 50000 ~ 50031 is set Specify the port range to allocate for PASV style data connection.
PASV Mode by default. Value Range: 1024 ~ 65535.
Auto Report Check the Enable box to activate the support of overriding the IP address
External IP in Optional setting advertising in response to the PASV command.
PASV Mode
ASCII Transfer Check the Enable box to activate the support of ASCII mode data transfers.
Optional setting
Mode Binary mode is supported by default.
FTPS (FTP over Check the Enable box to activate the support of secure connections via SSL/TLS.
Optional setting
SSL/TLS)

Enable SFTP Server

Configuration
Item Value setting Description
SFTP Check Enable box to activate the embedded SFTP Server function.
Furthermore, you can check the granted interface(s) for the SFTP connection,
The box is unchecked by
via LAN, WAN, or both.
default.
With the SFTP Server enabled, you can retrieve or delete the stored log files via
secure SFTP connection.
SFTP Port Default 22 Specify a port number for SFTP connection. The gateway will listen for incoming
SFTP connections on the specified port.
Value Range: 1 ~ 65535.

332
Vehicle LTE Router AN-W02

6.3.2 User Account

This section allows user to setup user accounts for logging to the embedded FTP and SFTP server to retrieve
the interested fog files.

Go to Administration > FTP > User Account tab.

Create/Edit FTP User Accounts

When Add button is applied, User Account Configuration screen will appear.

Configuration
Item Value setting Description
User Name String : non-blank string Enter the user account for login to the FTP server.
Value Range: 1 ~ 15 characters.
Password String : no blank Enter the user password for login to the FTP server.
Directory N/A Select a root directory after user login.
Permission Read/Write is selected by Select the Read/write permission.
default. Note: The embedded FTP Server is only for log downloading, so no any write
permission is implemented for user file upload to the storage, even Read/Write
option is selected.
Enable The box is checked by Check the box to activate the FTP user account.
default.

333
Vehicle LTE Router AN-W02

6.4 Diagnostic
This gateway supports simple network diagnosis tools for the administrator to troubleshoot and find the root
cause of the abnormal behavior or traffics passing through the gateway. There can be a Packet Analyzer to
help record the packets for a designated interface or specific source/destination host, and another Ping and
Tracert tools for testing the network connectivity issues.

6.4.1 Diagnostic Tools

The Diagnostic Tools provide some frequently used network connectivity diagnostic tools (approaches) for the
network administrator to check the device connectivity.
Go to Administration > Diagnostic > Diagnostic Tools tab.

Diagnostic Tools
Item Value setting Description
This allows you to specify an IP / FQDN, the Outer interface (auto, WAN, LAN,
or VLAN), and LAN source (default, LAN, or VLAN) as well, so system will try
Ping Test Optional Setting
to ping the specified device to test whether it is alive after clicking on the
Ping button. A test result window will appear beneath it.
Trace route (tracert) command is a network diagnostic tool for displaying the
route (path) and measuring transit delays of packets across an IP network.
Trace route proceeds until all (three) sent packets are lost for more than
twice, then the connection is lost and the route cannot be evaluated.
Tracert Test Optional setting
First, you need to specify an IP / FQDN, the test interface (LAN, WAN, or
Auto) and the protocol (UDP or ICMP), and by default, it is UDP.
Then, system will try to trace the specified host to test whether it is alive
after clicking on Tracert button. A test result window will appear beneath it.
Wake on LAN (WOL) is an Ethernet networking standard that allows a
computer to be turned on or awakened by a network message. You can
Wake on LAN Optional setting
specify the MAC address of the computer, in your LAN network, to be
remotely turned on by clicking on the Wake up command button.
Save N/A Click the Save button to save the configuration.

334
Vehicle LTE Router AN-W02

6.4.2 Packet Analyzer

The Packet Analyzer can capture packets depend on user settings. User can specify interfaces to capture
packets and filter by setting rule. Ensure the log storage is available (either embedded SD-Card or external USB
Storage), otherwise Packet Analyzer cannot be enabled.

Go to Administration > Diagnostic > Packet Analyzer tab.

Configuration
Item Value setting Description
Check Enable box to activate the Packet Analyzer function.
The box is unchecked by If you cannot enable the checkbox, please check if the storage is available
Packet Analyzer
default. or not. Plug in the USB storage and then enable the Package Analyzer
function.
1. An optional setting Enter the file name to save the captured packets in log storage.
2. Blank is set by default, and If Split Files option is also enabled, the file name will be appended with
File Name
the default file name is an index code “_<index>”.
<Interface>_<Date>_<index>. The extension file name is .pcap.
Check enable box to split file whenever log file reaching the specified
1. An optional setting limit.
2. The default value of File If the Split Files option is enabled, you can further specify the File Size
Split Files
Size is 200 KB. and Unit for the split files.
Value Range: 10 ~ 99999.
NOTE: File Size cannot be less than 10 KB
Define the interface(s) that Packet Analyzer should work on.
At least, one interface is required, but multiple selections are also
accepted.
The supported interfaces can be:
 WAN: When the WAN is enabled at Physical Interface, it can be
Packet Interfaces An optional setting
selected here.
 ASY: This means the serial communication interface. It is used to
capture packets appearing in the Field Communication.
Therefore, it can only be selected when specific field
communication protocol, like Modbus, is enabled.
335
Vehicle LTE Router AN-W02
Select Binary mode or String mode for the serial interface.
 VAP: This means the virtual AP. When WiFi and VAP are enabled,
it can be selected here.
Save N/A Click the Save button to save the configuration.
Click the Undo button to restore what you just configured back to the
Undo N/A
previous setting.

Once you enabled the Packet Analyzer function on specific Interface(s), you can further specify some filter
rules to capture the packets which matched the rules.

Capture Fitters
Item Value setting Description
Filter Optional setting Check Enable box to activate the Capture Filter function.
Source MACs Optional setting Define the filter rule with Source MACs, which means the source MAC address of
packets.
Packets which match the rule will be captured.
Up to 10 MACs are supported, but they must be separated with “;”,
e.g. AA:BB:CC:DD:EE:FF; 11:22:33:44:55:66
The packets will be captured when match any one MAC in the rule.
336
Vehicle LTE Router AN-W02
Source IPs Optional setting Define the filter rule with Source IPs, which means the source IP address of
packets.
Packets which match the rule will be captured.
Up to 10 IPs are supported, but they must be separated with “;”,
e.g. 192.168.1.1; 192.168.1.2
The packets will be captured when match any one IP in the rule.
Source Ports Optional setting Define the filter rule with Source Ports, which means the source port of packets.
The packets will be captured when match any port in the rule.
Up to 10 ports are supported, but they must be separated with “;”,
e.g. 80; 53
Value Range: 1 ~ 65535.
Destination MACs Optional setting Define the filter rule with Destination MACs, which means the destination MAC
address of packets.
Packets which match the rule will be captured.
Up to 10 MACs are supported, but they must be separated with “;”,
e.g. AA:BB:CC:DD:EE:FF; 11:22:33:44:55:66
The packets will be captured when match any one MAC in the rule.
Destination IPs Optional setting Define the filter rule with Destination IPs, which means the destination IP address
of packets.
Packets which match the rule will be captured.
Up to 10 IPs are supported, but they must be separated with “;”,
e.g. 192.168.1.1; 192.168.1.2
The packets will be captured when match any one IP in the rule.
Destination Ports Optional setting Define the filter rule with Destination Ports, which means the destination port of
packets.
The packets will be captured when match any port in the rule.
Up to 10 ports are supported, but they must be separated with “;”,
e.g. 80; 53
Value Range: 1 ~ 65535.

337
Vehicle LTE Router AN-W02

Chapter 7 Service

7.1 Cellular Toolkit

Besides cellular data connection, you may
also like to monitor data usage of cellular
WAN, sending text message through SMS,
changing PIN code of SIM card,
communicating with carrier/ISP by USSD
command, or doing a cellular network scan
for diagnostic purpose.

In Cellular Toolkit section, it includes several

useful features that are related to cellular
configuration or application. You can
configure settings of Data Usage, SMS, SIM
PIN, USSD, and Network Scan here. Please
note at least a valid SIM card is required to be
inserted to device before you continue settings in this section.

338
Vehicle LTE Router AN-W02

7.1.1 Data Usage

Most of data plan for cellular connection is with a limited amount of data usage. If data usage has been over
limited quota, either you will get much lower data throughput that may affect your daily operation, or you will
get a ‘bill shock’ in the next month because carrier/ISP charges a lot for the over-quota data usage.

With help from Data Usage feature, device will monitor cellular data usage continuously and take actions. If
data usage reaches limited quota, device can be set to drop the cellular data connection right away. Otherwise,
if secondary SIM card is inserted, device will switch to secondary SIM and establish another cellular data
connection with secondary SIM automatically.

If Data Usage feature is enabled, all history of cellular data usage can be viewed at Status > Statistics &
Reports > Cellular Usage tab.

3G/4G Data Usage

Data Usage feature enabling gateway device to
continuously monitor cellular data usage and take
actions. In the diagram, quota limit of SIM A is 1Gb
per month and bill start date is 20th of every
month. The device is smart to start a new
calculation of data usage on every 20th of month.
Enable Connection Restrict will force gateway
device to drop cellular connection of SIM A when
data usage reaches quota limit (1Gb in this case). If
SIM failover feature is configured in Internet Setup,
then gateway will switch to SIM B and establish a
new cellular data connection automatically.

339
Vehicle LTE Router AN-W02
Data Usage Setting

Go to Service > Cellular Toolkit > Data Usage tab.

Before finished settings for Data Usage, you need to know bill start date, bill period, and quota limit of data
usage according to your data plan. You can ask this information from your carrier or ISP.

Create / Edit 3G/4G Data Usage Profile

When Add button is applied, 3G/4G Data Usage Profile Configuration screen will appear. You can create up to
four data usage profiles, one profile for each SIM card used in the Gateway.

3G/4G Data Usage Profile Configuration

Item Setting Value setting Description
SIM Select 3G/4G-1 and SIM A by Choose a cellular interface (3G/4G-1 or 3G/4G-2), and a SIM card bound to the
default. selected cellular interface to configure its data usage profile.
Carrier Name It is an optional item. Fill in the Carrier Name for the selected SIM card for identification.
Cycle Period Days by default The first box has three types for cycle period. They are Days, Weekly and Monthly.
Days: For per Days cycle periods, you have to further specify the number of days in
the second box.
Value Range: 1 ~ 90 days.
Weekly, Monthly: The cycle period is one week or one month.
Start Date N/A Specify the date to start measure network traffic.
Please don’t select the day before now, otherwise, the traffic statistics will be
incorrect.
340
Vehicle LTE Router AN-W02
Data Limitation N/A Specify the allowable data limitation for the defined cycle period.
Connection Un-Checked by default. Check the Enable box to activate the connection restriction function.
Restrict During the specified cycle period, if the actual data usage exceeds the allowable data
limitation, the cellular connection will be forced to disconnect.
Enable Un-Checked by default. Check the Enable box to activate the data usage profile.

341
Vehicle LTE Router AN-W02

7.1.2 SMS
Short Message Service (SMS) is a text messaging service, which is used to be widely-used on mobile phones. It
uses standardized communications protocols to allow mobile phones or cellular devices to exchange short text
messages in an instant and convenient way.

SMS Setting

Go to Service > Cellular Toolkit > SMS tab

With this gateway device, you can send SMS text messages or browse received SMS messages as you usually
do on a cellular phone.

Setup SMS Configuration

Configuration
Item Value setting Description
Choose a cellular interface (3G/4G-1 or 3G/4G-2) for the following SMS function
Physical The box is 3G/4G-1 by
configuration.
Interface default
Note: 3G/4G-2 is only available for for the product with dual cellular module.
The box is checked by This is the SMS switch. If the box checked that the SMS function enable, if the
SMS
default box unchecked that the SMS function disable.
SIM Status N/A Depend on currently SIM status. The possible value will be SIM_A or SIM_B.
The box is SIM Card Only
SMS Storage This is the SMS storage location. Currently the option only SIM Card Only.
by default
Check the Enable box and specify a number (1-10) for message count to reserve
The box is unchecked by
SMS Space some available storage space and prevent it from run out of storage.
default
The oldest message(s) will be deleted when the SMS storage is going to full.
Save N/A Click the Save button to save the settings

342
Vehicle LTE Router AN-W02
SMS Summary

Show Unread SMS, Received SMS, Sent SMS, Remaining SMS, and edit SMS context to send, read SMS from
SIM card.

SMS Summary
Item Value setting Description
If SIM card insert to router first time, unread SMS value is zero. When received the
Unread SMS N/A
new SMS but didn’t read, this value plus one.
This value record the existing SMS numbers from SIM card, When received the new
Received SMS N/A
SMS, this value plus one.
This value record the number of out going SMS, When sent one SMS, this value
Sent SMS N/A
plus one.
This value is SMS capacity minus received SMS, When received the new SMS, this
Remaining SMS N/A
value minus one.
Click New SMS button, a New SMS screen appears. User can set the SMS setting
New SMS N/A
from this screen. Refer to New SMS in the next page.
Click SMS Inbox button, a SMS Inbox List screen appears. User can read or delete
SMS Inbox N/A SMS, reply SMS or forward SMS from this screen. Refer to SMS Inbox List in the
next page.
Refresh N/A Click the Refresh button to update the SMS summary immediately.

343
Vehicle LTE Router AN-W02
New SMS
You can set the SMS setting from this screen.

New SMS
Item Value setting Description
Write the receivers to send SMS. User need to add the semicolon and compose
Receivers N/A
multiple receivers that can group send SMS.
Write the SMS context to send SMS. The router supports up to a maximum of
Text Message N/A
1023 character for SMS context length.
Send N/A Click the Send button, above text message will be sent as a SMS.
If SMS has been sent successfully, it will show Send OK, otherwise Send Failed
Result N/A
will be displayed.

SMS Inbox List

You can read or delete SMS, reply SMS or forward SMS from this screen.

SMS Inbox List

Item Value setting Description
ID N/A The number of SMS.
From Phone
N/A Sender List (Phone Number) for the received SMS
Number
Timestamp N/A What time the SMS is received
SMS Text
N/A Preview the SMS text. Click the Detail button to read a certain message.
Preview
344
Vehicle LTE Router AN-W02
Click the Detail button to read the SMS detail; Click the Reply / Forward button
The box is unchecked by to reply/forward SMS.
Action
default Besides, you can check the box(es), and then click the Delete button to delete
the checked SMS(s).
Refresh N/A Refresh the SMS Inbox List.
Delete N/A Delete the SMS for all checked box from Action.
Close N/A Close the Detail SMS Message screen.

SMS Sent Folder

You can read or delete SMS from this screen.

SMS Sent Folder

Item Value setting Description
ID N/A The number of SMS.
Receivers N/A Receiver list for the sent SMS.
Timestamp N/A What time the SMS is sent
SMS Text
N/A Preview the SMS text. Click the Detail button to read a certain message.
Preview
Click the Detail button to read the SMS detail
The box is unchecked by
Action Besides, you can check the box(es), and then click the Delete button to delete
default
the checked record(s).
Refresh N/A Refresh the SMS Sent Folder.
Delete N/A Delete the SMS for all checked box from Action.
Close N/A Close the Detail SMS Message screen.

345
Vehicle LTE Router AN-W02

7.1.3 SIM PIN

With most cases in the world, users need to insert a SIM card (a.k.a. UICC) into end devices to get on cellular
network for voice service or data surfing. The SIM card is usually released by mobile operators or service
providers. Each SIM card has a unique number (so-called ICCID) for network owners or service providers to
identify each subscriber. As SIM card plays an important role between service providers and subscribers, some
security mechanisms are required on SIM card to prevent any unauthorized access.

Enabling a PIN code in SIM card is an easy and effective way of protecting cellular devices from unauthorized
access. This gateway device allows you to activate and manage PIN code on a SIM card through its web GUI.

Activate PIN code on SIM Card

This gateway device allows you to activate PIN code on SIM card. This
example shows how to activate PIN code on SIM-A for 3G/4G-1 with
default PIN code “0000”.

Change PIN code on SIM Card

This gateway device allows you to change PIN code on SIM card.
Following the example above, you need to type original PIN code
“0000”, and then type new PIN code with ‘1234’ if you like to set new
PIN code as ‘1234’. To confirm the new PIN code you type is what you
want, you need to type new PIN code ‘1234’ in Verified New PIN Code
again.

Unlock SIM card by PUK Code

If you entered incorrect PIN code at configuration page for 3G/4G-1
WAN over three times, and then it will cause SIM card to be locked by
PUK code. Then you have to call service number to get a PUK code to
unlock SIM card. In the diagram, the PUK code is “12345678” and new
PIN code is “5678”.

346
Vehicle LTE Router AN-W02
SIM PIN Setting

Go to Service > Cellular Toolkit > SIM PIN Tab

With the SIM PIN Function window, it allows you to enable or disable SIM lock (which means protected by PIN
code), or change PIN code. You can also see the information of remaining times of failure trials as we
mentioned earlier. If you run out of these failure trials, you need to get a PUK code to unlock SIM card.

Select a SIM Card

Configuration Window
Item Value setting Description
Physical The box is 3G/4G-1 by Choose a cellular interface (3G/4G-1 or 3G/4G-2) to change the SIM PIN setting
Interface default for the selected SIM Card.
The number of physical modems depends on the gateway model you
purchased.
SIM Status N/A Indication for the selected SIM card and the SIM card status.
The status could be Ready, Not Insert, or SIM PIN.
Ready -- SIM card is inserted and ready to use. It can be a SIM card without PIN
protection or that SIM card is already unlocked by correct PIN code.
Not Insert -- No SIM card is inserted in that SIM slot.
SIM PIN -- SIM card is protected by PIN code, and it’s not unlocked by a
correct PIN code yet. That SIM card is still at locked status.
SIM Selection N/A Select the SIM card for further SIM PIN configuration.
Press the Switch button, then the Gateway will switch SIM card to another one.
After that, you can configure the SIM card.

347
Vehicle LTE Router AN-W02
Enable / Change PIN Code

Enable or Disable PIN code (password) function, and even change PIN code function.

SIM function Window

Item Setting Value setting Description
SIM lock Depend on SIM card Click the Enable button to activate the SIM lock function.
For the first time you want to enable the SIM lock function, you have to
fill in the PIN code as well, and then click Save button to apply the setting.
Remaining times Depend on SIM card Represent the remaining trial times for the SIM PIN unlocking.
Save N/A Click the Save button to apply the setting.
Change PIN Code N/A Click the Change PIN code button to change the PIN code (password).
If the SIM Lock function is not enabled, the Change PIN code button is
disabled. In the case, if you still want to change the PIN code, you have to
enable the SIM Lock function first, fill in the PIN code, and then click the Save
button to enable. After that, You can click the Change PIN code button to
change the PIN code.

When Change PIN Code button is clicked, the following screen will appear.

Item Value Setting Description

Current PIN A Must filled setting Fill in the current (old) PIN code of the SIM card.
Code
New PIN Code A Must filled setting Fill in the new PIN Code you want to change.
Verified New A Must filled setting Confirm the new PIN Code again.
PIN Code
Apply N/A Click the Apply button to change the PIN code with specified new PIN code.
Cancel N/A Click the Cancel button to cancel the changes and keep current PIN code.

Note: If you changed the PIN code for a certain SIM card, you must also change the corresponding PIN code
348
Vehicle LTE Router AN-W02
specified in the Basic Network > WAN & Uplink > Internet Setup > Connection with SIM Card page.
Otherwise, it may result in wrong SIM PIN trials with invalid (old) PIN code.

Unlock with a PUK Code

The PUK Function window is only available for configuration if that SIM card is locked by PUK code. It means
that SIM card is locked and needs additional PUK code to unlock. Usually it happens after too many trials of
incorrect PIN code, and the remaining times in SIM Function table turns to 0. In this situation, you need to
contact your service provider and request a PUK code for your SIM card, and try to unlock the locked SIM card
with the provided PUK code. After unlocking a SIM card by PUK code successfully, the SIM lock function will be
activated automatically.

PUK Function Window

Item Value setting Description
PUK status PUK Unlock Indication for the PUK status.
/ PUK Lock The status could be PUK Lock or PUK Unlock. As mentioned earlier, the SIM card
will be locked by PUK code after too many trials of failure PIN code. In this case,
the PUK Status will turns to PUK Lock. In a normal situation, it will display PUK
Unlock.
Remaining times Depend on SIM card Represent the remaining trial times for the PUK unlocking.
Note : DO NOT make the remaining times down to zero, it will damage the SIM
card FOREVER ! Call for your ISP’s help to get a correct PUK and unlock the SIM if
you don’t have the PUK code.
PUK Code A Must filled setting Fill in the PUK code (8 digits) that can unlock the SIM card in PUK unlock status.
New PIN Code A Must filled setting Fill in the New PIN Code (4~8 digits) for the SIM card.
You have to determine your new PIN code to replace the old, forgotten one.
Keep the PIN code (password) in mind with care.
Save N/A Click the Save button to apply the setting.

Note: If you changed the PUK code and PIN code for a certain SIM card, you must also change the
corresponding PIN code specified in the Basic Network > WAN & Uplink > Internet Setup > Connection with
SIM Card page. Otherwise, it may result in wrong SIM PIN trials with invalid (old) PIN code.

349
Vehicle LTE Router AN-W02

7.1.4 USSD
Unstructured Supplementary Service Data (USSD) is a protocol used by GSM cellular telephones to
communicate with the service provider's computers. USSD can be used for WAP browsing, prepaid callback
service, mobile-money services, location-based content services, menu-based information services, and as
part of configuring the phone on the network.

An USSD message is up to 182 alphanumeric characters in length. Unlike Short Message Service (SMS)
messages, USSD messages create a real-time connection during an USSD session. The connection remains
open, allowing a two-way exchange of a sequence of data. This makes USSD more responsive than services
that use SMS.

USSD Scenario
USSD allows you to have an instant bi-directional
communication with carrier/ISP. In the diagram, the USSD
command ‘*135#’ is referred to data roaming services.
After sending that USSD command to carrier, you can get
a response at window USSD Response. Please note the
USSD command varies for different carriers/ISP.

350
Vehicle LTE Router AN-W02
USSD Setting

Go to Service > Cellular Toolkit > USSD tab.

In "USSD" page, there are four windows for the USSD function. The "Configuration" window can let you specify
which 3G/4G module (physical interface) is used for the USSD function, and system will show which SIM card in
the module is the current used one. The second window is the "USSD Profile List" and it shows all your defined
USSD profiles that store pre-commands for activating an USSD session. An "Add" button in the window can let
you add one new USSD profile and define the command for the profile in the third window, the "USSD Profile
Configuration". When you want to start the activation of an USSD connection session to the USSD server,
select the USSD profile or type in the correct pre-command, and then click on the "Send" button for the
session. The responses from the USSD server will be displayed beneath the "USSD Command" line. When
commands typed in the "USSD Command" field are sent, received responses will be displayed in the "USSD
Response" blank space. User can communicate with the USSD server by sending USSD commands and getting
USSD responses via the gateway.

USSD Configuration

Configuration
Item Value setting Description
The box is 3G/4G-1 by Choose a cellular interface (3G/4G-1 or 3G/4G-2) to configure the USSD setting
Physical Interface
default. for the connected cellular service (identified with SIM_A or SIM_B).
SIM Status N/A Show the connected cellular service (identified with SIM_A or SIM_B).

Create / Edit USSD Profile

The cellular gateway allows you to custom your USSD profile. It supports up to a maximum of 35 USSD profiles.

When Add button is applied, USSD Profile Configuration screen will appear.
351
Vehicle LTE Router AN-W02

USSD Profile Configuration

Item Value setting Description
Profile Name N/A Enter a name for the USSD profile.
Enter the USSD command defined for the profile.
Normally, it is a command string composed with numeric keypad “0~9”, “*”,
USSD Command N/A
and “#”. The USSD commands are highly related to the cellular service, please
check with your service provider for the details.
Comments N/A Enter a brief comment for the profile.

Send USSD Request

When send the USSD command, the USSD Response screen will appear.
When click the Clear button, the USSD Response will disappear.

USSD Request
Item Value setting Description
USSD Profile N/A Select a USSD profile name from the dropdown list.
USSD Command N/A The USSD Command string of the selected profile will be shown here.
Click the Send button to send the USSD command, and the USSD Response
USSD Response N/A screen will appear. You will see the response message of the corresponding
service, receive the service SMS.

352
Vehicle LTE Router AN-W02

7.1.5 Network Scan

"Network Scan" function can let administrator specify the device how to connect to the mobile system for
data communication in each 3G/4G interface. For example, administrator can specify which generation of
mobile system is used for connection, 2G, 3G or LTE. Moreover, he can define their connection sequence for
the gateway device to connect to the mobile system automatically. Administrator also can scan the mobile
systems in the air manually, select the target operator system and apply it. The manual scanning approach is
used for problem diagnosis.

Network Scan Setting

Go to Service > Cellular Toolkit > Network Scan tab.

In "Network Scan" page, there are two windows for the Network Scan function. The "Configuration" window
can let you select which 3G/4G module (physical interface) is used to perform Network Scan, and system will
show the current used SIM card in the module. You can configure each 3G/4G WAN interface by executing the
network scanning one after another. You can also specify the connection sequence of the targeted generation
of mobile system, 2G/3G/LTE.

Network Scan Configuration

Configuration
Item Value setting Description
Physical The box is 3G/4G-1 by
Choose a cellular interface (3G/4G-1 or 3G/4G-2) for the network scan function.
Interface default
SIM Status N/A Show the connected cellular service (identified with SIM_A or SIM_B).
Specify the network type for the network scan function.
It can be Auto, 2G Only, 2G prefer, 3G Only, 3G prefer, or 4G Only.
Auto is selected by
Network Type When Auto is selected, the network will be register automatically;
default.
If the prefer option is selected, network will be register for your option first;
If the only option is selected, network will be register for your option only.
When Auto selected, cellular module register automatically.
Auto is selected by If the Manually option is selected, a Network Provider List screen appears.
Scan Approach
default. Press Scan button to scan for the nearest base stations. Select (check the box)
the preferred base stations then click Apply button to apply settings.
353
Vehicle LTE Router AN-W02
Save N/A Click Save to save the settings

The second window is the "Network Provider List" window and it appears when the Manually Scan Approach
is selected in the Configuration window. By clicking on the "Scan" button and wait for 1 to 3 minutes, the found
mobile operator system will be displayed for you to choose. Click again on the "Apply" button to drive system
to connect to that mobile operator system for the dedicated 3G/4G interface.

354
Vehicle LTE Router AN-W02

7.2 SMS & Event

SMS & Event handling is the application that allows administrator to setup the pre-defined events, handlers, or
response behavior with individual profiles. With properly configuring the event handling function,
administrator can easily and remotely obtain the status and information via the purchased gateway. Moreover,
he can also handle and manage some important system related functions, even the field bus devices and D/O
devices which are already well connected to.

The supported events are categorized into two groups: the managing events and notifying events.

The managing events are the events that are used to manage the gateway or change the setting / status of the
specific functionality of the gateway. On receiving the managing event, the gateway will take action to change
the functionality, collect the required status for administration, and also change the status of a certain
connected field bus device simultaneously.

The notifying events are the events that some related objects have been triggered and take corresponding
actions on the occurrence of the events. It could be an event generated from the connected sensor, or a
certain connected field bus device for alerting the administrator something happened with SMS message,
Email, and SNMP Trap, etc...

For ease of configuration, administrator can create and edit the common pre-defined managing / notifying
event profiles for taking instant reaction on a certain event or managing the devices for some advanced useful
purposes. For example, sending/receiving remote managing SMS for the gateway’s routine maintaining, the
355
Vehicle LTE Router AN-W02
field bus device status monitoring, digital sensors detection controlling, and so on. All of such management
and notification function can be realized effectively via the Event Handling feature.

The following is the summary lists for the provided profiles, and events:

(Note: The available profiles and events could be different for the purchased product.)

 Profiles (Rules):
• SMS Configuration and Accounts
• Email Accounts
• Digital Input (DI) profiles
• Digital Output (DO) profiles
• Remote Host profiles

 Managing Events:
• Trigger Type: SMS, SNMP Trap, and Digital Input (DI).
• Actions: Get the Network Status; or Configure the LAN/VLAN behavior, WIFI behavior, NAT
behavior, Firewall behavior, VPN behavior, System Management, Administration, Digital Output
behavior, and Remote Host.

 Notifying Events:
• Trigger Type: Digital Input, Power Change, Connection Change (WAN, LAN & VLAN, WiFi, DDNS),
Administration, Modbus, and Data Usage.
• Actions: Notify the administrator with SMS, Syslog, SNMP Trap or Email Alert; Change the status
of connected Digital Output; Sending collected information to Remote Host.

To use the event handling function, First of all, you have to enable the event management setting and
configure the event details with the provided profile settings. You can create or edit pre-defined profiles for
individual managing / notifying events. The profile settings are separated into several items; they are the SMS
Account Definition, Email Service Definition, Digital Input (DI) Profile Configuration, Digital Output (DO) Profile
Configuration, and Remote Host Configuration.

Then, you have to configure each managing / notifying event with identifying the event’s trigger condition, and
the corresponding actions (reaction for the event) for the event. For each event, more than one action can be
activated simultaneously.

356
Vehicle LTE Router AN-W02

7.2.1 Configuration

Go to Service > SMS & Event > Configuration Tab.

Event handling is the service that allows administrator to setup the pre-defined events, handlers, or response
behavior with individual profiles.

Enable Event Management

Configuration
Item Value setting Description
Event The box is unchecked by Check the Enable box to activate the Event Management function.
Management default

Enable SMS Management

To use the SMS management function, you have to configure some important settings first.

SMS Configuration
Item Value setting Description
Message Prefix The box is unchecked Click the Enable box to enable the SMS prefix for validating the received SMS.
by default Once the function is enabled, you have to enter the prefix behind the checkbox.
The received managing events SMS must have the designated prefix as an initial
identifier, then corresponding handlers will become effective for further
processing.

357
Vehicle LTE Router AN-W02
Physical Interface Choose a cellular interface (3G/4G-1 or 3G/4G-2) to configure the SMS
The box is 3G/4G-1 by
management setting.
default.
Note: 3G/4G-2 is only available for for the product with dual cellular module.
SIM Status
N/A Show the connected cellular service (identified with SIM_A or SIM_B).
Delete Managed The box is unchecked Check the Enable box to delete the received managing event SMS after it has
SMS after by default been processed.
Processing

Create / Edit SMS Account

Setup the SMS Account for managing the gateway through the SMS. It supports up to a maximum of 5
accounts.

You can click the Add / Edit button to configure the SMS account.

SMS Account Configuration

Item Value setting Description
Phone 1. Mobile phone number Select the Phone number policy from the drop list, and specify a mobile phone
Number format number as the SMS account identifier if required.
2. A Must filled setting It can be Specific Number, or Allow Any. If Specific Number is selected, you
have to specify the phone number as the SMS account identifier.
Value Range: -1 ~ 32 digits.
Phone 1. Any text Specify a brief description for the SMS account.
Description 2. An Optional setting
Application A Must filled setting Specify the application type. It could be Event Trigger, Notify Handle, or both.
If the Phone Number policy is Allow Any, the Noftify Handle will be unavailable.
Send 1. An Optional setting Click Enable box to active the SMS response function.
confirmed 2. The box is unchecked by The gateway will send a confirmed message back to the sender whenever it

358
Vehicle LTE Router AN-W02
SMS default. received a SMS managing event. The confirmed message is similar to following
format: “Device received a SMS with command xxxxx.”
Enable The box is unchecked by Click Enable box to activate this account.
default.
Save NA Click the Save button to save the configuration.

Create / Edit Email Service Account

Setup the Email Service Account for event notification. It supports up to a maximum of 5 accounts.

You can click the Add / Edit button to configure the Email account.

Email Service Configuration

Item Value setting Description
Email Server --- Option --- Select an Email Server profile from External Server setting for the email account
setting.
Email 1. Internet E-mail address Specify the Destination Email Addresses.
Addresses format
2. A Must filled setting
Enable The box is unchecked by Click Enable box to activate this account.
default.
Save NA Click the Save button to save the configuration

359
Vehicle LTE Router AN-W02
Create / Edit Digital Input (DI) Profile Rule (DI/DO support required)
Setup the Digital Input (DI) Profile rules. It supports up to a maximum of 10 profiles.

When Add button is applied, the Digital Input (DI) Profile Configuration screen will appear.

Digital Input (DI) Profile Configuration

Item Value setting Description
DI Profile 1. String format Specify the DI Profile Name.
Name 2. A Must filled setting Value Range: -1 ~ 32 characters.
Description 1. Any text Specify a brief description for the profile.
2. An Optional setting
DI Source ID1 by default Specify the DI Source. It could be ID1 or ID2.
The number of available DI source could be different for the purchased product.
Contiune The box is unchecked by Click Enable box to activate this function for the DI event with designated
Update Status default. update interval setting.
If the event condition keeps active for a long time interval, the gateway will
send repeated notify events for each check interval.

Value Range: 2 ~ 86400 seconds.

Note : To prevent receving too much notify event for the same situation, you
can adjust the check interval to a proper one for your application.
Normal Level Low by default Specify the Normal Level. It could be Low or High.
Signal Active 1. Numberic String format Specify the Signal Active Time. It could be from 1 to 10 seconds.
Time 2. A Must filled setting The Signal Active Time setting will be ignored when ‘Continue Update Status’
function is enabled
360
Vehicle LTE Router AN-W02

Value Range: 1 ~ 10 seconds.

Profile The box is unchecked by Click Enable box to activate this profile setting.
default.
Save NA Click the Save button to save the configuration.

Create / Edit Digital Output (DO) Profile Rule (DI/DO support required)
Setup the Digital Output (DO) Profile rules. It supports up to a maximum of 10 profiles.

When Add button is applied, the Digital Output (DO) Profile Configuration screen will appear.

Digital Output (DO) Profile Configuration

Item Value setting Description
DO Profile 1. String format Specify the DO Profile Name.
Name 2. A Must filled setting Value Range: -1 ~ 32 characters.
Description 1. Any text Specify a brief description for the profile.
2. An Optional setting
DO Source ID1 by default Specify the DO Source. It could be ID1.
Normal Level Low by default Specify the Normal Level. It could be Low or High.
Total Signal 1. Numberic String format Specify the Total Signal Period.
Period 2. A Must filled setting Value Range: 10 ~ 10000 ms.
Repeat & The box is unchecked by Check the Enable box to activate the repeated Digital Output, and specify the
Counter default. Repeat times.
Value Range: 0 ~ 65535.

361
Vehicle LTE Router AN-W02
Duty Cycle 1. Numberic String format Specify the Duty Cycle for the Digital Output.
2. A Must filled setting Value Range: 1 ~100 %.
Profile The box is unchecked by Click Enable box to activate this profile setting.
default.
Save N/A Click the Save button to save the configuration.

Create / Edit Remote Host Profile

Setup the Remote Host Profile. It supports up to a maximum of 10 profiles.

You can click the Add / Edit button to configure the profile.

Remote Host Configuration

Item Value setting Description
Host Name 1. String format Specify the Remote Host profile name.
2. A Must filled setting Value Range: -1 ~ 64 characters.
Host IP 1. A Must filled setting Specify the IP address for the Remote Host. IPv4 Format.
2.IP Address format.
Protocol Type 1. A Must filled setting Specify the protocol to access the Remote Host. It could be TCP or UDP.
2. TCP is selected by default
Port Number 1. A Must filled setting Specify the Port number for accessing the Remote Host.
Value Range: 1 ~ 65535.
Prefix 1. String format Specify the Prefix Message string as pre-defined identification for accessing the
Message 2. An Optional filled setting remote host, if required.
Value Range: -1 ~ 64 characters.
Suffix 1. String format Specify the Suffix Message string as pre-defined identification for accessing the
362
Vehicle LTE Router AN-W02
Message 2. An Optional filled setting remote host, if required.
Value Range: -1 ~ 64 characters.
Enable The box is unchecked by Click Enable box to activate this profile setting.
default.
Save NA Click the Save button to save the configuration
Undo NA Click the Undo button to restore what you just configured back to the previous
setting.

363
Vehicle LTE Router AN-W02

7.2.2 Managing Events

Managing Events allow administrator to define the relationship (rule) among event trigger, handlers and
response.
Go to Service > SMS & Event > Managing Events Tab.

Enable Managing Events

Configuration
Item Value setting Description
Managing The box is unchecked by Check the Enable box to activate the Managing Events function.
Events default

Create / Edit Managing Event Rules

Setup the Managing Event rules. It supports up to a maximum of 128 rules.

When Add or Edit button is applied, the Managing Event Configuration screen will appear.

364
Vehicle LTE Router AN-W02

Managing Event Configuration

Item Value setting Description
Event None by default Specify the Event type (SMS, SNMP Trap, or Digital Input) and an event
identifier / profile. Up to 3 event conditions can be specified for defining an
event, and the event will be triggered when all the conditions hold
simutaneously (AND relation).

The supported Event types could be:

SMS: Select SMS and fill the message in the textbox to as the trigger condition
for the event;
SNMP: Select SNMP Trap and fill the message in the textbox to specify SNMP
Trap Event;
Digital Input: Select Digital Input and a DI profile you defined to specify a
certain Digital Input Event;

Note: The available Event Type could be different for the purchased product.
Trigger Type Period is selected by default Specify the type of event trigger, either Period or Once.
Period: Select Period and specify a time interval, the event will be repeatedly
triggered on every time interval when the specified event condition holds.
Once: Select Once and the event will be just triggered just one time when the
specified event condition holds.
Interval 0 is set by default Specify the repeatedly event trigger time interval.

Value Range: 0 ~86400 seconds.

Description String format : any text. Enter a brief description for the Managing Event.
Action All box is unchecked by Specify Network Status, or at least one rest action to take when the expected
default. event is triggered.
365
Vehicle LTE Router AN-W02
Network Status: Select Network Status Checkbox to get the network status as
the action for the event;
LAN&VLAN: Select LAN&VLAN Checkbox and the interested sub-items (Port link
On/Off), the gateway will change the settings as the action for the event;
WiFi: Select WiFi Checkbox and the interested sub-items (WiFi radio On/Off),
the gateway will change the settings as the action for the event;
NAT: Select NAT Checkbox and the interested sub-items (Virtual Server Rule
On/Off, DMZ On/Off), the gateway will change the settings as the action for the
event;
Firewall: Select Firewall Checkbox and the interested sub-items (Remote
Administrator Host ID On/Off), the gateway will change the settings as the
action for the event;
VPN: Select VPN Checkbox and the interested sub-items (IPSec Tunnel ON/Off,
PPTP Client On/Off, L2TP Client On/Off, OpenVPN Client On/Off), the gateway
will change the settings as the action for the event;
GRE: Select GRE Checkbox and the interested sub-items (GRE Tunnel On/Off),
the gateway will change the settings as the action for the event;
System Manage: Select System Manage Checkbox and the interested sub-items
(WAN SSH Service On/Off, TR-069 On/Off), the gateway will change the settings
as the action for the event;
Administration: Select Administration Checkbox and the interested sub-items
(Backup Config, Restore Config, Reboot, Save Current Setting as Default), the
gateway will change the settings as the action for the event;
Digital Output: Select Digital Output checkbox and a DO profile you defined as
the action for the event;
Remote Host: Select Remote Host checkbox and a Remote Host profile you
defined as the action for the event;

Note: The available Event Type could be different for the purchased product.
Managing The box is unchecked by Click Enable box to activate this Managing Event setting.
Event default.
Save NA Click the Save button to save the configuration
Undo NA Click the Undo button to restore what you just configured back to the previous
setting.

366
Vehicle LTE Router AN-W02

7.2.3 Notifying Events

Go to Service > SMS & Event > Notifying Events Tab.

Notifying Events Setting allows administrator to define the relationship (rule) between event trigger and
handlers.

Enable Notifying Events

Configuration
Item Value setting Description
Notifying Events The box is unchecked by Check the Enable box to activate the Notifying Events function.
default

Create / Edit Notifying Event Rules

Setup your Notifying Event rules. It supports up to a maximum of 128 rules.

When Add or Edit button is applied, the Notifying Event Configuration screen will appear.

367
Vehicle LTE Router AN-W02

Notifying Event Configuration

Item Value setting Description
Event None by default Specify the Event type and corresponding event configuration. Up to 3 event
conditions can be specified for defining an event, and the event will be
triggered when all the conditions hold simutaneously (AND relation).

The supported Event Type could be:

Digital Input: Select Digital Input and a DI profile you defined to specify a
certain Digital Input Event;
Power Change: Select Power Change and a trigger condition to specify the
event on a certain power source.
WAN: Select WAN and a trigger condition to specify a certain WAN Event;
LAN&VLAN: Select LAN&VLAN and a trigger condition to specify a certain
LAN&VLAN Event;
WiFi: Select WiFi and a trigger condition to specify a certain WiFi Event;
DDNS: Select DDNS and a trigger condition to specify a certain DDNS Event;
Administration: Select Administration and a trigger condition to specify a
certain Administration Event;
Data Usage: Select Data Usage, the SIM Card (Cellular Service) and a trigger
condition to specify a certain Data Usage Event;

Note: The available Event Type could be different for the purchased product.
Description String format : any text. Enter a brief description for the Notifying Event.
Action All box is unchecked by Specify at least one action to take when the expected event is triggered.
default. Digital Output: Select Digital Output checkbox and a DO profile you defined as
the action for the event;
SMS: Select SMS, and the gateway will send out a SMS to all the defined SMS
accounts as the action for the event;
Syslog: Select Syslog and select/unselect the Enable Checkbox to as the action
for the event;
368
Vehicle LTE Router AN-W02
SNMP Trap: Select SNMP Trap, and the gateway will send out SNMP Trap to
the defined SNMP Event Receivers as the action for the event;
Email Alert: Select Email Alert, and the gateway will send out an Email to the
defined Email accounts as the action for the event;
Remote Host: Select Remote Host checkbox and a Remote Host profile you
defined as the action for the event;

Note: The available Event Type could be different for the purchased product.
Time Schedule (0) Always is selected by Select a time scheduling rule for the Notifying Event.
default
Notifying The box is unchecked by Click Enable box to activate this Notifying Event setting.
Events default.
Save NA Click the Save button to save the configuration
Undo NA Click the Undo button to restore what you just configured back to the previous
setting.

369
Vehicle LTE Router AN-W02

7.3 Location Tracking

Location tracking applications are usually referred to applications that take benefits from Global Navigation
Satellite System (GNSS). GNSS is the infrastructure that allows devices to determine its position, velocity, and
time by processing satellites signals from outer space. GNSS includes varieties of satellite systems and
Satellite-Based Augmentation Systems (SBAS). SBAS is usually used for improving positioning accuracy. The
tables below show 4 major GNSS system in the world, and SBAS system in different areas.

Major GNSS System in the world

GNSS System Owner

GPS USA
GLONASS Russia
Galileo European Union
BeiDou (COMPASS) China

Satellite-Based Augmentation System (SBAS)

SBAS Area Coverage

EGNOS Europe
WAAS North America
GAGAN India
MSAS Japan

Position applications are widely-used by varieties of industrial applications, including Location-Based Services
(LBS), Automatic Vehicle Location (AVL), Fleet Management, or assets tracking. However, in most case, GNSS is
a one-way communication. That means GNSS-compatible device can only locate its location by receiving GNSS
signal, but it can’t forward its location data to any other identity through GNSS system. According to this
limitation by GNSS system, devices usually need to equip other technology to transmit their location data to
back-end server for track or further analysis. Furthermore, as the position applications are more applied on
moving objects, a kind of wireless technology would be more suitable to be adopted to transmit location data.
Nowadays, thanks to popularity and wide coverage of cellular technology (GSM, 3G, 4G/LTE), transmitting
location data to remote center in real time is no longer a hurdle. In addition, the data format of location data
is NMEA 0183 compatible, so the back-end server will be easy to interpret the collected location data.

Hereunder are the main features of GNSS function in cellular gateway, if optional GNSS function is supported.

370
Vehicle LTE Router AN-W02

• Retrieve GNSS data from satellites and send to remote operation center periodically or save in local
storage.
• Global positioning with multiple GNSS systems, including GPS, and optional for GLONASS, Galileo, or
BeiDou.
• Mandatory for varieties of LBS (Location-Based Service) applications, such as advertisement, emergent
call.
• Easy integration with AVL (Automatic Vehicle Location) applications, for managing fleet of service
vehicles.
• Other value-added applications, such as asset tracking, electronic toll collection, intelligent transport
system.

7.3.1 GNSS
With GNSS configuration page, you can configure those functions that are mentioned above. Please note the
available GNSS features on different models may be different. Please check product datasheet for details.
The configuration steps include following items.
• Activate GNSS feature in gateway and finish settings of cellular WAN.
• Support NMEA 0183 (compatible to 3.0) protocol, and allow customized prefix and suffix.
• Configurable GPS data logging on local microSD card storage for route record tracking.
• Indicate remote host, time interval, TCP/UDP, and type of GPS data that would be sent.

 GPS Message Type

This item shows all supported types of NMEA 0183 data format. NMEA 0183 data format was defined and
maintained by National Marine Electronics Association (NMEA). Select one or more types that you want to use
for transmitting GPS data. In most case, this configuration depends on which data format that your central
server can recognize. Only select the type you need, otherwise it will consume unnecessary network
bandwidth. The table below shows more information for different types of NMEA 0183 message.

Type Description Example

GGA Fix Information $GPGGA,123519,4807.038,N,01131.000,E,1,08,0.9,545.4,M,46.9,M,,*47
GLL Lat/Lon Data $GPGLL,4916.45,N,12311.12,W,225444,A,*1D
GSA Overall Satellite Data $GPGSA,A,3,04,05,,09,12,,,24,,,,,2.5,1.3,2.1*39
371
Vehicle LTE Router AN-W02
GSV Detailed Satellite Data $GPGSV,2,1,08,01,40,083,46,02,17,308,41,12,07,344,39,14,22,228,45*75
RMC Recommended $GPRMC,123519,A,4807.038,N,01131.000,E,022.4,084.4,230394,003.1,W*6A
Minimum Data
VTG Vector Track and $GPVTG,054.7,T,034.4,M,005.5,N,010.2,K*48
Speed Over the
Ground
Please note this option is hardware dependent. The available options of GPS message type show on this page
is according to product specification. You may not see all options if your product doesn’t support all of them.
 SBAS
SBAS is Satellite-Based Augmentation Systems that is used to improve accuracy of location data. There are
several SBAS systems for different areas in the world.

SBAS Area Coverage

EGNOS Europe
WAAS North America
GAGAN India
MSAS Japan
Please note this option is hardware dependent. You may not see this option if your product doesn’t support it.
 Assisted GPS
Assisted GPS (as known as A-GPS) is used for speeding up location fix, especially when satellite signal is weak.
If activating this option, gateway will download almanac data from A-GPS server through IP network instead of
from satellite. You can also choose different valid period of almanac data. The shorter almanac data will get
higher accuracy. However, the almanac data with shorter valid period needs to be updated more frequently. It
will consume more network bandwidth. Please note this option is hardware dependent. You may not see this
option if your product doesn’t support it.
 Data to Storage
Besides transmitting location data to remote server, you can also store location data into internal storage (e.g.
microSD card) or external storage (e.g. USB drive) if any. Regarding to data format, either can be NMEA 0183
raw data format or save it as GPX file format. The location data will be saved to a new file if the original file
size is bigger than the pre-defined file size. The “Download log file” button allows you to browse all saved log
files and download to your personal devices.

372
Vehicle LTE Router AN-W02
 Scenario of location tracking for fleet management
A fleet owner would like to see the locations of his trucks in real time. He also likes to know where his trucks
have been passed through with time information. In his operation office, there is a server (IP: 100.100.100.1)
which can interpret NMEA RMC data format and shows truck’s location and track on map. This server is
listening on TCP port 888 to receive NMEA RMC packet from trucks. IMEI number will be added before NMEA
RMC data for identification of each truck. Hereunder is the configuration on each truck.

Basic Settings:

Configuration Path [GNSS]-[Configuration]

GNSS Enable
GNSS Type GPS
GPS Message Types RMC
SBAS Enable
Assisted GPS Enable, 1
Data to Storage Disable

Settings for Remote Host:

Configuration Path [GNSS]-[Remote Host Configuration]

Host Name Truck-1
Host IP 100.100.100.1
Protocol Type TCP
Port Number 888
Interval(s) 15
Prefix Message 123456789012345
Suffix Message [blank]
Enable Checkbox [Checked]

373
Vehicle LTE Router AN-W02

GNSS Setting

Go to Service > Location Tracking > GNSS Tab.

The GNSS allows user to set the configuration of GNSS, log NMEA data to storage, and send data to remote
host. Ensure GNSS is enabled and saved

Setup GNSS Configuration

GNSS Configuration
Item Value setting Description
GNSS Enable The box is unchecked Check Enable box to activate GNSS functions.
by default
GNSS Type GPS is selected by Select a GNSS Type (GNSS System) that you want to use.
default Please note this option is hardware dependent. The available options of GNSS
type show on this page is according to product specification. You may not see
all of these four options if your product doesn’t support all of them.
GNSS Message Types These box is Select one or more GNSS Message Types that you want to use for transmitting
unchecked by default. or recording GPS data.
There are many sentences in the NMEA standard for selecting, GGA, GLL, GSA,
GSV, RMC and VTG. ALL Other includes DTM, GNS, GRS, GST, ZDA, and GBS
sentences.
Only select the type you need, otherwise it will consume unnecessary network
bandwidth.
Note: The supported message type is hardware dependent.

374
Vehicle LTE Router AN-W02
SBAS The box is unchecked Check Enable box to activate satellite-based augmentation system (SBAS).
by default Note: Some devices do not support this function.
Assisted GPS The box is checked by Check Enable box to activate Assisted GPS (A-GPS).
default Select the duration for downloading the Differential Almanac Corrections data
from A-GPS server through IP network.
Note: Some devices may not support this function.
Data to Storage The box is unchecked  Enable (The box is unchecked by default)
by default Check Enable box to activate data to storage function.
 Select Device (A Must filled setting)
Select Internal or External device to store log data.
 Interval (A Must filled setting)
Specify the time interval between two continuous data log. By default, 5
second is set.
Value Range: 5 ~ 60 seconds.
 Data Format (A Must filled setting)
Select data format (RAW, or GPX) to store.
 Data file name(A Must filled setting)
Define file name to store.
 Split Enable
Check Enable box to activate file splitting function.
 Split Size& Unit
Define file size and unit for log file. By default, 200 KB is defined.
Value Range: >= 10KB (Minimum file size is 10 KB).
 Download log file
Select a log file and Click Download log file to download through Web
GUI. If the log format which is specified to download is GPX, we will
convert standard GPX format for used.
Save NA Click the Save button to save the configuration

Create / Edit Remote Host

The Remote Host allows you to customize your rules for sending NMEA data to specific IP address and Port.
The router supports up to a maximum of 10 rule sets.

When Add button is applied, Remote Host Configuration screen will appear.

375
Vehicle LTE Router AN-W02

Remote Host Configuration

Item Value setting Description
Host Name String format: any text Enter the host name for the designated remote host.
Value Range: -1 ~ 64 characters.
Host IP A Must filled setting Specify the IP Address of remote host. It will be use as destination IP for
sending NMEA packets.
Protocol Type TCP is selected by Specify the Protocol (TCP or UDP) to use for sending NMEA packets.
default
Port Number A Must filled setting Specify a Port Number as destination port for sending NMEA packets.
Value Range: 1 ~ 65535.
Interval(s) A Must filled setting Specify the time interval (seconds) between two NMEA packets.
Value Range: 1 ~255 seconds.
Prefix Message String format: any text Specify optional prefix string with specific information if your backend server
can recognize.
For example, you can input the IMEI code of this device here, and then your
backend server can recognize this GPS data is sent from this device. You can
also leave this field blank.
Suffix Message String format: any text Specify optional suffix string with specific information if your backend server
can recognize.
Enable The box is unchecked Check Enable box to activate this remote host rule.
by default
Save NA Click the Save button to save the configuration

376
Vehicle LTE Router AN-W02

7.3.2 Track Viewer

Track Viewer allows user to see the track in Google Map from GPX file recorded by GNSS. In addition, when
GNSS is enabled, current position will also be displayed in Track Viewer.

Go to Service > Location Tracking > Track Viewer Tab.

Setup Google Maps API Key

When user uses Track Viewer for the first time, UI will request Google Maps API key from user.

Google Maps API key

Item Value setting Description
Google Maps An Optional setting. The Track Viewer function is implemented with Google Maps JavaScript API, and
API Key it requires authentication for further operation.
If you don’t have Google Maps API key, click the link at [Get a key] to get a key
from Google. Paste API key on the text box, and then click Save.
You can choose to remain it empty and then click X directly. It can let you use
the map temporarily. The key icon on the right top will appear until you input
the API key.
Save N/A Click the Save button to use the API key and reload the page immediately.

If user enters the right key, the key input window and key icon on the right top side will disappear. If user
enters an invalid key, UI will prompt the message and request user to change the value of the API key.

377
Vehicle LTE Router AN-W02
If user remains empty in the field of Google Maps API key and clicks “Save”, user can load and use Google map
normally. However, we can’t guarantee the number of loading times user can reach if you don’t input the API
key.

General Functions

Track Viewer lists following items in the side bar.

General Functions
Item Value setting Description
Show current position and current track on the map. Update interval is 5
Current Track N/A seconds.
If GNSS is disabled, Current Track button will be hidden.
Show from GPX Show the track from the GPX file. It can choose the file from either internal or
N/A
file external storage.
Advanced User can set track color, line width, minimum distance, and API key here.
N/A
setting
Select the Detail function to show a time-speed graph and information of the
Detail N/A
track.

Show Current Track

When Current Track button is clicked, then the following screen will appear.

The bus icon indicates the current position of the device (or the vehicle that equipped with the device).
Current track is drawn from the time page was loaded to current time.
Show from GPX File
378
Vehicle LTE Router AN-W02
When Show from GPX file button is clicked, then the following screen will appear.

Show from GPX file

Item Value setting Description
From 1. A Must filled setting. Specify the storage where the GPX file located. It can be Internal or External, it
2. Internal is selected by depends on the storage setting in GNSS page.
default. Note: External is disabled when no USB flash drive is detected.
GPX file 1. A Must filled setting. Select the expected GPX file from the dropdown list.
Apply N/A Click the Apply button to load the GPX file.
Close N/A Click the Close button and the Show from GPX file screen will disappear.

Configure Advanced Setting

When Advanced setting button is clicked then applied screen will appear.

Advanced Setting
Item Value setting Description
Track color 1. A Must filled setting. Change the color of the track. The default value is #0000FF (Blue).
2. #0000FF is set by Format: #□□□□□□ / #□□□ / color names
default. e.g. #0000FF, #00F, blue
Line width 1. A Must filled setting. Change the line width of the track. Range is from 1 to 32.
2. 5 is set by default.
Minimum 1. A Must filled setting. Set the minimum distance between two continuous points. Range is from 0 to
Distance 2. 10 is set by default. 100. When the number is larger, the redundant points are eliminated and the
number of points on the map becomes less.
API key N/A Click the Change button to modify Google Maps API key.
Apply N/A Click the Apply button to apply the setting.
Close N/A Click the Close button and the Advanced Setting screen will disappear.

379
Vehicle LTE Router AN-W02
Show Detail
When Detail button is clicked, then the following screen will appear.

Detail
Item Value setting Description
File name N/A Show the file name of current used GPX file. Showing the text Current Track if
the map loads current track instead of GPX file.
Start time N/A Show the time of the start position. Time format depends on locale.
End time N/A Show the time of the end position. Time format depends on locale.
Duration N/A Show the time difference between Start time and End time.
Format: ? years ? months ? days ? hours ? minutes ? seconds, hide the unit
when '?'==0
Refresh N/A Only showing the button when the map loads current track.
Click Refresh button to refresh the information of the track and update the
time-speed graph immediately.
Time-speed N/A When mouse is over the curve in time-speed graph, the small text
graph box will show the locale time and speed in that point and the
yellow car icon will locate on the position at that timestamp in the
map.
When user clicks the mouse on the point of curve in time-speed
graph, it will set the center point of the map to that position.

380
Vehicle LTE Router AN-W02

381
Vehicle LTE Router AN-W02

7.4 Power Control

In Power Control section, the device may support Ignition Sense function for In-vehicle gateway products, or
Power Outlet control function for the products supporting external PDU function. With such kind of power
control function, you can easily setup the gateway to properly operate with the external power source
supplying from a vehicle battery, or manage the external device’s ON/OFF with a remote PDU.

7.4.1 Ignition Sense

In most cases, the in-vehicle electronic dvices will be shut down when car engine is off, but in some occasions
you may need devices continue to work. An obvious problem is the power supply to almost all in-vehicle
devices will be terminated when car engine is off to prevent in-vehicle devices draining out battery power. To
have a solution for this situation, the In-Vehicle Cellular Gateway has been equipped with Ignition Sense
function. The main advantages of this feature are:

 Cellular gateway can continue to operate when car engine is shut down.

 Cellular gateway will enter standby mode automatically when a pre-set timer is due. If in standby
mode, gateway would stop consuming battery power to prevent draining power out.
382
Vehicle LTE Router AN-W02
 Cellular gateway would enter standby mode automatically if lower input power voltage is detected.

 Cellular gateway will be back from standby mode to operation mode when car is started.

Delay Off and Low Power Detection

In this example, the surveillance system on buse will

transmit video files back to back-end server when buse is
back to depot. Driver will shut the bus off and leave bus
once bus is parked in depot, but the uplink connection for
surveillance system still needs to be available until all
video files are completely uploaded. Usually, video files
on each bus can be uploaded completely within 15
minutes. To prevent draining out battery power, bus
driver activates low voltage detection function to force
gateway to be shut down if battery voltage is down to
22V. (regular voltage is 24V)

383
Vehicle LTE Router AN-W02

Ignition Sense Setting

Go to Service > Power Control > Ignition Sense Tab.

With Ignition Sense configuration page, you can configure those functions that are mentioned above. Please
note this feature is only available on specific models. Please check product datasheet for details.

*ATTENTION*
The ignition sense feature is disabled by defult. Once this feature is enabled, this gateway won’t power on
until power from ignition pin of terminal block is detected (ACC ON).

Configuration
Item Value setting Description
Ignition Sense The box is unchecked by Click Enable box to activate this Ignition Sense function.
default. By default, the function is disabled, and the gateway will be always ON when
Power Source is attached.
Shutdown 1.Number format : any Enter a shutdown timer (0~240 minutes) to shutdown the power of the
Timer number between 0 and 240. gateway after the engine has been stopped
2. 0 is set by default. ‘0’ means the gateway will never been shutdown even if ignition is removed
(ACC OFF).
Value Range: 0 ~ 240.

Voltage Sense The box is unchecked by Click Enable box to activate this Voltage Sense function.
default. If the function is enabled, when input voltage is under the specified threshold
value, the gateway will be shut down when ACC is OFF, no matter shutdown
timer is due or not.
Shutdown An optional setting. Specify a threshold voltage to shut down the gateway when low battery power
Voltage situation happens.
Threshold
Save N/A Click the Save button to save the configuration
Undo N/A Click the Undo button to restore what you just configured back to the previous
setting.

384
Vehicle LTE Router AN-W02

Chapter 8 Status

8.1 Dashboard

8.1.1 Device Dashboard

The Device Dashboard window shows the current status in graph or tables for quickly understanding the
operation status for the gateway. They are the System Information, System Information History, and Network
Interface Status.
From the menu on the left, select Status > Dashboard > Device Dashboard tab.

System Information Status

The System Information screen shows the device Up-time and the resource utilization for the CPU, Memory,
and Connection Sessions.

385
Vehicle LTE Router AN-W02
System Information History
The System Information History screen shows the statistic graphs for the CPU and memory.

Network Interface Status

The Network Interface Status screen shows the statistic information for each network interface of the
gateway. The statistic information includes the Interface Type, Upload Traffic, Download Traffic, and Current
Upload / Download Traffic.

386
Vehicle LTE Router AN-W02

8.2 Basic Network

8.2.1 WAN & Uplink Status

Go to Status > Basic Network > WAN & Uplink tab.

The WAN & Uplink Status window shows the current status for different network type, including network
configuration, connecting information, modem status and traffic statistics. The display will be refreshed on
every five seconds.

WAN interface IPv4 Network Status

WAN interface IPv4 Network Status screen shows status information for IPv4 network.

WAN interface IPv4 Network Status

Item Value setting Description
ID N/A It displays corresponding WAN interface WAN IDs.
It displays the type of WAN physical interface.
Interface N/A
Depending on the model purchased, it can be Ethernet, 3G/4G, or WiFi Uplink.
It displays the method which public IP address is obtained from your ISP.
WAN Type N/A Depending on the model purchased, it can be Static IP, Dynamic IP, PPPoE,
PPTP, L2TP, 3G/4G.
It displays the network type for the WAN interface(s).
Network Type N/A Depending on the model purchased, it can be NAT, Routing, Bridge, or IP Pass-
through.
It displays the public IP address obtained from your ISP for Internet
IP Addr. N/A
connection. Default value is 0.0.0.0 if left unconfigured.
It displays the Subnet Mask for public IP address obtained from your ISP for
Subnet Mask N/A
Internet connection. Default value is 0.0.0.0 if left unconfigured.
It displays the Gateway IP address obtained from your ISP for Internet
Gateway N/A
connection. Default value is 0.0.0.0 if left unconfigured.
It displays the IP address of DNS server obtained from your ISP for Internet
DNS N/A
connection. Default value is 0.0.0.0 if left unconfigured.
It displays the MAC Address for your ISP to allow you for Internet access. Note:
MAC Address N/A
Not all ISP may require this field.
Conn. Status N/A It displays the connection status of the device to your ISP.

387
Vehicle LTE Router AN-W02
Status are Connected or disconnected.
This area provides functional buttons.

Renew button allows user to force the device to request an IP address from
the DHCP server. Note: Renew button is available when DHCP WAN Type is
used and WAN connection is disconnected.

Release button allows user to force the device to clear its IP address setting to
disconnect from DHCP server. Note: Release button is available when DHCP
WAN Type is used and WAN connection is connected.
Action N/A
Connect button allows user to manually connect the device to the Internet.
Note: Connect button is available when Connection Control in WAN Type
setting is set to Connect Manually (Refer to Edit button in Basic Network >
WAN & Uplink > Internet Setup) and WAN connection status is disconnected.

Disconnect button allows user to manually disconnect the device from the
Internet. Note: Connect button is available when Connection Control in WAN
Type setting is set to Connect Manually (Refer to Edit button in Basic Network
> WAN & Uplink > Internet Setup) and WAN connection status is connected.

WAN interface IPv6 Network Status

WAN interface IPv6 Network Status screen shows status information for IPv6 network.

WAN interface IPv6 Network Status

Item Value setting Description
ID N/A It displays corresponding WAN interface WAN IDs.
It displays the type of WAN physical interface.
Interface N/A
Depending on the model purchased, it can be Ethernet, 3G/4G, etc...
It displays the method which public IP address is obtained from your ISP. WAN
WAN Type N/A
type setting can be changed from Basic Network > IPv6 > Configuration.
Link-local IP Address N/A It displays the LAN IPv6 Link-Local address.
It displays the IPv6 global IP address assigned by your ISP for your Internet
Global IP Address N/A
connection.
It displays the connection status. The status can be connected, disconnected
Conn. Status N/A
and connecting.
Action N/A This area provides functional buttons.

388
Vehicle LTE Router AN-W02
Edit Button when pressed, web-based utility will take you to the IPv6
configuration page. (Basic Network > IPv6 > Configuration.)

LAN Interface Network Status

LAN Interface Network Status screen shows IPv4 and IPv6 information of LAN network.

LAN Interface Network Status

Item Value setting Description
It displays the current IPv4 IP Address of the gateway
IPv4 Address N/A
This is also the IP Address user use to access Router’s Web-based Utility.
IPv4 Subnet Mask N/A It displays the current mask of the subnet.
IPv6 Link-local It displays the current LAN IPv6 Link-Local address.
N/A
Address This is also the IPv6 IP Address user use to access Router’s Web-based Utility.
It displays the current IPv6 global IP address assigned by your ISP for your
IPv6 Global Address N/A
Internet connection.
MAC Address N/A It displays the LAN MAC Address of the gateway
This area provides functional buttons.
Edit IPv4 Button when press, web-based utility will take you to the Ethernet
Action N/A LAN configuration page. (Basic Network > LAN & VLAN > Ethernet LAN tab).
Edit IPv6 Button when press, web-based utility will take you to the IPv6
configuration page. (Basic Network > IPv6 > Configuration.)

3G/4G Modem Status

3G/4G Modem Status List screen shows status information for 3G/4G WAN network(s).

3G/4G Modem Status List

Item Value setting Description
Physical It displays the type of WAN physical interface.
N/A
Interface Note: Some device model may support two 3G/4G modules. Their physical interface
389
Vehicle LTE Router AN-W02
name will be 3G/4G-1 and 3G/4G-2.
Card
N/A It displays the vendor’s 3G/4G modem model name.
Information
It displays the 3G/4G connection status. The status can be Connecting, Connected,
Link Status N/A
Disconnecting, and Disconnected.
Signal
N/A It displays the 3G/4G wireless signal level.
Strength
Network
N/A It displays the name of the service network carrier.
Name
Refresh N/A Click the Refresh button to renew the information.
This area provides functional buttons.
Detail Button when press, windows of detail information will appear. They are the
Action N/A
Modem Information, SIM Status, and Service Information. Refer to next page for
more.

When the Detail button is pressed, 3G/4G modem information windows such as Modem Information, SIM
Status, Service Information, Signal Strength / Quality, and Error Message will appear.

Interface Traffic Statistics

Interface Traffic Statistics screen displays the Interface’s total transmitted packets.

Interface Traffic Statistics

Item Value setting Description
ID N/A It displays corresponding WAN interface WAN IDs.
It displays the type of WAN physical interface.
Interface N/A
Depending on the model purchased, it can be Ethernet, 3G/4G, etc…
Received Packets It displays the downstream packets (Mb). It is reset when the device is
N/A
(Mb) rebooted.
Transmitted Packets
N/A It displays the upstream packets (Mb). It is reset when the device is rebooted.
(Mb)

390
Vehicle LTE Router AN-W02

8.2.2 LAN & VLAN Status

Go to Status > Basic Network > LAN & VLAN tab.

Client List

The Client List shows you the LAN Interface, IP address, Host Name, MAC Address, and Remaining Lease Time
of each device that is connected to this gateway.

LAN Client List

Item Value setting Description
LAN Interface N/A Client record of LAN Interface. String Format.
Client record of IP Address Type and the IP Address. Type is String Format and
IP Address N/A
the IP Address is IPv4 Format.
Host Name N/A Client record of Host Name. String Format.
MAC Address N/A Client record of MAC Address. MAC Address Format.
Remaining Lease
N/A Client record of Remaining Lease Time. Time Format.
Time

391
Vehicle LTE Router AN-W02

8.2.3 WiFi Status

Go to Status > Basic Network > WiFi tab.

The WiFi Status window shows the overall statistics of WiFi VAP entries.

WiFi Virtual AP List

The WiFi Virtual AP List shows all of the virtual AP information on each WiFi module. The Edit button allows
for quick configuration changes.

WiFi Virtual AP List

Item Value setting Description
Op. Band N/A It displays the Wi-Fi Operation Band (2.4G or 5G) of VAP.
ID N/A It displays the ID of VAP.
WiFi Enable N/A It displays whether the VAP wireless signal is enabled or disabled.
The Wi-Fi Operation Mode of VAP. Depends of device model, modes are AP
Op. Mode N/A
Router, WDS Only and WDS Hybrid, Universal Repeater and Client.
SSID N/A It displays the network ID of VAP.
Channel N/A It displays the wireless channel used.
WiFi System N/A The WiFi System of VAP.
Auth. & Security N/A It displays the authentication and encryption type used.
MAC Address N/A It displays MAC Address of VAP.
Click the Edit button to make a quick access to the WiFi configuration page. (Basic
Network > WiFi > Configuration tab)
Action N/A
The QR Code button allow you to generate QR code for quick connect to the VAP
by scanning the QR code.

392
Vehicle LTE Router AN-W02

393
Vehicle LTE Router AN-W02
WiFi Uplink Status
The WiFi Uplink Status shows all information of connected WiFi uplink network on each WiFi module..

WiFi Module One Uplink Status

Item Value setting Description
SSID N/A It displays the network ID of VAP.
BSSID N/A It displays the theBSSID for the connected wireless network.
Channel N/A It displays the wireless channel used.
It displays the authentication and encryption setting for the WiFi uplink
Security N/A
connection.
RSSI0, RSSI1 N/A It displays the Rx sensitivity on each radio path..
Rate N/A It displays the link rate for the WiFi uplink connection.
Click the Edit button to make a quick access to the WiFi uplink configuration page.
Action N/A
(Basic Network > WAN & Uplink > Internet Setup tab)

WiFi IDS Status

The WiFi IDS Status shows all the WIDS statistics on each WiFi module.

WiFi IDS Status

Item Value setting Description
Authentication It displays the receiving Authentication Frame count.
N/A
Frame
Association It displays the receiving Association Request Frame count.
N/A
Request Frame
Re-association It displays the receiving Re-association Request Frame count.
N/A
Request Frame
Probe Request It displays the receiving Probe Request Frame count.
N/A
Frame
Disassociation It displays the receiving Disassociation Frame count.
N/A
Frame
Deauthentication It displays the receiving Deauthentication Frame count.
N/A
Frame
EAP Request Frame N/A It displays the receiving EAP Request Frame count.
Malicious Data It displays the number of receiving unauthorized wireless packets.
N/A
Frame
Action N/A Click the Reset button to clear the entire statistic and reset counter to 0.
394
Vehicle LTE Router AN-W02

Ensure WIDS function is enabled

Go to Basic Network > WiFi > Advanced Configuration tab
Note that the WIDS of 2.4GHz or 5GHz WiFi should be configured separately.

WiFi Traffic Statistic

The WiFi Traffic Statistic shows all the received and transmitted packets on each WiFi module.

WiFi Traffic Statistic

Item Value setting Description
Op. Band N/A It displays the Wi-Fi Operation Band (2.4G or 5G) of VAP.
ID N/A It displays the VAP ID.
Received Packets N/A It displays the number of reveived packets.
Transmitted Packet N/A It displays the number of transmitted packets.
Action N/A Click the Reset button to clear individual VAP statistics.
Refresh Button N/A Click the Refresh button to update the entire VAP Traffic Statistic instantly.

395
Vehicle LTE Router AN-W02

8.2.4 DDNS Status

Go to Status > Basic Network > DDNS tab.

The DDNS Status window shows the current DDNS service in use, the last update status, and the last update
time to the DDNS service server.

DDNS Status

DDNS Status
Item Value Setting Description
Host Name N/A It displays the name you entered to identify DDNS service provider
Provider N/A It displays the DDNS server of DDNS service provider
Effective IP N/A It displays the public IP address of the device updated to the DDNS server
Last Update It displays whether the last update of the device public IP address to the DDNS
N/A
Status server has been successful (Ok) or failed (Fail).
Last Update Time N/A It displays time stamp of the last update of public IP address to the DDNS server.
Refresh N/A The refresh button allows user to force the display to refresh information.

396
Vehicle LTE Router AN-W02

8.3 Security

8.3.1 VPN Status

Go to Status > Security > VPN tab.

The VPN Status widow shows the overall VPN tunnel status.

IPSec Tunnel Status

IPSec Tunnel Status windows show the configuration for establishing IPSec VPN connection and current
connection status.

IPSec Tunnel Status

Item Value setting Description
Tunnel Name N/A It displays the tunnel name you have entered to identify.
Tunnel Scenario N/A It displays the Tunnel Scenario specified.
Local Subnets N/A It displays the Local Subnets specified.
Remote IP/FQDN N/A It displays the Remote IP/FQDN specified.
Remote Subnets N/A It displays the Remote Subnets specified.
Conn. Time N/A It displays the connection time for the IPSec tunnel.
It displays the Status of the VPN connection. The status displays are
Status N/A
Connected, Disconnected, Wait for traffic, and Connecting.
Click on Edit Button to change IPSec setting, web-based utility will take you
Edit Button N/A
to the IPSec configuration page. (Security > VPN > IPSec tab)
397
Vehicle LTE Router AN-W02

OpenVPN Server Status

According to OpenVPN configuration, the OpenVPN Server/Client Status shows the status and statistics for
the OpenVPN connection from the server side or client side.

OpenVPN Server Status

Item Value setting Description
User Name N/A It displays the Client name you have entered for identification.
Remote N/A It displays the public IP address (the WAN IP address) of the connected
IP/FQDN OpenVPN Client
Virtual IP/MAC N/A It displays the virtual IP/MAC address assigned to the connected OpenVPN
client.
Conn. Time N/A It displays the connection time for the corresponding OpenVPN tunnel.
Status N/A It displays the connection status of the corresponding OpenVPN tunnel.
The status can be Connected, or Disconnected.

OpenVPN Client Status

OpenVPN Client Status

Item Value setting Description
OpenVPN Client N/A It displays the Client name you have entered for identification.
Name
Interface N/A It displays the WAN interface specified for the OpenVPN client connection.
Remote N/A It displays the peer OpenVPN Server’s Public IP address (the WAN IP address) or
IP/FQDN FQDN.
Remote Subnet N/A It displays the Remote Subnet specified.
TUN/TAP N/A It displays the TUN/TAP Read Bytes of OpenVPN Client.
Read(bytes)
TUN/TAP N/A It displays the TUN/TAP Write Bytes of OpenVPN Client.
Write(bytes)
TCP/UDP N/A It displays the TCP/UDP Read Bytes of OpenVPN Client.
Read(bytes)
TCP/UDP N/A It displays the TCP/UDP Write Bytes of OpenVPN Client.
Write(bytes) Connection
Conn. Time N/A It displays the connection time for the corresponding OpenVPN tunnel.
Conn. Status N/A It displays the connection status of the corresponding OpenVPN tunnel.
The status can be Connected, or Disconnected.

398
Vehicle LTE Router AN-W02
L2TP Server/Client Status

LT2TP Server/Client Status shows the configuration for establishing LT2TP tunnel and current connection
status.

L2TP Server Status

Item Value setting Description
User Name N/A It displays the login name of the user used for the connection.
It displays the public IP address (the WAN IP address) of the connected L2TP
Remote IP N/A
client.
Remote Virtual IP N/A It displays the IP address assigned to the connected L2TP client.
Remote Call ID N/A It displays the L2TP client Call ID.
Conn. Time N/A It displays the connection time for the L2TP tunnel.
It displays the Status of each of the L2TP client connection. The status
Status N/A
displays Connected, Disconnect, Connecting
Click on Edit Button to change L2TP server setting, web-based utility will
Edit N/A
take you to the L2TP server page. (Security > VPN > L2TP tab)

L2TP Client Status

Item Value setting Description
Client Name N/A It displays Name for the L2TP Client specified.
It displays the WAN interface with which the gateway will use to request
Interface N/A
PPTP tunneling connection to the PPTP server.
Virtual IP N/A It displays the IP address assigned by Virtual IP server of L2TP server.
It displays the L2TP Server’s Public IP address (the WAN IP address) or
Remote IP/FQDN N/A
FQDN.
It displays the specified IP address of the gateway device used to connect to
Default
the internet to connect to the L2TP server –the default gateway. Or other
Gateway/Remote N/A
Subnet specified subnet if the default gateway is not used to connect to the L2TP
server –the remote subnet.
Conn. Time N/A It displays the connection time for the L2TP tunnel.
It displays the Status of the VPN connection. The status displays Connected,
Status N/A
Disconnect, and Connecting.
Click on Edit Button to change L2TP client setting, web-based utility will take
Edit N/A
you to the L2TP client page. (Security > VPN > L2TP tab)

399
Vehicle LTE Router AN-W02
PPTP Server/Client Status

PPTP Server/Client Status shows the configuration for establishing PPTP tunnel and current connection status.

PPTP Server Status

Item Value setting Description
User Name N/A It displays the login name of the user used for the connection.
It displays the public IP address (the WAN IP address) of the connected PPTP
Remote IP N/A
client.
Remote Virtual IP N/A It displays the IP address assigned to the connected PPTP client.
Remote Call ID N/A It displays the PPTP client Call ID.
Conn. Time N/A It displays the connection time for the PPTP tunnel.
It displays the Status of each of the PPTP client connection. The status
Status N/A
displays Connected, Disconnect, and Connecting.
Click on Edit Button to change PPTP server setting, web-based utility will
Edit Button N/A
take you to the PPTP server page. (Security > VPN > PPTP tab)

PPTP Client Status

Item Value setting Description
Client Name N/A It displays Name for the PPTP Client specified.
It displays the WAN interface with which the gateway will use to request
Interface N/A
PPTP tunneling connection to the PPTP server.
Virtual IP N/A It displays the IP address assigned by Virtual IP server of PPTP server.
It displays the PPTP Server’s Public IP address (the WAN IP address) or
Remote IP/FQDN N/A
FQDN.
It displays the specified IP address of the gateway device used to connect to
Default Gateway / the internet to connect to the PPTP server –the default gateway. Or other
N/A
Remote Subnet specified subnet if the default gateway is not used to connect to the PPTP
server –the remote subnet.
Conn. Time N/A It displays the connection time for the PPTP tunnel.
It displays the Status of the VPN connection. The status displays Connected,
Status N/A
Disconnect, and Connecting.
Click on Edit Button to change PPTP client setting, web-based utility will
Edit Button N/A
take you to the PPTP server page. (Security > VPN > PPTP tab)

400
Vehicle LTE Router AN-W02

8.3.2 Firewall Status

Go to Status > Security > Firewall Status Tab.

The Firewall Status provides user a quick view of the firewall status and current firewall settings. It also keeps
the log history of the dropped packets by the firewall rule policies, and includes the administrator remote
login settings specified in the Firewall Options.
By clicking the icon [+], the status table will be expanded to display log history. Clicking the Edit button the
screen will be switched to the configuration page.

Packet Filter Status

Packet Filter Status

Item Value setting Description
Activated Filter
N/A This is the Packet Filter Rule name.
Rule
This is the logged packet information, including the source IP, destination IP,
Detected protocol, and destination port –the TCP or UDP.
N/A
Contents String format:
Source IP to Destination IP : Destination Protocol (TCP or UDP)
IP N/A The Source IP (IPv4) of the logged packet.
The Date and Time stamp of the logged packet. Date & time format. ("Month"
Time N/A
"Day" "Hours":"Minutes":"Seconds")
Note: Ensure Packet Filter Log Alert is enabled.
Refer to Security > Firewall > Packet Filter tab. Check Log Alert and save the setting.

URL Blocking Status

URL Blocking Status

Item Value setting Description
Activated
N/A This is the URL Blocking Rule name.
Blocking Rule
Blocked URL N/A This is the logged packet information.

401
Vehicle LTE Router AN-W02
IP N/A The Source IP (IPv4) of the logged packet.
The Date and Time stamp of the logged packet. Date & time format. ("Month"
Time N/A
"Day" "Hours":"Minutes":"Seconds")
Note: Ensure URL Blocking Log Alert is enabled.
Refer to Security > Firewall > URL Blocking tab. Check Log Alert and save the setting.

Web Content Filter Status

Web Content Filter Status

Item Value setting Description
Activated Filter
N/A Logged packet of the rule name. String format.
Rule
Detected
N/A Logged packet of the filter rule. String format.
Contents
IP N/A Logged packet of the Source IP. IPv4 format.
Logged packet of the Date Time. Date time format ("Month" "Day"
Time N/A
"Hours":"Minutes":"Seconds")
Note: Ensure Web Content Filter Log Alert is enabled.
Refer to Security > Firewall > Web Content Filter tab. Check Log Alert and save the setting.

402
Vehicle LTE Router AN-W02
MAC Control Status

MAC Control Status

Item Value setting Description
Activated
N/A This is the MAC Control Rule name.
Control Rule
Blocked MAC
N/A This is the MAC address of the logged packet.
Addresses
IP N/A The Source IP (IPv4) of the logged packet.
The Date and Time stamp of the logged packet. Date & time format. ("Month"
Time N/A
"Day" "Hours":"Minutes":"Seconds")
Note: Ensure MAC Control Log Alert is enabled.
Refer to Security > Firewall > MAC Control tab. Check Log Alert and save the setting.

Application Filters Status

Application Filters Status

Item Value setting Description
Filtered Application
N/A The name of the Application Category being blocked.
Category
Filtered Application
N/A The name of the Application being blocked.
Name
IP N/A The Source IP (IPv4) of the logged packet.
The Date and Time stamp of the logged packet. Date & time format. ("Month"
Time N/A
"Day" "Hours":"Minutes":"Seconds")
Note: Ensure Application Filter Log Alert is enabled.
Refer to Security > Firewall > Application Filter tab. Check Log Alert and save the setting.

403
Vehicle LTE Router AN-W02
IPS Status

IPS Firewall Status

Item Value setting Description
Detected
N/A This is the intrusion type of the packets being blocked.
Intrusion
IP N/A The Source IP (IPv4) of the logged packet.
The Date and Time stamp of the logged packet. Date & time format. ("Month" "Day"
Time N/A
"Hours":"Minutes":"Seconds")
Note: Ensure IPS Log Alert is enabled.
Refer to Security > Firewall > IPS tab. Check Log Alert and save the setting.

Firewall Options Status

Firewall Options Status

Item Value setting Description
Enable or Disable setting status of Stealth Mode on Firewall Options.
Stealth Mode N/A
String Format: Disable or Enable
Enable or Disable setting status of SPI on Firewall Options.
SPI N/A
String Format : Disable or Enable
Enable or Disable setting status of Discard Ping from WAN on Firewall
Discard Ping from
N/A Options.
WAN
String Format: Disable or Enable
Enable or Disable setting status of Remote Administrator.
If Remote Administrator is enabled, it shows the currently logged in
Remote administrator’s source IP address and login user name and the login time.
Administrator N/A Format:
Management IP : "Source IP", User Name: "Login User Name", Time: "Date time"
Example:
IP: 192.168.127.39, User Name: admin, Time: Mar 3 01:34:13
Note: Ensure Firewall Options Log Alert is enabled.
Refer to Security > Firewall > Options tab. Check Log Alert and save the setting.

404
Vehicle LTE Router AN-W02

8.4 Administration

8.4.1 Configure & Manage Status

Go to Status > Administration > Configure & Manage tab.
The Configure & Manage Status window shows the status for managing remote network devices. The type of
management available in your device is depended on the device model purchased. The commonly used ones
are the SNMP, TR-069, and UPnP.

SNMP Linking Status

SNMP Link Status screen shows the status of current active SNMP connections.

SNMP Link Status

Item Value setting Description
It displays the user name for authentication. This is only available for SNMP
User Name N/A
version 3.
IP Address N/A It displays the IP address of SNMP manager.
It displays the port number used to maintain connection with the SNMP
Port N/A
manager.
Community N/A It displays the community for SNMP version 1 or version 2c only.
Auth. Mode N/A It displays the authentication method for SNMP version 3 only.
Privacy Mode N/A It displays the privacy mode for version 3 only.
SNMP Version N/A It displays the SNMP Version employed.

SNMP Trap Information

SNMP Trap Information screen shows the status of current received SNMP traps.

SNMP Trap Information

Item Value setting Description
Trap Level N/A It displays the trap level.
Time N/A It displays the timestamp of trap event.
Trap Event N/A It displays the IP address of the trap sender and event type.

405
Vehicle LTE Router AN-W02

TR-069 Status

TR-069 Status screen shows the current connection status with the TR-068 server.

TR-069 Status
Item Value setting Description
It displays the current connection status with the TR-068 server. The connection
Link Status N/A status is either On when the device is connected with the TR-068 server or Off
when disconnected.

406
Vehicle LTE Router AN-W02

8.4.2 Log Storage Status

Go to Status > Administration > Log Storage tab.

The Log Storage Status screen shows the status for selected device storage.

Log Storage Status

Log Storage Status screen shows the status of current the selected device storage. The status includes Device
Description, Usage, File System, Speed, and status.

407
Vehicle LTE Router AN-W02

8.4.3 GNSS Status

Go to Status > Administration > GNSS tab.

The GNSS Information screen shows the status for current GNSS positioning information for the gateway.

The available GNSS information includes GNSS Condition, No. of Satellites, Satellites ID / Signal Strength,
Position (Lat., Long.), Altitude (meters), True Course, and the equivalent Ground Speed (km/h).

408
Vehicle LTE Router AN-W02

8.5 Statistics & Report

8.5.1 Connection Session

Go to Status > Statistics & Reports > Connection Session tab.

Internet Surfing Statistic shows the connection tracks on this router.

Internet Surfing Statistic

Item Value setting Description
Previous N/A Click the Previous button; you will see the previous page of track list.
Next N/A Click the Next button; you will see the next page of track list.
First N/A Click the First button; you will see the first page of track list.
Last N/A Click the Last button; you will see the last page of track list.
Export (.xml) N/A Click the Export (.xml) button to export the list to xml file.
Export (.csv) N/A Click the Export (.csv) button to export the list to csv file.
Refresh N/A Click the Refresh button to refresh the list.

409
Vehicle LTE Router AN-W02

8.5.2 Network Traffic

Go to Status > Statistics & Reports > Network Traffic tab.

Network Traffic Statistics screen shows the historical graph for the selected network interface.
You can change the interface drop list and select the interface and sampling time interval you want to monitor.

410
Vehicle LTE Router AN-W02

8.5.3 Device Administration

Go to Status > Statistics & Reports > Device Administration tab.

Device Administration shows the login information.

Device Manager Login Statistic

Item Value setting Description
Previous N/A Click the Previous button; you will see the previous page of login statistics.
Next N/A Click the Next button; you will see the next page of login statistics.
First N/A Click the First button; you will see the first page of login statistics.
Last N/A Click the Last button; you will see the last page of login statistics.
Export (.xml) N/A Click the Export (.xml) button to export the login statistics to xml file.
Export (.csv) N/A Click the Export (.csv) button to export the login statistics to csv file.
Refresh N/A Click the Refresh button to refresh the login statistics.

411
Vehicle LTE Router AN-W02

8.5.4 Cellular Usage

Go to Status > Statistics & Reports > Cellular Usage tab.

Cellular Usage screen shows data usage statistics for the selected cellular interface. The cellular data usage
can be accumulated per hour or per day.

412
Vehicle LTE Router AN-W02

8.5.5 Portal Usage

Go to Status > Statistics & Reports > Portal Usage tab.

Portal Usage shows the information about internal Captive Portal user login statistics.

Captive Portal User Login Statistics

Item Value setting Description
It displays the User Name of user account created in Object Define > User >
User Name N/A
User Profile.
It displays the Status of user account about logging captive portal.
Status N/A Online for the user logged in to the captive portal;
Offline for the user already logged out.
Create Time N/A It displays the Create Time that user account created.
It displays the Remaining Lease Time of the user account. If the remaining time
is zero, the corresponding user account can’t be use for login captive portal
Remaining Lease
N/A anymore.
Time
If the Lease Time of user account is empty, the remaining lease time field is
shown empty. It means that the user account can be used all the time.
Time Used N/A It displays the Time Used since the user login to the captive portal.
It displays the Expiration Time of the user account. Tell user that what time the
user account will be useless.
Expiration Time N/A
If the Lease Time of user account is empty, the expiration time field is also
empty. It means that the user account can be used all the time.
It displays the User Level of the user account. It can be Admin, Staff, Guest, and
User Leve
Passenger.
Previous N/A Click the Previous button; you will see the previous page of login statistics.
Next N/A Click the Next button; you will see the next page of login statistics
First N/A Click the First button; you will see the first page of login statistics
Last N/A Click the Last button; you will see the last page of login statistics
Refresh N/A Click the Refresh button to refresh the login statistics

413
Vehicle LTE Router AN-W02

Appendix A GPL WRITTEN OFFER

This product incorporates open source software components covered by the terms of third party copyright notices
and license agreements contained below.

GPSBabel
Version 1.4.4
Copyright (C) 2002-2005 Robert Lipe<[email protected]>
GPL License: https://www.gpsbabel.org/

Curl
Version 7.19.6
Copyright (c) 1996-2009, Daniel Stenberg, <[email protected]>.
MIT/X derivate License: https://curl.haxx.se/

OpenSSL
Version 1.0.2c
Copyright (C) 1995-1998 Eric Young ([email protected])
GPL License: https://www.openssl.org/

brctl - ethernet bridge administration

Stephen Hemminger <[email protected]>
Lennert Buytenhek <[email protected]>
version 1.1
GNU GENERAL PUBLIC LICENSE Version 2, June 1991

tc - show / manipulate traffic control settings

Stephen Hemminger<[email protected]>
Alexey Kuznetsov<[email protected]>
version iproute2-ss050330
GNU GENERAL PUBLIC LICENSE Version 2, June 1991

dhcp-fwd — starts the DHCP forwarding agent

Enrico Scholz <[email protected]>
version 0.7
GNU GENERAL PUBLIC LICENSE Version 2, June 1991

lftp - Sophisticated file transfer program

Alexander V. Lukyanov <[email protected]>
version:4.5.x
Copyright (c) 1996-2014 by Alexander V. Lukyanov ([email protected])

dnsmasq - A lightweight DHCP and caching DNS server.

Simon Kelley <[email protected]>
version:2.72
dnsmasq is Copyright (c) 2000-2014 Simon Kelley
414
Vehicle LTE Router AN-W02

socat - Multipurpose relay

Version: 2.0.0-b8
GPLv2
http://www.dest-unreach.org/socat/

LibModbus
Version: 3.0.3
LGPL v2
http://libmodbus.org/news/

LibIEC60870
GPLv2
Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-
1307 USA
https://sourceforge.net/projects/mrts/

Openswan
Version: v2.6.38 GNU GENERAL PUBLIC LICENSE Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-
1307 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
https://www.openswan.org/

Opennhrp
Version: v0.14.1
OpenNHRP is an NHRP implementation for Linux. It has most of the RFC2332
and Cisco IOS extensions.
Project homepage: http://sourceforge.net/projects/opennhrp
Git repository: git://opennhrp.git.sourceforge.net/gitroot/opennhrp
LICENSE
OpenNHRP is licensed under the MIT License. See MIT-LICENSE.txt for
additional details.
OpenNHRP embeds libev. libev is dual licensed with 2-clause BSD and
GPLv2+ licenses. See libev/LICENSE for additional details.
OpenNHRP links to c-ares. c-ares is licensed under the MIT License.
https://sourceforge.net/projects/opennhrp/

IPSec-tools
Version: v0.8
No GPL be written
http://ipsec-tools.sourceforge.net/

PPTP
Version: pptp-1.7.1
GNU GENERAL PUBLIC LICENSE Version 2, June 1991
415
Vehicle LTE Router AN-W02
Copyright (C) 1989, 1991 Free Software Foundation, Inc. 675 Mass Ave, Cambridge, MA 02139, USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
http://pptpclient.sourceforge.net/

PPTPServ
Version: 1.3.4
GNU GENERAL PUBLIC LICENSE Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc. 675 Mass Ave, Cambridge, MA 02139, USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed. http://poptop.sourceforge.net/

L2TP
Version: 0.4
Copying All software included in this package is Copyright 2002 Roaring
Penguin Software Inc. You may distribute it under the terms of the
GNU General Public License (the "GPL"), Version 2, or (at your option)
any later version.
http://www.roaringpenguin.com/

L2TPServ
Version: v 1.3.1 GNU GENERAL PUBLIC LICENSEVersion 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.59 Temple Place, Suite 330, Boston, MA 02111-
1307 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
http://www.xelerance.com/software/xl2tpd/

Mpstat: from sysstat, system performance tools for Linux

Version: 10.1.6
Copyright: (C) 1999-2013 by Sebastien Godard (sysstat <at> orange.fr)

SSHD: dropbear, a SSH2 server

Version: 0.53.1
Copyright: (c) 2002-2008 Matt Johnston

Libncurses: The ncurses (new curses) library is a free software emulation of curses in System V Release 4.0
(SVr4), and more.
Version: 5.9
Copyright: (c) 1998,2000,2004,2005,2006,2008,2011,2015 Free Software Foundation, Inc., 51 Franklin Street,
Boston, MA 02110-1301, USA

MiniUPnP: The miniUPnP daemon is an UPnP IGD (internet gateway device) which provide NAT traversal
services to any UPnP enabled client on the network.
Version: 1.7
Copyright: (c) 2006-2011, Thomas BERNARD

416
Vehicle LTE Router AN-W02
CoovaChilli is an open-source software access controller for captive portal (UAM) and 802.1X access
provisioning.
Version: 1.3.0
Copyright: (C) 2007-2012 David Bird (Coova Technologies) <[email protected]>

Krb5: Kerberos is a network authentication protocol. It is designed to provide strong authentication for
client/server applications by using secret-key cryptography.
Version: 1.11.3
Copyright: (C) 1985-2013 by the Massachusetts Institute of Technology and its contributors

OpenLDAP: a suite of the Lightweight Directory Access Protocol (v3) servers, clients, utilities, and
development tools.
Version: 2.4
Copyright: 1998-2014 The OpenLDAP Foundation

Samba3311: the free SMB and CIFS client and server for UNIX and other operating systems
Version: 3.3.11
Copyright: (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>

NTPClient: an NTP (RFC-1305, RFC-4330) client for unix-alike computers

Version: 2007_365
Copyright: 1997, 1999, 2000, 2003, 2006, 2007 Larry Doolittle

exFAT: FUSE-based exFAT implementation

Version: 0.9.8
Copyright: (C) 2010-2012 Andrew Nayenko

ONTFS_3G: The NTFS-3G driver is an open source, freely available read/write NTFS driver for Linux,
FreeBSD, Mac OS X, NetBSD, Solaris and Haiku.
Version: 2009.4.4
Copyright: (C) 1989, 1991 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-
1301 USA

mysql-5_1_72: a release of MySQL, a dual-license SQL database server

Version: 5.1.72
Copyright: (c) 2000, 2013, Oracle and/or its affiliates
FreeRadius: a high performance and highly configurable RADIUS server
Version: 2.1.12
Copyright: (C) 1999-2011 The FreeRADIUS server project and contributors

Linux IPv6 Router Advertisement Daemon – radvd

Version: V 1.15
Copyright (c) 1996,1997 by Lars Fenneberg<[email protected]>
BSD License: http://www.litech.org/radvd/

WIDE-DHCPv6
Dynamic Host Configuration Protocol for IPv6 (DHCPv6) clients, servers, and relay agents.
417
Vehicle LTE Router AN-W02
Version: 20080615
Copyright (C) 1998-2004 WIDE Project.
BSD License: https://sourceforge.net/projects/wide-dhcpv6/

418