Trademarks

Copyright © PLANET Technology Corp. 2019.

Contents are subject to revision without prior notice.

PLANET is a registered trademark of PLANET Technology Corp. All other trademarks belong to their respective

owners.

Disclaimer
PLANET Technology does not warrant that the hardware will work properly in all environments and applications, and
makes no warranty and representation, either implied or expressed, with respect to the quality, performance,
merchantability, or fitness for a particular purpose. PLANET has made every effort to ensure that this User's Manual is
accurate; PLANET disclaims liability for any inaccuracies or omissions that may have occurred.

Information in this User's Manual is subject to change without notice and does not represent a commitment on the part
of PLANET. PLANET assumes no responsibility for any inaccuracies that may be contained in this User's Manual.
PLANET makes no commitment to update or keep current the information in this User's Manual, and reserves the right
to make improvements to this User's Manual and/or to the products described in this User's Manual, at any time
without notice.

If you find information in this manual that is incorrect, misleading, or incomplete, we would appreciate your comments
and suggestions.

FCC Radiation Exposure Statement

This equipment complies with FCC RF radiation exposure limits set forth for an uncontrolled environment. This
equipment should be installed and operated with a minimum distance of 20 centimeters between the radiator and your
body.
This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter.
The antennas used for this transmitter must be installed to provide a separation distance of at least 20 cm from all
persons and must not be co-located or operating in conjunction with any other antenna or transmitter.

FCC Caution:
To assure continued compliance, for example, use only shielded interface cables when connecting to computer or
peripheral devices. Any changes or modifications not expressly approved by the party responsible for compliance
could void the user’s authority to operate the equipment.
This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions:
(1) This device may not cause harmful interference
(2) This device must accept any interference received, including interference that may cause undesired operation.

CE Compliance Statement

This device meets the RED directive 2014/53/EU of EU requirements on the limitation of exposure of the general
public to electromagnetic fields by way of health protection.
The device complies with RF specifications when the device used at 20 cm from your body.

Safety
This equipment is designed with the utmost care for the safety of those who install and use it. However, special
attention must be paid to the dangers of electric shock and static electricity when working with electrical equipment. All
guidelines of this and of the computer manufacture must therefore be allowed at all times to ensure the safe use of the
equipment.

2
TABLE OF CONTENTS

1. INTRODUCTION .......................................................................................................................... 7

1.1. Packet Contents ....................................................................................................................................... 7

1.2. Product Description ................................................................................................................................. 8

1.3. How to Use This Manual ........................................................................................................................ 13

1.4. Product Features ................................................................................................................................... 14

1.5. Product Specifications ........................................................................................................................... 16

2. INSTALLATION...........................................................................................................................19

2.1. Hardware Description............................................................................................................................ 19

2.1.1. Cellular Gateway Front Panel..................................................................................................................... 19
2.1.2. LED Indications .......................................................................................................................................... 20
2.1.3. Cellular Gateway Upper Panel ................................................................................................................... 21
2.1.4. Wiring the Power Inputs ............................................................................................................................ 21
2.1.5. Wiring the Digital Input/Output and Relay ................................................................................................ 22
2.1.6. Console Line Definition .............................................................................................................................. 22
2.1.7. Dual SIM Cards Installation ........................................................................................................................ 23
2.1.8. Installing MicroSD Card ............................................................................................................................. 24

2.2. Mounting Installation ............................................................................................................................ 25

2.2.1. DIN-rail Mounting ...................................................................................................................................... 25

3. CELLULAR GATEWAY MANAGEMENT ................................................................................27

3.1. Requirements ........................................................................................................................................ 27

3.2. Management Access Overview .............................................................................................................. 28

3.3. Web Management ................................................................................................................................. 29

3.4. SNMP-based Network Management ..................................................................................................... 30

4. WEB CONFIGURATION ............................................................................................................31

4.1. Configuration Connection ...................................................................................................................... 31

4.2. Accessing the Configuration Web Page .................................................................................................. 31

4
4.3.10.6. Backup .................................................................................................................................................. 92
4.3.11. Status ....................................................................................................................................................... 93

5. APPENDIX A RJ45 PIN ASSIGNMENTS ...............................................................................94

5.1. A.1 10/100Mbps, 10/100BASE-TX ......................................................................................................... 94

6
1.2. Product Description
Making Network Connection Easy with 4G LTE Cellular Gateway
PLANET ICG-2510W(G)-LTE series is a reliable, secure and high-bandwidth communications industrial-grade cellular

gateway for demanding mobile applications, M2M (machine-to-machine) and IoT deployments. It features 4G LTE

(Long Term Evolution), 2.4G/5G Wi-Fi, five Ethernet ports (4 LAN and 1 WAN), serial console port, DI and DO

interfaces, and VPN technology bundled in a compact yet rugged metal case. It establishes a fast cellular connection

between Ethernet and serial port equipped devices.

High-performance 4G LTE
The ICG-2510W(G)-LTE series supports LTE 2x1 DL MIMO technology which can reach a download (DL) speed of up

to 150Mbps and an upload (UL) speed of 50Mbps. The Cellular Gateway also supports multi-band connectivity

including LTE FDD/TDD, WCDMA and GSM for a wide range of applications.

Dual SIM Design

To enhance reliability, the ICG-2510W(G)-LTE series is equipped with dual SIM slots that support failover and roaming

over to ensure uninterrupted connectivity for mission-critical cellular communications. Besides, the ICG-2510W(G)

series supports load balance function to improve network efficiency. It provides a more flexible and easier way for

users to create an instant network sharing service via 4G LTE whenever in public places like transportation, outdoor

event, etc.

8
Remote Manageable Solution for Ethernet to RS232/RS485 Application
PLANET ICG-2510W(G)-LTE series’ serial RS232/RS485 communication interface can be converted over the Fast

Ethernet networking. It can operate as a virtual server or client where IP-based serial equipment can be managed. The

ICG-2510W(G)-LTE series helps save the network administrator’s valuable time in detecting and locating network

problems, rather than visual inspection of cabling and equipment.

10
Superior Management Functions
For networking management features, the ICG-2510W(G)-LTE series provides such functions as DHCP server, DMZ

and port forwarding, as well as full secure functions including Network Address Translation (NAT), WAN access policy,

URL/Packet/MAC filtering. The ICG-2510W(G)-LTE series has 4G and WAN connection failover characteristics, which

can automatically switch over to the redundant, stable WAN connection to keep users always online without missing

any fascinating moments.

User-friendly and Secure Management

For efficient management, the ICG-2510W(G)-LTE series is equipped with console, web , SNMP and CMS (Central

Management System) management interfaces. With the built-in web-based management interface, the

ICG-2510W(G)-LTE series offers an easy-to-use, platform-independent management and configuration facility. The

ICG-2510W(G)-LTE series supports SNMP and it can be managed via any management software based on the

standard SNMP v1 or v2 Protocol. Moreover, the ICG-2510W(G)-LTE series offers the remotely secure management

by supporting SSH connection where the packet content can be encrypted at each session. The CMS is able to

manage multiple devices and achieve instant status.

12
1.4. Product Features
 Benefits
■ Dual module SIMs for network load balancing and redundancy
■ Wi-Fi compliant IEEE 802.11b/g/n/ac dual-band for mobile client connectivity
■ 5-port Gigabit Ethernet, built-in redundant VRRP protocol
■ 2 DI, 1 DO and 1 serial console port (RS232 or RS485) for Modbus applications
■ Multiple VPNs with IPSEC, OpenVPN, RRTP, L2TP, GRE and VPN Failover
■ Full security with VLAN, NAT, DMZ, static routing, firewall and IP/MAC/port filtering
■ Supports CMS for remote management
■ -35 to 75 degrees C operating temperature and fanless design
■ GPS antenna allows to detect the location via sat nav system (for ICG-2510WG-LTE only)

 Physical Port
■ Four 10/100/1000BASE-T RJ45 LAN ports, auto-negotiation, auto MDI/MDI-X
■ One 10/100/1000BASE-T RJ45 WAN port, auto-negotiation, auto MDI/MDI-X
■ Two 4G LTE antennas
■ One 2.4G/5G WiFi antenna
■ Two SIM card slots
■ One GPS antenna ( for ICG-2510WG-LTE )
■ One serial console port ( RS232 or RS485)
■ One reset button
■ One MicroSD slot to save files for serial port data

 Cellular Interface
■ Supports multi-band connectivity with FDD LTE/ TDD LTE/ WCDMA/ GSM/ LTE Cat4
■ Supports failover and load band lancing
■ Built-in SIM and broadband backup for network redundancy
■ Two detachable antennas for 4G LTE connection
■ LED indicators for signal strength and connection status

 Wi-Fi Interface
■ Complies with IEEE 802.11b/g/n/ac 2.4/5GHz
■ Supports AP, Client, Repeater and Repeater Bridge modes
■ One detachable dual band antenna for wireless connection
■ 64/128-bit WEP, WPA/WPA2 with TKIP/AES encryption
■ LED indicator for connection status

 Industrial Case and Installation

■ IP30 metal case
■ DIN-rail/desktop design
■ Power requirement: 9~36V DC
■ Supports EFT protection for 1.5KV DC power and 15KV DC Ethernet ESD protection
■ -35 to 75 degrees C operating temperature

 Digital Input and Digital Output

■ 2 digital input (DI)
■ 1 digital output (DO)
■ 1 relay

14
 1.5. Product Specifications

Product ICG-2510W-LTE ICG-2510WG-LTE

Hardware Specifications

4 LAN 10/100/1000BASE-T RJ45 auto-MDI/MDI-X ports

Copper Ports
1 WAN 10/100/1000BASE-T RJ45 auto-MDI/MDI-X port

DB9 to RJ45 serial console port

 TCP/UDP PAD mode
 Modbus (ASCII, DTU, variable)
Serial Interface
 PPP
 Reverse Telnet

SIM Interface 2 SIM card slots with mini SIM card tray

Cellular Antenna 2 5dBi external antennas with SMA connectors for LTE

1 1dBi (2.4~2.5G)/3dBi (5.15~5.85G) external antenna with RP-SMA-J connector

Wi-Fi Antenna
for dual-band Wi-Fi

1 28dB gain external antennas with

GPS Antenna -
SMA connectors - 3m

 2 Digital Input (DI)

 1 Digital Output (DO)
 1 Relay
DI & DO Interfaces Input ON Voltage: DC 5 -30 V
Input OFF Voltage: DC 0-3 V
Output < 50mA@DC 30V
Relay: AC 250V/DC 30V, 1A

1 removable 2-pin terminal block for power input

Connector
2 removable 3-pin terminal block for DI/DO and relay interface

Storage 1 MicroSD (TF) slot for saving serial port data

Switch Architecture Store-and-Forward

IEEE 802.3x pause frame for full duplex

Flow Control
Back pressure for half duplex

Reset Button < 15 sec: Factory default

Surge Protection 1.5KV DC

ESD Protection 15KV DC

Enclosure IP30 metal case

Installation DIN rail, desktop

System:
PWR (Blue)
SYS (Blue)
LED
Wireless Interface :
WiFi Active (Blue)
Ethernet Interfaces (Port1-4 and WAN Port):

16
  GRE

Tunnel Number
 PPTP: 1
 L2TP: 1
 OPENVPN: 1
 IPSec: 12
 GRE: 12

DHCP-4G, DHCP Client, Static IP, PPPoE Client, 3G Link1, 3G Link 2,

WAN Connection Types
DHCP-Backup 4G

Secure Network WAN access, URL filter, Packet filter, MAC filter

Supports demilitarized zone (DMZ)

Supports QoS for bandwidth management
Supports VLAN, 15 VLAN ID
Other Supports Modbus TCP (only functions with console)
Supports Port Forwarding
Supports Dynamic DNS and PLANET DDNS
Supports NTP client

Management

Basic Management
Console, Telnet, HTTP, HTTPS, SNMP v1, v2c, CMS
Interfaces

Secure Management
SSH, Firewall
Interfaces

RFC 1158 MIB, RFC 1213 MIB, RFC 1269 MIB, RFC 1271 MIB, RFC-1285 MIB,
SNMP MIBs
RFC 1316 MIB, RFC 1381 MIB, RFC 1382 MIB, RFC 1414 MIB

Standards Conformance

Regulatory Compliance CE

IEEE 802.3 10BASE-T

IEEE 802.3u 100BASE-TX
IEEE 802.3ab Gigabit 1000BASE-T
IEEE 802.3x flow control and back pressure
Standards Compliance
RFC 768 UDP
RFC 791 IP
RFC 792 ICMP
RFC 2068 HTTP

Environment

Temperature: -35 ~ 75 degrees C

Operating
Relative Humidity: 90%@60 degrees C (non-condensing)

Temperature: -40 ~ 85 degrees C

Storage
Relative Humidity: 90%@60 degrees C (non-condensing)

18
 Reset Button

On the front of the ICG-2510W(G)-LTE series, the reset button is designed to reboot the Industrial Cellular Gateway

without turning off and on the power. The following is the summary table of the reset button functions:

Figure 2-3 Rest Button of ICG-2510W(G)-LTE Series

Reset Button Pressed and Released Function

Reset the Industrial Cellular Gateway to Factory Default
configuration. Industrial Cellular Gateway will then reboot and
load the default settings shown below:
> 15 sec: Factory Default 。 Default username: admin
。 Default password: admin
。 Default IP address: 192.168.1.1
。 Subnet mask: 255.255.255.0

2.1.2. LED Indications

The front panel LEDs indicate instant status of port links, data activity and system power; it helps monitor and

troubleshoot when needed.

 System

LED Color Function

Lights Indicates the system is powered on.
PWR Blue
Off Indicates the system is powered off.
Blinking Indicates the system works properly.
SYS Blue
Off Indicates the system does not work.
Lights Indicates the Wi-Fi is active.
Wi-Fi Blue
Off Indicates the Wi-Fi is not active.
LTE Signal
Blue Lights Indicates the signal is low.
(L)
LTE Signal
Blue Lights Indicates the signal is normal or high.
(H)
Lights Indicates the SIM1 or SIM2 is connecting successfully.
SIM1 & 2 Blue Indicates the SIM1 or SIM2 is connecting unsuccessfully or no
Off
SIM card inserted.

20
2.1.5. Wiring the Digital Input/Output and Relay

The two 3-contact terminal block connectors on the top panel of ICG-2510W(G)-LTE Series is used for Digital Input,

Digital Output and Relay.

Digita
Digital
l Input
Output

Relay

Figure 2-6 Wiring the DI/DO Inputs and Relay

Input ON 5 to 30 VDC
DI
Input OFF 0 to 3 VDC
DO Output < 50mA @ 30VDC
RELAY Load capability 1A 250VAC/30VDC

2.1.6. Console Line Definition

Insert the RJ45 end of the console cable into the RJ45 outlet with sign “console”, and insert the DB9F end of the

console cable into the RS232 serial interface of user’s device.

The signal connection of the console cable is as follows:

Console line definition (RS232)

RJ45 Color Signal DB9F Description Dir (Router)

White/
1 A 8 RS485-A Input/Output
Orange

2 Orange B 6 RS485-B Input/Output

White/
3 RXD 2 Receive Data Output
Green

4 Blue DCD 1 Data Carrier Detect Output

5 White/ GND 5 System Ground

22
2.1.8. Installing MicroSD Card

The ICG-2510W(G)-LTE series provides a MicroSD card slot . Refer to the SIM card installation method for inserting

the MircoSD card.

24
Step 2: Place the bottom of DIN-rail bracket lightly into the track.

Step 3: Check whether the DIN-rail bracket is tightly on the track.

Step 4: Please refer to the following procedures to remove the Industrial Cellular Gateway from the track.

Step 5: Lightly pull out the bottom of DIN-rail bracket to remove it from the track.

26
3.2. Management Access Overview
The Industrial Cellular Gateway gives you the flexibility to access and manage it using any or all of the following

methods:

 Web browser interface

 An external SNMP-based network management application

The Web browser interfaces are embedded in the Industrial Cellular Gateway software and are available for immediate

use. Each of these management methods has their own advantages. Table 3-1 compares the two management

methods.

Method Advantages Disadvantages

• Ideal for configuring the

Cellular Gateway remotely • Security can be compromised

• Compatible with all popular (hackers need to only know the IP

Web
browsers address and subnet mask)
Browser
• Can be accessed from any • May encounter lag times on poor
location connections

• Most visually appealing

• Requires SNMP manager software

• Least visually appealing of all three

• Communicates with Cellular
methods
SNMP Gateway functions at the MIB
• Some settings require calculations
Agent level
• Security can be compromised
• Based on open standards
(hackers need to only know the

community name)

Table 3-1 Comparison of Management Methods

28
3.4. SNMP-based Network Management
You can use an external SNMP-based application to configure and manage the Industrial Cellular Gateway, such as

SNMPc Network Manager, HP Openview Network Node Management (NNM) or What’s Up Gold. This management

method requires the SNMP agent on the cellular gateway and the SNMP Network Management Station to use the

same community string. This management method, in fact, uses two community strings: the get community string

and the set community string. If the SNMP Network Management Station only knows the set community string, it can

read and write to the MIBs. However, if it only knows the get community string, it can only read MIBs. The default get

and set community strings for the Industrial Cellular Gateway are public.

Figure 3-3 SNMP Management

30
The information main page is shown below.

Users need to input user name and password if it is their first time to log in.

Input correct user name and password to visit relevant menu page. Default user name and password are admin.

32
 Object – Static IP Description

WAN IP Address Users set IP address by their own or ISP assigns

Subnet Mask Users set subnet mask by their own or ISP assigns

Gateway Users set gateway by their own or ISP assigns

Static DNS1/DNS2/
Users set static DNS by their own or ISP assigns
DNS3

Automatic Configuration-DHCP

IP address of WAN port gets automatic via DHCP.

DHCP-4G

IP address of WAN port gets automatic via DHCP-4G

34
PPPoE

Object – PPPoE Description

User Name Login the Internet

Password Login the Internet

36
3G Link2

Object – 3G Description

Link2

User Name Login user’s ISP (Internet Service Provider)

Password Login user’s ISP

Dial String Dial number of user’s ISP

APN Access point name of user’s ISP

PIN PIN code of user’s SIM card

dhcp-bkup4G

IP address of WAN port gets automatic via DHCP-4G.

38
Keep Online

This function is used to detect whether the Internet connection is active, if users set it and when the Router detects the

connection is inactive, it will redial to users' ISP immediately to make the connection active. If the network is busy or

the user is in private network, we recommend that Router mode will be better.

Object – Keep Description

Online

Detection
Do not set this function
Method-None

Send ping packet to detect the connection, when choosing this method.
Detection
Users should also configure "Detection Interval", "Primary Detection
Method-Ping
Server IP" and "Backup Detection Server IP" items.

Detect connection with route method, when choosing this method.

Detection
Users should also configure "Detection Interval", "Primary Detection
Method-Route
Server IP" and "Backup Detection Server IP" items.

Detection Detect connection with TCP method, when choosing this method. Users

Method-TCP should also configure "Detection Interval" item.

Detection
Time interval between two detections; unit is second
Interval

Primary
The server is used to response the Router’s detection packet. This item
Detection Server
is only valid for method "Ping" and "Route".
IP

Backup
The server is used to response the Router’s detection packet. This item
Detection Server
is valid for method "Ping" and "Route"
IP

When users choose the “Route” or “Ping” method, it’s quite important to make sure that the

“Primary Detection Server IP” and “Backup Detection Server IP” are usable and stable, because

they have to response the detection packet frequently.

40
LAN Network Setup

Object – Router Description

IP

Local IP Address IP address of the gateway. The default IP address is 192.168.1.1

Subnet Mask The subnet mask of the gateway

Set internal gateway of the cellular gateway. By default, internal

Gateway
gateway is the address of the gateway

DNS server is auto assigned by network operator server. Users enable

Local DNS to use their own DNS server or other stable DNS servers, if not, keep it

default

Network Address Server Settings (DHCP)

These settings for the gateway's Dynamic Host Configuration Protocol (DHCP) server functionality configuration. The

gateway can serve as a network DHCP server. DHCP server automatically assigns an IP address to each computer in

the network. If they choose to enable the gatewayr's DHCP server option, users can set all the computers on the LAN

to automatically obtain an IP address and DNS, and make sure there are no other DHCP servers in the network.

42
 Users' domain name in the field of local search increases the expansion

of the host option to adopt DNSMasq that can assign IP addresses and
DNSMasq
DNS for the subnet. If select DNSMasq, dhcpd service is used for the

subnet IP address and DNS.

Time Settings

Select time zone of your location. To use local time, leave the checkmark in the box next to Use local time.

Object – Time Description

Settings

NTP Client DHCP Server and DHCP Forwarder

Keep the default Enable to enable the gateway's DHCP server option. If

Time Zone users have already a DHCP server on their network or users do not

want a DHCP server, then select Disable.

Enter a numerical value for the DHCP server to start with when issuing
Summer Time
IP addresses. Do not start with 192.168.1.1 (the gateway's own IP
(DST)
address).

IP address of NTP server is up to 32 characters. If blank, the system will

Server IP/Name
find a server by default.

Adjust Time

To adjust time by the system and refresh to get the time of the web, user can set to modify the time of the system. They

can change to adjust time by manual to achieve adjusted time by the system if the system fails to get NTP server.

4.3.1.2. DDNS

If user's network has a permanently assigned IP address, users can register a domain name and have that name

linked with their IP address by public Domain Name Servers (DNS). However, if their Internet account uses a

dynamically assigned IP address, users will not know in advance what their IP address will be, and the address can

change frequently. In this case, users can use a commercial dynamic DNS service, which allows them to register their

domain to their IP address, and will forward traffic directed at their domain to their frequently-changing IP address.

44
4.3.1.4. Advanced Routing

Operating Mode: Gateway, BGP, RIP2 Router, OSPF Router and Router

If the Router is hosting users' Internet connection, select Gateway mode. If another Router exists on their network,

select Router mode.

Dynamic Routing

Dynamic Routing enables the Router to automatically adjust to physical changes in the network's layout and exchange

routing tables with other Routers. The Router determines the network packets’ route based on the fewest number of

hops between the source and destination.

To enable the Dynamic Routing feature for the WAN side, select WAN. To enable this feature for the LAN and wireless

side, select LAN and WLAN. To enable the feature for both the WAN and LAN, select Both. To disable the Dynamic

Routing feature for all data transmissions, keep the default setting, Disable.

Dynamic Routing is not available in Gateway mode.

46
meanwhile LAN port and WAN port disable is to divide into one VLAN port.

4.3.1.6. Networking

Object – Description

Networking

48
Prio means priority level: work if multiple ports are within the same bridge. The smaller the number gets, the higher the

level is.

Click 'Add' to take effect.

The corresponding interfaces of WAN ports should not be bound; this bridge function is basically

used for LAN port, and should not be bound with WAN port

If binding is successful, bridge binding list in the list of current bridging table is shown below:

To make br1 bridge have the same function with DHCP assigned address, users need to set multiple DHCP functions.

See the introduction of multi-channel DHCPD:

Port Setup

Set the port properly; the default is not set

When “Unbridged” is selected, the configuration is shown below.

50
4.3.2. Wireless

4.3.2.1. Basic Settings

Wireless Physical Interface

Object – Description

Wireless Basic

Settings

Wireless
Enable is for radio on and Disable is for radio off
Network

Wireless Mode AP, Client, Repeater, Repeater Bridge

Wireless
Disabled, Mixed, BG-Mixed, B-Only, G-Only, NG-Mixed, N-Only
Network Mode

Wireless

Network Name The default is ICG-2510W-LTE or ICG-2510WG-LTE

(SSID)

A total of 1-13 channels to choose from for more than one wireless
Wireless
device environment. Please try to avoid using the same channel with
Channel
other devices

Channel Width Auto, 20MHz and 40MHz

Wireless SSID SSID can be hidden when disabled is selected. The default is enabled.

52
Object – Description
Wireless

Security-WEP

Authentication
Open or shared key
Type

Default Transmit
Select the key from Key 1 to Key 4.
Key

There are two levels of WEP encryption, 64-bit (40-bit) and 128-bit. To

utilize WEP, select the desired encryption bit, and enter a passphrase or

WEP key in hexadecimal format. If you are using 64-bit (40-bit), then

Encryption each key must consist of exactly 10 hexadecimal characters or 5 ASCII

characters. For 128-bit, each key must consist of exactly 26

hexadecimal characters. Valid hexadecimal characters are "0"-"9" and

"A"-"F"

ASCII, the keys is 5 bit ASCII characters/13bit ASCII characters

ASCII/HEX
HEX, the keys is 10bit/26 bit hex digits

Passphrase The letters and numbers used to generate a key

Key1-Key4 Manually fill out or generated according to input on the pass phrase

54
 Radius Auth
The RADIUS port and the default is 1812
Server Port

Radius Auth
The shared secret from the RADIUS server
Shared Secret

Key Renewal

Interval (in 1-99999

seconds)

4.3.3. Services

4.3.3.1. Services

DHCP Server

DHCPd assigns IP addresses to user local devices. While the main configuration is on the setup page users can

program some nifty special functions here.

Object – DHCPd Description

Additional
Some extra options users can set by entering them
DHCPd Options

If users want to assign to certain hosts a specific address, they can

Static Leases define them here. This is also the way to add hosts with a fixed address

to the gateway's local DNS service (DNSmasq).

DNSMasq

DNSmasq is a local DNS server. It will resolve all host names known to the Router from dhcp (dynamic and static) as

well as forwarding and caching DNS entries from remote DNS servers. Local DNS enables DHCP clients on the LAN to

resolve static and dynamic DHCP host names.

56
 Options.

For example:

Static allocation:

dhcp-host=AB:CD:EF:11:22:33,192.168.0.10,myhost,myhost.domain,12h

Max lease number: dhcp-lease-max=2

DHCP server IP range: dhcp-range=192.168.0.110,192.168.0.111,12h

RO Community SNMP RO community name, the default is public, Only to read

SNMP RW community name, the default is private, Read-write

RW Community
permissions

SSHD

Enabling SSHd allows users to access the Linux OS of their Router with an SSH client.

Object – Secure Description

Shell

SSH TCP
Enable or disable to support the TCP forwarding
Forwarding

Password Login Allows login with the gateway password (username is admin)

Port Port number for SSHd and the default is 22

Here users paste their public keys to enable key-based login (more
Authorized Keys
secure than a simple password)

System Log
Enable Syslogd to capture system messages. By default, they will be collected in the local file /var/log/messages. To

send them to another system, enter the IP address of a remote syslog server.

58
4.3.4. VPN

4.3.4.1. PPTP

PPTP Server

Object – PPTP Server Description

Broadcast Support Enable or disable broadcast support of PPTP server

Force MPPE Encryption Enable of disable force MPPE encryption of PPTP data

DNS1/DNS2/WINS1/WINS-2 Set DNS1/DNS2/WINS1/WINS2

Input IP address of the gateway as PPTP server, different from LAN

Server IP
address

IP address is assigned to the client; the format is

Client IP(s)
xxx.xxx.xxx.xxx-xxx

CHAP-Secrets User name and password of the client using PPTP service

Client IP must be different with IP assigned by gateway DHCP.

The format of CHAP Secrets is user * password *.

60
4.3.4.2. L2TP

L2TP Server

Object – L2TP Description

Server

Force MPPE
Enable or disable force MPPE encryption of L2TP data
Encryption

Input IP address of the gateway as PPTP server, different from LAN

Server IP
address

IP address is assigned to the client; the format is

Client IP(s)
xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx

CHAP Secrets User name and password of the client using L2TP service

62
 Authentication

4.3.4.3. OPENVPN

OPENVPN Server

64
 DHCP-Proxy mode: enable or disable DHCP-Proxy mode

Pool start IP: Pool start IP of the client allowed by OPENVPN server
Bridge (TAP)
Pool end IP: Pool end IP of the client allowed by OPENVPN server
Mode
Gateway: The gateway of the client allowed by OPENVPN server

Netmask: Netmask of the client allowed by OPENVPN server

Port Listen port of OPENVPN server

Tunnel Protocol UCP or TCP of OPENVPN tunnel protocol

Encryption Blowfish CBC, AES-128 CBC, AES-192 CBC, AES-256 CBC, AES-512

Cipher CBC

Hash algorithm provides a method of quick access to data, including

Hash Algorithm
SHA1, SHA256, SHA512, MD4, MD5

MRU Maximum receive unit

NAT Enable or disable network address translation

Require CHAP Enable or disable supporting chap authentication protocol

Refuse PAP Enable or disable refusing to support the pap authentication

Require
Enable or disable supporting authentication protocol
Authentication

Advanced Options

66
Object – Description

OPENVPN Client

TLS (Transport Layer Security) encryption standard supports multiple

TLS Cipher
options

Use LZO
Enable or disable use LZO compression for data transfer
Compression

NAT Enable or disable NAT through function

Bridge TAP to
Enable or disable bridge TAP to br0
br0

IP Address Set IP address of local OPENVPN client

Subnet mask Set IP subnet of local OPENVPN client

68
 Reconnect: This action will remove current tunnel, and re-launch tunnel

establish request

Enable: When the connection is enable, it will launch tunnel establish

request when the system reboot or reconnect, otherwise the connection

will not do it

Add To add a new IPSEC connection

Add IPSEC connection or edit IPSEC connection

Type: To choose IPSEC mode and relevant functions in this part, supports tunnel mode client, tunnel mode server and

transfer mode currently

Connection: This part contains basic address information of the tunnel

Object – IPSEC Description

NAME To indicate this connection name, must be unique

If enabled, the connection will send tunnel connection request when it is

Enabled
reboot or re-connection, otherwise it is no need if disable

Local WAN
Local addresses of the tunnel
Interface

Peer WAN IP/domain name of end opposite; this option can not fill in if using tunnel

address mode server

IPSec local protects subnet and subnet mask, i.e. 192.168.1.0/24; this
Local Subnet
option cannot fill in if transfer mod is used.

IPSec opposite end protects subnet and subnet mask,

Remote Subnet
i.e.192.168.7.0/24; this option cannot fill in if transfer mode is used.

Local ID Tunnel local end identification, IP and domain name are available

Remote ID Tunnel opposite end identification, IP and domain name are available

70
 ESP Keylife Set ESP keylife, current unit is hour, the default is 0

IKE aggressive Negotiation mode adopt aggressive mode if tick; it is main

mode allowed mode if non-tick

Perfect Forward
Tick to enable PFS, non-tick to disable PFS
Security (PFS)

Authentication: Choose use share encryption option or certificate authentication option. Current is only to choose use

share encryption option.

4.3.4.5. GRE

GRE (Generic Routing Encapsulation, Generic Routing Encapsulation) protocol is a network layer protocol (such as IP

and IPX). Data packets are encapsulated, so these encapsulated data packets go to another network layer protocol

(IP). GRE Tunnel technology is Layer Two Tunneling Protocol VPN (Virtual Private Network).

GRE Tunnel: Enable or disable GRE function.

When GRE tunnel is enabled, the configuration page is shown below.

72
4.3.5. Security

4.3.5.1. Firewall

You can enable or disable the firewall, filter specific Internet data types, and prevent anonymous Internet requests,

ultimately enhancing network security.

Firewall enhances network security and use SPI to check the packets in the network. To use firewall protection, choose

enable otherwise disable. Only enable the SPI firewall; you can use other firewall functions: filtering proxy, block WAN

requests, etc.

Object – Security Description

WAN proxy server may reduce the security of the gateway. Filtering

Filter Proxy Proxy will refuse any access to any WAN proxy server. Click the check

box to enable the function otherwise disabled.

Cookies are the website of data the data stored on your computer.

Filter Cookies When you interact with the site, the cookies will be used. Click the

check box to enable the function otherwise disabled.

If Java is refused, you may not be able to open web pages using the
Filter Java
Java programming. Click the check box to enable the function,
Applets
otherwise disabled.

If ActiveX is refused, you may not be able to open web pages using the

Filter ActiveX ActiveX programming. Click the check box to enable the function

otherwise disabled.

74
 automatically dropped.

Log Management

The gateway can keep logs of all incoming or outgoing traffic for your Internet connection.

Object – Log Description

Management

To keep activity logs, select Enable. To stop logging, select Disable.

Log
When selecting enable, the following page will appear.

76
Object – WAN Description

Access

You may define up to 10 access policies. Click Delete to delete a policy

Access Policy
or Summary to see a summary of the policy.

Status Enable or disable a policy.

Policy Name You may assign a name to your policy.

The part is used to edit client list; the strategy is only effective for the PC
PCs
in the list.

Days Choose the day of the week to have your policy applied.

Times Enter the time of the day to have your policy applied.

Website
You can block access to certain websites by entering their URL.
Blocking by URL

78
setting, Deny. If you want the listed PCs to have Internet filtered during the designated days and time, then click the

radio button next to Filter.

8. Set the days when access will be filtered. Select Everyday or the appropriate days of the week.

9. Set the time when access will be filtered. Select 24 Hours, or check the box next to From and use the drop-down

boxes to designate a specific time period.

10. Click the Add to Policy button to save your changes and activate it.

11.To create or edit additional policies, repeat steps 1 to 9.

12. To delete an Internet Access Policy, select the policy number, and click the Delete button.

The default factory value of policy rules is "filtered". If the user chooses the default policy rules for

"refuse", editing strategies to directly save the settings. If the strategy edited is the first, it will be

automatically saved into the second, if not, the first to keep the original number.

Turning off the power of the Router or rebooting the Router can cause a temporary failure。After

the failure of the Router, if NTP timer server cannot be automatically synchronized, you need to

recalibrate to ensure the correct implementation of the relevant period control function.

4.3.6.2. URL Filter

If you want to prevent certain client access to specific network domain name, such as www.yahoo.com.tw., achieve it

through the function of URL filtering.

Object – URL Description

Filter

Discard packets

that conform to Only discard the matching URL address in the list.

the following

80
 Object –Packet Description

Filter

Enable Packet
Enable or disable “packet filter” function
Filter

Two policies are provided. One is Discard packets conform to the

Policy following rules and the other is Accept only the data packets conform to

the following rules.

Add Filter Rule Input: packet from WAN to LAN

Direction Output: packet from LAN to WAN

Protocol Packet protocol type

Source Ports Packet’s source port

Destination
Packet’s destination port
Ports

Source IP Packet’s source IP address

Destination IP Packet’s destination IP address

"Source Port”,” Destination Port" ,"Source IP" ,"Destination IP" could not be all empty.

4.3.7. NAT

82
 Object –Port Description

Range Forward

Application Enter the name of the application in the field provided.

Enter the number of the first port of the range you want to be seen by
Start
users on the Internet and forwarded to your PC.

Enter the number of the last port of the range you want to be seen by
End
users on the Internet and forwarded to your PC.

Chose the right protocol TCP, UDP or Both. Set this to what the
Protocol
application requires.

IP Address Enter the IP Address of the PC running the application.

Enable Click the Enable checkbox to enable port forwarding for the application.

4.3.7.3. DMZ

The DMZ (DeMilitarized Zone) hosting feature allows one local user to be exposed to the Internet for use of a

special-purpose service such as Internet gaming or videoconferencing. DMZ hosting forwards all the ports at the same

time to one PC. The Port Forwarding feature is more secure because it only opens the ports you want to have opened,

while DMZ hosting opens all the ports of one computer, exposing the computer so the Internet can see it.

Any PC whose port is being forwarded must have a new static IP address assigned to it because its IP address may

change when using the DHCP function.

DMZ Host IP Address: To expose one PC to the Internet, select Enable and enter the computer's IP address in the

DMZ Host IP Address field. To disable the DMZ, keep the default setting: Disable

84
4.3.9. Applications

4.3.9.1. Serial Applications

There is a console port on Router. Normally, this port is used to debug the Router. This port can also be used as a

serial port. The Router has embedded a serial to TCP program. The data sent to the serial port is encapsulated by

TCP/IP protocol stack and then is sent to the destination server. This function can work as a DTU (Data Terminal Unit).

86
4.3.10.1. Management

The Management screen allows you to change the Router's settings. On this page you will find most of the

configurable items of the Router code.

The new password must not exceed 32 characters in length and must not include any spaces. Enter the new password

twice to confirm it.

Default username is admin. It is strongly recommended that you change the factory default

password of the Router, which is admin.

Web Access

This feature allows you to manage the Router using either HTTP protocol or the HTTPS protocol. If you choose to

disable this feature, a manual reboot will be required. You can also activate or inactivate the Router information web

page. It's now possible to have a password to protect this page (same username and password as the above).

Object –Web Description

Access

This feature allows you to manage the Router using either HTTP
Protocol
protocol or the HTTPS protocol.

Auto-Refresh (in Adjust the Web GUI automatic refresh interval. 0 disables this feature

seconds) completely.

Enable Info Site Enable or disable the login system information page.

88
Remote Management

Firmware Upgrade

Choose Enable to have a firmware upgrade.

4.3.10.2. Keep Alive

User is able to reboot the device automatically by interval or specific time.

90
 Any settings you have saved will be lost when the default settings are restored. The

default IP address is 192.168.1.1 and the default password is admin.

4.3.10.5. Firmware Upgrade

4.3.10.6. Backup

Object –Backup Description

You may back up your current configuration in case you need to reset
Backup Settings
the Router back to its factory default settings. Click the Backup button to

92
5. APPENDIX A RJ45 Pin Assignments

5.1. A.1 10/100/1000Mbps, 10/100/1000BASE-T

When connecting your 10/100/1000Mbps Cellular Gateway to another device, a bridge or a hub, a straight-through or

crossover cable is necessary. Each port of the Cellular Gateway supports auto-MDI/MDI-X detection. That means you

can directly connect the Cellular Gateway to any Ethernet devices without making a crossover cable. The following

table and diagram show the standard RJ45 receptacle/connector and their pin assignments:

RJ45 Connector pin assignment

Contact MDI MDI-X

Media Dependent Media Dependent

Interface Interface-Cross

1 Tx + (transmit) Rx + (receive)

2 Tx - (transmit) Rx - (receive)

3 Rx + (receive) Tx + (transmit)

4, 5 Not used

6 Rx - (receive) Tx - (transmit)

7, 8 Not used

The standard cable, RJ45 pin assignment

The standard RJ45 receptacle/connector

There are 8 wires on a standard UTP/STP cable and each wire is color-coded. The following shows the pin allocation

and color of straight-through cable and crossover cable connection:

94