Ursalink UR51 Industrial Cellular Router User Guide

UR51 User Guide
1
UR51 User Guide
Preface
Thanks for choosing Ursalink UR51 industrial cellular router. The UR51 industrial cellular
router delivers tenacious connection over network with full-featured design such as
automated failover/failback, extended operating temperature, dual SIM cards, hardware
watchdog, VPN, Gigabit Ethernet and beyond.
This guide describes how to configure and operate the UR51 industrial cellular router. You
can refer to it for detailed functionality and router configuration.
Readers
This guide is mainly intended for the following users:
- Network Planners
- On-site technical support and maintenance personnel
- Network administrators responsible for network configuration and maintenance
© 2017 Xiamen Ursalink Technology Co., Ltd.
All rights reserved.
All information in this user guide is protected by copyright law. Whereby, no organization or
individual shall copy or reproduce the whole or part of this user guide by any means without
written authorization from Xiamen Ursalink Technology Co., Ltd.
Products Covered
This guide explains how to configure the following devices:
• Ursalink UR51 Industrial Cellular Router
Related Documents
Document
Ursalink UR51 Datasheet
Ursalink UR51 Quick Start Guide
Description
Datasheet for the Ursalink UR51 industrial
cellular router.
Quick installation guide for the Ursalink UR51
industrial cellular router.
2
UR51 User Guide
Declaration of Conformity
UR51 is in conformity with the essential requirements and other relevant provisions of the
CE, FCC, and RoHS.
For assistance, please contact
Ursalink technical support:
Email: support@ursalink.com
Tel.: 86-592-5023060
Fax: 86-592-5023065
Revision History
Date
Doc Version
Description
Dec. 22, 2017
V.1.0.0
Initial version
3
UR51 User Guide
Contents
Chapter 1 Product Introduction.......................................................................................................... 7
1.1 Overview................................................................................................................................7
1.2 Advantages............................................................................................................................ 8
1.3 Specifications.......................................................................................................................10
1.4 Dimensions (mm)................................................................................................................ 11
Chapter 2 Installation........................................................................................................................ 12
2.1 General Packing List............................................................................................................ 12
2.2 Product Overview................................................................................................................13
2.3 LED Indicators......................................................................................................................13
2.4 Ethernet Port Indicators...................................................................................................... 14
2.5 PIN Definition...................................................................................................................... 14
2.6 Reset Button........................................................................................................................ 15
2.7 SIM Card Installation........................................................................................................... 15
2.8 Micro SD card Installation................................................................................................... 16
2.9 Cellular Antenna Installation...............................................................................................16
2.10 Mounting the Router.........................................................................................................16
2.11 Connect the Router to a Computer.................................................................................. 17
2.12 Installation of Power Supply and Protective Grounding.................................................. 17
2.12.1 Power Supply Installation...................................................................................... 17
2.12.2 Protective Grounding Installation..........................................................................18
Chapter 3 Access to Web GUI........................................................................................................... 19
3.1 PC Configuration for Web GUI Access to Router................................................................ 19
3.2 Access to Web GUI of Router.............................................................................................. 20
Chapter 4 Web Configuration........................................................................................................... 22
4.1 Status...................................................................................................................................22
4.1.1 Overview.................................................................................................................. 22
4.1.2 Cellular......................................................................................................................23
4.1.3 Network....................................................................................................................24
4.1.4 VPN........................................................................................................................... 25
4.1.5 Routing Information.................................................................................................26
4.1.6 Host List.................................................................................................................... 27
4.2 Network...............................................................................................................................27
4.2.1 Interface................................................................................................................... 27
4.2.1.1 Port................................................................................................................27
4.2.1.2 LAN................................................................................................................ 28
4.2.1.3 VLAN Trunk....................................................................................................28
4.2.1.4 Cellular.......................................................................................................... 29
4.2.1.5 Loopback....................................................................................................... 32
4.2.2 Firewall..................................................................................................................... 33
4.2.2.1 ACL.................................................................................................................33
4.2.2.2 DMZ............................................................................................................... 34
4.2.2.3 Port Mapping................................................................................................ 35
4
UR51 User Guide
4.2.2.4 MAC Binding..................................................................................................36
4.2.3 QoS........................................................................................................................... 36
4.2.3.1 QoS (Download/Upload)...............................................................................36
4.2.4 DHCP.........................................................................................................................37
4.2.4.1 DHCP Server.................................................................................................. 37
4.2.4.2 DHCP Relay....................................................................................................39
4.2.5 DDNS........................................................................................................................ 39
4.2.6 Link Failover..............................................................................................................40
4.2.6.1 SLA.................................................................................................................41
4.2.6.2 Track.............................................................................................................. 41
4.2.6.3 VRRP.............................................................................................................. 43
4.2.7 Routing..................................................................................................................... 45
4.2.7.1 Static Routing................................................................................................ 45
4.2.7.2 RIP................................................................................................................. 45
4.2.7.3 OSPF.............................................................................................................. 49
4.2.7.4 Routing Filtering............................................................................................53
4.2.8 VPN........................................................................................................................... 54
4.2.8.1 DMVPN..........................................................................................................55
4.2.8.2 IPSec.............................................................................................................. 56
4.2.8.3 GRE................................................................................................................ 59
4.2.8.4 L2TP............................................................................................................... 60
4.2.8.5 PPTP...............................................................................................................62
4.2.8.6 OpenVPN Client............................................................................................ 64
4.2.8.7 OpenVPN Server........................................................................................... 65
4.2.8.8 Certifications................................................................................................. 67
4.3 System................................................................................................................................. 69
4.3.1 General Settings....................................................................................................... 69
4.3.1.1 General..........................................................................................................69
4.3.1.3 System Time.................................................................................................. 70
4.3.1.4 SMTP............................................................................................................. 72
4.3.1.5 Phone............................................................................................................ 73
4.3.1.6 Storage.......................................................................................................... 74
4.3.2 User Management................................................................................................... 74
4.3.2.1 Account......................................................................................................... 74
4.3.2.2 User management.........................................................................................75
4.3.3 SNMP........................................................................................................................ 75
4.3.3.1 SNMP.............................................................................................................76
4.3.3.2 MIB View....................................................................................................... 77
4.3.3.3 VACM.............................................................................................................77
4.3.3.4 Trap................................................................................................................78
4.3.3.5 MIB................................................................................................................ 79
4.3.4 AAA................................................................................................................................... 79
4.3.4.1 Radius............................................................................................................79
4.3.4.2 Tacacs+.......................................................................................................... 80
5
UR51 User Guide
4.3.4.3 LDAP.............................................................................................................. 80
4.3.4.4 Authentication.............................................................................................. 81
4.3.5 Device Management................................................................................................ 82
4.3.6 Events....................................................................................................................... 83
4.3.6.1 Events............................................................................................................ 83
4.3.6.2 Events Settings.............................................................................................. 84
4.4 Industrial Interface.............................................................................................................. 85
4.4.1 Serial Port................................................................................................................. 85
4.4.2 Modbus Master........................................................................................................89
4.4.2.1 Modbus Master.............................................................................................89
4.4.2.2 Channel......................................................................................................... 89
4.5 Maintenance....................................................................................................................... 91
4.5.1 Tools..........................................................................................................................91
4.5.1.1 Ping................................................................................................................91
4.5.1.2 Traceroute..................................................................................................... 92
4.5.2 Schedule................................................................................................................... 92
4.5.3 Log............................................................................................................................ 93
4.5.3.1 System Log.................................................................................................... 93
4.5.3.2 Log Settings................................................................................................... 94
4.5.4 Upgrade....................................................................................................................94
4.5.5 Backup and Restore..................................................................................................95
4.5.6 Reboot...................................................................................................................... 96
Chapter 5 Application Examples....................................................................................................... 98
5.1 Account Info Management................................................................................................. 98
5.2 Common User Management...............................................................................................98
5.3 System Time Management................................................................................................. 99
5.4 Backup and Restore Configuration................................................................................... 100
5.5 Restore Factory Defaults................................................................................................... 102
5.5.1 Via Web Interface...................................................................................................102
5.5.2 Via Hardware..........................................................................................................103
5.6 Firmware Upgrade.............................................................................................................104
5.7 Events Application Example.............................................................................................. 106
5.8 Schedule Application Example.......................................................................................... 108
5.9 Logs and Diagnostics......................................................................................................... 109
5.10 SNMP Application Example.............................................................................................110
5.11 Cellular Connection.........................................................................................................113
5.12 Dual SIM Backup Application Example........................................................................... 115
5.13 VRRP Application Example.............................................................................................. 118
5.14 NAT Application Example................................................................................................ 121
5.15 Access Control Application Example...............................................................................121
5.16 QoS Application Example................................................................................................ 122
5.17 DTU Application Example................................................................................................124
5.18 PPTP Application Example...............................................................................................127
6
UR51 User Guide
Chapter 1 Product Introduction
1.1 Overview
7
UR51 User Guide
Ursalink UR51 is an industrial cellular router with embedded intelligent software features
that are designed for multifarious M2M/IoT applications. Supporting global WCDMA and 4G
LTE, UR51 provides drop-in connectivity for operators and makes a giant leap in maximizing
uptime.
Adopting high-performance and low-power consumption industrial platform of 64-bit CPU
and wireless module, the UR51 is capable of providing wire-speed network with a typical
1.8W power consumption and ultra-small package to ensure the extremely safe and reliable
connection to the wireless network.
Meanwhile, the UR51 also supports Gigabit Ethernet port, serial port (RS232/RS485), which
enables you to scale up M2M application combining data and video in limited time and
budget.
The UR51 is particularly ideal for smart grid, digital media installations, industrial automation,
telemetry equipment, medical device, digital factory, finance, payment device, environment
protection, water conservancy and so on.
Figure 1-1
1.2 Advantages
Benefits
-
Built-in industrial strong CPU, big memory; Micro SD card is available to support further
development and customized requirements
-
Fast Ethernet is applied to all models of Ursalink routers for lightning transmission of
data
-
Dual SIM cards for backup between multiple carriers networking and global 2G/3G/LTE
options make it easy to get connected
-
Flexible modular design provides users with different connection modules like Ethernet,
serial port for connecting diverse field assets
-
Rugged enclosure, optimized for DIN rail or shelf mounting
-
3-year warranty included
8
UR51 User Guide
Security & Reliability
-
Automated failover/failback between Ethernet and Cellular (dual SIM)
-
Enable unit with security frameworks like IPsec/OpenVPN/GRE/L2TP/PPTP/ DMVPN
-
Embed hardware watchdog, able to automatically recover from various failure, ensure
highest level of availability
-
Establish a secured mechanism on centralized authentication and authorization of device
access by supporting AAA (Tacacs+, Radius, LDAP, local authentication) and multiple
levels of user authority
Easy Maintenance
-
Ursalink Device Management Platform provides easy setup, mass configuration, and
centralized management of remote devices
-
The user-friendly web interface design and more than one option of upgrade help
administrator to manage the device as easy as pie
-
WEB GUI and CLI enable the admin to achieve simple management and quick
configuration among a large quantity of devices
-
Efficiently manage the remote routers on the existing platform through the industrial
standard SNMP
Capabilities
-
Link remote devices in an environment where communication technologies are
constantly changing
-
Industrial ARM Cortex A7 processor, high-performance operating up to 528MHz with low
power consumption below 1W, and 128 MB memory available to support more
applications
-
Support rich protocols like SNMP, MQTT, Modbus bridging, RIP, OSPF
-
Support wide operating temperature ranging from -40°C to 70°C/-40°F to 158°F
9
UR51 User Guide
1.3 Specifications
Cellular Interfaces
Connectors
2 × 50 Ω SMA (Center pin: female)
SIM Slots
2
Hardware System
CPU
580MHz, ARM Cortex A7
Memory
128 MB Flash, 128 MB DDR3 RAM
Storage
1 × Micro SD
Ethernet
Ports
1 × RJ-45
Physical Layer
10/100 Base-T (IEEE 802.3)
Data Rate
10/100 Mbps (auto-sensing)
Interface
Auto MDI/MDIX
Mode
Serial Interface
Full or half duplex (auto-sensing)
Ports
1 × RS232 or 1 × RS485
Connector
DB9 Female
Baud Rate
300bps to 230400bps
Software
Network Protocols
PPP, PPPOE, SNMP v1/v2c/v3, TCP, UDP, DHCP, RIPv1/v2,
OSPF, DDNS, VRRP, HTTP, HTTPS, DNS, ARP, QOS, SNTP,
Telnet, VLAN, SSH, etc.
VPN Tunnel
DMVPN/IPsec/OpenVPN/PPTP/L2TP/GRE
Access Authentication
CHAP/PAP/MS-CHAP/MS-CHAPV2
Firewall
ACL/DMZ/Port Mapping/MAC Binding
Management
Web, CLI, SMS, On-demand dial up
AAA
Radius, Tacacs+, LDAP, Local Authentication
Multilevel Authority
Multiple levels of user authority
Reliability
VRRP, Dual SIM Backup
Serial Port
Transparent (TCP Client/Server, UDP), Modbus Gateway
(Modbus RTU to Modbus TCP)
Power Supply and Consumption
Connector
2-pin with 5.08 mm terminal block
Input Voltage
9-48 VDC
10
UR51 User Guide
Power Consumption
Physical Characteristics
Typical 1.8 W, Max 2.7 W (In Non-PoE mode)
Ingress Protection
IP30
Housing & Weight
Metal, 365 g (0.80 lb)
Dimensions
100 x 96.1 x 30 mm (3.94 x 3.78 x 1.18 in)
Mounting
Desktop, wall or DIN rail mounting
Others
Reset Button
1 × RESET
LED Indicators
1 × POWER, 1 × STATUS, 1 × VPN,
1 × SIM1, 1 × SIM2, 3 × Signal strength
Built-in
Watchdog, RTC, Timer
Certifications
RoHS, CE, FCC
EMC
IEC 61000-4-2 Level 3
IEC 61000-4-3 Level 4
IEC 61000-4-4 Level 3
IEC 61000-4-5 Level 4
IEC 61000-4-6 Level 3
IEC 61000-4-8 Level 4
Environmental
Operating Temperature
-40°C to +70°C (-40°F to +158°F) Reduced cellular
performance above 60°C
Storage Temperature
-40°C to +85°C (-40°F to +185°F)
Ethernet Isolation
1.5 kV RMS
Relative Humidity
0% to 95% (non-condensing) at 25°C/77°F
1.4 Dimensions (mm)
Figure 1-2
11
UR51 User Guide
Chapter 2 Installation
2.1 General Packing List
Before you begin to install the UR51 router, please check the package contents to verify that
you have received the items below.
1 × UR51 Router
1 × Ethernet Cable
1 × Power Adapter
2 × SIM Card Slots
1 × 2-Pin Pluggable
Terminal
1 × Warranty Card
1 × Quick Start
Guide
2 × Magnetic
Mount Cellular
Antennas (Default)
2 × Stubby Cellular
Antennas (Optional)
1 × GPS Antenna
(Optional)
1 × Wall Mounting
Bracket (Default)
1 × DIN Rail Kit
(Optional)
1 × DB9 Male to Terminal
Block Adapter (Optional)
If any of the above items is missing or damaged, please contact your Ursalink sales
representative.
12
UR51 User Guide
2.2 Product Overview
A. Front Panel
1
2
3
4
5
Main Cellular Antenna
Micro SD Card Interface
LED Indicator Area
POWER: Power Indicator
STATUS: Status Indicator
: Signal Strength Indicator
VPN: VPN Indicator
SIM1: SIM1 Status Indicator
SIM2: SIM2 Status Indicator
SIM Card Slot 1 & SIM Card Slot 2
AUX Cellular Antenna
B. Rear Panel
1
2
3
4
5
6
Grounding Stud
Power Connector
Ethernet Port Indicator
Serial Port: RS232 or RS485
Reset Button
GPS Antenna Connector
2.3 LED Indicators
LED
Indication
POWER
Power Status
STATUS
System Status
VPN
VPN Status
Status
On
Off
Green Light
Off
Green Light
Off
Off
SIM1/SIM2
SIM Card Status
Green Light
Description
The power is switched on
The power is switched off
Static: Start-up
Blinking slowly: the system is running
properly
The system goes wrong
VPN is connected
VPN is disconnected
SIM1 or SIM2 is registering or fails to register
(or there are no SIM cards inserted)
Blinking slowly: SIM1 or SIM2 has been
registered and is ready for dial-up
13
UR51 User Guide
Off
Signal
Strength
Signal 1/2/3
Green Light
Blinking rapidly: SIM1 or SIM2 has been
registered and is dialing up now
Static: SIM1 or SIM2 has been registered and
dialed up successfully
No signal
Static/Off/Off: weak signals with 1-10 ASU
(please check if the antenna is installed
correctly, or move the antenna to a suitable
location to get better signal)
Static/Static/Off: normal signals with 11-20
ASU (average signal strength)
Static/Static/Static: strong signals with 21-31
ASU (signal is good)
2.4 Ethernet Port Indicators
Indicator
Link Indicator (Orange)
Status
On
Blinking
Off
Description
Connected
Transmitting data
Disconnected
2.5 PIN Definition
PIN
1
2
3
4
5
6
7
8
9
10
RS232
TXD
RXD
----GND
-----------
RS485
----A
B
-------------
DI
--------GND
IN1
IN2
-------
DO
--------------OUT1
OUT2
COM
Description
Transmit Data
Receive Data
Data +
Data Ground
Digital Input1
Digital Input2
Digital Output1
Digital Output2
Common Ground
14
UR51 User Guide
PIN
11
12
Description
Positive
Negative
2.6 Reset Button
Function
Reboot
Reset
Description
STATUS LED
Blinking
Action
Press and hold the reset button for about 5-15
seconds.
Static Green
Release the button and wait for system to reboot.
Blinking
Press and hold the reset button for more than 15
seconds.
Static Green →
Rapidly Blinking
Release the button and wait.
Off → Blinking
The router is now reset to factory defaults.
2.7 SIM Card Installation
A. Push the yellow button on left panel of the router, and then you will see the SIM card slot
popping out directly.
B. Put SIM card onto the slot, and then insert the slot back into the hole.
15
UR51 User Guide
2.8 Micro SD card Installation
Insert Micro SD card
2.9 Cellular Antenna Installation
A. Rotate the antenna into the Antenna Connector.
The external cellular antenna should be installed vertically always on a site with a good
cellular signal.
Note: UR51 router supports dual antennas with “Main” and “AUX” connectors. “Main”
interface is for data receiving and transmission. “AUX” interface is for enhancing signal
strength, which cannot be used separately.
2.10 Mounting the Router
The router can be placed on a desktop or mounted to a wall or a DIN rail.
2.10.1 Wall Mounting (Measured in mm)
Use 2 pcs of M3×6 flat head Phillips screws to fix the wall mounting kit to the router, and
then use 2 pcs of M3 drywall screws to mount the router associated with the wall mounting
kit on the wall.
Recommended torque for mounting is 1.0 N. m, and the maximum allowed is 1.2
N.m.
16
UR51 User Guide
2.10.2 DIN Rail Mounting (Measured in mm)
Use 2 pcs of M3×6 flat head Phillips screws to fix the DIN rail to the router, and then hang the
DIN rail on the mounting bracket. It is necessary to choose a standard bracket.
Recommended torque for mounting is 1.0 N. m, and the maximum allowed is 1.2
N.m.
2.11 Connect the Router to a Computer
2.12 Installation of Power Supply and Protective Grounding
2.12.1 Power Supply Installation
A. Take out the terminal from the router and unscrew the bolt on terminal.
B. Screw down the bolt after inserting power cable into the terminal.
17
UR51 User Guide
Connecting the Power Cable
Color
Red
Yellow
Polarity
+
-
If you insert wires into the reverse holes, the router will not start and you must
switch the wires into the correct holes.
2.12.2 Protective Grounding Installation
1.
Remove the grounding nut.
2.
Connect the grounding ring of the cabinet’s grounding wire onto the grounding stud and
screw up the grounding nut.
The router must be grounded when deployed. According to operating environment,
the ground wire should be connected with grounding stud of router.
2.13 Examine
1.
Double check antenna connection.
2.
Double check if SIM card is inserted and become available.
3.
Power on the UR51 wireless cellular router and check indicators status.
(1) If Status LED blinks slowly, the system is running properly.
(2) If SIM1 or SIM2 indicator is static green, the router is connected to network already.
18
UR51 User Guide
Chapter 3 Access to Web GUI
This chapter explains how to access to Web GUI of the UR51 router.
3.1 PC Configuration for Web GUI Access to Router
Please connect PC to FE port of UR51 router directly. PC can obtain an IP address, or you can
configure a static IP address manually. The following steps are based on Windows 10
operating system for your reference.
The following steps are based on Windows 10 operating system for your reference.
①Click "Search Box" to search "Control Panel" on
the Windows 10 taskbar.
③ Click "Ethernet" (May have different name).
② Click “Control Panel” to open it, and then
click “View network status and tasks”.
④ Click "Properties".
19
UR51 User Guide
⑤ Double Click "Internet
Protocol Version 4 (TCP/IPv4)"
to configure IP address and
DNS server.
⑥ Method 1: click "Obtain an IP
address automatically";
Method 2: click "Use the following
IP address" to assign a static IP
manually within the same subnet of
the router.
(Note: remember to click “OK” to finish configuration.)
3.2 Access to Web GUI of Router
Ursalink router provides Web-based configuration interface for management. If this is the
first time you configure the router, please use the default settings below.
Username: admin
Password: password
IP Address: 192.168.1.1
DHCP Server: Enabled
1.
Start a Web browser on your PC (Chrome and IE are recommended), type in the IP
address, and press Enter on your keyboard.
2.
Enter the username, password, and click "Login".
20
UR51 User Guide
If the SIM card is connected to cellular network with public IP address, you can access WEB
GUI remotely via the public IP address when remote access is enabled.
If you enter the username or password incorrectly more than 5 times, the login page
will be locked for 10 minutes.
3.
When you login with the default username and password, you will be asked to modify
the password. It’s suggested that you change the password for the sake of security. Click
"Cancel" button if you want to modify it later.
4.
After you login the Web GUI, you can view system information and perform
configuration on the router.
21
UR51 User Guide
Chapter 4 Web Configuration
4.1 Status
4.1.1 Overview
You can view the system information of the router on this page.
Figure 4-1-1-1
Item
Model
Serial Number
Firmware Version
Hardware Version
Local Time
Uptime
CPU Load
RAM (Capacity/Available)
Flash (Capacity/Available)
System Information
Description
Show the model name of router.
Show the serial number of router.
Show the currently firmware version of router.
Show the currently hardware version of router.
Show the currently local time of system.
Show the information on how long the router has been
running.
Show the current CPU utilization of the router.
Show the RAM capacity and the available RAM memory.
Show the Flash capacity and the available Flash memory.
Table 4-1-1-1 System Information
22
UR51 User Guide
4.1.2 Cellular
You can view the cellular network status of router on this page.
Figure 4-1-2-1
Modem Information
Item
Status
Model
Current SIM
Signal Level
Register Status
IMSI
ICCID
ISP
Network Type
PLMN ID
LAC
Cell ID
IMEI
Description
Show corresponding detection status of module and SIM card.
Show the model name of cellular module.
Show the current SIM card used.
Show the cellular signal level.
Show the registration status of SIM card.
Show IMSI of the SIM card.
Show ICCID of the SIM card.
Show the network provider which the SIM card registers on.
Show the connected network type, such as LTE, 3G, etc.
Show the current PLMN ID, including MCC, MNC, LAC and Cell ID.
Show the location area code of the SIM card.
Show the Cell ID of the SIM card location.
Show the IMEI of the module.
Table 4-1-2-1 Modem Information
23
UR51 User Guide
Figure 4-1-2-2
Network Status
Item
Status
IP Address
Netmask
Gateway
DNS
Connection Duration
Description
Show the connection status of cellular network.
Show the IP address of cellular network.
Show the netmask of cellular network.
Show the gateway of cellular network.
Show the DNS of cellular network.
Show information on how long the cellular network has been
connected.
Table 4-1-2-2 Network Status
4.1.3 Network
On this page you can check the LAN status of the router.
Figure 4-1-3-1
LAN Status
Item
Port
VLAN ID
IP Address
Netmask
MTU
Description
Show the name of LAN port.
Show the label ID of the VLAN.
Show the LAN port's IP address.
Show the LAN port's netmask.
Show the maximum transmission unit of LAN port.
Table 4-1-3-1 LAN Status
24
UR51 User Guide
4.1.4 VPN
You can check VPN status on this page, including PPTP, L2TP, IPsec, OpenVPN and DMVPN.
Figure 4-1-4-1
Figure 4-1-4-2
25
UR51 User Guide
Figure 4-1-4-3
VPN Status
Item
Name
Status
Local IP
Remote IP
Description
Show the name of the VPN tunnel.
Show the status of the VPN tunnel.
Show the local tunnel IP of VPN tunnel.
Show the remote tunnel IP of VPN tunnel.
Table 4-1-4-1 VPN Status
4.1.5 Routing Information
You can check routing status on this page, including the routing table and ARP cache.
Figure 4-1-5-1
Item
Routing Table
Destination
Netmask
Gateway
Description
Show the IP address of destination host or destination network.
Show the netmask of destination host or destination network.
Show the IP address of the gateway.
26
UR51 User Guide
Interface
Metric
ARP Cache
IP
MAC
Interface
Show the outbound interface of the route.
Show the metric of the route.
Show the IP address of ARP pool.
Show the IP address's corresponding MAC address.
Show the binding interface of ARP.
Table 4-1-5-1 Routing Information
4.1.6 Host List
You can view the host information on this page.
Figure 4-1-6-1
Host List
Item
DHCP Leases
IP Address
MAC Address
Lease Time Remaining
MAC Binding
IP & MAC
Description
Show IP address of DHCP client
Show MAC address of DHCP client
Show the remaining lease time of DHCP client.
Show the IP address and MAC address set in the Static IP list of
DHCP service.
Table 4-1-6 Host List Description
4.2 Network
4.2.1 Interface
4.2.1.1 Port
Figure 4-2-1-1
27
UR51 User Guide
Port Setting
Item
Port
Status
Property
Speed
Duplex
Description
Users can define the Ethernet ports according to their needs.
Set the status of Ethernet port; select "up" to enable and "down" to disable.
LAN. User cannot change this setting.
Set the Ethernet port's speed. The options are "auto", "1000 Mbps", "100
Mbps", and "10 Mbps".
Set the Ethernet port's mode. The options are "auto", "full", and "half".
Table 4-2-1-1 Port Parameters
4.2.1.2 LAN
LAN setting is used for managing local area network devices which are connected to LAN
port of the UR51, allowing each of them to access the Internet.
Click
to delete the existing LAN port setting. Click
to add a new LAN port setting.
Figure 4-2-1-2
LAN
Item
Interface
IP Address
Netmask
MTU
Description
Select LAN port.
Set IP address of LAN port.
Set Netmask of LAN port.
Set the maximum transmission unit of LAN port.
Range: 68-1500.
Default
FE 0
192.168.1.1
255.255.255.0
1500
Table 4-2-1-2
Related Configuration Example
LAN Management
4.2.1.3 VLAN Trunk
VLAN is a kind of new data exchange technology that realizes virtual work groups by logically
dividing the LAN device into network segments.
Client
to delete the current VLAN setting. Click
to add a new VLAN port.
28
UR51 User Guide
Figure 4-2-1-3
VLAN Trunk
Item
Enable
Interface
VID
IP Address
Netmask
Description
The router can encapsulate or decapsulate the virtual LAN tag when
this function is enabled.
Select the VLAN interface from the LAN ports.
Set the label ID of the VLAN. Range: 1-4094.
Set VLAN port's IP address.
Set VLAN port's netmask.
Table 4-2-1-3 VLAN Trunk Parameters
4.2.1.4 Cellular
This section explains how to set the related parameters for cellular network. The UR51
cellular router has two cellular interfaces, namely SIM1 and SIM2. Only one cellular interface
is active at one time. If both cellular interfaces are enabled, then SIM1 interface takes
precedence by default.
A typical use case would be to have SIM1 configured as the primary cellular interface and
SIM2 as a backup. If the UR51 cannot connect to the network via SIM1, it will automatically
fail over to SIM2.
Figure 4-2-1-4
29
UR51 User Guide
Figure 4-2-1-5
General Settings
Item
Default
Authentication
Type
Description
Check the option to enable the corresponding
SIM card.
Select from "Auto", "4G First", "4G Only", "3G
First", "3G Only", "2G Frist", and "2G Only".
Auto: connect to the network with the
strongest signal automatically.
4G First: 4G network takes precedence.
4G Only: connect to 4G network only.
And so on.
Enter the Access Point Name for cellular dial-up
connection provided by local ISP.
Enter the username for cellular dial-up
connection provided by local ISP.
Enter the password for cellular dial-up
connection provided by local ISP.
Enter the dial-up center NO. For cellular dial-up
connection provided by local ISP.
Enter a 4-8 characters PIN code to unlock the
SIM.
Select from "Auto", "PAP", "CHAP",
"MS-CHAP", and "MS-CHAPv2".
Roaming
Enable or disable roaming.
Disable
Enable
Network Type
APN
Username
Password
Access Number
PIN Code
SMS Center
Enable NAT
ICMP Server
Secondary ICMP
Enter the local SMS center number for storing,
forwarding, converting and delivering SMS
message.
Enable or disable NAT function.
Set the ICMP detection server's IP address.
Set the secondary ICMP detection server's IP
Enable
Auto
Null
Null
Null
Null
Null
Auto
Null
Enable
8.8.8.8
114.114.114.114
30
UR51 User Guide
Server
PING Times
Packet Loss Rate
address.
Set PING packet numbers in each ICMP
detection.
Set packet loss rate in each ICMP detection.
ICMP detection fails when the preset packet
loss rate is exceeded.
5
20
Table 4-2-1-4 Cellular Parameters
Figure 4-2-5
Item
Connection Mode
Connection Mode
Connect on
Demand
Triggered by Call
Call Group
Triggered by SMS
SMS Group
SMS Text
Dual SIM Strategy
Current SIM Card
Description
Select from "Always Online" and "Connect on Demand".
"Connect on Demand" includes "Triggered by Call", "Triggered by
SMS", and "Triggered by IO".
The router will switch from offline mode to cellular network mode
automatically when it receives a call from the specific phone
number.
Select a call group for call trigger. Go to "System > General >
Phone" to set up phone group.
The router will switch from offline mode to cellular network mode
automatically when it receives a specific SMS from the specific
mobile phone.
Select an SMS group for trigger. Go to "System > General > Phone"
to set up SMS group.
Fill in the SMS content for triggering.
Select between "SIM1" and "SIM2" as a current SIM card used.
31
UR51 User Guide
Switch to backup
SIM card when
ICMP detection fails
Switch to backup
SIM card when the
connection fails
Switch to backup
SIM card when
roaming is detected
The router will switch to the backup SIM card when packet loss rate
in IMCP detection exceeds the preset value.
The router will switch to the backup SIM card when the primary
one fails to connect with cellular network.
The router will switch to the backup SIM card when the primary
one is roaming.
Table 4-2-1-5 Cellular Parameters
Related Topics
Cellular Connection Application Example
Dual SIM Backup Application Example
Phone Group
4.2.1.5 Loopback
Loopback interface is used for replacing router's ID as long as it is activated. When the
interface is DOWN, the ID of the router has to be selected again which leads to long
convergence time of OSPF. Therefore, Loopback interface is generally recommended as the
ID of the router.
Loopback interface is a logic and virtual interface on router. Under default conditions, there's
no loopback interface on router, but it can be created as required.
Figure 4-2-1-6
Loopback
Item
IP Address
Netmask
Multiple IP
Addresses
Description
Unalterable
Unalterable
Apart from the IP above, user can configure
other IP addresses.
Default
127.0.0.1
255.0.0.0
Null
Table 4-2-1-6 Loopback Parameters
32
UR51 User Guide
4.2.2 Firewall
This section describes how to set the firewall parameters, including ACL, DMZ, Port Mapping
and MAC Binding.
The firewall implements corresponding control of data flow at entry direction (from Internet
to local area network) and exit direction (from local area network to Internet) according to
the content features of packets, such as protocol style, source/destination IP address, etc. It
ensures that the router operate in a safe environment and host in local area network.
4.2.2.1 ACL
Access control list, also called ACL, implements permission or prohibition of access for
specified network traffic (such as the source IP address) by configuring a series of matching
rules so as to filter the network interface traffic. When router receives packet, the field will
be analyzed according to the ACL rule applied to the current interface. After the special
packet is identified, the permission or prohibition of corresponding packet will be
implemented according to preset strategy.
The data package matching rules defined by ACL can also be used by other functions
requiring flow distinction.
Figure 4-2-2-1
Figure 4-2-2-2
Item
ACL Setting
Default Filter Policy
Access Control List
Type
Description
Select from "Accept" and "Deny".
The packets which are not included in the access control list will
be processed by the default filter policy.
Select type from "Extended" and "Standard".
33
UR51 User Guide
ID
Action
Protocol
Source IP
Source Wildcard Mask
Destination IP
Destination Wildcard
Mask
Description
ICMP Type
ICMP Code
Source Port Type
Source Port
Start Source Port
End Source Port
Destination Port Type
Destination Port
Start Destination Port
End Destination Port
More Details
Interface List
Interface
In ACL
Out ACL
User-defined ACL number. Range: 1-199.
Select from "Permit" and "Deny".
Select protocol from "ip", "icmp", "tcp", "udp", and "1-255".
Source network address (leaving it blank means all).
Wildcard mask of the source network address.
Destination network address (0.0.0.0 means all).
Wildcard mask of destination address.
Fill in a description for the groups with the same ID.
Enter the type of ICMP packet. Range: 0-255.
Enter the code of ICMP packet. Range: 0-255.
Select source port type, such as specified port, port range, etc.
Set source port number. Range: 1-65535.
Set start source port number. Range: 1-65535.
Set end source port number. Range: 1-65535.
Select destination port type, such as specified port, port range,
etc.
Set destination port number. Range: 1-65535.
Set start destination port number. Range: 1-65535.
Set end destination port number. Range: 1-65535.
Show information of the port.
Select network interface for access control.
Select a rule for incoming traffic from ACL ID.
Select a rule for outgoing traffic from ACL ID.
Table 4-2-2-1 ACL Parameters
Related Configuration Example
Access Control Application Example
4.2.2.2 DMZ
DMZ is a host within the internal network that has all ports exposed, except those forwarded
ports in port mapping.
Figure 4-2-2-3
34
UR51 User Guide
DMZ
Item
Enable
DMZ Host
Source Address
Description
Enable or disable DMZ.
Enter the IP address of the DMZ host on the internal network.
Set the source IP address which can access to DMZ host. "0.0.0.0/0"
means any address.
Table 4-2-2-2 DMZ Parameters
4.2.2.3 Port Mapping
Port mapping is an application of network address translation (NAT) that redirects a
communication request from the combination of an address and port number to another
while the packets are traversing a network gateway such as a router or firewall.
Click
to add a new port mapping rules.
Figure 4-2-2-4
Port Mapping
Item
Source IP
Source Port
Destination IP
Destination Port
Protocol
Description
Description
Specify the host or network which can access local IP address.
0.0.0.0/0 means all.
Enter the TCP or UDP port from which incoming packets are
forwarded. Range: 1-65535.
Enter the IP address that packets are forwarded to after being
received on the incoming interface.
Enter the TCP or UDP port that packets are forwarded to after
being received on the incoming port(s). Range: 1-65535.
Select from "TCP" and "UDP" as your application required.
The description of this rule.
Table 4-2-2-3 Port Mapping Parameters
Related Configuration Example
NAT Application Example
35
UR51 User Guide
4.2.2.4 MAC Binding
MAC Binding is used for specifying hosts by matching MAC addresses and IP addresses that
are in the list of allowed outer network access.
Figure 4-2-2-5
MAC Binding List
Item
MAC Address
IP Address
Description
Description
Set the binding MAC address.
Set the binding IP address.
Fill in a description for convenience of recording the meaning
of the binding rule for each piece of MAC-IP.
Table 4-2-2-4 MAC Binding Parameters
4.2.3 QoS
Quality of service (QoS) refers to traffic prioritization and resource reservation control
mechanisms rather than the achieved service quality. QoS is engineered to provide different
priority for different applications, users, data flows, or to guarantee a certain level of
performance to a data flow.
4.2.3.1 QoS (Download/Upload)
Figure 4-2-3-1
36
UR51 User Guide
QoS
Item
Download/Upload
Enable
Default Class
Download/Upload
Bandwidth Capacity
Service Class
Name
Percent (%)
Max BW(kbps)
Min BW(kbps)
Item
Service Class Rules
Name
Source IP
Source Port
Destination IP
Destination Port
Protocol
Service Class
Description
Enable or disable QoS.
Select default class from Service Class list.
The download/upload bandwidth capacity of the network that the
router is connected with, in kbps. Range: 1-8000000.
Give the service class a descriptive name.
The amount of bandwidth that this class should be guaranteed in
percentage. Range: 0-100.
The maximum bandwidth that this class is allowed to consume, in
kbps. The value should be less than the "Download/Upload
Bandwidth Capacity".
The minimum bandwidth that can be guaranteed for the class, in
kbps. The value should be less than the "MAX BW" value.
Description
Give the rule a descriptive name.
Source address of flow control (leaving it blank means any).
Source port of flow control. Range: 0-65535 (leaving it blank
means any).
Destination address of flow control (leaving it blank means any).
Destination port of flow control. Range: 0-65535 (leaving it blank
means any).
Select protocol from "ANY", "TCP", "UDP", "ICMP", and "GRE".
Set service class for the rule.
Table 4-2-3-1 QoS (Download/Upload) Parameters
Related Application Example
QoS Application Example
4.2.4 DHCP
DHCP adopts Client/Server communication mode. The Client sends configuration request to
the Server which feeds back corresponding configuration information and distributes IP
address to the Client so as to achieve the dynamic configuration of IP address and other
information.
4.2.4.1 DHCP Server
The UR51 can be set as a DHCP server to distribute IP address when a host logs on and
ensures each host is supplied with different IP addresses. DHCP Server has simplified some
previous network management tasks requiring manual operations to the largest extent.
37
UR51 User Guide
Figure 4-2-4-1
DHCP Server
Item
Enable
Interface
Start
Address
End Address
Netmask
Lease Time
(Min)
Primary DNS
Server
Secondary
DNS Server
Windows
Name Server
Description
Enable or disable DHCP server.
Select interface, e.g. FE.
Define the beginning of the pool of IP addresses which
will be leased to DHCP clients.
Define the end of the pool of IP addresses which will be
leased to DHCP clients.
Define the subnet mask of IP address obtained by
DHCP clients from DHCP server.
Set the lease time on which the client can use the IP
address obtained from DHCP server. Range: 1-10080.
Default
Enable
FE
Set the primary DNS server.
114.114.114.114
Set the secondary DNS server.
Null
Define the Windows Internet Naming Service obtained
by DHCP clients from DHCP sever. Generally you can
leave it blank.
Null
192.168.1.100
192.168.1.199
255.255.255.0
1440
Static IP
MAC
Address
IP Address
Set a static and specific MAC address for the DHCP
client (it should be different from other MACs so as to
avoid conflict).
Set a static and specific IP address for the DHCP client
(it should be outside of the DHCP range).
Null
Null
Table 4-2-4-1 DHCP Server Parameters
38
UR51 User Guide
4.2.4.2 DHCP Relay
The UR51 can be set as DHCP Relay to provide a relay tunnel to solve the problem that DHCP
Client and DHCP Server are not in the same subnet.
Figure 4-2-4-2
DHCP Relay
Item
Enable
DHCP Server
Description
Enable or disable DHCP relay.
Set DHCP server, up to 10 servers can be configured; separate them
by blank space or ",".
Table 4-2-4-2 DHCP Relay Parameters
4.2.5 DDNS
Dynamic DNS (DDNS) is a method that automatically updates a name server in the Domain
Name System, which allows user to alias a dynamic IP address to a static domain name.
DDNS serves as a client tool and needs to coordinate with DDNS server. Before starting
configuration, user shall register on a website of proper domain name provider and apply for
a domain name.
Figure 4-2-5-1
DDNS
Item
Name
Interface
Service Type
Username
User ID
Description
Give the DDNS a descriptive name.
Set interface bundled with the DDNS.
Select the DDNS service provider.
Enter the username for DDNS register.
Enter User ID of the custom DDNS server.
39
UR51 User Guide
Password
Server
Hostname
Append IP
Enter the password for DDNS register.
Enter the name of DDNS server.
Enter the hostname for DDNS.
Append your current IP to the DDNS server update path.
Table 4-2-5-1 DDNS Parameters
Item
Advanced Options
Name
Provider
Check IP Server
Check IP Path
Check IP SSL
Check IP Command
Use HTTPS
Domain Wildcard
Other Options
Name
Period (s)
Verify Address
Fake Address
Allow IPv6
Forced Update (s)
Secure SSL
CA Certificates PATH
Description
Select the DDNS name.
Enter DDNS server provider.
Server used for periodic IP address changes.
Optional server path for check IP server.
This setting usually follows the SSL setting, but can be used to
disable HTTPS for the IP address check. This might be needed
for some providers that only support HTTPS for the DNS record
update.
Shell command, or script for IP address update checking.
Use HTTPS or not.
Enable/disable domain name wildcard of your domain name.
Select the DDNS name.
Decide how often is the IP address checked, in seconds. The
default interval is 3600s. Range: 60-864000
Verify IP address, making sure the address is a valid Internet
address.
This option can be used to fake an address by updating with a
"random" address in the 203.0.113.0/24 range.
Allow or discard IPv6 addresses.
Decide how often the IP should be updated even if it is not
changed, in seconds. The default interval is 2592000 s (30
days).
When this option is enabled, the DDNS update will be aborted
before sending any credentials if the HTTPS certificate
validation fails for a provider. When it's disabled, then will only
a warning is issued.
Specify the path to a trusted set of CA certificates.
Table 4-2-5-2 DDNS Parameters
4.2.6 Link Failover
This section describes how to configure link failover strategies, such as VRRP strategies.
Configuration Steps
1.
2.
Define one or more SLA operations (ICMP probe).
Define one or more track objects to track the status of SLA operation.
40
UR51 User Guide
3.
Define applications associated with track objects, such as VRRP or static routing.
4.2.6.1 SLA
SLA setting is used for configuring link probe method. The default probe type is ICMP.
Figure 4-2-6-1
SLA
Item
Description
Default
ID
SLA index. Up to 10 SLA settings can be added.
Range: 1-10.
1
Type
ICMP-ECHO is the default type to detect if the link
icmp-echo
is alive.
Destination Address
The detected IP address.
114.114.114.114
Secondary Destination
The secondary detected IP address.
Address
8.8.8.8
Data Size
User-defined data size. Range: 0-1000.
56
Interval (s)
User-defined detection interval. Range: 1-608400. 30
Timeout (ms)
User-defined timeout for response to determine
ICMP detection failure. Range: 1-300000.
5000
PING Times
Define PING packet numbers in each SLA probe.
Range: 1-1000.
5
Packet Loss Rate
Define packet loss rate in each SLA probe. SLA
probe fails when the preset packet loss rate is
exceeded.
20
Start Time
Detection start time; select from "Now" and blank
character. Blank character means this SLA
now
detection doesn't start.
Table 4-2-6-1 SLA Parameters
4.2.6.2 Track
Track setting is designed for achieving linkage among SLA module, Track module and
Application module. Track setting is located between application module and SLA module
41
UR51 User Guide
with main function of shielding the differences of various SLA modules and providing unified
interfaces for application module.
Linkage between Track Module and SLA module
Once you complete the configuration, the linkage relationship between Track module and
SLA module will be established. SLA module is used for detection of link status, network
performance and notification of Track module. The detection results help track status change
timely.
- For successful detection, the corresponding track item is Positive.
- For failed detection, the corresponding track item is Negative.
Linkage between Track Module and Application Module
After configuration, the linkage relationship between Track module and Application module
will be established. When any change occurs in track item, a notification that requires
corresponding treatment will be sent to Application module.
Currently, the application modules like VRRP and static routing can get linkage with track
module.
If it sends an instant notification to Application module, the communication may be
interrupted in some circumstances due to routing's failure like timely restoration or other
reasons. Therefore, user can set up a period of time to delay notifying application module
when the track item status changes.
Figure 4-2-6-2
Item
Description
Default
Index
Track index. Up to 10 track settings can be
configured. Range: 1-10.
1
Type
The options are "sla" and "interface".
SLA
SLA ID
Defined SLA ID.
1
Interface
Select the interface whose status will be detected.
cellular0
Negative Delay (s)
When interface is down or SLA probing fails, it will
wait according to the time set here before actually
changing its status to Down. Range: 0-180 (0 refers
to immediate switching).
0
Positive Delay (s)
When failure recovery occurs, it will wait according
1
42
UR51 User Guide
to the time set here before actually changing its
status to Up. Range: 0-180 (0 refers to immediate
switching).
Table 4-2-6-2 Track Parameters
4.2.6.3 VRRP
The Virtual Router Redundancy Protocol (VRRP) is a computer networking protocol that
provides automatic assignment of available Internet Protocol (IP) routers for participating
hosts. This increases the availability and reliability of routing paths via automatic default
gateway selections in an IP sub-network.
Increasing the number of exit gateway is a common method for improving system reliability.
VRRP adds a group of routers that undertake gateway function into a backup group so as to
form a virtual router. The election mechanism of VRRP will decide which router undertakes
the forwarding task, and the host in LAN is only required to configure the default gateway for
the virtual router.
In VRRP, routers need to be aware of failures in the virtual master router. To achieve this, the
virtual master router sends out multicast “alive” announcements to the virtual backup
routers in the same VRRP group.
The VRRP router who has the highest number will become the virtual master router. The
VRRP router number ranges from 1 to 255 and usually we use 255 for the highest priority
and 100 for backup.
If the current virtual master router receives an announcement from a group member (Router
ID) with a higher priority, then the latter will pre-empt and become the virtual master router.
VRRP has the following characteristics:
- The virtual router with an IP address is known as the Virtual IP address. For the host in
LAN, it is only required to know the IP address of virtual router, and set it as the address
of the next hop of the default route.
- The network Host communicates with the external network through this virtual router.
-
A router will be selected from the set of routers based on its priority to undertake the
gateway function. Other routers will be used as backup routers to perform the duties of
gateway for the gateway router in the case of any malfunction, so as to guarantee
uninterrupted communication between the host and external network.
When interface connected with the uplink is at the state of Down or Removed, the router
actively lowers its priority so that priority of other routers in the backup group will be higher.
Thus the router with the highest priority becomes the gateway for the transmission task.
43
UR51 User Guide
Figure 4-2-6-3
VRRP
Item
Enable
Interface
Virtual Router ID
Virtual IP
Priority
Advertisement
Interval (s)
Preemption Mode
Track ID
Description
Enable or disable VRRP.
Select the interface of Virtual Router.
User-defined Virtual Router ID. Range: 1-255.
Set the IP address of Virtual Router.
The VRRP priority range is 1-254 (a bigger number
indicates a higher priority). The router with higher
priority will be more likely to become the gateway router.
Heartbeat package transmission time interval between
routers in the virtual ip group. Range: 1-255.
If the router works in the preemption mode, once it finds
that its own priority is higher than that of the current
gateway router, it will send VRRP notification package,
resulting in re-election of gateway router and eventually
replacing the original gateway router. Accordingly, the
original gateway router will become a Backup router.
Trace detection, select the defined track ID or blank
character.
Default
Disable
None
None
None
100
1
Disable
None
Table 4-2-6-3 VRRP Parameters
Related Configuration Example
VRRP Application Example
44
UR51 User Guide
4.2.7 Routing
4.2.7.1 Static Routing
A static routing is a manually configured routing entry. Information about the routing is
manually entered rather than obtained from dynamic routing traffic. After setting static
routing, the package for the specified destination will be forwarded to the path designated
by user.
Figure 4-2-7-1
Static Routing
Item
Destination
Netmask
Interface
Gateway
Distance
Track ID
Description
Enter the destination IP address.
Enter the subnet mask of destination address.
The interface through which the data can reach the
destination address.
IP address of the next router that will be passed by before the
input data reaches the destination address.
Priority, smaller value refers to higher priority. Range: 1-255.
Track detection, select the defined track ID. You can leave it
blank.
Table 4-2-7-1 Static Routing Parameters
Related Topic
Track Setting
4.2.7.2 RIP
RIP is mainly designed for small networks. RIP uses Hop Count to measure the distance to
the destination address, which is called Metric. In RIP, the hop count from the router to its
directly connected network is 0 and the hop count of network to be reached through a
router is 1 and so on. In order to limit the convergence time, the specified metric of RIP is an
integer in the range of 0 - 15 and the hop count larger than or equal to 16 is defined as
45
UR51 User Guide
infinity, which means that the destination network or host is unreachable. Because of this
limitation, the RIP is not suitable for large-scale networks. To improve performance and
prevent routing loops, RIP supports split horizon function. RIP also introduces routing
obtained by other routing protocols.
Each router that runs RIP manages a routing database, which contains routing entries to
reach all reachable destinations.
Figure 4-2-7-2
RIP
Item
Description
Enable
Enable or disable RIP.
Update Timer
Timeout Timer
Garbage Collection
Timer
It defines the interval to send routing updates. Range:
5-2147483647, in seconds.
It defines the routing aging time. If no update package on a routing
is received within the aging time, the routing's Routing Cost in the
routing table will be set to 16. Range: 5-2147483647, in seconds.
It defines the period from the routing cost of a routing becomes 16
to it is deleted from the routing table. In the time of
Garbage-Collection, RIP uses 16 as the routing cost for sending
routing updates. If Garbage Collection times out and the routing
still has not been updated, the routing will be completely removed
46
UR51 User Guide
from the routing table. Range: 5-2147483647, in seconds.
Version
RIP version. The options are v1 and v2.
Advanced Settings
Default Information
Originate
Default information will be released when this function is enabled.
Default Metric
The default cost for the router to reach destination. Range: 0-16
Redistribute
Connected
Check to enable.
Metric
Set metric after "Redistribute Connected" is enabled. Range: 0-16.
Redistribute Static
Check to enable.
Metric
Set metric after "Redistribute Static" is enabled. Range: 0-16.
Redistribute OSPF
Check to enable.
Metric
Set metric after "Redistribute OSPF" is enabled. Range: 0-16.
Table 4-2-7-2 RIP Parameters
Figure 4-2-7-3
47
UR51 User Guide
Item
Description
Distance/Metric Management
Distance
Set the administrative distance that a RIP route learns. Range:
1-255.
IP Address
Set the IP address of RIP route.
Netmask
Set the netmask of RIP route.
ACL Name
Set ACL name of RIP route.
Metric
The metric of received route or sent route from the interface.
Range: 0-16.
Policy in/out
Select from "in" and "out".
Interface
Select interface of the route.
ACL Name
Access control list name of the route strategy.
Filter Policy
Policy Type
Select from "access-list" and "prefix-list".
Policy Name
User-defined prefix-list name.
Policy in/out
Select from "in" and "out".
Interface
Select interface from "cellular0", "FE1" and "FE0".
Passive Interface
Passive Interface
Select interface from "cellular0" and "FE1", "FE0".
Interface
Interface
Select interface from "cellular0", "FE1" and "FE0".
Send Version
Select from "default", "v1" and "v2".
Receive Version
Select from "default", "v1" and "v2".
Split-Horizon
Select from "enable" and "disable".
Authentication Mode
Select from "text" and "md5".
Authentication String
The authentication key for package interaction in RIPV2.
Authentication
Key-chain
The authentication key-chain for package interaction in RIPV2.
Neighbor
IP Address
Set RIP neighbor's IP address manually.
Network
IP Address
The IP address of interface for RIP publishing.
Netmask
The netmask of interface for RIP publishing.
Table 4-2-7-3
48
UR51 User Guide
4.2.7.3 OSPF
OSPF, short for Open Shortest Path First, is a link status based on interior gateway protocol
developed by IETF.
If a router wants to run the OSPF protocol, there should be a Router ID that can be manually
configured. If no Router ID configured, the system will automatically select an IP address of
interface as the Router ID. The selection order is as follows:
- If a Loopback interface address is configured, then the last configured IP address of
Loopback interface will be used as the Router ID;
- If no Loopback interface address is configured, the system will choose the interface with
the biggest IP address as the Router ID.
Five types of packets of OSPF:
-
Hello packet
DD packet (Database Description Packet)
LSR packet (Link-State Request Packet)
LSU packet (Link-State Update Packet)
LSAck packet (Link-Sate Acknowledgment Packet)
Neighbor and Neighboring
After OSPF router starts up, it will send out Hello Packets through the OSPF interface. Upon
receipt of Hello packet, OSPF router will check the parameters defined in the packet. If it’s
consistent, a neighbor relationship will be formed. Not all matched sides in neighbor
relationship can form the adjacency relationship. It is determined by the network type. Only
when both sides successfully exchange DD packets and LSDB synchronization is achieved, the
adjacency in the true sense can be formed. LSA describes the network topology around a
router, LSDB describes entire network topology.
Figure 4-2-7-4
49
UR51 User Guide
OSPF
Item
Description
Enable
Enable or disable OSPF.
Router ID
Router ID (IP address) of the originating LSA.
ABR Type
Select from cisco, ibm, standard and shortcut.
RFC1583 Compatibility
Enable/Disable.
OSPF Opaque-LSA
SPF Delay Time
SPF Initial-holdtime
SPF Max-holdtime
Reference Bandwidth
Enable/Disable
LSA: a basic communication means of the OSPF routing
protocol for the Internet Protocol (IP).
Set the delay time for OSPF SPF calculations.
Range: 0-6000000, in milliseconds.
Set the initialization time of OSPF SPF.
Range: 0-6000000, in milliseconds.
Set the maximum time of OSPF SPF.
Range: 0-6000000, in milliseconds.
Range: 1-4294967, in Mbit.
Table 4-2-7-4 OSPF Parameters
Figure 4-2-7-5
Item
Interface
Interface
Hello Interval (s)
Dead Interval (s)
Retransmit
Interval (s)
Transmit Delay
Description
Select interface from "cellular0" and "FE0".
Send interval of Hello packet. If the Hello time between two adjacent
routers is different, the neighbour relationship cannot be established.
Range: 1-65535.
Dead Time. If no Hello packet is received from the neighbours within
the dead time, then the neighbour is considered failed. If dead times of
two adjacent routers are different, the neighbour relationship cannot
be established.
When the router notifies an LSA to its neighbour, it is required to make
acknowledgement. If no acknowledgement packet is received within
the retransmission interval, this LSA will be retransmitted to the
neighbour. Range: 3-65535.
It will take time to transmit OSPF packets on the link. So a certain delay
50
UR51 User Guide
(s)
time should be increased before transmission the aging time of LSA.
This configuration needs to be further considered on the low-speed
link.
Range: 1-65535
Interface Advanced Options
Interface
Select interface.
Network
Select OSPF network type.
Cost
Set the cost of running OSPF on an interface. Range: 1-65535.
Priority
Set the OSPF priority of interface. Range: 0-255.
Set the authentication mode that will be used by the OSPF area.
Simple: a simple authentication password should be configured and
Authentication
confirmed again.
MD5: MD5 key & password should be configured and confirmed again.
Key ID
It only takes effect when MD5 is selected. Range 1-255.
Key
The authentication key for OSPF packet interaction.
Table 4-2-7-5 OSPF Parameters
Figure 4-2-7-6
Item
Passive Interface
Passive Interface
Network
IP Address
Netmask
Area ID
Area
Description
Select interface from "cellular0", "FE0" and "FE1".
The IP address of local network.
The netmask of local network.
The area ID of original LSA's router.
51
UR51 User Guide
Area ID
Area
No Summary
Authentication
Set the ID of the OSPF area (IP address).
Select from "Stub" and "NSSA".
The backbone area (area ID 0.0.0.0) cannot be set as "Stub" or
"NSSA".
Forbid route summarization.
Select authentication from "simple" and "md5".
Table 4-2--7-6 OSPF Parameters
Figure 4-2-7-7
Area Advanced Options
Item
Area Range
Area ID
IP Address
Netmask
No Advertise
Cost
Area Filter
Area ID
Filter Type
ACL Name
Area Virtual Link
Area ID
ABR Address
Authentication
Key ID
Key
Hello Interval
Description
The area ID of the interface when it runs OSPF (IP address).
Set the IP address.
Set the netmask.
Forbid the route information to be advertised among different
areas.
Range: 0-16777215
Select an Area ID for Area Filter.
Select from "import", "export", "filter-in", and "filter-out".
Enter an ACL name which is set on "Routing > Routing
Filtering" webpage.
Set the ID number of OSPF area.
ABR is the router connected to multiple outer areas.
Select from "simple" and "md5".
It only takes effect when MD5 is selected. Range 1-15.
The authentication key for OSPF packet interaction.
Set the interval time for sending Hello packets through the
52
UR51 User Guide
Dead Interval
Retransmit Interval
Transmit Delay
interface. Range: 1-65535.
The dead interval time for sending Hello packets through the
interface. Range: 1-65535.
The retransmission interval time for re-sending LSA.
Range: 1-65535.
The delay time for LSA transmission. Range: 1-65535.
Table 4-2-7-7 OSPF Parameters
Figure 4-2-7-8
Item
Description
Redistribution
Redistribution Type
Select from "connected", "static" and "rip".
Metric
The metric of redistribution router. Range: 0-16777214.
Metric Type
Select Metric type from "1" and "2".
Route Map
Mainly used to manage route for redistribution.
Redistribution Advanced Options
Always Redistribute
Send redistribution default route after starting up.
Default Route
Redistribute Default
Send redistribution default route metric. Range: 0-16777214.
Route Metric
Redistribute Default
Select from "0", "1" and "2".
Route Metric Type
Distance Management
Area Type
Select from "intra-area", "inter-area" and "external".
Distance
Set the OSPF routing distance for area learning. Range: 1-255.
Table 4-2-7-8 OSPF Parameters
4.2.7.4 Routing Filtering
53
UR51 User Guide
Figure 4-2-7-9
Routing Filtering
Item
Description
Access Control List
User-defined name, need to start with a letter. Only letters, digits
Name
and underline (_) are allowed.
Action
Select from "permit" and "deny".
Match Any
No need to set IP address and subnet mask.
IP Address
User-defined.
Netmask
User-defined.
IP Prefix-List
User-defined name, need to start with a letter. Only letters, digits
Name
and underline (_) are allowed.
A prefix name list can be matched with multiple rules. One rule is
Sequence Number
matched with one sequence number. Range: 1-4294967295.
Action
Select from "permit" and "deny".
Match Any
No need to set IP address, subnet mask, FE Length, and LE Length.
IP Address
User-defined.
Netmask
User-defined.
Specify the minimum number of mask bits that must be matched.
FE Length
Range: 0-32.
Specify the maximum number of mask bits that must be matched.
LE Length
Range: 0-32.
Table 4-2-7-9 Routing Filtering Parameters
4.2.8 VPN
Virtual Private Networks, also called VPNs, are used to securely connect two private
networks together so that devices can connect from one network to the other network via
secure channels.
54
UR51 User Guide
The UR51 supports DMVPN, IPsec, GRE, L2TP, PPTP, OpenVPN, as well as GRE over IPsec and
L2TP over IPsec.
4.2.8.1 DMVPN
A dynamic multi-point virtual private network (DMVPN), combining mGRE and IPsec, is a
secure network that exchanges data between sites without passing traffic through an
organization's headquarter VPN server or router.
Figure 4-2-8-1
DMVPN
Item
Enable
Hub Address
Description
Enable or disable DMVPN.
The IP address or domain name of DMVPN Hub.
55
UR51 User Guide
Local IP address
GRE Hub IP Address
GRE Local IP Address
GRE Netmask
GRE Key
Negotiation Mode
Authentication
Algorithm
Encryption Algorithm
DH Group
Key
Local ID Type
IKE Life Time (s)
SA Algorithm
PFS Group
Life Time (s)
DPD Interval Time (s)
DPD Timeout (s)
Cisco Secret
NHRP Holdtime (s)
DMVPN local tunnel IP address.
GRE Hub tunnel IP address.
GRE local tunnel IP address.
GRE local tunnel netmask.
GRE tunnel key.
Select from "Main" and "Aggressive".
Select from "DES", "3DES", "AES128", "AES192" and "AES256".
Select from "MD5" and "SHA1".
Select from "MODP768_1", "MODP1024_2" and
"MODP1536_5".
Enter the preshared key.
Select from "Default", "ID", "FQDN", and "User FQDN"
Set the lifetime in IKE negotiation. Range: 60-86400.
Select from "DES_MD5", "DES_SHA1", "3DES_MD5",
"3DES_SHA1", "AES128_MD5", "AES128_SHA1",
"AES192_MD5", "AES192_SHA1", "AES256_MD5" and
"AES256_SHA1".
Select from "NULL", "MODP768_1", "MODP1024_2" and
"MODP1536-5".
Set the lifetime of IPsec SA. Range: 60-86400.
Set DPD interval time
Set DPD timeout.
Cisco Nhrp key.
The holdtime of Nhrp protocol.
Table 4-2-8-1 DMVPN Parameters
4.2.8.2 IPSec
IPsec is especially useful for implementing virtual private networks and for remote user
access through dial-up connection to private networks. A big advantage of IPsec is that
security arrangements can be handled without requiring changes to individual user
computers.
IPsec provides three choices of security service: Authentication Header (AH), Encapsulating
Security Payload (ESP), and Internet Key Exchange (IKE). AH essentially allows authentication
of the senders’ data. ESP supports both authentication of the sender and data encryption.
IKE is used for cipher code exchange. All of them can protect one and more data flows
between hosts, between host and gateway, and between gateways.
56
UR51 User Guide
Figure 4-2-8-2
IPsec
Item
Enable
IPsec Gateway Address
IPsec Mode
IPsec Protocol
Local Subnet
Local Subnet Netmask
Local ID Type
Remote Subnet
Remote Subnet Mask
Remote ID type
Description
Enable IPsec tunnel. A maximum of 3 tunnels is allowed.
Enter the IP address or domain name of remote IPsec server.
Select from "Tunnel" and "Transport".
Select from "ESP" and "AH".
Enter the local subnet IP address that IPsec protects.
Enter the local netmask that IPsec protects.
Select from "Default", "ID", "FQDN", and "User FQDN".
Enter the remote subnet IP address that IPsec protects.
Enter the remote netmask that IPsec protects.
Select from "Default", "ID", "FQDN", and "User FQDN".
Table 4-2-8-2 IPsec Parameters
57
UR51 User Guide
Figure 4-2-8-3
IKE Parameter
Item
IKE Version
Negotiation Mode
Encryption Algorithm
Authentication
Algorithm
DH Group
Local Authentication
Local Secrets
XAUTH
Lifetime (s)
SA Parameter
SA Algorithm
Description
Select from "IKEv1" and "IKEv2".
Select from "Main" and "Aggressive".
Select from "DES", "3DES", "AES128", "AES192" and "AES256".
Select from "MD5" and " SHA1"
Select from "MODP768_1", "MODP1024_2" and
"MODP1536_5".
Select from "PSK" and "CA".
Enter the preshared key.
Enter XAUTH username and password after XAUTH is enabled.
Set the lifetime in IKE negotiation. Range: 60-86400.
Select from "DES_MD5", "DES_SHA1", "3DES_MD5",
"3DES_SHA1", "AES128_MD5", "AES128_SHA1",
"AES192_MD5", "AES192_SHA1", "AES256_MD5" and
"AES256_SHA1".
58
UR51 User Guide
PFS Group
Lifetime (s)
DPD Interval Time(s)
DPD Timeout(s)
IPsec Advanced
Enable Compression
VPN Over IPsec Type
Select from "NULL", "MODP768_1" , "MODP1024_2" and
"MODP1536_5".
Set the lifetime of IPsec SA. Range: 60-86400.
Set DPD interval time to detect if the remote side fails.
Set DPD timeout. Range: 10-3600.
The head of IP packet will be compressed after it's enabled.
Select from "NONE", "GRE" and "L2TP" to enable VPN over
IPsec function.
Table 4-2-8-3 IPsec Parameters
4.2.8.3 GRE
Generic Routing Encapsulation (GRE) is a protocol that encapsulates packets in order to route
other protocols over IP networks. It’s a tunneling technology that provides a channel through
which encapsulated data message could be transmitted and encapsulation and
decapsulation could be realized at both ends.
In the following circumstances the GRE tunnel transmission can be applied:
- GRE tunnel could transmit multicast data packets as if it were a true network interface.
Single use of IPSec cannot achieve the encryption of multicast.
- A certain protocol adopted cannot be routed.
- A network of different IP addresses shall be required to connect other two similar
networks.
Figure 4-2-8-4
59
UR51 User Guide
GRE
Item
Enable
Remote IP Address
Local IP Address
Local Virtual IP Address
Netmask
Peer Virtual IP Address
Global Traffic
Forwarding
Remote Subnet
Remote Netmask
MTU
Key
Enable NAT
Description
Check to enable GRE function.
Enter the real remote IP address of GRE tunnel.
Set the local IP address.
Set the local tunnel IP address of GRE tunnel.
Set the local netmask.
Enter remote tunnel IP address of GRE tunnel.
All the data traffic will be sent out via GRE tunnel when this
function is enabled.
Enter the remote subnet IP address of GRE tunnel.
Enter the remote netmask of GRE tunnel.
Enter the maximum transmission unit. Range: 64-1500.
Set GRE tunnel key.
Enable NAT traversal function.
Table 4-2-8-4 GRE Parameters
4.2.8.4 L2TP
Layer Two Tunneling Protocol (L2TP) is an extension of the Point-to-Point Tunneling Protocol
(PPTP) used by an Internet service provider (ISP) to enable the operation of a virtual private
network (VPN) over the Internet.
Figure 4-2-8-5
60
UR51 User Guide
L2TP
Item
Enable
Remote IP Address
Username
Password
Authentication
Global Traffic
Forwarding
Remote Subnet
Remote Subnet Mask
Key
Description
Check to enable L2TP function.
Enter the public IP address or domain name of L2TP server.
Enter the username that L2TP server provides.
Enter the password that L2TP server provides.
Select from "Auto", "PAP", "CHAP", "MS-CHAPv1" and
"MS-CHAPv2".
All of the data traffic will be sent out via L2TP tunnel after this
function is enabled.
Enter the remote IP address that L2TP protects.
Enter the remote netmask that L2TP protects.
Enter the password of L2TP tunnel.
Table 4-2-8-5 L2TP Parameters
Figure 4-2-8-6
Advanced Settings
Item
Local IP Address
Peer IP Address
Enable NAT
Enable MPPE
Address/Control
Compression
Description
Set tunnel IP address of L2TP client. Client will obtain tunnel IP
address automatically from the server when it's null.
Enter tunnel IP address of L2TP server.
Enable NAT traversal function.
Enable MPPE encryption.
For PPP initialization. User can keep the default option.
61
UR51 User Guide
Protocol Field
Compression
For PPP initialization. User can keep the default option.
Asyncmap Value
MRU
MTU
Link Detection Interval (s)
Max Retries
Expert Options
One of the PPP protocol initialization strings. User can keep
the default value. Range: 0-ffffffff.
Set the maximum receive unit. Range: 64-1500.
Set the maximum transmission unit. Range: 64-1500
Set the link detection interval time to ensure tunnel
connection. Range: 0-600.
Set the maximum times of retry to detect the L2TP connection
failure. Range: 0-10.
User can enter some other PPP initialization strings in this
field and separate the strings with blank space.
Table 4-2-8-6 L2TP Parameters
4.2.8.5 PPTP
Point-to-Point Tunneling Protocol (PPTP) is a protocol that allows corporations to extend
their own corporate network through private "tunnels" over the public Internet. Effectively, a
corporation uses a wide-area network as a single large local area network.
Figure 4-2-8-7
PPTP
Item
Enable
Remote IP Address
Username
Password
Authentication
Description
Enable PPTP client. A maximum of 3 tunnels is allowed.
Enter the public IP address or domain name of PPTP server.
Enter the username that PPTP server provides.
Enter the password that PPTP server provides.
Select from "Auto", "PAP", "CHAP", "MS-CHAPv1", and
62
UR51 User Guide
Global Traffic
Forwarding
Remote Subnet
Remote Subnet Mask
"MS-CHAPv2".
All of the data traffic will be sent out via PPTP tunnel once enable
this function.
Set the peer subnet of PPTP.
Set the netmask of peer PPTP server.
Table 4-2-8-7 PPTP Parameters
Figure 4-2-8-8
PPTP Advanced Settings
Item
Local IP Address
Peer IP Address
Enable NAT
Enable MPPE
Address/Control
Compression
Protocol Field Compression
Asyncmap Value
MRU
MTU
Link Detection Interval (s)
Max Retries
Expert Options
Description
Set IP address of PPTP client.
Enter tunnel IP address of PPTP server.
Enable the NAT faction of PPTP.
Enable MPPE encryption.
For PPP initialization. User can keep the default option.
For PPP initialization. User can keep the default option.
One of the PPP protocol initialization strings. User can keep
the default value. Range: 0-ffffffff.
Enter the maximum receive unit. Range: 0-1500.
Enter the maximum transmission unit. Range: 0-1500.
Set the link detection interval time to ensure tunnel
connection. Range: 0-600.
Set the maximum times of retrying to detect the PPTP
connection failure. Range: 0-10.
User can enter some other PPP initialization strings in this
field and separate the strings with blank space.
Table 4-2-8-8 PPTP Parameters
63
UR51 User Guide
Related Configuration Example
PPTP Application Example
4.2.8.6 OpenVPN Client
OpenVPN is an open source virtual private network (VPN) product that offers a simplified
security framework, modular network design, and cross-platform portability.
Advantages of OpenVPN include:
- Security provisions that function against both active and passive attacks.
- Compatibility with all major operating systems.
- High speed (1.4 megabytes per second typically).
- Ability to configure multiple servers to handle numerous connections simultaneously.
- All encryption and authentication features of the OpenSSL library.
- Advanced bandwidth management.
- A variety of tunneling options.
- Compatibility with smart cards that support the Windows Crypt application program
interface (API).
Figure 4-2-8-9
64
UR51 User Guide
OpenVPN Client
Item
Enable
Protocol
Remote IP Address
Port
Interface
Authentication
Local Tunnel IP
Remote Tunnel IP
Global Traffic
Forwarding
Enable TLS
Authentication
Username
Password
Enable NAT
Compression
Link Detection Interval
(s)
Link Detection Timeout
(s)
Cipher
MTU
Max Frame Size
Verbose Level
Expert Options
Local Route
Subnet
Subnet Mask
Description
Enable OpenVPN client. A maximum of 3 tunnels is allowed.
Select from "UDP" and "TCP".
Enter remote OpenVPN server's IP address or domain name.
Enter the listening port number of remote OpenVPN server.
Range: 1-65535.
Select from "tun" and "tap".
Select from "None", "Pre-shared", "Username/Password",
"X.509 cert", and "X.509 cert+user".
Set local tunnel address.
Enter remote tunnel address.
All the data traffic will be sent out via OpenVPN tunnel when
this function is enabled.
Check to enable TLS authentication.
Enter username provided by OpenVPN server.
Enter password provided by OpenVPN server.
Enable NAT traversal function.
Select LZO to compress data.
Set link detection interval time to ensure tunnel connection.
Range: 10-1800.
Set link detection timeout. OpenVPN will be reestablished after
timeout. Range: 60-3600.
Select from "NONE", "BF-CBC", "DE-CBC", "DES-EDE3-CBC",
"AES-128-CBC", "AES-192-CBC" and "AES-256-CBC".
Enter the maximum transmission unit. Range: 128-1500.
Set the maximum frame size. Range: 128-1500.
Select from "ERROR", "WARING", "NOTICE" and "DEBUG".
User can enter some other PPP initialization strings in this field
and separate the strings with blank space.
Set the local route's IP address.
Set the local route's netmask.
Table 4-2-8-9 OpenVPN Client Parameters
4.2.8.7 OpenVPN Server
The UR51 supports OpenVPN server to create secure point-to-point or site-to-site
connections in routed or bridged configurations and remote access facilities.
65
UR51 User Guide
Figure 4-2-8-10
Figure 4-2-8-11
OpenVPN Server
Item
Enable
Protocol
Port
Listening IP
Interface
Authentication
Local Virtual IP
Description
Enable/disable OpenVPN server.
Select from TCP and UDP.
Fill in listening port number. Range: 1-65535.
Enter WAN IP address or LAN IP address. Leaving it blank
refers to all active WAN IP and LAN IP address.
Select from " tun" and "tap".
Select from "None", "Pre-shared", "Username/Password",
"X.509 cert" and "X. 509 cert +user".
The local tunnel address of OpenVPN's tunnel.
66
UR51 User Guide
Remote Virtual IP
Client Subnet
Client Netmask
Renegotiation Interval(s)
Max Clients
Enable CRL
Enable Client to Client
Enable Dup Client
Enable NAT
Compression
Link Detection Interval
Cipher
MTU
Max Frame Size
Verbose Level
Expert Options
Local Route
Subnet
Netmask
Account
Username & Password
The remote tunnel address of OpenVPN's tunnel.
Local subnet IP address of OpenVPN client.
Local netmask of OpenVPN client.
Set interval for renegotiation. Range: 0-86400.
Maximum OpenVPN client number. Range: 1-128.
Enable CRL
Allow access between different OpenVPN clients.
Allow multiple users to use the same certification.
Check to enable the NAT traversal function.
Select "LZO" to compress data.
Set link detection interval time to ensure tunnel connection.
Range: 10-1800.
Select from "NONE", "BF-CBC", "DES-CBC", "DES-EDE3-CBC",
"AES-128-CBC", "AES-192-CBC" and "AES-256-CBC".
Enter the maximum transmission unit. Range: 64-1500.
Set the maximum frame size. Range: 64-1500.
Select from "ERROR", "WARING", "NOTICE" and "DEBUG".
User can enter some other PPP initialization strings in this field
and separate the strings with blank space.
The real local IP address of OpenVPN client.
The real local netmask of OpenVPN client.
Set username and password for OpenVPN client.
Table 4-2-8-10 OpenVPN Server Parameters
4.2.8.8 Certifications
User can import/export certificate and key files for OpenVPN and IPsec on this page.
Figure 4-2-8-12
OpenVPN Client
Item
Description
67
UR51 User Guide
CA
Public Key
Private Key
TA
Preshared Key
PKCS12
Import/Export CA certificate file.
Import/Export public key file.
Import/Export private key file.
Import/Export TA key file.
Import/Export static key file.
Import/Export PKCS12 certificate file.
Table 4-2-8-11 OpenVPN Client Certification Parameters
Figure 4-2-8-13
OpenVPN Server
Item
CA
Public Key
Private Key
DH
TA
CRL
Preshared Key
Description
Import/Export CA certificate file.
Import/Export public key file.
Import/Export private key file.
Import/Export DH key file.
Import/Export TA key file.
Import/Export CRL.
Import/Export static key file.
Table 4-2-8-12 OpenVPN Server Parameters
Figure 4-2-868
UR51 User Guide
OpenVPN Server
Item
CA
Client Key
Server Key
Private Key
CRL
Description
Import/Export CA certificate.
Import/Export client key.
Import/Export server key.
Import/Export private key.
Import/Export certificate recovery list.
Table 4-2-8-13 IPsec Parameters
4.3 System
This section describes how to configure general settings, such as administration account,
access service, system time, common user management, SNMP, AAA, event alarms, etc.
4.3.1 General Settings
4.3.1.1 General
General settings include system info, access service and HTTPS certificates.
Figure 4-3-1-1
General
Item
System
Hostname
Web Login
Timeout (s)
Access Service
Local
Description
Default
User-defined router name, needs to start with a letter.
ROUTER
You need to log in again if it times out. Range: 100-3600.
1800
Access the router locally.
Enable
69
UR51 User Guide
Port
Remote
Set port number of the services. Range: 1-65535.
Access the router remotely.
Users can log in the device locally via HTTP to access and
control it through Web after the option is checked.
Users can log in the device locally and remotely via
HTTPS to access and control it through Web after option
is checked.
Users can log in the device locally and remotely via
Telnet after the option is checked.
Users can log in the device locally and remotely via SSH
after the option is checked.
-Disable
Item
Description
HTTPS Certificates
Click "Browse" button, choose certificate file on the PC,
and then click "Import" button to upload the file into
Certificate
router. Click "Export" button will export the file to the
PC. Click "Delete" button will delete the file.
Click "Browse" button, choose key file on the PC, and
then click "Import" button to upload the file into router.
Key
Click "Export" button will export file to the PC.
Click "Delete" button will delete the file.
Default
HTTP
HTTPS
TELNET
SSH
80
443
23
22
--
--
Table 4-3-1-1 General Setting Parameters
4.3.1.3 System Time
This section explains how to set the system time including time zone and time
synchronization type.
Note: to ensure that the router runs with the correct time, it’s recommended that you set
the system time when configuring the router.
Figure 4-3-1-3
70
UR51 User Guide
Figure 4-3-1-4
Figure 4-3-1-5
System Time
Item
Current Time
Time Zone
Sync Type
Sync with Browser
Browser Time
Set up Manually
Sync with NTP Server
Sync with NTP Server
NTP Server Address
Description
Show the current system time.
Click the drop down list to select the time zone you are in.
Click the drop down list to select the time synchronization
type.
Synchronize time with browser.
Show the current time of browser.
Manually configure the system time.
Synchronize time with NTP server so as to achieve time
synchronization of all devices equipped with a clock on
network.
Set NTP server address (domain name/IP).
71
UR51 User Guide
Enable NTP Server
NTP client on the network can achieve time synchronization
with router after "Enable NTP Server" option is checked.
Table 4-3-1-3 System Time Parameters
Related Configuration Example
System Time Management
4.3.1.4 SMTP
SMTP, short for Simple Mail Transfer Protocol, is a TCP/IP protocol used in sending and
receiving e-mail. This section describes how to configure email settings.
Figure 4-3-1-6
SMTP
Item
SMTP Client Settings
Enable
Email Address
Password
SMTP Server Address
Port
Enable TLS
Email Recipients
Email Address
Test
Description
Enable or disable SMTP client function.
Enter the sender's email account.
Enter the sender's email password.
Enter SMTP server's domain name.
Enter SMTP server port. Range: 1-65535.
Enable or disable TLS encryption.
Add recipients' email address.
Check if the recipients can get the mail from sender.
Table 4-3-1-4 SMTP Setting
Related Topics
Events Setting
Events Application Example
72
UR51 User Guide
4.3.1.5 Phone
Phone settings involve in call/SMS trigger and SMS alarm for events.
1. Add phone list.
2. Select phone numbers and add them to the phone group.
3. Go to “Network > Interface > Cellular > Connection Mode > Connect on Demand >
Trigger by Call / Trigger by SMS” or go to “System > Events > Event Settings > SMS” and
then select the phone group ID.
Figure 4-3-1-7
Phone
Item
Phone Number List
Number
Description
Phone Group
Group ID
Description
List
Selected
Description
Enter the telephone number. Digits, "+" and "-" are allowed.
The description of the telephone number.
Set number for phone group. Range: 1-100.
The description of the phone group.
Show the phone list.
Show the selected phone number.
Table 4-3-1-5 Phone Settings
Related Topic
Connect on Demand
73
UR51 User Guide
4.3.1.6 Storage
You can view Micro SD card storage information on this page.
Figure 4-3-1-8
Storage
Item
Status
Storage
(Capacity/Available)
Format
Description
Show the status of Micro SD card, such as “Available” or “Not
Inserted”.
The total capacity of the Micro SD Card.
Format the Micro SD card.
Table 4-3-1-6 Storage Information
4.3.2 User Management
4.3.2.1 Account
Here you can change the login username and password of the administrator.
Note: it is strongly recommended that you modify them for the sake of security.
Figure 4-3-1-2
74
UR51 User Guide
Account
Item
Username
Old Password
New Password
Confirm New Password
Description
Enter a new username. You can use characters such as a-z,
0-9, "_", "-", "$". The first character can't be a digit.
Enter the old password.
Enter a new password.
Enter the new password again.
Table 4-3-1-2 Account Information
4.3.2.2 User management
This section describes how to create common user accounts.
The common user permission includes Read-Only and Read-Write.
Figure 4-3-2-1
User Management
Item
Description
Enter a new username. You can use characters such as a-z, 0-9, "_", "-", "$".
Username
The first character can't be a digit.
Password
Set password.
Select user permission from “Read-Only” and “Read-Write”.
- Read-Only: users can only view the configuration of router in this level.
Permission
- Read-Write: users can view and set the configuration of router in this
level.
Table 4-3-2-1 User Management
Related Configuration Example
Common User Management
4.3.3 SNMP
SNMP is widely used in network management for network monitoring. SNMP exposes
management data with variables form in managed system. The system is organized in a
75
UR51 User Guide
management information base (MIB) which describes the system status and configuration.
These variables can be remotely queried by managing applications.
Configuring SNMP in networking, NMS, and a management program of SNMP should be set
up at the Manager.
Configuration steps are listed as below for achieving query from NMS:
1. Enable SNMP setting.
2. Download MIB file and load it into NMS.
3. Configure MIB View.
4. Configure VCAM.
Related Configuration Example
SNMP Application Example
4.3.3.1 SNMP
The UR51 supports SNMPv1, SNMPv2c and SNMPv3 version. SNMPv1 and SNMPv2c employ
community name authentication. SNMPv3 employs authentication encryption by username
and password.
Figure 4-4-3-1
SNMP Settings
Item
Enable
Port
SNMP Version
Location Information
Contact Information
Description
Enable or disable SNMP function.
Set SNMP listened port. Range: 1-65535.
The default port is 161.
Select SNMP version; support SNMP v1/v2c/v3.
Fill in the location information.
Fill in the contact information.
Table 4-4-3-1 SNMP Parameters
76
UR51 User Guide
4.3.3.2 MIB View
This section explains how to configure MIB view for the objects.
Figure 4-4-3-2
MIB View
Item
View Name
View Filter
View OID
Included
Excluded
Description
Set MIB view's name.
Select from "Included" and "Excluded".
Enter the OID number.
You can query all nodes within the specified MIB node.
You can query all nodes except for the specified MIB node.
Table 4-3-3-2 MIB View Parameters
4.3.3.3 VACM
This section describes how to configure VCAM parameters.
Figure 4-3-3-3
VACM
Item
Description
SNMP v1 & v2 User List
Community
Set the community name.
Permission
Select from "Read-Only" and "Read-Write".
77
UR51 User Guide
MIB View
Network
Read-Write
Read-Only
SNMP v3 User List
Group Name
Security Level
Read-Only View
Read-Write View
Inform View
Select an MIB view to set permissions from the MIB view list.
The IP address and bits of the external network accessing the
MIB view.
The permission of the specified MIB node is read and write.
The permission of the specified MIB node is read only.
Set the name of SNMPv3 group.
Select from "NoAuth/NoPriv", "Auth/NoPriv", and " Auth/Priv".
Select an MIB view to set permission as "Read-only" from the
MIB view list.
Select an MIB view to set permission as "Read-write" from the
MIB view list.
Select an MIB view to set permission as "Inform" from the MIB
view list.
Table 4-3-3-3 VACM Parameters
4.3.3.4 Trap
This section explains how to enable network monitoring by SNMP trap.
Figure 4-3-3-4
SNMP Trap
Item
Enable
SNMP Version
Server Address
Port
Name
Auth/Priv Mode
Description
Enable or disable SNMP Trap function.
Select SNMP version; support SNMP v1/v2c/v3.
Fill in NMS's IP address or domain name.
Fill in UDP port. Port range is 1-65535. The default port is
162.
Fill in the group name when using SNMP v1/v2c; fill in the
username when using SNMP v3.
Select from "NoAuth & No Priv", "Auth & NoPriv", and
"Auth & Priv".
Table 4-3-3-4 Trap Parameters
78
UR51 User Guide
4.3.3.5 MIB
This section describes how to download MIB files. The last MIB file “URSA-ROUTER-MIB.txt”
is for the UR51 router.
Figure 4-3-3-5
MIB
Item
MIB File
Download
Description
Select the MIB file you need.
Click "Download" button to download the MIB file to PC.
Table 4-3-3-5 MIB Download
4.3.4 AAA
AAA access control is used for visitors control and the available corresponding services once
access is allowed. It adopts the same method to configure three independent safety
functions. It provides modularization methods for following services:
- Authentication: verify if the user is qualified to access to the network.
- Authorization: authorize related services available for the user.
- Charging: record the utilization of network resources.
4.3.4.1 Radius
Using UDP for its transport, Radius is generally applied in various network environments with
higher requirements of security and permission of remote user access.
Figure 4-3-4-1
79
UR51 User Guide
Radius
Item
Enable
Server IP Address
Server Port
Key
Description
Enable or disable Radius.
Fill in the Radius server IP address/domain name.
Fill in the Radius server port. Range: 1-65535.
Fill in the key consistent with that of Radius server in order to
get connected with Radius server.
Table 4-3-4-1 Radius Parameters
4.3.4.2 Tacacs+
Using TCP for its transport, Tacacs+ is mainly used for authentication, authorization and
charging of the access users and terminal users by adopting PPP and VPDN.
Figure 4-3-4-2
Tacacs+
Item
Enable
Server IP Address
Server Port
Key
Description
Enable or disable Tacacs+.
Fill in the Tacacs+ server IP address/domain name.
Fill in the Tacacs+ server port. Range: 1-65535.
Fill in the key consistent with that of Tacacs+ server in order to get
connected with Tacacs+ server.
Table 4-3-4-2 Tacacs+ Parameters
4.3.4.3 LDAP
A common usage of LDAP is to provide a central place to store usernames and passwords.
This allows many different applications and services to connect the LDAP server to validate
users.
LDAP is based on a simpler subset of the standards contained within the X.500 standard.
Because of this relationship, LDAP is sometimes called X.500-lite as well.
80
UR51 User Guide
Figure 4-3-4-3
LDAP
Item
Enable
Server IP Address
Server Port
Base DN
Security
Username
Password
Description
Enable or Disable LDAP.
Fill in the LDAP server's IP address/domain name. The maximum
count is 10.
Fill in the LDAP server's port. Range: 1-65535
The top of LDAP directory tree.
Select secure method from "None", "StartTLS" and "SSL".
Enter the username to access the server.
Enter the password to access the server.
Table 4-3-4-3 LDAP Parameters
4.3.4.4 Authentication
AAA supports the following authentication ways:
- None: uses no authentication, generally not recommended.
- Local: uses the local username database for authentication.

Advantages: rapidness, cost reduction.

Disadvantages: storage capacity limited by hardware.
- Remote: has user’s information stored on authentication server. Radius, Tacacs+ and
LDAP supported for remote authentication.
When radius, Tacacs+, and local are configured at the same time, the priority level is: 1 >2 >3.
81
UR51 User Guide
Figure 4-3-4-4
Authentication
Item
Console
Web
Telnet
SSH
Description
Select authentication for Console access.
Select authentication for Web access.
Select authentication for Telnet access.
Select authentication for SSH access.
Table 4-3-4-4 Authentication Parameters
4.3.5 Device Management
You can connect the device to the device management platform on this page so as to manage the
router centrally and remotely.
Figure 4-3-5-1
Device Management
Item
Status
Description
Show the connection status between the router and device
82
UR51 User Guide
Disconnected
Activation Server Address
Device Management
Server Address
Activation Method
Authentication Code
ID
Password
management platform.
Click this button to disconnect the router from the device
management platform.
IP address or domain of the device management server.
The URL address for the device to connect to the device
management service, e.g. http://220.82.63.79:8080/acs.
Select activation method to connect the router to the device
management server, options are "By Authentication ID" and
"By ID".
Fill in the authentication code generated from the device
management platform.
Fill in the registered device management account (email) and
password.
Table 4-3-5-1
4.3.6 Events
Event feature is capable of sending alerts by Email when certain system events occur.
4.3.6.1 Events
You can view alarm messages on this page.
Figure 4-3-6-1
Events
Item
Mark as Read
Delete
Mark All as Read
Delete All Alarms
Status
Description
Mark the selected event alarm as read.
Delete the selected event alarm.
Mark all event alarms as read.
Delete all event alarms.
Show the reading status of the event alarms, such as “Read” and
“Unread”.
83
UR51 User Guide
Type
Time
Message
Show the event type that should be alarmed.
Show the alarm time.
Show the alarm content.
Table 4-3-6-1 Events Parameters
4.3.6.2 Events Settings
In this section, you can decide what events to record and whether you want to receive email
and SMS notifications when any change occurs.
Figure 4-3-6-2
Event Settings
Item
Enable
Cellular Up
Cellular Down
VPN Up
VPN Down
Record
Email
Email Setting
SMS
SMS Setting
Phone Group List
Description
Check to enable "Events Settings".
Cellular network is connected.
Cellular network is disconnected.
VPN is connected.
VPN is disconnected.
The relevant content of event alarm will be recorded on
"Event" page if this option is checked.
The relevant content of event alarm will be sent out via email if
this option is checked.
Click and you will be redirected to the page "SMTP" to
configure the sender's & recipients' info.
The relevant content of event alarm will be sent out via SMS if
this option is checked.
Click and you will be redirected to the page of "Phone" to
configure phone group list.
Select phone group to receive SMS alarm.
Table 4-3-6-2 Events Parameters
84
UR51 User Guide
Related Topics
Email Setting
Events Application Example
4.4 Industrial Interface
The UR51 router is capable of connecting with terminals through industrial interface so as to
realize wireless communication between terminals and remote data center.
The router’s industrial interface type is serial port (RS232 and RS485). Either RS232 or RS485
can be used at one time.
Figure 4-4-1 Pinouts
Figure 4-4-2
DB9 Male to Terminal Block Adapter
PIN
1
2
3
4
5
6
7
8
9
RS232
--RXD
TXD
--GND
---------
RS485
A
--------B
-------
Description
Data +
Receive Data
Transmit Data
--Ground
Data -------
Table 4-4-1 Pinouts Definition
RS232 adopts full-duplex communication. It’s generally used for communication within 20 m.
RS485 adopts half-duplex communication to achieve transmission of serial communication
data with distance up to 1200 m.
4.4.1 Serial Port
Serial 1 is used for RS232 or RS485.
This section explains how to configure serial port parameters to achieve communication with
serial terminals, and configure work mode to achieve communication with the remote data
center, so as to achieve two-way communication between serial terminals and remote data
center.
85
UR51 User Guide
Figure 4-4-1-1
Serial Settings
Item
Description
Enable
Enable or disable serial port function.
Serial Type
Select from RS232 or RS485
Range is 300-230400. Same with the baud rate of the connected
Baud Rate
terminal device.
Options are “8” and “7”. Same with the data bits of the
Data Bits
connected terminal device.
Options are “1” and “2”. Same with the stop bits of the
Stop Bits
connected terminal device.
Options are “None”, “Odd” and “Even”. Same with the parity of
Parity
the connected terminal device.
Software
Enable or disable software flow control.
Flow Control
The option is "DTU Mode". The serial port can establish
Serial Mode
communication with the remote server/client.
Default
Disable
-9600
8
1
None
Disable
DTU
Mode
Table 4-4-1-1 Serial Parameters
86
UR51 User Guide
Figure 4-4-1-2
DTU Mode
Item
DTU Protocol
TCP Server
Listening port
Keepalive
Interval
Keepalive
Retry Times
Packet Size
Serial Frame
Interval
Description
Select from "None", "Transparent", "Modbus", and "TCP
server".
- Transparent: the routed is used as TCP client/UDP and
transmits data transparently.
- TCP server: the router is used as TCP server and transmits
data transparently.
- Modbus: the router will be used as TCP server with
modbus gateway function, which can achieve conversion
between Modbus RTU and Modbus TCP.
Default
Set the router listening port. Range: 1-65535.
After TCP connection is established, router will send heartbeat
packet to the client regularly by TCP to keep alive. The interval
range is 1-3600 in seconds.
When TCP heartbeat times out, router will resend heartbeat.
After it reaches the preset retry times, TCP connection will be
reestablished. The retry times range is 1-16.
Set the size of the serial data frame. Packet will be sent out
when preset frame size is reached. The size range is 1-1024.
The unit is byte.
The interval that the router sends out real serial data stored in
the buffer area to public network. The range is 10-65535, in
milliseconds.
Note: data will be sent out to public network when real serial
data size reaches the preset packet size, even though it's
502
75
--
9
1024
100
87
UR51 User Guide
within the serial frame interval.
Table 4-4-1-2 DTU Parameters
Item
Transparent
Protocol
Keepalive
Interval (s)
Keepalive
Retry Times
Packet Size
Serial Frame
Interval
Reconnect
Interval
Specific
Protocol
Heartbeat
Interval
ID
Register
String
Server
Address
Server Port
Status
Modbus
Local Port
Description
Default
Select "TCP" or "UDP" protocol.
After TCP client is connected with TCP server, the client
will send heartbeat packet by TCP regularly to keep alive.
The interval range is 1-3600, in seconds.
When TCP heartbeat times out, the router will resend
heartbeat. After it reaches the preset retry times, router
will reconnect to TCP server. The range is 1-16.
Set the size of the serial data frame. Packet will be sent
out when preset frame size is reached. The range is
1-1024. The unit is byte.
The interval that the router sends out real serial data
stored in the buffer area to public network. The range is
10-65535, in milliseconds.
Note: data will be sent out to public network when real
serial data size reaches the preset packet size, even
though it's within the serial frame interval.
After connection failure, router will reconnect to the
server at the preset interval, in seconds. The range is
10-60.
By Specific Protocol, the router will be able to connect to
the TCP2COM software.
By Specific Protocol, the router will send heartbeat
packet to the server regularly to keep alive. The interval
range is 1-3600, in seconds.
Define unique ID of each router. No longer than 63
characters without space character.
TCP
Define register string for connection with the server.
Null
Fill in the TCP or UDP server address (IP/domain name).
Null
Fill in the TCP or UDP server port. Range: 1-65535.
Show the connection status between the router and the
server.
Null
Set the router listening port. Range: 1-65535.
502
75
9
1024
100
10
-30
--
--
Table 4-4-1-3 DTU Parameters
Related Configuration Example
DTU Application Example
88
UR51 User Guide
4.4.2 Modbus Master
UR51 Router can be set as Modbus Master to poll the remote Modbus Slave and send alarm
according to the response.
4.4.2.1 Modbus Master
You can configure Modbus Master’s parameters on this page.
Figure 4-4-2-1
Modbus Master
Item
Description
Enable
Enable/disable Modbus master.
Set the interval for reading remote channels. When the read
cycle ends, the commands which haven't been sent out will
Read
be discard, and the new read cycle begins. If it is set to 0, the
Interval/s
device will restart the new read cycle after all channels have
been read. Range: 0-600.
Max. Retries Set the maximum retry times after it fails to read, range: 0-5.
Set the maximum response time that the router waits for the
Max.
response to the command. If the device does not get a
Response
response after the maximum response time, it's determined
Time/ms
that the command has timed out. Range: 10-1000.
Execution
The execution interval between each command. Range:
Interval/ms
10-1000.
Default
--
0
3
500
50
Table 4-4-2-1
4.4.2.2 Channel
You can add the channels and configure alarm setting on this page, so as to connect the
router to the remote Modbus Slave to poll the address on this page and receive alarms from
the router in different conditions.
89
UR51 User Guide
Figure 4-4-2-2
Channel Setting
Item
Description
Name
Set the name to identify the remote channel. It cannot be blank.
Slave ID
Set Modbus slave ID.
Address
The starting address for reading.
Number
The address number for reading.
Read command, options are "Coil", "Discrete", "Holding Register (INT16)",
Type
"Input Register (INT16)", "Holding Register (INT32)" and "Holding Register
(Float)".
Link
Select TCP for transportation.
IP address Fill in the IP address of the remote Modbus device.
Port
Fill in the port of the remote Modbus device.
Sign
To identify whether this channel is signed. Default: Unsigned.
Table 4-4-2-2
Figure 4-4-2-3
90
UR51 User Guide
Alarm Setting
Item
Description
Set the same name with the channel name to identify the remote
Name
channel.
Condition
The condition that triggers alert.
Min.
Set the min. value to trigger the alert. When the actual value is less than
Threshold
this value, the alarm will be triggered.
Max.
Set the max. value to trigger the alert. When the actual value is more
Threshold
than this value, the alarm will be triggered.
Alarm
Select the alarm method, e.g SMS.
Operation
SMS
The preset alarm content will be sent to the specified phone number.
Phone Group Select the phone group to receive the alarm SMS.
When the actual value is restored to the normal value from exceeding the
Normal
threshold value, the router will automatically cancel the abnormal alarm
Content
and send the preset normal content to the specified phone group.
When the actual value exceeds the preset threshold, the router will
Abnormal
automatically trigger the alarm and send the preset abnormal content to
Content
the specified phone group.
Continuous
Once it is enabled, the same alarm will be continuously reported.
Alarm
Otherwise, the same alarm will be reported only one time.
Table 4-4-2-3
4.5 Maintenance
This section describes system maintenance tools and management.
4.5.1 Tools
Troubleshooting tools includes ping and traceroute.
4.5.1.1 Ping
Ping tool is engineered to ping outer network.
Figure 4-5-1-1
91
UR51 User Guide
PING
Item
Host
Description
Ping outer network from the router.
Table 4-5-1-1 IP Ping Parameters
4.5.1.2 Traceroute
Traceroute tool is used for troubleshooting network routing failures.
Figure 4-5-1-2
Traceroute
Item
Description
Host
Address of the destination host to be detected.
Table 4-5-1-2 Traceroute Parameters
4.5.2 Schedule
This section explains how to configure scheduled reboot on the router.
Figure 4-5-2-1
92
UR51 User Guide
Schedule
Item
Description
Schedule
Reboot
Frequency
Hour & Minute
Select schedule type.
Reboot the router regularly.
Select the frequency to execute the schedule.
Select the time to execute the schedule.
Table 4-5-2-1 Schedule Parameters
Related Configuration Example
Schedule Application Example
4.5.3 Log
The system log contains a record of informational, error and warning events that indicates
how the system processes. By reviewing the data contained in the log, an administrator or
user troubleshooting the system can identify the cause of a problem or whether the system
processes are loading successfully. Remote log server is feasible, and router will upload all
system logs to remote log server such as Syslog Watcher.
Related Configuration Example
Logs and Diagnostics
4.5.3.1 System Log
This section describes how to download log file and view the recent log on web.
Figure 4-5-3-1
93
UR51 User Guide
System Log
Item
Description
Download
View recent (lines)
Clear Log
Download log file.
View the specified lines of system log.
Clear the current system log.
Table 4-5-3-1 System Log Parameters
4.5.3.2 Log Settings
This section explains how to enable remote log server and local log setting.
Figure 4-5-3-2
Log Settings
Item
Remote Log Server
Enable
Syslog Server Address
Port
Local Log File
Storage
Size
Log Severity
Description
With “Remote Log Server” enabled, router will send all system
logs to the remote server.
Fill in the remote system log server address (IP/domain name).
Fill in the remote system log server port.
User can store the log file in memory or TF card.
Set the size of the log file to be stored.
The list of severities follows the syslog protocol.
Table 4-5-3-2 System Log Parameters
4.5.4 Upgrade
This section describes how to upgrade the router firmware via web. Generally you don’t
need to do the firmware upgrade.
Note: any operation on web page is not allowed during firmware upgrade, otherwise the
94
UR51 User Guide
upgrade will be interrupted, or even the device will break down.
Figure 4-5-4-1
Upgrade
Item
Firmware Version
Reset Configuration to
Factory Default
Upgrade Firmware
Description
Show the current firmware version.
When this option is checked, the router will be reset to factory
defaults after upgrade.
Click "Browse" button to select the new firmware file, and click
"Upgrade" to upgrade firmware.
Table 4-5-4-1 Upgrade Parameters
Related Configuration Example
Firmware Upgrade
4.5.5 Backup and Restore
This section explains how to create a complete backup of the system configurations to a file,
restore the config file to the router and reset to factory defaults.
95
UR51 User Guide
Figure 4-5-5-1
Backup and Restore
Item
Config File
Backup
Reset
Description
Click "Browse" button to select configuration file, and then
click "Import" button to upload the configuration file to the
router.
Click "Backup" to export the current configuration file to the
PC.
Click "Reset" button to reset factory default settings. Router
will restart after reset process is done.
Table 4-5-5-1 Backup and Restore Parameters
Related Configuration Example
Backup and Restore Configuration
Restore Factory Defaults
4.5.6 Reboot
On this page you can reboot the router and return to the login page. We strongly
recommend clicking “Save” button before rebooting the router so as to avoid losing the new
configuration.
96
UR51 User Guide
Figure 4-5-6-1
97
UR51 User Guide
Chapter 5 Application Examples
5.1 Account Info Management
It is strongly recommended that you change the default username and password of the
administrator account when you log in Ursalink Router’s WEB GUI page at first time for the
sake of security.
Example: change the username and password of administrator account to “uradmin” and
“URpassword”.
The configuration procedures are listed as below.
1. Go to “System > General Settings > Account”.
2. Modify the username to “uradmin”, fill in the old Password “password”, and set the new
Password “URpassword”.
Click “Save” button, and then you will be asked to login again with the new username and
password.
Related Topic
Account Management
5.2 Common User Management
The UR51 router is capable of creating up to 5 common user accounts that have different
authorities, including “Read-Only” and “Read-Write” to manage the router.
“Read-Only” refers to the authority that user is only allowed to view the configuration;
“Read-Write” refers to the authority that user can view and modify all the parameters.
Example: create 2 common user accounts listed below.
Username
ur_user1
ur_user2
Password
UR_password1
UR_password2
Permission
Read-Only
Read-Write
98
UR51 User Guide
Configuration procedures are listed as blow.
1. Go to “System > User Management > User Management”.
2. Click “ ” to add a new common user.
3. Set “Username”, “Password”, and “Permission” as below.
Click “Save” button, and then click “Apply” on the top-right corner to make the changes take
effect.
Related Topic
User Management
5.3 System Time Management
There are 3 ways to synchronize the system time: “Sync with Browser”, “Set up Manually”,
and “Sync with NTP Server”.
Note: to ensure that the router runs with correct time, it’s recommended that you set the
system time when you configure the router.
In the following part we take UTC+8 time zone as an example.
A. Synchronize time with browser
Go to “System > General Settings > System Time”, set time zone as “8 China (Beijing)” and
Sync Type as “Sync with Browser”. And Click “Save” button.
99
UR51 User Guide
B.
Set up time by manual
1.
Go to “System > General Settings > System Time”, set time zone as “8 China (Beijing)”
and Sync Type as “Set up Manually”.
2.
Select the correct local time. And click “Save” button.
C.
Synchronize time with NTP server
1.
Go to “System > General Settings > System Time”, set time zone as “8 China (Beijing)”
and Sync Type as “Sync with NTP Server”.
2. Configure an available NTP server address such as “time.windows.com”.
Click “Save” button.
Related Topic
System Time Setting
5.4 Backup and Restore Configuration
A.
1.
2.
Backup Configuration
Go to “Maintenance > Backup and Restore > Backup and Restore”.
Click “Backup” button under “Backup running-config”.
100
UR51 User Guide
Then the current configuration file will be downloaded to the “Downloads” folder of the PC.
B.
1.
2.
3.
Restore Configuration
Go to “Maintenance > Backup and Restore > Backup and Restore”.
Click “Browse” button under the “Restore” to select configuration file from PC.
Click “Import” to import the selected configuration file to the router.
101
UR51 User Guide
Related Topic
Backup and Restore
5.5 Restore Factory Defaults
5.5.1 Via Web Interface
1. Log in web interface, and go to “Maintenance > Backup and Restore”.
2. Click “Reset” button under the “Restore Factory Defaults”.
You will be asked to confirm if you’d like to reset it to factory defaults. Then click “Reset”
button.
Then the router will reboot and restore to factory settings immediately.
102
UR51 User Guide
Please wait till the login page pops up again, which means the router has already been reset
to factory defaults successfully.
Related Topic
Restore Factory Defaults
5.5.2 Via Hardware
103
UR51 User Guide
Locate the reset button on the router, and take corresponding actions based on the status of
STATS LED.
STATUS LED
Blinking
Static Green →
Rapidly Blinking
Off → Blinking
Action
Press and hold the reset button for more than 15 seconds.
Release the button and wait.
The router is now reset to factory defaults.
5.6 Firmware Upgrade
It is suggested that you contact Ursalink technical support first before you upgrade router
firmware.
After getting firmware file from Ursalink technical support, please refer to the following steps
to complete the upgrade.
1. Go to “Maintenance > Upgrade”.
2. Click “Browse” and select the correct firmware file from the PC.
3. Click “Upgrade” and the router will check if the firmware file is correct. If it’s correct, the
firmware will be imported to the router, and then the router will start to upgrade.
104
UR51 User Guide
105
UR51 User Guide
Related Topic
Upgrade
5.7 Events Application Example
Example
In this section, we will take an example of sending alarm messages by email when the
following events occur and recording the event alarms on the Web GUI.
Events
Actions to make events occur (for test)
Cellular network is connected.
Insert SIM card.
Cellular network is disconnected.
Remove SIM card.
WAN cable is connected.
Plug WAN cable.
WAN cable is disconnected.
Unplug WAN cable.
Configuration Steps
1.
Go to “System > Events > Events Settings” and enable Event settings.
2.
Check corresponding events for record and email alarm, and then click “Save” button as
below. Click “Email Settings” and go to SMTP settings.
106
UR51 User Guide
Configure the corresponding parameters including email sending settings and recipients as
below. Click “Save” and “Apply” button to make the changes take effect.
107
UR51 User Guide
3.
To test the functionality of Alarm, please take the corresponding actions listed above.
It will send an alarm e-mail to you when the relevant event occurs.
Refresh the web GUI, go to “Events > Events”, and you will find the events records.
Related Topics
Events
Email Setting
5.8 Schedule Application Example
Through schedule configuration, the UR51 can be set to reboot at preset time every day.
Example
Configure router to reboot at 0:00 every day.
Configuration Steps
1.
Go to “Maintenance > Schedule > Schedule”.
108
UR51 User Guide
2.
Click “
” to set up a new schedule task as below.
3.
Click “Save” and “Apply” button.
Related Topic
Schedule Setting
5.9 Logs and Diagnostics
System log of the UR51 supports 2 types of output method, including Web, Remote Log
Server and Console.
Application 1
Obtain system log on Web.
Go to “Maintenance > Log > System log”, and you will see the log is listed in the box.
109
UR51 User Guide
Application 2
Send the system log to the remote syslog server.
Server IP: 110.22.14.43; Port: 514
Go to “Maintenance > Log > Log Settings” to configure the parameters as below.
Then click “Save” and “Apply” button.
Related Topic
System Log
5.10 SNMP Application Example
Before you configure SNMP parameters, please download the relevant “MIB” file from the
UR51’s WEB GUI first, and then upload it to any software or tool which supports standard
SNMP protocol. Here we take “ManageEngine MibBrowser Free Tool” as an example to
access the router to query cellular information.
1. Go to “System > SNMP > MIB” and download the MIB file “URSA-ROUTER-MIB.txt” to
PC.
110
UR51 User Guide
2.
Start “ManageEngine MibBrowser Free Tool” on the PC. Click “File > Load MIB” on the
menu bar. Then select “BURSA-ROUTER-MIB.txt” file from PC and upload it to the
software.
Click the “+” button beside “URSA-ROUTER-MIB”, which is under the “Loaded MibModules”
menu, and find “usCellularinfo”. And then you will see the OID of cellular info is
“.1.3.6.1.4.1.50234”, which will be filled in the MIB View settings.
3.
Go to “System > SNMP > SNMP” on the router’s WEB GUI. Check “Enable” option, then
click “Save” button.
111
UR51 User Guide
4. Go to “System > SNMP > MIB View”. Click
to add a new MIB view and define the
view to be accessed from the outside network. Then click “Save” button.
5.
Go to “System > SNMP > VACM”. Click
to add a new VACM setting to define the
access authority for the specified view from the specified outside network. Click “Save”
and “Apply” to make the changes take effect.
6.
Go to MibBrowser, enter host IP address, port and community. Right click “usCellular
CurrentSim” and then click “FET”. Then you will get the current SIM info on the result
112
UR51 User Guide
box. You can get other cellular info in the same way.
Related Topic
SNMP
5.11 Cellular Connection
The UR51 routers have two cellular interfaces, named SIM1 & SIM2. Only one cellular
interface is active at one time. If both cellular interfaces are enabled, SIM1 interface takes
precedence as default.
Example
We are about to take an example of inserting a SIM card into SIM1 slot of the UR51 and
configuring the router to get Internet access through cellular.
Configuration Steps
1. Go to “Network > Interface > Cellular > Cellular Setting” and configure the cellular info.
2. Enable SIM1.
3. Choose relevant network type. "Auto", "4G First", “4G Only”, "3G First", “3G Only”, “2G
First” and "2G only" are optional.
113
UR51 User Guide
Click “Save” and “Apply” for configuration to take effect.
Note:
114
UR51 User Guide
If you select “Auto”, the router will obtain ISP information from SIM card to set APN,
Username, and Password automatically. This option will only be taken effect when the SIM
card is issued from well-known ISP.
If you select “4G First” or “4G Only”, you can click “Save” to finish the configuration
directly.
If you select “3G First”, “3G Only”, “2G First” or “2G Only”, you should manually configure
APN, Username, Password, and Access Number.
4. Check the cellular connection status by WEB GUI of router.
Click “Status > Cellular” to view the status of the cellular connection. If it shows 'Connected',
SIM1 has dialed up successfully.
5.
Check out if network works properly by browser on PC.
Open your preferred browser on PC, type any available web address into address bar and see
if it is able to visit Internet via the UR51 router.
Related Topic
Cellular Setting
Cellular Status
5.12 Dual SIM Backup Application Example
Example
115
UR51 User Guide
In this section we will take an example of inserting two SIM cards into the UR51. When one
SIM fails, router will try to connect with the other SIM as backup link.
Configuration Steps
1. Go to “Network > Interface > Cellular” to enable SIM1 and SIM2. Leave the network
type as “Auto” by default.
2.
Enable “Dual SIM Strategy”, and configure the corresponding options as below. ICMP
server can be configured as any reachable IP address.
116
UR51 User Guide
Then click “Save” and “Apply” button.
3.
Go to “Status > Cellular”, and you will see the router is connected to the network via
SIM1.
4.
You can remove SIM1 to make the router fail to connect to network via it. Go to
“Status > Cellular” again, and you will see the router is connected to the network
through SIM2.
117
UR51 User Guide
Now SIM2 becomes the main SIM, and SIM1 runs as the backup.
The router won’t reconnect via SIM1 until SIM2 fails.
Related Topic
Cellular Setting
Cellular Status
5.13 VRRP Application Example
Application Example
A Web server requires Internet access through the UR51 router. To avoid data loss caused by
router breakdown, two UR51 routers can be deployed as VRRP backup group, so as to
improve network reliability.
VRRP group:
UR51 Router A and Router B are connected to the Internet via cellular network. .
Virtual IP is 192.168.1.254/24.
UR51
Router
Virtual Router ID
(Same for A and B)
Port connected LAN IP Address
with switch
Priority
Preemption
Mode
A
1
FE
192.168.1.1
110
Enable
B
1
FE
192.168.1.2
100
Disable
Refer to the topological below.
118
UR51 User Guide
Configuration Steps
Router A Configuration
1. Go to “Network > Interface > Cellular” and configure cellular connection as per cellular
connection application example.
2.
Go to “Network > Link Failover > SLA” and configure SLA probe. The default probe type
is ICMP. The destination address is the host address which can be probed by ICMP in
public network or private network. Other parameters can be kept as default value.
3.
Go to “Network > Link Failover > Track” and configure link track parameters. You can use
the default Track settings.
4.
Go to “Network > Link Failover > VRRP” and configure VRRP parameters as below.
119
UR51 User Guide
Router B Configuration
1. Go to “Network > Interface > cellular” and configure cellular connection as per cellular
connection application example.
2.
Go to “Network > Link Failover > SLA” and configure SLA probe. The default probe type
is ICMP. The destination address is the host address which can be probed by ICMP in
public network or private network. Other parameters can be kept as default value.
3.
Go to “Network > Link Failover > Track” and configure link track parameters. You can use
the default Track settings.
4.
Go to “Network > Link Failover > VRRP” and configure VRRP parameters as below.
Once you complete all configurations, click “Apply” button on the top-right corner to make
120
UR51 User Guide
changes take effect.
Result: normally, A is the master router, used as the default gateway. When the power of
Router A is down or Router A suffers from failure, Router B will become the master router,
used as the default gateway. With Preemption Mode enabled, Router A will be master and
Router B will demote back to be the backup once Router A can access the Internet again.
Related Topics
VRRP Setting
Track Setting
SLA Setting
5.14 NAT Application Example
Example
An UR51 router can access Internet via cellular. FE 0 port is connected with a Web server
whose IP address is 192.168.1.2 and port is 8000. Configure the router to make public
network access the server.
Configuration Steps
Go to “Firewall > Port Mapping” and configure port mapping parameters.
Click “Save” and “Apply” button.
Related Topic
Port Mapping
5.15 Access Control Application Example
Application Example
FE port of the UR51 is set as LAN with IP 192.168.1.0/24. Then configure the router to deny
accessing to Google IP 198.98.108.64 from local device with IP 192.168.1.12.
Configuration Steps
121
UR51 User Guide
1. Go to “Network > Firewall > ACL” to configure access control list. Click “
” button to
set parameters as below. Then click “Save” button.
2.
Configure interface list. Then click “Save” and “Apply” button.
Related Topic
ACL
5.16 QoS Application Example
Example
Configure the UR51 router to distribute local preference to different FTP download channels.
The total download bandwidth is 75000 kbps.
Note: the “Total Download Bandwidth” should be less than the real maximum bandwidth
122
UR51 User Guide
of cellular interface.
FTP Server IP & Port
110.21.24.98:21
110.32.91.44:21
Percent
40%
60%
Max Bandwidth(kbps)
30000
45000
Min Bandwidth(kbps)
25000
40000
Configuration Steps
1. Go to “Network > QoS > QoS(Download)” to enable QoS and set the total download
bandwidth.
2.
Please find “Service Classes” option, and click “
” to set up service classes.
Note: the percents must add up to 100%.
3.
Please find “Classification Rules” option, and click “
” to set up rules.
Note:
IP/Port: null refers to any IP address/port.
Click “Save” and “Apply” button.
Related Topic
QoS Setting
123
UR51 User Guide
5.17 DTU Application Example
Example
PLC is connected with the UR51 via RS232. Then enable DTU function of the UR51 to make a
remote TCP server communicate with PLC. Refer to the following topological graph.
Serial Parameters of the PLC
Baud Rate
9600
Data Bit
8
Stop Bit
1
Parity
None
Configuration Steps
1.
Go to “Industrial > Serial Port” and configure serial port parameters. The serial port
parameter shall be kept in consistency with those of PLC, as shown in figure below.
2.
Configure Serial Mode as “DTU Mode”. The UR51 is connected as client in “Transparent”
protocol.
124
UR51 User Guide
3.
Configure TCP server IP and port.
4.
Once you complete all configurations, click “Save” and “Apply” button.
5.
Start TCP server on PC.
Take “Netassist” test software as example. Make sure port mapping is already done.
6.
Connect the UR51 to PC via RS232 for PLC simulation. Then start “sscom” software on
the PC to test communication through serial port.
125
UR51 User Guide
7.
After connection is established between the UR51 and the TCP server, you can send
data between sscom and netassit.
PC side
TCP server side
126
UR51 User Guide
8.
After serial communication test is done, you can connect PLC to RS232 port of the UR51
for test.
Related Topic
Serial Port
5.18 PPTP Application Example
Example
Configure the UR51 as PPTP client to connect to a PPTP server in order to have data
transferred securely. Refer to the following topological graph.
Configuration Steps
1. Go to “Network > VPN > PPTP”, configure PPTP server IP address, username and
password provided by PPTP server.
Note: If you want to have all data transferred through VPN tunnel, check “Global Traffic
127
UR51 User Guide
Forwarding” option.
If you want to access peer subnet such as 192.168.3.0/24, you need to configure the subnet
and mask to add the route.
2.
Check “Show Advanced” option, and you will see the advanced settings.
128
UR51 User Guide
If the PPTP server requires MPPE encryption, then you need to check “Enable MPPE” option.
If the PPTP server assigns fixed tunnel IP to the client, then you can fill in the local tunnel IP
and remote tunnel IP, shown as below.
Otherwise PPTP server will assign tunnel IP randomly.
Click “Save” button when you complete all settings, and then the advanced settings will be
hidden again. Then click “Apply” button to have the configurations take effect.
3.
Go to “Status > VPN” and check PPTP connection status.
PPTP is established as shown below.
Local IP: the client tunnel IP.
Remote IP: the server tunnel IP.
Related Topics
PPTP Setting
PPTP Status
[END]
129
Download PDF
Similar pages