AirMax4GW User`s Manual
Contents
1. Kr o Management Settings Item Setting Remote Management via SMS Enable Disable Delete SMS for Remote Management Enable Disable t Security Key 5 Command Settings Item Setting r Status Enable Disable m Sonnet Enable Disable Disconnect f Enable Disable Reconnect Enable Disable Reboot Enable Disable o Notification Settings Item Setting WAN Link Up Enable Disable WAN Link Down Enable Disable u Access Control List i Item Setting b Access Control Enable Disable t Phone 1 Management Notification t Phone 2 Management Notification Phone 3 Management Notification Managemen in Management Settings gt Remote Management via SMS Enable C Disable gt Delete SMS for Remote Management e Enable Disable Security Key SKey Remote Management via SMS Check this to enable this function Delete SMS for Remote Management This device will delete received SMS message that is for remote management purpose if enabling this option This option can prevent storage space of SIM card from being occupied continuously If SIM storage is full this gateway can t receive any new SMS 6 Security Key This security key will be used for authentication when this gateway receives SMS command Users need to type this key first and then followed by a command There should be a blank between key and command e g 1234 reboot If this field is2. 5 1 L2TP Server Enable or disable L2TP serverfunction 2 L2TP over IPSec L2TP over IPSec VPNs allow you to transport data over the Internet while still maintaining a high level of security to protect data Enter a Pre shared key that system will use it in IPSec tunneling And when you use some devices like Apple related mobile devices you should also know that key to establish L2TP over IPSec tunnels 3 Server Virtual IP It is the virtual IP address of L2TP server used in L2TP tunneling This IP address should be different from the gateway one and members of LAN subnet of Business Security Gateway 109 AirLive AirMax4GW User s Manual dE ir Live 4 Web Management IP Pool Starting Address This device will assign an IP address for each remote L2TP client This value indicates the beginning of IP pool IP Pool Ending Address This device will assign an IP address for each remote L2TP client This value indicates the end of IP pool Authentication Protocol You can choose authentication protocol as PAB CHAP MS CHAP or MS CHAP v2 MPPE Encryption Check the Enable box to activate MPPE encryption Please note that MPPE needs to work with MS CHAP or MS CHAP v2 authentication method In the meantime you also can choose encryption length of MPPE encryption 40 bits 56 bits or 128 bits 4 2 3 4 2 L2TP Server Status The user name and connection information for each connected L2TP client to the L2TP server of the
3. a Configuration Item Setting Time Scheduling amp Enable j Time Schedule List Add Delete ID Rule Name Actions Save Refresh 1 Enable Enable or disable the scheduling function 2 Add New Rule Tocreate a schedule rule click the Add New button or the Add New Rule button at the bottom When the next dialog popped out you can edit the Name of Rule Policy and set the schedule time Week day Start Time and End Time In a schedule rule it collects 8 time periods to organize it You also can specify the rule is to define the enable timing Inactive except the selected days and hours below or disable timing Active except the selected days and hours below Time Schedule Configuration Sleeping Time gt Rule Policy the Selected Days and Hours Below Time Period Definition ID Week Day Start Time hh mm End Time hh mm Every Day choose one Vv L AJU N z E choose one v E choose one v SS T4 C en choose one v co choose one v Afterwards click save to store your settings or click Undo to give up the changes 4 4 3 Grouping This device supports three types of objects to be grouped They are host objects file extension objects and L7 Application objects One Enable checkbox provides user to activate the grouping function for all types
4. select one select one gt Full Tunnel gt Remote Subnet select one Remote Netmask select one select one select one gt Remote Gateway lwwwipsec comtw J IP Address FQDN 1 Local Subnet The subnet of LAN site of local Business Security Gateway It can be a host a partial subnet or the whole subnet of LAN site of local gateway There are 5 entries for Local Subnet 2 Local Netmask The local netmask and associated local subnet can define a subnet domain for the local devices connected via the VPN tunnel There are 5 entries for Local Netmask 3 Full Tunnel All traffic from Intranet of Business Security Gateway goes over the IPSec VPN tunnel if these packets don t match the Remote Subnet of other IPSec tunnels That is both application data and Internet access packets land up at the VPN concentrator 4 Remote subnet The subnet of LAN site of remote Business Security Gateway It can be a host a partial subnet or the whole subnet of LAN site of remote gateway There are 5 entries for Remote Subnet 5 Remote Netmask The remote netmask and associated remote subnet can define a subnet domain for the remote devices connected via the VPN tunnel There are 5 entries for Remote Netmask 6 Remote Gateway Enter the IP address or FQDN of remote Business oecurity Gateway 4 2 3 2 6 Authentication Setting k Key Management IKE Pre shared Key 12345678
5. Enable Auto V Auto v None V 1 Wireless Module Enable the wireless function 2 Wireless Operation Mode Choose WDS Only Mode from the drop list 3 Lazy Mode This device support the Lazy Mode to automatically learn the MAC address of WDS peers you don t have to input other peer AP s MAC address However not all the APs can be set to enable the Lazy mode simultaneously at least there must be one AP with all the WDS peers MAC address filled 4 Green AP Enable the Green AP function to reduce the power consumption when there are no wireless traffics AirLive AirMax4GW User s Manual 48 i 4 Web Management LE L AN LIve 5 Channel The radio channel number The permissible channels depend on the Regulatory Domain The factory default setting is auto channel selection 6 Authentication amp Encryption You may select one of the following authentications to secure your wireless network Open Shared Auto WPA PSK and WPA2 PSK e Open Open system authentication simply consists of two communications The first is an authentication request by the client that contains the station ID typically the MAC address This is followed by an authentication response from the AP router WiFi gateway containing a success or failure message An example of when a failure may occur is if the client s MAC address is explicitly excluded in the AP router configuration In this mode you can enable 802 1x
6. o LAN Interface Status IPv6 Link Local Address IPv6 Global Address Actions IPv4 Subnet Mask IPv4 Address 64 Edit IPv4 Edit IPv6 192 168 123 254 255 255 255 0 Note You can see the first screen is located at Status Network Status after you logged in and the screen shows the Network Connection Status below WAN Interface IPv4 Network Status 0 0 0 0 WAN Interface IPv6 Network Status Interface WAN Type Link Local IP Address Global IP Address Connection Status Disable LAN Interface Status IPv4 Address IPv4 Subnet Mask IPv6 Link Local Address IPv6 Global Address Aetions 3G 4G Modem Status Physical Interface Card Information Link Status Signal Strength Network Name Actions O o emm ow Ed Internet Traffic Statistics WAN ID Physical Interface Received Packets Transmitted Packets You can also check status of WiFi at WiFi Status page connected clients at LAN Client List page and other advanced function status at Firewall Status page VPN Status page and System Management Status page AirLive AirMax4GW User s Manual 28 Air Live 4 Web Management 4 1 Basic Network You can enter Basic Network for WAN LAN amp VLAN WiFi IPv6 NAT Bridging Routing and Client Server Proxy settings as the icon shown here Air Live www airlive cc AirMax4GW 4G LTE Outdoor Gateway with WiF i Wizard MEI NAT Bridging Client Serv
7. DSCP Marking and you need specify the DSCP value additionally 6 QoS Direction Select the traffic direction to be applied for this rule a For Outbounddata BOTH Inbound and Outbound 7 Sharing Method If you want to apply the value of control setting on each selected host in the Group you need to select Individual Control for Sharing Method On the other hand if the value of control setting wants to be applied on all selected hosts in the Group you need to select Group Control For example you define Control Function as Set Session Limitation and the limited sessions are 2000 sessions You also define Sharing Method as Individual Control Then that means the maximum connection sessions of each selected host can t exceed 2000 sessions On the contrary changing to Group Control it means that group of client hosts totally can t use over 2000 connection sessions 8 Schedule The rule can be turn on according to the schedule rule you specified and give user more flexibility on access control By default it is always turned on when the rule is enabled For more details please refer to the System Scheduling menu 9 Enable Check the box if you want to enable the rule Each rule can be enabled or disabled individually Afterwards click on Save to store your settings or click Undo to give up the changes 93 AirLive AirMax4GW User s Manual 4 Web Management Air Live Exam
8. LAN Configuration t Global Address t Link local Address 1 Global Address Please enter IPv6 global address for LAN interface 2 Link local Address To show the IPv6 Link local address of LAN interface Address Auto configuration Address Auto configuration gt Auto configuration v Enable Auto configuration Type Stateless V gt Router Advertisement Lifetime seconds 1 Auto configuration Disable or enable this auto configuration setting 2 Auto configuration Type You may set stateless or stateful Dynamic IPv6 3 Router Advertisement Lifetime You can set the time for the period that the router send broadcast its router advertisement Each router periodically multicasts a Router Advertisement from each of its multicast interfaces 61 AirLive AirMax4GW User s Manual i 4 Web Management L e Z anf LIVE announcing the IP address of that interface Hosts discover the addresses of their neighboring routers simply by listening for advertisements When a host attached to a multicast link starts up it may multicast a Router Solicitation to ask for immediate advertisements rather than waiting for the next periodic ones to arrive if and only if no advertisements are forthcoming the host may retransmit the solicitation a small number of times but then must desist from sending any more solicitations Any routers that subsequently start up or that were not discovered because of packet loss or tempor
9. URL Blocking URL Blocking will block LAN users to browse pre defined websites Firewall Web Content Filters Web Content filter can block files with the specific extension like exe bat applications mpeg video and Scripts Type like Java QoS amp BWM Applet Java Scripts cookies Active X MAC Address Control MAC Address Control allows you to assign different access rule for different users Application Filters Application Filter can categorize Internet Protocol packets based on their application layer data and allow or deny their passing of gateway Redundanc This function depends on model st mitcicssnt as idt IPS IPS Intrusion Prevention Systems are network security appliances that monitor network and or system activities for malicious activity The main functions Certificate of IPS are to identify malicious activity log information about this activity attempt to block stop it and report it Options Provide 4 more firewall options for system operation They include the stealth mode enable SPI enable discard ping from WAN and remote administrator host QoS amp BWM M aosaewm mpu PT Redundancy PT aystem Management cR Korm The main goal of QoS Quality of Service is prioritizing incoming data and preventing data loss due to factors such as jitter delay and dropping Another important aspect of QoS is ensuring that prioritizing one data flow doesn t interfere with ot
10. ccccccecccceececeeeeceeceteecesseeeeseeeeseeeesaees 3 BGT WDS Bitte Mode duode eased areata Ieee late doc eased tapas ae Ado ai ubi 3 TO ZAP Router Modeen o nee e eor A A E E A 4 2 Installing th AirMax GW sicsictecdccncuesccssecasvevandsarmasicassdewnedanwernceeaeenaaaseatad 5 2e CHONG TOU S a E MO LED 5 Per ACK E CONO aa EE EES 6 2 3 Knowing your AirMax4QOW ccccccseccseeeeeeeeeeceeeseeeteeeseeeteeeteeetaeeeas 6 2 4 Hardware Installation eeeeeeeeeeenn ne 9 2A A MSE LHe LIVE Cards eod uite EE LU E IAM LM IM M oM E CAD ELE 9 24 2 CONMECUNS POWER ERREUR 9 2495 MOUM AIM RIGO 0 Renee ee rene sare eEnE TaN coe RE Te cE te s ipM EE RO t Tne TEE TORE MIT Seta Oe 10 2 5 Heslore Settings To Defa sso ace iens Bus rd b cod eat cR a 11 3 Configuring the AirMax4QW ceeseee eee onere eene nnn nnns 12 3 1 Important Information eeeseeseeseeeeenenneenn n 12 92 Prepare VOUP eu ner enn eee ene ae ne eee ene 12 3 3 Easy Setup by Web Interface ccccccccseccseeeeeseeeeeteeeseeeeaeetanees 13 coo A A 0272111 6 EE EEA E NCR NX Oe E A 14 3 4 Network Ol IS aerasi inedia EE a aR E aE 19 FEEN LACS SAU a E ey eee ice E OE E 19 ATN E etcscacts ena ies ce eeca cen ste ease 21 CE RSS M QNI RISE NN mv Te eT ene ero rene eet OP RE rr wea 22 2d d Ie Wy al SUAS eo actncsetctenenn dae daz eaten id totas etapa dont a 22 ASN PN S a eee eee mene ne ee A EM REE are A ee
11. e Supported MIBs e MIB II RFC 1213 Include IPv6 e F MIB IP MIB TCP MIB UDP MIB e SMIv1 and SMIv2 e SNMPv2 TM and SNMPv2 MIB e AMIB AirLive Private MIB 117 AirLive AirMax4GW User s Manual 4 Web Management Configuration Help gt SNMP Enable M LAN y WAN gt Get Set Community React O wieC O Trap Event Receiver 1 192 168 123 10 gt Trap Event Receiver 2 gt Trap Event Receiver 3 EE 3 gt Trap Event Receiver 4 1 SNMP Enable You can check Local LAN Remote WAN or both to enable SNMP function If Local LAN is checked this device will respond to the request from LAN If Remote WAN is checked this device will respond to be request from WAN 2 WAN Access IP Address If you want to limit the remote SNMP access to specific computer please enter the PC s IP address The default value is 0 0 0 0 and it means that any internet connected computer can get some information of the device with SNMP protocol 3 SNMP Version Supports SNMP V1 and V2c 4 Get Community The community of GetRequest that this device will respond This is a text password mechanism that is used to weakly authenticate queries to agents of managed network devices 5 Set Community The community of SetRequest that this device will accept 6 Trap Event Receiver 1 4 Enter the IP addresses or Domain Name of your SNMP Management PCs You have to specify it so that the devic
12. 4 Web Management o L E BN 1VWC 8 Authentication Protocol You can choose authentication protocol as PAP CHAP MS CHAP or MS CHAP v2 The protocol you choose must be supported by remote L2TP server 9 MPPE Encryption Check the Enable box to activate MPPE encryption Please note that MPPE needs to work with MS CHAP or MS CHAP v2 authentication methods 10 NAT before Tunneling Check the Enable box to let hosts in the Intranet of Business Security Gateway can go to access Internet via remote PPTP server By default it is enabled However if you want the remote PPTP Server to monitor the Intranet of local Business Security Gateway the option can t be enabled 11 LCP Echo Type Choose the way to do connection keep alive By default it is Auto option that means system will automatically decide the time interval between two LCP echo requests and the times that system can retry once system LCP echo fails You also can choose User defined option to define the time interval and the retry times by yourself The last option is Disable 12 Tunnel Check the Enable box to activate the tunnel 4 2 3 5 GRE Generic Routing Encapsulation GRE is a tunneling protocol developed by Cisco oystems that can encapsulate a wide variety of network layer protocols inside virtual point to point links over an Internet Protocol internetwork 4 2 3 5 1 GRE VPN Tunnel Scenario Generic Routing Encapsulation GRE is a tunne
13. AirLive AirMax4GW User s Manual 108 i 4 Web Management LE L F LIve 4 2 3 4 L2TP In computer networking Layer 2 Tunneling Protocol L2TP is a tunneling protocol used to support virtual private networks VPNs or as part of the delivery of services by ISPs It does not provide any encryption or confidentiality by itself Rather it relies on an encryption protocol that it passes within the tunnel to provide privacy The Business Security Gateway can behave as a L2TP server and a L2TP client at the sametime Configuration gt L2TP W Enable gt Client Server 1 L2TP Check the Enable box to activate L2TP client and server functions 2 Client Server Choose Server or Client to configure corresponding role of L2TP VPN tunnels for the Business Security Gateway beneath the choosing screen 4 2 3 4 1 L2TP Server Configuration The Business Security Gateway can behave as a L2TP server and it allows remote hosts to access LAN servers behind the L2TP server The device can support four authentication methods PAP CHAP MS CHAP and MS CHAP v2 Users can also enable MPPE encryption when using MS CHAP or MS CHAP v2 L2TP Server Configuration L2TP Server Enable L2TP over IPsec Enable Preshare Key Min 8 characters Server Virtual IP 192 168 10 1 IF Fool Starting Address IF Pool Ending Address Authentication Protocol PAP V CHAP EFI MS CHAP Vl MS CHAP v2 MPPE Encryption E Enable
14. Bandwidth of Downstream 150 Mbps v System Management Total Connection Sessions 30000 Certificate Save Undo 4 2 2 1 Configuration System Resource Configuration Help mm gt WAN Interface WAN 1 w Before QoS amp BWM function can work correctly this gateway needs to define the resource for QoS amp BWM function to utilize They include the maximum number of priority queues that the device supports and some kinds of resources for each WAN interface You can choose one WAN interface to define its resources like available bandwidth of WAN connection and the number of total connection sessions The application of Flexible Bandwidth Management on the interface can also be specified here WAN Interface Resource gt Bandwidth of Upstream gt Bandwidth of Downstream gt Total Connection Sessions 1 Bandwidth of Upstream The maximum bandwidth of uplink in Mbps 2 Bandwidth of Downstream The maximum bandwidth of downlink in Mbps 3 Total Connection Sessions Input the maximum number of connection sessions for the WAN interface AirLive AirMax4GW User s Manual 88 TN 4 Web Management o L E BN IVE 4 2 2 2 Rule base QoS This gateway provides lots of flexible rules for you to set QoS policies Basically you need to know three parts of information before you create your own policies First who needs to be managed Second what kind of service needs to be manage
15. Besides there is an additional Reset command button for each virtual AP to clear the traffic statistics WiFi Traffic Statistics Refresh CNN NN NN ECC NN NC DRILL em Pee fwsf NNNM mem E 98d LIC o 7 Dem o e 98 p o y o epe e o mu 3 4 3 LAN Client List In order to view the connection of current active wired wireless clients it will display LAN interface IP address configuration host name MAC address and remaining lease time of all client devices on status page LAN Client List LAN Interface IP Address Configuration HostName MAC Address Remaining Lease Time Ethernet Dynamic 10 0 75 100 JP PC 20 6A 8A 5E 28 BF 23 37 57 Dynamic 10 0 75 101 BLACKBERRY 0D73 A8 6A 6F 47 80 FA 23 48 31 3 4 4 Firewall Status In Firewall Status page you can review lots information of filter status including Packet Filters URL Blocking Web Content Filters MAC Control Application Filters IPS and other options of firewall AirLive AirMax4GW User s Manual 22 3 Configuring the AirMax4GW ZS Air Live Packet Filters This window displays all fired rules and detected contents of firing activated packet filter rules Besides the source IP address and firing time of these events are also shown there One Edit button in the Packet Filters caption can let you change its settings Another or button at the upper right corner can Packet Filters Edit Activated Filter Rule Detected Conte
16. C3 151 AirLive AirMax4GW User s Manual TN 5 Installing the AirMax4GW L ER BN A E WP Storage 40 85 C Humidity Operating 10 9096 Non Condensing otorage max 9596 Non Condensing Certification CE Dimension 130 x 302 x 51 mm Product Weight 1120 g AirLive AirMax4GW User s Manual 152 TN 6 Wireless Network Glossary L E 08 BN IVC Wireless Network Glossary The wireless network glossary contains explanation or information about common terms used in wireless networking products Some of information in this glossary might be outdated please use with caution 802 11a An IEEE specification for wireless networking that operates in the 5 GHz frequency range 5 425 GHz to 5 750 GHz with a maximum of 54 Mbps data transfer rate The 5 GHz frequency band is not as crowded as the 2 4 GHz band In addition the 802 11a have 12 non overlapping channels comparing to 802 11b g s 3 non overlapping channels This means the possibility to build larger non interfering networks However the 802 11a deliver shorter distance at the same output power when comparing to 802 1 1g 802 3ad 802 3ad is an IEEE standard for bonding or aggregating multiple Ethernet ports into one virtual port also known as trunking to increase the bandwidth 802 3af This is the PoE Power over Ethernet standard by IEEE committee 803 af uses 48V POE standard that can deliver up to 100 meter distance over Ethernet cab
17. Email Now iem Setting Web Log System Wi Attacks Drop Debug Categories Email Alert E Enable g Server List Option AddObject E mail Addresses E mail Subject Syslogd Enable Server List Option Y AddObject Save Refresh 139 AirLive AirMax4GW User s Manual ZS Air 4 4 1 4 4 Web Management Liwe Web Log You can select the log types to be collected in the web log area There are System Attacks Drop and Debug types of system logs for you to select View You can browse refresh download and clear the log messages after clicking on the View command button Email Alert This device can also export system logs via sending emails to specific recipients The items you have to setupinclude Enable Check it if you want to enable Email alert send system logs via email Server Port Input the SMTP server IP and port which are connected with If you do not specify port number the default value is 25 E mail Addresses The recipients are the ones who will receive these logs You can assign more than 1 recipient by using or to separate these email addresses E mail Subject The subject of email alert is optional Email Now A command button to let you email out current web logs right now instead of the email alert period System Tools The device supports many system tools including system time configuration FW upgrad
18. If users require data encryption when using the Windows PPIP client the remote VPN server must support MPPE Microsoft Point To Point Encryption Protocol encryption PPTP is also used by some ISP for user authentication particularly when pairing with legacy Alcatel Thomson ADSL modem Preamble Type Preamble are sent with each wireless packet transmit for transmission status Use the long preamble type for better compatibility Use the short preamble type for better performance Rate Control Ethernet switches function to control the upstream and downstream speed of an individual port Rate Control management uses Flow Control to limit the speed of a port Therefore the Ethernet adapter must also have the flow control enabled One way to force the adapter s flow control on is to set a port to half duplex mode RADIUS Remote Authentication Dial In User Service An authentication and accounting system used by many Internet Service Providers ISPs When you dial in to the ISP you must enter your username and password This information is passed to a RADIUS server which checks that the information is correct and then authorizes access to the ISP system Radius typically uses port 1812 and port 1813 for authentication and accounting port Though not an official standard the RADIUS specification is maintained by a working group of the IETF Receiver Sensitivity Heceiver sensitivity means how sensitive is the radio for receiving signal
19. TKIP AES In this mode you don t need additional RADIUS server for user authentication 7 Scan Remote AP s MAC List If you do not enable the Lazy mode you have to enter the wireless MAC address for each WDS peer one by one Click on the Scan button to get the available AP s MAC list automatically and select the expected item and copy its MAC address to the Remote AP MAC 1 4 one by one t Scan Remote AP s MAC List Remote AP MAC1 Remote AP MAC Remote AP MACS Remote AP MAC4 O Copy MAC to Here EE Wireless AP List 8 Remote AP MAC 1 Remote AP MAC 4 If you do not enable the Lazy mode you have to enter the wireless MAC address for each WDS peer one by one Afterwards click on Save to store your settings or click Undo to give up the changes 4 1 3 1 3 WDS Hybrid Mode WDS Wireless Distributed System Hybrid function let this access point acts as a wireless LAN access point and a repeater at the same time Users can use this feature to build up a large wireless network in a large space like airports hotels and schools etc AirLive AirMax4GW User s Manual 90 4 Web Management WDS AP WDS AP Notebook 2 4G WiFi Configuration gt WiFi Module Enable gt WiFi Operation Mode Lazy Mode W Enable gt Green AP Enable gt Multiple AP Names VAP 1 v Enable Max STA Enable 1 16 Time Schedule 0 Always ae P ODG761 Broadcast J Enable Broadcast WLAN Parton gt
20. and Execution And each category has its own list of file extension objects like exe Choose one to join the group by clicking on the Join button 5 Group Check the Enable box to activate the group definition 4 4 3 4 L7 Application Grouping 4 4 3 4 1 L7 Application Group List L7 Application Group List can show the list of all file extension groups and their member lists and bound services in this window You can add one new grouping rule by clicking on the Add command button But also you can modify some existed file extension groups by clicking corresponding Edit command buttons at the end of each group record in the File Extension Group List Besides unnecessary groups can be removed by checking the Select box for those groups and then clicking on the Delete command button at the File Extension Group List caption L7 Application Group List 1 Add Click on the button to add one L7 application group 2 Delete Click on the button to delete the L7 application groups that are specified in advance by checking on the Select box of those groups 3 Edit Click on the button to edit the L7 application group 4 Select Select the file extension group to delete 4 4 3 4 2 L7 Application Group Configuration AirLive AirMax4GW User s Manual 146 4 Web Management LZ Air Live L7 Application Group Configuration Setting gt Group Name Need2Block BT eDonkey eMule L7 Applicati
21. this gateway or receive notifications when enable thisoption 2 Phone 1 5 For security concern this gateway won t deal with the command if that phone number is not in the list even the security key is correct The phone number must be with the international prefix i e 886939123456 You can also assign specific phone number can send command and or also can receive notifications 4 3 2 Captive Portal Captive Portal Configuration 3 Captive Portal Configuration Item Captive Portal WAN Interface LAN Subnet Authentication Server e UAM Server Setting Enable WAN 1 DHCF 1 T External RADIUS Server T radius T v Enable Select from External Server List hotspot Y Save Refresh The gateway supports the Captive Portal function including external captive portal For external captive portable you must specify external RADIUS Remote Authentication Dial In User Service server and external UAM Universal Access Method server AirLive AirMax4GW User s Manual 136 TN 4 Web Management o L E BN 1VWC External Captive Portal Before enabling external Captive Portal function please go to System gt gt External Servers to define some external server objects like RADIUS server and UAM server Then configure Captive Portal function in this page to specific WAN Interface select external Authentication Server and UAM Server from the pre defined external server object list NOTE All Inte
22. 8 Options O Configuration Help Item Setting IPS Enable Log Alert Enable o Intrusion Prevention Item Setting gt SYN Flood Defense Enable 300 Packets second 10 10000 UDP Flood Defense Enable 300 Packets second 10 10000 ICMP Flood Defense Enable 300 Packets second 10 10000 Port iii Detection Enable 200 Packets second 1010000 Block Land Attack Enable Block Ping of Death Enable Block IP Spoof Enable Block TCP Flag Scan Enable Block Smurf Enable Block Traceroute Enable Block Fraggle Attack Enable ARP Spoofing Defence Enable 300 Packets second 10 10000 Save Undo Firewall Options Help Item Setting gt Stealth Mode Enable gt SPI 4 Enable Discard Ping from WAN r Enable Remote Administrator Hosts IP Mask Port 0 0 0 0 0 80 Enable Save Undo 1 Stealth Mode Enable this feature this device will not respond to port scans from the WAN so that makes it less susceptible to discovery and attacks on the Internet SPI When this feature is enabled the router will record the outgoing packet information pass through the router like IP address port address ACK SEQ number and so on And the router will check every incoming packet to detect if this packet is valid Discard PING from WAN If this feature is enabled this gateway won t reply any ICMP request packet from WAN side It means any remote host can t get response
23. CLI also known as command line user interface console user interface and character user interface CUI is a means of interacting with a computer program where the user or client issues commands to the program in the form of successive lines of text command lines The interface is usually implemented with a command line shell which is a program that accepts commands as text input and converts commands to appropriate operating system functions Programs with command line interfaces are generally easier to automate via scripting The device supports both Telnet and SSH CLI with default service port 23 and 22 respectively And it also accepts commands from both LAN and WAN sides TROAS ipi 3 Configuration Item Setting Telnet with CLI LAN iv Enable WAN Enable Telnet Service Port 23 Enable Connection Type a te SSH Service Port 22 Enable Save Undo 4 2 5 4 UPnP UPnP Internet Gateway Device IGD Standardized Device Control Protocol is a NAT port mapping protocol and is supported by some NAT routers It is a common communication protocol of automatically configuring port forwarding Applications using peer to peer networks multiplayer gaming and remote assistance programs 119 AirLive AirMax4GW User s Manual TM 4 Web Management L E EK F EA EWC need a way to communicate through home and business gateways Without IGD one has to manually configure the gateway to allow traffic through a process which
24. Embedded LTE Module with 2 SIM slot LTE Band 800 900 1800 2600MHz ME 3G Band 900 2100Mhz 10 100 1000M Auto MDI MDI X UTP Port x 1 10 dBi Directional WiFi Antenna AirLive AirMax4GW User s Manual 150 TN 5 Installing the AirMax4GW a e Ar Live EP WPA PSK WPA2 PSK WPA Radius 02 1x EAP P M VLAN DDNS ing IPSec PPTP L2TP GRE VPN L2TP Over IPSec FW upgrade eb elnet Management NMP R 069 WiFi Output Power EIRP ETSI 2 4GHz 19 1dBm Receive Sensitivity 4GHz 90 2dBm Power Supply 02 3at PoE Input Wireless Security UO C e o lt TI m o lt D ES lt O ds A O EUM A lt U Co O Z g Z Z gt gt J Q U O D sl gt U O lt N I O z U D lt D siezzzsss o 2 29 205 ZI O 2 o FT g 4 2 8 2 o 2 Z o zz ale ola Ks 5 o 2 zig m U 5 Aaz D olj U ale Oe gs UU z 9 9 U S o e Q U gt O N S A z i D O C Q 3 gt 2 lt Z CD O D D O D Oo e D D Oo IL O zi IL O 2 o ey D E O 2 Oo IL O zn e 2 2 2 8 zg O 5 89 8 8 5 N O cl lico C Qo 25 3 O C o P Q a e Qo 5 Ul Ss allo lt JJ e lee D ES rima oe on Z pira o o Ce JJ D o JJ Op U D 5 Q H 0 4 lt O ho TI O NO OD O O D x S 5 e
25. Information Protocol RIP will exchange information about destinations for computing routes throughout the network Please select RIPv2 only if you have different subnets in your network Otherwise please select RIPv1 if you need this protocol 4 1 6 2 2 OSPF OSPF Is an interior gateway protocol that routes Internet Protocol IP packets solely within a single routing domain autonomous system It gathers link state information from available routers and constructs a topology map of the network The topology determines the routing table presented to the Internet Layer which makes routing decisions based solely on the destination IP address found in IP packets AirLive AirMax4GW User s Manual 68 4 Web Management N Air Live OSPF Configuration gt OSPF Enable gt Backbone Subnet 192 168 121 0 24 OSPF Area List Ce ee GC NC NN o eeen eem v p You can enable the OSPF routing function by click on the Enable button for OSPF item There are 8 area subnets can be defined in the OSPF network and enable them individually When you finished setting click on Save to store your settings Above settings are just for examples 4 1 6 2 3 BGP Border Gateway Protocol BGP is the protocol backing the core routing decisions on the Internet It maintains a table of IP networks or prefixes which designate network reach ability among autonomous systems AS It is described as a path vector protocol BGP does not use t
26. Item Setting b Um Enable t Client Server c PPTP Server Configuration Item Setting PPTP Server gt Enable Server Virtual IP 192 168 0 1 IP Pool Starting Address 10 IP Pool Ending Address 100 Authentication Protocol PAP CHAP MS CHAP MS CHAP We MPPE Encryption Enable 40 bits v o PPTP Server Status Refresh User Name Remote IP Remote Virtual IP Remote Call ID Actions No connection from remote he o User Account List Add Delete ID User Name Password Enable Actions 107 AirLive AirMax4GW User s Manual TN 4 Web Management o L E BN 1VWC 1 PPTP Client Name The name of this tunnel 2 Operation Mode Default is Always on and other options depend on product models Peer IP Domain The IP address or Domain name of remote PP TP server User Name The user name which can be validated by remote PP TP server Password The password which can be validated by remote PP TP server o Ol a EM Default Gateway Peer Subnet You can choose Default Gateway option or Peer Subnet option here When Default Gateway is chosen all traffic from Intranet of Business Security Gateway goes over this PPTP tunnel if these packets don t match the Peer Subnet of other PPTP tunnels There is only one PPTP tunnel to own the Default Gateway property However when Peer Subnet is chosen peer subnet parameter needs to be filled and it should be the LAN subnet of remote PPTP s
27. Min 8 characters Local ID Type i j Remote ID Type IDD 1 99 AirLive AirMax4GW User s Manual i 4 Web Management e L e NF Iive 1 Key Management Select IKE Pre shared Key or Manually Other options depend on product models By default IKE Pre shared Key method is adopted for key management It is the first key used in IKE phase for both VPN tunnel initiator and responder to negotiate further security keys to be used in IPSec phase The pre shared key must be the same for both VPN tunnel initiator and responder When Manually key management is adopted the Pre shared is not necessary 2 Local ID The Type and the Value of the local Business Security Gateway must be the same as that of the Remote ID of the remote VPN peer There are 4 types for Local ID User Name FQDN User FQDN and Key ID 3 Remote ID The Type and the Value of the local Business Security Gateway must be the same as that of the local ID of the remote VPN peer There are also 4 types for Remote ID User Name FQDN User FQDN and Key ID 4 2 3 2 IKE Phase IKE Phase Negotiation Mode Main Mode H X Auth Mone UserName Password Dead Peer Detection DPD E Enable Timeout seconds Delay seconds t Phase Key Life Time seconds Max 86400 1 Negotiation Mode Choose Main Mode or Aggressive Mode Main Mode provides identity protection by authenticating peer identities when pre shared keys a
28. Only Alert Rule List Add Delete ID From Phone Number Alert Approach Destination Enable Actions o SMS Summary New SMS SMS Inbox Setting Item Unread SMS Q Received SMS 1 18 Remaining SMS Save Refresh You can compose new SMS message and check received SMS message on this gateway Configuration Physical Interface 3G 4G 1 v gt SMS Storage SIM Card Only v 1 Physical Interface Indicate which 3G LTE modem is used for SMS feature 2 SMS Indicate which SIM card is used for SMSfeature SMS Storage Select storage for SMS message This gateway only supports SIM Card Only for SMS storage This gateway can forward received SMS message automatically Press Add to add new rule Alert Rule List Lr From Phone Number Alert Approach Destination Alert Rule Configuration k From Phone Number t Alert Approach k Destination 129 AirLive AirMax4GW User s Manual 4 Web Management Air Live 1 From Phone Number Indicate phone number of sender 2 Alert Approach Decide the way to forward message You can forward this message to another phone number or to a mail address or to a syslog server 3 Destination Please enter the phone number of receiver if you choose Auto forward Or enter a mail address if choosing By Email Or enter the IP address of syslog server if choosing By Syslog 4 Enable Enab
29. Server ID 1 Priority 254 Virtual Server IP Priority 253 Virtual Server IP 1582 168 12 200 182 168 12 700 DHCP Server Gateway 192 158 12 200 IP 182 168 12 100 Gateway 1182 1658 12 200 The protocol achieves this by creation of virtual routers which are an abstract representation of multiple routers i e master and backup routers acting as a group The default gateway of a participating host is assigned to the virtual router instead of a physical router If the physical router that is routing packets on behalf of the virtual router fails another physical router is selected to automatically replace it The physical router that is forwarding packets at any given time is called the master router o Configuration Item Setting t VRRP Enable t Virtual Server ID 1 255 Priority of Virtual Server Lowest 1 254 Highest Virtual Server IP Address Save Undo 1 VRRP Enable or disable the VRHP function 2 Virtual Server ID Means Group ID Specify the ID number of the virtual server Its value ranges from 1 to 255 3 Priority of Virtual Server Specify the priority to use in VRRP negotiations Valid values are from 1 to 254 and a larger value has higher priority 115 AirLive AirrMax4GW User s Manual LL 4 Web Management Air Live 4 Virtual Server IP Address Specify the IP address of the virtual server Click on Save to store what you just select or Undo to give up 4 2 5 Syst
30. The state where the certificate is located Location L The city where the certificate is located Organization O The company whom the certificate belongs to Organization Unit OU The company department whom the certificate belongs to Common Name CN The common name for certificate It s important as the common name for certificate E mail The email address of a contact for the certificate You also can import one certificate from your backup ones by clicking on the Import button There are two approaches to import it One is from a file and another is copy paste the PEM codes in Web UI and then click on the Apply button 3 Import BEA FERHIER Apply Cancel 3 PEM Encoded fs Apply Cancel 123 AirLive AirMax4GW User s Manual i 4 Web Management ir Liwe Certainly you also can delete one local certificate by checking corresponding Select box and clicking on the Delete button You can view its PEM codes by checking the View button You can download the local certificate file by clicking on the Download button 4 2 0 2 Trusted Certificate Trusted Certificates include Trusted CA Certificate List and Trusted Client Certificate List The Trusted CA Certificate List which places the external trusted CA The Trusted Client Certificate List which place the certificates what you trust o Trusted CA Certificate List Import Delete ID Name Subject Issuer Vaild To Action 9 Trusted Client Certifi
31. Ul During normal operation this gateway will disconnect WAN connection if idle time reaches the value of Maximum Idle Time 2 Time Schedule This option allows you to limit WAN connection available in a certain time period You can select Always option or a time schedule object from the schedule object list that you can find them in System Scheduling 3 MTU MTU refers to Maximum Transmit Unit Different WAN types of connection will have different value You can leave it with O Auto if you are not sure about this setting 4 NAT By default it is enabled If you disable this option there will be no NAT mechanism between LAN side and WAN side 5 Network Monitoring You can do preferred settings by using this feature to monitor the connection status of WAN interface Checking mechanism depends on several parameters defined here The network monitoring provides the WAN interface status and then system can prevent embedded 3G LTE modem from some sort of auto timeout and disconnects from the Internet after a period of inactivity Enable Check the box to do Network Monitoring By default itis checked DNS Query ICMP Checking Do the keep alive through DNS query packets or ICMP packets Loading Checking The response time of replied keep alive packets may increase when WAN bandwidth is fully occupied To avoid keep alive feature work abnormally enable this option will stop sending keep alive packets when there are continuous inco
32. Wall Mounting Kit Device Label Bottom View Outlet for RF cable if external Screw for fixing Outlet for RF cable if external cellular antenna is used bottom cover cellular antenna is used Outlet for Ethernet Cable AirLive AirMaxAGW User s Manual 8 2 Installing the AirMax4GW Air Live 2 4 Hardware Installation Please prepare a screw driver and an outdoor graded PoE Ethernet cable with adequate length according to your need 2 4 1 Insert the SIM card Before inserting or changing the SIM card please power off the AirMax4GW The SIM card slots are located at the bottom side of AirMax4GW Please unscrew and remove the outer bottom over of AirMax 4GW and follow below instructions to insert SIM cards After SIM cards are well placed screw back the outer bottom cover Setp 1 Setp 2 Setp 3 Setp 4 Unscrew bottom Push the buttom by Put SIM card in the Put back SIM cover and remove it a tack to unlock SIM socket firmly socket to the end socket of SIM slot 2 4 2 Connecting Power AirMax4GW is equipped with 802 3at compliant PoE port You can select AirLive PoE 48PB v2 or PoE switch such as POE GSH2004L 370 for the deployment of the PoE network environment The POE 48PB v2 and POE GSH2004L 370 is an optional accessory that must be purchased separately You must use Cat 5E or better graded Ethernet Cable for PoE Installation Please follow below steps to Power the AirMax4GW 9 AirLive AirMa
33. Web Management e L e NF Iive 1 Name Enter the name of root CA 2 Key Key Type is RSA Key length The size of the private key in bits There are five key length can be selected 512 bits 65 bits 1024 bits 1536 bits 2048 bits 3 Subject Name The Subject Name include seven information Country C he two character country code of the certificate authority is located otate ST The state where the certificate authority is located Location L The city where the certificate authority is located Organization O The company whom the certificate authority belongs to Organization Unit OU he company department whom the certificate authority belongs to Common Name CN The common name for certificate authority It s important as the common name for certificate authority E mail The email address of a contact for the certificate authority 4 Validity The expiration date There are four time period can be selected 3 years 5 years 10 years 20 years After successful generating the root CA you also can delete it by checking the Select box and clicking on the Delete button You also can view its PEM codes by checking the View button You can download the local certificate file by clicking on the Download button Due eye 13 Download f Close MIICtDCCAh2gAwIBAglJAKt7 54bpuYYgDMAOGCSqGSIb3DQOEBBGUAMHMxCZAJBgNY BAYTAIRXMGswCGYDVGQGIDAJUVzELMAkKGAT1UEBwwCVE 4xDTALBgNVBAoMBEF NSVGx CzAJBgNVBAsMAIJEMGOwCw YDVvG
34. WiFi System 802 11b g n Mixed v Authentication WPA2 PSK v Encryption TKIP w gt Preshare Key 234567890 1 Wireless Module Enable the wireless function 2 Wireless Operation Mode Choose WDS Hybrid Mode from the drop list 3 Lazy Mode This device support the Lazy Mode to automatically learn the MAC address of WDS peers you don t have to input other peer AP s MAC address However not all the APs can be set to enable the Lazy Mode simultaneously at least there must be one AP with all the WDS peers MAC address filled 4 Green AP Enable the Green AP function to reduce the power consumption when there is no wireless traffic 5 Multiple AP Names This device supports up to 8 SSIDs for you to manage your wireless network You can select VAP 1 VAP 8 and configure each wireless network if it is required 6 Time Schedule The wireless radio can be turn on according to the schedule rule you specified By default the wireless radio is always turned on when the 51 AirLive AirMax4GW User s Manual i 4 Web Management LE L AN LIve wireless module is enabled If you want to add a new schedule rule please go to System Scheduling menu 7 Network ID SSID Network ID is used for identifying the Wireless LAN WLAN Client stations can roam freely over this device and other Access Points that have the same Network ID The factory default setting is airlive 8 SSID Broadcast The router will broadcast beaco
35. a certain Domain name You could choose your favorite provider There are following options DynDNS org Dynamic DynDNS org Custom No IP com TZO com dhs org Host Name Register a domain name to the DDNS provider The fully domain name is concatenated with hostname you specify and a suffix DDNS provider specifies Username E mail Input username or E mail based on the DDNS provider you registered Password Key Input password or key based on the DDNS provider you select Afterwards click on Save to store your settings or click Undo to give up the changes DHCP Server DHCP Server List The gateway supports 1 DHCP server to serve the DHCP requests from different VLAN groups And there is one default one whose LAN IP Address is the same one of gateway LAN interface Subnet Mask is 255 255 255 0 and IP Pool ranges from 100 to 200 as shown at following DHCP Server List You can add or edit one DHCP server configuration by clicking on the Add button behind DHCP Server List or the Edit button at the end of DHCP server information 71 AirLive AirrMax4GW User s Manual 4 Web Management S Air Live There are one additional button can be used to show the fixed mapping bet between MAC address and IP address of local client hosts as following diagram o DHCP Server List Add Delete L z DHCP Server Lease Domain Primary Ead Primary Secondary Server Name LAN IP Address Subnet Mask IP
36. as the WAN User can manage the AirMax4GW through the wireless or PoE port And if the remote management is opened user can also get to manage AirMax4GW via the WAN side o T AP Router Client AP GC r a DS iar ee AirLive AirMax4GW User s Manual 4 a 2 Installing the AirMax4GW 2 Air Live 2 Installing the AirMax4GW This section describes the hardware features and the hardware installation procedure for the AirMax4GW For software configuration please go to chapter 3 for more details 2 1 Before You Start It is important to read through this section before you install the AirMax4GW B The AirMax4GW comes with everything you need to start installation with exception of the PoE Ethernet Cable and PoE Injector You can use a good quality CAT 5E outdoor graded Ethernet cable shielded with anti UV according to the length you need B The AirMax4GW must be installed in the upright position if the unit is located in outdoor or wet environments B The use of 3G 4G LTE each country have its own telecom regulation for the frequency Please consult with your country s telecom company for the correct SIM card and suitable mobile internet package B The use of 2 4GHz spectrum the allowed WiFi channels can be very in different country Please consult with your country s telecom regulation first 5 AirLive AirMax4GW User s Manual i 2 Installing the AirMax4GW Air Live F LIve B The integr
37. as a Public Port and all requests to this port will be redirected to the computer specified by the Server IP Virtual Server can work with Scheduling Rules and give user more flexibility on Access control For the details pleasereferto System Scheduling Virtual Server Rule Configuration EN NENNEN NNNM Public Port User defined Service esee o a ee Time Schedule Always For example if you have an FTP server Service port 21 at 10 0 75 1 a Web server1 Service port 80 at 10 0 75 2 a Web server2 Service Port 8080 and Private port 80 at 10 0 75 3 and a VPN server at 10 0 75 6 then you need to specify the following virtual server mapping table Public Port Server IP Private Port Protocol Rule 10 0 75 1 TCP Enable 10 0 75 2 TCP Enable 10 0 75 3 TCP Enable 10 0 75 6 Both Enable 63 AirLive AirMax4GW User s Manual i 4 Web Management L e Z NF IWC 4 1 5 2 2 Virtual Computer Virtual Computer enables you to use the original NAT feature and allows you to setup the one to one mapping of multiple global IP address and local IP address Press Add button to add new rule for Virtual Computer Virtual Computer List Add Delete Virtual Computer Rule Configuration Help 1 Global IP Enter the global IP address assigned by your ISP 2 Local IP Enter the local IP address of your LAN PC corresponding to the global IP address 3 Enable Check this item to enable
38. connect your local devices via Ethernet cables Besides VLAN function is provided to organize your localnetworks _ Ethernet LAN gt VLAN 3 Configuration Item Setting LAN IP Address 192 168 123 254 Subnet Mask 255 255 255 0 24 M LAN amp VLAN Save Undo NAT Bridging gt Routin Client Server Proxy 1 i 4 1 2 1 Ethernet LAN Please follow the following instructions to do IPv4 Ethernet LAN Setup 25 AirLive AirMax4GW User s Manual 4 Web Management Configuration Item Setting LAN IP Address 192 168 123 254 Subnet Mask 255 255 255 0 24 M LAN amp VLAN NAT Bridging Save Undo 1 LAN IP Address The local IP address of this device The computers on your network must use the LAN IP address of this device as their Default Gateway You can change it if necessary It s also the IP address of web Ul If you change it you need to type new IP address in the browser to see web UI By default LAN IP Address is 192 168 123 254 2 Subnet Mask Input your subnet mask Subnet mask defines how many clients are allowed in one network or subnet The default subnet mask is 255 255 255 0 24 and it means maximum 254 IP addresses are allowed in this subnet However one of them is occupied by LAN IP address of this gateway so there are maximum 253 clients allowed in LAN network Hereafter are the available options for subnet mask 255 255 240 0 20 255 25
39. empty users just need to type command without adding any key information Note If security key is empty access control needs to be activated The security key can be empty if access control is activated AirLive AirMax4GW User s Manual 134 4 Web Management Air Live Command Settings Command Settings Item gt Status Enable C Disable gt Connect Enable Disable gt Disconnect Enable Disable 1 Status Enable it and you can send command status to query WAN connection status For 3G LTE WAN router will send back WAN IP address network name network type and connection time via SMS For Ethernet WAN router will send back WAN IP address and connection time via SMS The content would be similar to following format WAN IP xxx xx xxx xx Network carrier name for wireless WAN only Type GPHS WCDMA HSPA HSPA LTE for wireless WAN only Conn Time connection time 2 Connect Enable it and you can send command connect to start WAN connection 3 Disconnect Enable it and you can send command disconnect to disconnect WAN connection Note If this gateway receives disconnect command from SMS it won t try to connect again no matter WAN connection mode is set to auto reconnect 4 Reconnect Enable it and you can send command reconnect to disconnect WAN connection and start WAN connection againimmediately 5 Reboot Enable it and you can sen
40. feature if you have another RADIUS server for user authentication You need to input IP address port and shared key of RADIUS server here 902 tx 1 Enable RADIUS Server IP 0 0 0 0 t RADIUS Server RADIUS Server Port 1812 RADIUS Shared Key In this mode you can only choose None or WEP in the encryption field e Shared ohared key authentication relies on the fact that both stations taking part in the authentication process have the same shared key or passphrase The shared key is manually set on both the client station and the AP router Three types of shared key authentication are available today for home or small office WLAN environments Auto The gateway will select appropriate authentication method according to WiFi client s request automatically e WPA PSK Select Encryption mode and enter the Pre share Key You can fill in 64 hexadecimal 0 1 2 8 9 A B F digits or 8 to 63 ASCII characters as the pre share key The available encryption modes are TKIP AES or TKIP AES In this mode you don t need additional RADIUS server for user authentication 49 AirLive AirMax4GW User s Manual i 4 Web Management e L e NF Iive e WPA2 PSK Select Encryption mode and enter the Pre share Key You can fill in 64 hexadecimal 0 1 2 8 9 A B F digits or 8 to 63 ASCII characters as the pre share key The available encryption modes are TKIP AES or
41. is error prone and time consuming 3 Configuration Help Item Setting b UPnP 4 Enable Save Undo This device supports the UPnP Internet Gateway Device IGD feature By default it is disabled 4 2 6 Certificate In cryptography a public key certificate also known as a digital certificate or identity certificate is an electronic document used to prove ownership of a public key The certificate includes information about the key information about its owner s identity and the digital signature of an entity that has verified the certificate s contents are correct If the signature is valid and the person examining the certificate trusts the signer then they know they can use that key to communicate with its owner In atypical public key infrastructure PKI scheme the signer is a certificate authority CA usually a company such as VeriSign which charges customers to issue certificates for them In a web of trust scheme the signer is either the key s owner a self signed certificate or other users endorsements whom the person examining the certificate might know and trust The device also plays as a CArole Certificates are an important component of Transport Layer Security TLS sometimes called by its older name SSL where they prevent an attacker from impersonating a secure website or other server They are also used in other important applications such as email encryption and code signing Here it can be us
42. marking The last resource is Connection oessions the related control function is limiting connection sessions 89 AirLive AirrMax4GW User s Manual i 4 Web Management LE L F LIve e Individual Group Control gt One QoS rule can be applied to individual member or whole group in the target group This feature depends on model e Outbound Inbound Control gt One QoS rule can be applied to the outbound or inbound direction of packet flow even them both This feature depends on model 4 2 2 2 1 Configuration It supports the activation of Rule based QoS Configuration m UI gt Rule based Qos Enable MJ Enable gt Flexible Bandwidth Management M Enable 1 Rule based QoS Enable Check the box if you want to enable the QoS amp BWM function 2 Flexible Bandwidth Management Apply flexible bandwidth management on the specific WAN interface by checking the Enable box 4 2 2 2 2 QoS Rule List It is a list of all QoS rules You can add one new rule by clicking on the Add command button But also you can modify some existed QoS rules by clicking corresponding Edit command buttons at the end of each rule in the QoS Rule List Besides unnecessary rules can be removed by checking the Select box for those rules and then clicking on the Delete command button at the QoS Rule List caption One Clear command button can let you clear all rules and Restart command button can let you restart the operation
43. not You just have to check the boxes for dedicated ports 4 DHCP Server Specify a DHCP server for the configuring VLAN group This device provides only one DHCP server to serve the DHCP requests from different VLANSs Afterwards click on Save to store your settings or click Undo to give up the changes AirLive AirMax4GW User s Manual 42 4 Web Management Air Live 4 1 3 WiFi Setup The gateway supports 2 4GHz 802 11n 2Tx2R MIMO WiFi and also can be back compatible to 802 11b g clients WiFi settings allow you to set the wireless LAN configuration items When the wireless configuration is done your WiFi LAN is ready to support your local WiFi devices such as your laptop PC smart phone tablet wireless printer and some portable wireless devices English v Basic Configuration Help Item Setting Operation Band 2 4G Single Band v SS WPS 24G WPS Setup LAN amp VLAN n 2 4G WiFi Configuration 9 WiFi Item Setting WiFi Module Enable NAT Bridging WiFi Operation Mode AP Router Mode v Green AP Enable Multiple AP Names VAP1 v iv Enable Max STA Enable Time Schedule 0 Always Y Network ID SSID amp Broadcast Airlive Broadcast Enable WLAN Partition Enable Channel Auto WiFi System 802 11b g n Mixed Authentication WPA PSK WPA2 PSK v Encryption TKIP AES v Preshare Key 1234567890 4 1 3 1 WiFi Configu
44. of all QoS rules XT sees T cor resins Group Service Resource Control Function Direction Sharing Method Time Schedule Actions 10 0 75 8 29 Bandwidth 15 Outbound Group D Always 10 0 75 196 30 DSCP CS4 DSCP Inbound Group 0 Always L 10 0 75 16 28 ALL SESSION 20000 Outbound 0 Always a En 1 Add After you enabled the rule based QoS function you can click on the Add button to create a new QoS rule 2 Delete After you selected some QoS rules by checking the Select box for each rule you can click on the Delete button to remove those rules from the list AirLive AirMax4GW User s Manual 90 i 4 Web Management e L e NF Iive 3 Clear Delete all existed QoS rules 4 Restart Press Restart button to re initiate all QoS rules again 5 Edit Configure the specific QoS rule again 4 2 2 2 3 QoS Rule Configuration It supports the adding of one new rule or the editing of one existed rule There are some parameters need to be specified in one QoS rule They are Interface Group Service Resource Control Function QoS Direction Sharing Method Time Schedule and finally the rule enable QoS Rule Configuration Setting Interface All WANs v gt Group IP v 10 0 75 8 Subnet Mask 255 255 255 248 29 v gt Service ALL vi gt Resource Bandwidth v gt Control Function Set MINR amp MAXR w 1
45. rule enable 79 AirLive AirMax4GW User s Manual TL 4 Web Management Ir Live NF IVECO URL Blocking Rule Configuration gt Rule Name anti gaming URL Domain Name Keyword gaming Destination Port gt Time Schedule 0 Always V Rule M Enable Save Undo Back 1 Rule Name The name of URL blocking rule 2 URL Domain Name Keyword If any part of the Website s URL matches the pre defined words the connection will be blocked You can enter up to 10 pre defined words in a rule and each URL keyword is separated by e g google yahoo org In addition to URL keywords it can also block the designated domain name like www xxx com www 123aaa org mma com 3 Destination Port Specify the destination port in URL requests that want to be blocked in the URL blocking rule You can define a single port 80 or a range of ports 1000 1999 An empty or O implies all ports are used 4 Time Schedule The rule can be turn on according to the schedule rule you specified and give user more flexibility on access control By default it is always turned on when the rule is enabled For more details please refer to the System Scheduling menu 5 Rule Enable Check the enable box if you want to activate the rule Each rule can be enabled or disabled individually Afterwards click on Save to store your settings or click Un
46. send out USSD command 4 3 1 3 Network Scan This part is for 3G LTE cellular network scan Usually this part would be done automatically Manual scan is used for problem diagnosis AirLive AirMax4GW User s Manual 132 4 Web Management N Air Live a Configuration Item Setting Physical Interface 3G 4G 1 SIM Status SIM A t Network Type Auto T Scan Approach Auto 7 Save 1 Physical Interface Indicate which 3G LTE modem is used for network scan And SIM Status indicates which SIM card is used to Network Scan 2 Network Type Set network type of network scan You can choose 2G Only 3G Only LTE Only or Auto 3 Scan Approach You can choose Auto or Manually If you choose Manually press Scan button to scan cellular network nearby in your environment and select one network provider to apply by clicking on the Apply button Network Provider List Provider Hame Mobile System Network Status Note Incorrect setting here may cause 3G LTE connection problems 4 3 1 4 Remote Management This part is for remote management functions that are done by text SMS Short Message Service Users can send certain SMS to this gateway to activate some actions such as connect disconnect reconnect WAN connection or reboot the system Besides gateway can also send SMS to users to alert some events automatically 133 AirLive AirMax4GW User s Manual 4 Web Management
47. settings are accepted by peer GRE site Otherwise remote GRE peer will reject the connection Press Next to continue Please confirm the information below VPN Type Step 4 Confirm and Apply VPN Type ene YPN Settings Confirm new settings If all new GRE Tunni Name GRE Remote IF 140 118 82 38 settings are correct please Key 204667000 Remote Subnet 10 0 76 0 24 press Apply button to save these new settings and take them effective Came AirLive AirMax4GW User s Manual 18 n 3 Configuring the AirMax4GW Air Live 3 4 Network Status There are 6 kinds of system status to be shown at this window They are Network Status WiFi Status LAN Client List Firewall Status VPN Status and System Management Status www airlive com Y Air Live AirMax4GW 4G LTE Outdoor Gateway with WiFi Wizard 7 WA Cn Cai Network Status LAN Client List Client 1 Firewall Status WAN Interface IPv4 Network Status System Mgmt Status WAN ID Interface WAN Type IP Addr Subnet Mask Gateway MAC Address Conn Status Actions 168 95 1 1 Inm WAN 1 3G 4G 3G 4G 100 77 219 61 255 255 255 252 100 77 219 62 168 95 192 1 N A Connected Edit WAN Interface IPv6 Network Status WAN ID Interface WAN Type Link Local IP Address Global IP Address Connection Status WAN 1 Disable Edit LAN Interface Status IPv4 Address IPv4 Subnet M
48. so there are maximum 258 clients allowed in LAN network Hereafter are the available options for subnet mask AirLive AirMax4GW User s Manual 12 TM 4 Web Management L E EK F EA EWC 255 0 0 0 8 255 128 0 0 9 255 192 0 0 10 255 224 0 0 11 255 240 0 0 12 255248 0 0 13 255252 0 0 H4 255 254 0 0 15 255 255 0 0 16 255 255 128 0 7 255255 192 0 8 255 255 224 0 19 255255 240 0 20 295 255 248 0 21 255 255 252 0 I22 255255 254 0 23 255 255 255 0 24 255 255 255 128 I25 255 255 255 192 26 255 255 255 224 I2T 255 255 255 2410 28 255 255 255 248 298 255 255 255 252 30 4 IP Pool Starting Ending Address Whenever there is a request the DHCP server will automatically allocate an unused IP address from the IP address pool to the requesting computer You must specify the starting ending address of the IP address pool Please note the number of IP address in this IP pool must less than the maximum number of subnet network that according to the subnetmask you set 5 Lease Time DHCP lease time to the DHCP client 6 Domain Name Optional this information will be passed to the clients 7 Primary DNS Secondary DNS Optional This feature allows you to assign DNS Servers 8 Primary WINS Secondary WINS Optional This feature allows you to assign WINS Servers 9 Gateway Optional Gateway address would be the IP address of an alternate Gateway This function enables
49. the Virtual Computer feature 4 1 5 3 Special AP amp ALG NAT feature can protect Intranet from outside attacks but sometimes also blocks some applications such as SIP VoIP In this situation the NAT gateway needs to do special process ALG for each application This gateway can handle SIP ALG so you need to enable this option if you want to use SIP applications at LAN side of this gateway Configuration SIP ALG V Enable Some applications require multiple connections like Internet games Video conferencing Internet telephony etc Because of the firewall function these applications cannot work with a pure NAT router The Special Applications feature allows some of these applications to work with this product If the mechanism of Special Applications fails to make an application work try setting your computer as the DMZ host instead AirLive AirMax4GW User s Manual 64 4 Web Management Special AP List Brz Tine Schede Press Add button to add new rule for Special AP Special AP Rule Configuration Trigger Port Port Popular Applications Select one T This device provides some predefined settings Select your application item and all related settings will be filled up automatically 1l Trigger Port The outbound port number issued by the application 2 Incoming Ports When the trigger packet is detected the inbound packets sent to the specified port numbers are allowed to pass
50. the correct ACK timeout value Bandwidth Management Bandwidth Management controls the transmission speed of a port user IP address and application Router can use bandwidth control to limit the Internet connection speed of 155 AirLive AirMax4GW User s Manual 6 Wireless Network Glossary e L E amp AN IVe individual IP or Application It can also guarantee the speed of certain special application or privileged IP address a crucial feature of QoS Quality of Service function The AirMax4GW s features both Per user Bandwidth Control and Total Bandwidth Control Per user Bandwidth Control allow administrator to define the maximum bandwidth of each user by IP IP Group or MAC address Total Bandwidth define the maximum bandwidth of wireless or Ethernet interface Bootloader Bootloader is the under layering program that will start at the power up before the device loads firmware It is similar to BIOS on a personal computer When a firmware crashed you might be able to recover your device from bootloader Bridge A product that connects 2 different networks that uses the same protocol Wireless bridges are commonly used to link network across remote buildings For wireless application there are 2 types of Bridges WDS Bridge can be used in Point to Point or Point to Multipoint topology Bridge Infrastructure works with AP mode to form a star topology Cable and Connector Loss During wireless design and deploy
51. the device includes the function the gateway will supports 2 4GHz 802 11n 2Tx2R MIMO WiFi and also can be back compatible to 802 11b g clients WiFi settings allow you to set the wireless LAN configuration items When the wireless configuration is done your WiFi LAN is ready to support your local WiFi devices such as your laptop PC smart phone tablet wireless printer and some portable wireless devices There are several wireless operation modes may be provided by this device They are AP Router Mode AP Only Mode WDS Hybrid Mode WDS Only Mode Universal Repeater and Client Mode What operation modes for the device to support depend on model You can choose the expected mode from the wireless operation mode list Besides Advanced WiFi configuration provides user to adjust the parameters for WiFi radiation 5G Configuration If the device includes the function the gateway will supports 5GHz 802 11n 2Tx2R MIMO or 802 11ac 1Tx1R or 802 11ac 2Tx2R MIMO WiFi 4 1 1 WAN Setup This device is equipped with one WAN Interface to support Internet connection You can configure it to get proper connection setup 3G 4G WAN The gateway has one 3G AG modem built in please plug in SIM card and follow UI setting to setup Caution Please MUST POWER OFF the gateway before you insert or remove SIM card It will damage SIM card if you insert or remove SIM card during gateway is in operation Please follow instructions at
52. to have a secret key exchange for that session SSL VPN is also known as Web VPN The HTTPS and SSH management interface use SSL for data encryption Subnet Mask An address code mask that determines the size of the network An IP subnet are determined by performing a BIT wise AND operation between the IP address and the subnet mask By changing the subnet mask you can change the scope and size of a network Subnetwork or Subnet Found in larger networks these smaller networks are used to simplify addressing between numerous computers Subnets connect to the central network through a router hub or gateway Each individual wireless LAN will probably use the same subnet for all the local computers it talks to Super A Super A is an Atheros proprietary turbo mode to increase speed over standard 802 11a mode It adds Bursting and Compression to increase the speed If you live in countries that prohibit the channel binding technology i e Europe you should choose Super A without Turbo if you need more speed than 11a mode AirLive AirMax4GW User s Manual 164 TN 6 Wireless Network Glossary L E amp BN A EW C TCP A layer 4 protocol used along with the IP to send data between computers over the Internet While IP takes care of handling the actual delivery of the data TCP takes care of keeping track of the packets that a message is divided into for efficient routing through the Internet Turbo A Turbo A is an Atheros propr
53. to the MAC Control Rule Configuration window below 4 2 1 5 2 MAC Control Rule List lt is a list of all MAC Control rules You can add one new rule by clicking on the Add command button But also you can modify some existed MAC control rules by clicking corresponding Edit command buttons at the end of each control rule in the MAC Control Rule List Besides unnecessary rules can be removed by checking the Select box for those rules and then clicking on the Delete command button at the MAC Control Rule List caption MAC Control Rule List ID Rule Name MAC Address Time Schedule Enable Actions 1 Block JP NB 20 6A 6A 6A 6A 6B 0 Always g Select 4 2 1 5 3 MAC Control Rule Configuration It supports the adding of one new rule or the editing of one existed rule There are some parameters need to be specified in one MAC Control rule They are Rule Name MAC Address Time Schedule and finally the rule enable MAC Control Rule Configuration Rule Name MAC Address Use to Compose Time Schedule Enable Block JP NB 20 6A 6A 6A 6A 6B i 1 Rule Name The name of Web Content Filter rule 83 AirLive AirMax4GW User s Manual ID 2 4 2 1 6 4 Web Management ir Liwe MAC Address Input the MAC address of local device You can input manually or copy it from Known MAC from LAN PC List Please note the format of MAC address is like xx xXx XxX XX XX XxX X is a hexadecimal digi
54. to wired LAN Internet service The opposite of Infrastructure mode is Adhoc mode IP address IP Internet Protocol is a layer 3 network protocol that is the basis of all Internet communication An IP address is 32 bit number that identifies each sender or receiver of information that is sent across the Internet An IP address has two parts an identifier of a particular network on the Internet and an identifier of the particular device which can be a server or a workstation within that network The new IPv6 specification supports 128 bit IP address format 159 AirLive AirrMax4GW User s Manual 6 Wireless Network Glossary e L E amp AN IVe IPsec IP Security A set of protocols developed by the IETF to support secure exchange of packets at the IP layer IPsec has been deployed widely to implement Virtual Private Networks VPNs IPsec supports two encryption modes Transport and Tunnel Transport mode encrypts only the data of each packet but leaves the header untouched The more secure Tunnel mode encrypts both the header and the payload On the receiving side an IPSec compliant device decrypts each packet LACP 802 3ad Trunking The 802 3ad Link Aggregation standard defines how to combine the several Ethernet ports into one high bandwidth port to increase the transmission speed It is also known as port trunking Both device must set the trunking feature to work MAC Media Access Control MAC address provides lay
55. usually done with 2 or more radios doing load balancing AirLive AirMax4GW User s Manual 158 TN 6 Wireless Network Glossary L E amp BN A EW C Gateway In the global Internet network the gateways are core routers that connect networks in different IP subnet together In a LAN environment with an IP sharing router the gateway is the router In an office environment gateway typically is a multi function device that integrates NAT firewall bandwidth management and other security functions Hotspot A place where you can access Wi Fi service The term hotspot has two meanings in wireless deployment One is the wireless infrastructure deployment the other is the Internet access billing system In a hotspot system a service provider typically need an authentication and account system for billing purposes and a wireless AP network to provide access for customers IGMP Snooping Internet Group Management Protocol IGMP is a Layer 3 protocol to report IP multicast memberships to neighboring multicast switches and routers IGMP snooping is a feature that allows an Ethernet switch to listen in on the IGMP conversation between hosts and routers A switch support IGMP snooping has the possibility to avoid multicast traffic being treated as broadcast traffic therefore reducing the overall traffic on the network Infrastructure Mode A wireless network that is built around one or more access points to provide wireless clients access
56. when ping to this gateway Ping is a useful command that we use to detect if a certain host is alive or not But it also let hacker know about this Therefore many Internet servers will be set to ignore IGMP request AirLive AirMax4GW User s Manual 86 TN 4 Web Management o L E BN 1VWC 4 Remote Administrator Hosts IP Mask Port In general only local clients LAN users can browse the device s built in web pages for device administration setting This feature enables you to perform administration task from a certain remote host If this feature is enabled only the specified IP address can perform remote administration If the specified IP address is 0 0 0 0 any host can connect with this product to perform administration task You can use subnet mask bits nn notation to specified a group of trusted IP addresses For example 10 1 2 0 24 NOTE When Remote Administration is enabled the web server port will be configured to 80 as default You also can change web server port to other port Afterwards click on Save to store your settings or click Undo to give up the changes 4 2 2 QoS amp BWM The total amount of data traffic increases nowadays as the higher demand of mobile devices like Game Chat VoIP P2P Video Web access In order to pose new requirements for data transport e g low latency low data loss the entire network must ensure them via a connection service guarantee The main
57. with the Network Setup Wizard Step 1 Guideline The Network setup wizard will guide you to finish some basic settings including login password time zone WAN interface Ethernet LAN interface and WiFi LAN interface One EXIT button at the upper right corner of each window is provided for you to quit the setup process Press Next to start the wizard Step 2 Change Password Password configuration You can change the login password of Web UI here It s strongly recommending you to change this login password from default value Press Next to continue AirLive AirMax4GW User s Manual 14 3 Configuring the AirMax4GW Air Live Step 3 Time Zone Time Zone configuration It will detect your time zone automatically If the result of auto detection is not correct you can press Detect Again button or select manually Press Next to continue Step 4 WAN WAN interface Configuration Choose the physical interface and WAN type for Internet connection Because the device provides only 3G 4G physical interface and the only WAN type for the interface is also name as 3G 4G Leave them without change Press Next to continue otep 4 1 3G AG WAN type Since the only WAN interface is 3G 4G please make sure you have inserted one or two SIM cards If not please power off this gateway and insert SIM cards first Then you can select Auto Detection to finish dail up profile automatically Press Next to continue
58. you to assign another gateway to your local computer when DHCP server offers IP address For an example this gateway will assign IP address to local computers but local computers will go to Internet through another gateway 10 Server To enable or disable the Server function 4 1 7 2 3 Fixed Mapping Press Fixed Mapping button at the bottom of the DHCP server list page and you can specify a certain IP address for designated local device MAC address by manual so that the DHCP Server will reserve the special IPs for designated devices For internal servers you can use this feature to ensure each of them receives same IP 73 AirLive AirMax4GW User s Manual 4 Web Management Air Live address all the time Fixed Mapping Help DHCP clients Copy to Jio MAC Address IP Address 20 64 64 64 6A4 B6 10 0 75 100 Saved 4 2 Advanced Network This device also supports many advanced network features such as Firewall QoS amp Bandwidth Management VPN Security Redundancy System Management and Certificate You can finish those configurations in this section iiil Firewall The firewal functions include Packet Filters URL Blocking Web Content Filters MAC Control Application Filters IPS and Options Packet Filters Allows you to control access to a network by analyzing the incoming and outgoing packets and let them pass or halting them based on the IP address of the source and destination
59. 0 Mbps QoS Direction Outbound v ee ee Sharing Method Group Control v 4 gt Time Schedule 0 Always Vv gt Rule M Enable 1 Interface Select the WAN interface for the QoS rule 2 Group Specify the target client members for the rule by their VLAN ID MAC Address IP Address Host Name or Group Object These base categories depend on product models Besides IP Address group can be defined as an IP range with an IP address and its subnet mask And Group Object is defined in the System gt Grouping menu But what kinds of groups to use depend on product models 3 Service There are 5 options for service including All DSCP TOS User defined Services and Well known Service as below DSCP TOS User defined Services Well known Service By default it is AI It defines what kinds of service packets need to be managed When DSCP is selected another DiffServ CodePoint value must be specified DSCP means DiffServ Code Point as known as advanced TOS You can choose this option if your local service gateway supports DSCP tags The DSCP categories that this gateway can detect are as below 91 AirLive AirMax4GW User s Manual 4 Web Management LZ Air Live IP Precedence 1 CS1 IP Precedence 2 CS2 IP Precedence 3 C S3 IP Precedence 4 C S4 IP Precedence 5 CS5 IP Precedence 6 CS6 IP Precedence 7 CS7 AF Class1 Low Drop AF Classt iMedium Dro
60. 1 2 1 Configuration You can enable packet filter function here And select one of the two filtering policies as follows The first one is to define the black list System will block the packets that match the active filter rules However the second one is the white list System will allow the packets to pass the gateway which match the active filter rules 75 AirLive AirMax4GW User s Manual i 4 Web Management F LIve 1 Allow all to pass except those match the specified rules Black List 2 Deny all to pass except those match the specified rules White List Configuration PacketFilters J Enable gt Black List White List Allow all to pass except those match the following rules v gt Log Alert Enable Besides you also can enable the log alerting so that system will record packet blocking events when filter rules are fired At the right upper corner of screen one Help command let you see the on line help message about Packet Filter function 4 2 1 2 2 Packet Filter List It is a list of all packet filter rules You can add one new rule by clicking on the Add command button But also you can modify some existed packet filter rules by clicking corresponding Edit command buttons at the end of each filter rule in the Packet Filter List Besides unnecessary rules can be removed by checking the Select box for those rules and then clicking on the Delete command button at the Packet Filt
61. 3 Dead Peer Detection This feature will detect if remote VPN peer still exists Delay indicates the interval between detections and Timeout indicates the timeout of detected to be dead 4 Phase 1 Key Life Time The value of life time represents the life time of the key which is dedicated at Phase 1 between both end gateways 4 2 3 2 8 IKE Proposal Definition IKE Proposal Definition EG Encryption Authentication DH Group EREE NE SEE de There are 4 IKE proposals can be defined by you and used in IKE phase of negotiation between two VPN peers 1 Encryption There are six algorithms can be selected DES 3DES AES auto AES 128 AES 192 and AES 256 2 Authentication There are five algorithms can be selected None MD5 SHA1 SHA2 256 and SHA2 512 3 DH Group There are nine groups can be selected None Group 1 MODP768 Group 2 MODP1024 Group 5 MODP1536 and Group14 18 4 Enable Check this box to enable the IKE Proposal during tunnel establishing 101 AirLive AirMax4GW User s Manual 4 Web Management lt Air Live 4 2 3 2 9 IPSec Phase t Phase Key Life Time 5 seconds Max 36400 1 Phase 2 Key Life Time The value of life time represents the life time of the key which is dedicated at Phase 2 between two VPN peers 4 2 3 2 10 IPSec Proposal Definition IPSec Proposal Definition MD5 v Iv Enable SHAI v z Enable za 3DES v SHA1 V J Enable There are 4 IPSec proposals can be defi
62. 5 2480 21 255255 252 0 722 255 255 254 0 23 295 255 255 0 24 255 255 2 1 92 25 255 255 255 224 I2T 255255 255 240 28 255 255 255 248 29 255 255 255 252 30 AirLive AirMax4GW User s Manual 36 TN 4 Web Management o L E Af IVE 4 1 2 2 VLAN This section provides a brief description of VLANs and explains how to create and modify virtual LANs which are more commonly known as VLANs A VLAN is a logical network under a certain switch or router device to group lots of client hosts with a specific VLAN ID This device supports both Port based VLAN and Tag based VLAN In Port based VLAN all client hosts belong to the same group by transferring data via some physical ports that are tagged with same VLAN ID in the device The ports of a VLAN form an independent traffic domain in which the traffic generated by the nodes remains within the VLAN However in Tag based VLAN all packets with same VLAN ID will be treated as the same group of them and own same access property and QoS property It is especially useful when individuals of a VLAN group are located at different floor location The VLAN function allows you to divide local network into different virtual LANs In some cases ISP may need router to support VLAN tag for certain kinds of services e g IPTV to work properly In some cases SMB departments are separated and located at any floor of building All client hosts in same department should own commo
63. 9 Rule Enable Check the enable box if you want to activate the rule Each rule can be enabled or disabled individually Afterwards click on Save to store your settings or click Undo to give up the changes 4 2 1 3 URL Blocking URL Blocking will block the webs containing pre defined key words This feature can filter both domain input suffix like com or org etc and a keyword bct or mpe irani ds di a a E eimi a RL z o k T 2 b Wa Contant ae vx a MAC n P s X xmi z NT dis zx MEE ovd anima T in a Configuration Help Item Setting URL Blocking Enable Allow all to pass except those match the following rules gt Black List White List Log Alert Enable Invalid Access Web Redirection Enable o URL Blocking Rule List Add Delete ID Rule Name URL Domain Name Keyword Destination Port Time Schedule Enable Actions Save Lindo AirLive AirMax4GW User s Manual 78 i 4 Web Management L gt NF LIve 4 2 1 3 1 Configuration Configuration gt URL Blocking W Enable Black List White List Allow all to pass except those match the following rules vi gt Log Alert i Enable gt Invalid Access Web Redirection Enable 1 URL Blocking Check the enable box if you want to activate URL Blocking function 2 Black List White List Select one of the two filtering policies for the defined
64. 92 168 123 254 Subnet Mask 255 255 255 0 The default password is airlive The default wireless mode is AP Router Mode After power on please wait for 2 minutes for AirMax4GW to finish boot up 3 2 Prepare Your PC The AirMax4GW can be managed remotely by a PC through either the wired or wireless network The default IP address of the AirMax4GW is 192 168 123 254 with a subnet mask of 255 255 255 0 This means the IP address of the PC should be in the range of 192 168 123 1 to 192 168 123 253 To prepare your PC for management with the AirMax4GW please do the following 1 Connect your PC directly to the LAN port on the DC Injector of AirMax4GW AirLive AirMax4GW User s Manual 12 N 3 Configuring the AirMax4GW Air Live NF LIve 2 Set your PC s IP address to obtain the IP automatically or manually to 192 168 123 100 or other address in the same subnet Internet Protocol Version 4 TCP IPv4 Properties General You can get IP settings assigned automatically if your network supports this capability Otherwise you need to ask your network administrator for the appropriate IP settings Obtain an IP address automatically Use the following IP address IP address 192 168 123 100 Subnet mask p55 255 255 0 Default gateway Use the following DNS server addresses Preferred DNS server E B 8 7 Alternate DNS server _ Validate settings upon exit Advanced You are ready now to configure t
65. AP MAC Remote AP MAC3 Remote AP MAC4 O Copy MAC to Here Wireless AP List 12 Remote AP MAC 1 Remote AP MAC 4 If you do not enable the Lazy mode you have to enter the wireless MAC address for each WDS peer one by one Afterwards click on Save to store your settings or click Undo to give up the changes 53 AirLive AirMax4GW User s Manual i 4 Web Management Air Live 4 1 3 1 4 WPS Setup Once you finished the wireless settings for the following sub sections you can configure and enable the WPS Wi Fi Protection Setup easy setup feature for your wireless network by clinking on the 2 4G WPS Setup button But please be noted that if you choose TKIP for encryption type WPS function is disabled Basic Configuration Help Item Setting gt o Band 2 4G Single Band v 2 4G Single Band v Band v Only one wireless client is allowed to proceeding WPS connection at the same time 2 4G Wi Fi Protected Setup Help V Enable gt Configuration Status CONFIGURED Allowed STA PIN Code gt WPS eo WPS Trigger o gt gt WPS Status 1 Status aE 1 WPS You can enable this function AT ETRE E ee checking Enable box WPS offers a safe and easy way to allow the wireless clients connected to your wireless network 2 Configuration Status This configuration status will be CONFIGURED or UNCONFIGURED CONFIGURED means WPS connection is following
66. Business Security Gateway will be shown in this table L TP Server Status res 192 168 12 106 192 168 10 10 139911 Refresh To refresh the L2TP Server Status each 2 seconds by clicking on the Refresh button Disconnect To terminate the connection between L2TP server and remote dialing in L2TP clients by clicking on the Disconnect button 4 2 3 4 3 User Account List You can input up to 10 different user accounts for dialing in L2TP server User Account T1 Add Delete es NEM NNNM NEAN enable D T Seer 1 2 3 4 Add You can add one new user account by clicking on the Add button Delete Delete selected user accounts by checking the Select box atthe end of each user account list and then clicking on the Delete button Account Check the Enable box to validate the user account Edit You can edit one user account configuration by clicking on the Edit button at the end of each user account list AirLive AirMax4GW User s Manual 110 i 4 Web Management L e Z NF IWC 4 2 3 4 4 User Account Configuration Add or edit one user account will activate the User Account Configuration screen User Account Configuration Password User Name Enter the user name of user account Password Enter the password of user account Account Check the Enable box to validate the user account D Se d Save To save the user account configuration 4 2 3 4 5 L2T
67. Encryption mode and enter the Pre share Key You can fill in 64 hexadecimal 0 1 2 8 9 A B F digits or 8 to 63 ASCII characters as the pre share key In this mode you don t need additional RADIUS server for user authentication e WPA WPA2 If some of wireless clients can only support WPA but most of them can support WPA2 You can choose this option to support both of them Select Encryption mode and enter RADIUS Server related information You have to specify the IP address and port number for the RADIUS Server and then fill in 64 hexadecimal 0 1 2 8 9 A B F digits or 8 to 63 ASCII characters as the shared key The key value is shared by the RADIUS server and this router This key value must be consistent with the key value 47 AirLive AirMax4GW User s Manual P ir Live 4 Web Management in the RADIUS server Afterwards click on Save to store your settings or click Undo to give up the changes 4 1 3 1 2 WDS Only Mode While acting as a wireless bridge Wireless Repeater 1 and Wireless Repeater 2 can communicate with each other through wireless interface with WDS Thus all stations can communicate each other WDS Bridge WDS Bridge Office LAN 2 4G WiFi Configuration D CF us LAN gt WiFi Module WiFi Operation Mode Enable WDS Only Mode gt Lazy Mode Green AP gt Channel gt Authentication gt Encryption MJ Enable
68. Even you choose Manual setting this gateway will show responding information for your reference to setup the dial up profile after you select country and service provide If you choose SIM A First or SIM A Only for Preferred SIM Card you need to input dial up profile for SIM A Similarly you need to input dial up profile for SIM B when you choose SIM B First or SIM B Only as your preferred one Country amp Service Provider When you choose Manual configuration option for the Dial up Profile you must select the country and service provider to retrieve related parameters from system for dialing up to connect to Internet Once system doesn t store related parameters or stores not matched parameters you must specify them one by onemanually APN When you select the target country and service provider for manual dial up profile system will show related APN value Change it if it is not correct for you PIN Code Enter PIN code of SIM card if your SIM card needs it to unlock Dial Number Enter the dialed number that is provided by your ISP Account amp Password Enter Account and Password that is provided by your ISP Authentication Choose Auto PAP or CHAP according to your ISP s authentication approach Just keep it with Auto if you can t make sure Primary Secondary DNS Enter IP address of Domain Name Server You can keep them in blank because most ISP will assign them automatically Connection Commo
69. In general the slower the transmission speed the more sensitive the radio is The unit for Receiver Sensitivity is in dB the lower the absolute value is the higher the signal strength For example 50dB is higher than 80dB AirLive AirMax4GW User s Manual 162 TN 6 Wireless Network Glossary L E amp BN IVC RJ 45 otandard connectors for Twisted Pair copper cable used in Ethernet networks Although they look similar to standard RJ 11 telephone connectors RJ 45 connectors can have up to eight wires whereas telephone connectors have only four Router An IP sharing router is a device that allows multiple PCs to share one single broadband connection using NAT technology A wireless router is a device that combines the functions of wireless Access Point and the IP sharing router RSSI Receiver Sensitivity Index RSSI is a value to show the Receiver Sensitivity of the remote wireless device In general remote APs with stronger signal will display higher RSSI values For RSSI value the smaller the absolute value is the stronger the signal For example bOdb has stronger signal than 80dB For outdoor connection signal stronger than 60dB is considered as a good connection RTS Request To Send A packet sent when a computer has data to transmit The computer will wait for a CTS Clear To Send message before sending data RTS Threshold RTS Request to Send The RIS CTS clear to send packet will be send before a f
70. Manual Em Air Live 4 Web Management 4 2 3 3 4 PPTP L2TP VPN Tunnel Scenarios There are some common PPTP L2TP VPN connection scenarios as follows e PPTP L2TP Server for Remote Mobile Users The device acts as Server role for remote users to dial in and shares some services in Intranet for them e PPTP L2TP Server ClientApplication The device acts as Server or Client role in SMB Headquarters or Branch Office The Business Security Gateway can behave as a PPTP server and a PPTP client at the sametime Client Server Server I p Configuration Help Item Setting PPTP Enable o PPTP Server Configuration Item Setting t PPTP Server Enable IP Pool Starting Address 10 IP Pool Ending Address 100 Authentication Protocol PAP CHAP MS CHAP MS CHAP v2 gt MPPE Eneryption Enable 40 bits v User Name Remote IP Remote Virtual IP Remote Call ID Actions No connection from remote G User Account List Add Delete ID User Name Password Enable Actions 1 PPTP Check the Enable box to activate PPTP client and server functions Client Server Choose Server or Client to configure corresponding role of PPTP VPN tunnels for the Business Security Gateway beneath the choosing screen AirLive AirMax4GW User s Manual 104 i 4 Web Management e L F LIve 4 2 3 3 2 PPTP Server Configuration The Business Security Gateway can be
71. N membership When the device receives a frame with a VLAN tag referred to as a tagged frame the device forwards the frame only to those ports that share the same VID 41 AirLive AirMax4GW User s Manual 4 Web Management m Air Live Configuration Help lt lt Previous Next gt Port1 Tag based VLAN Summary By default all the LAN ports and virtual APs belong to one VLAN group and this VLAN ID is forced to 1 but noted as None for avoiding misunderstanding It is a special Tag based VLAN group for the Intranet of device to operated there is no tag required in Intranet packets for this default VLAN group with that ID Also be noted there is only one Ethernet LAN port in the device If you want to configure your own tag based VLANs click on the Edit button on a new VLAN IDrow Tag based VLAN List Add lt lt Previous Next gt gt Tag based VLAN Summary VLAN IDs Port1 1 VLAN ID Specify a VLAN tag for this VLAN group The ports with the same VID are in the same VLAN group 2 Internet Specify whether this VLAN group can access Internet or not If it is checked all the packet will be un tagged before it is forward to Internet and all the packets from Internet will be tagged with the VLAN ID before it is forward to the destination belongs to this configuring VLAN group in the Intranet 3 Port 1 VAP 1 VAP 8 Specify whether they belong to the VLAN group or
72. Name When NT Domains Server one more parameter Workgroup When UAM Server following parameters must be provided Login URL Shared Secret NAS Gateway ID Location ID and Location Name Among them Location Name is optional 5 Server Check the Enable box to activate the external server object m oY I AirLive AirMax4GW User s Manual 148 4 Web Management Air Live 4 4 5 MMI 4 4 5 1 Web UI o Others Help Item Setting Administrator Time out 300 seconds 0 to disable Save Undo System Related Scheduling External Servers ami M N A z You can set Ul administration time out duration in this page If the value is 0 means the time out is unlimited 149 AirLive AirMax4GW User s Manual TN 5 Installing the AirMax4GW ir Liwe 5 Installing the AirMax4GW The specification of AirMax4GW is subject to change without notice Please use the information with caution 5 1 Features Cellular Gateway for outdoor LTE Fi Hotspot applications 1x embedded LTE module with dual SIM failover 1x10 100 1000 LAN PoE enabled port for local network connectivity 802 11n 2T2R with 10 dBi directional Antenna Fully protocol stack for both IPv4 and IPv6 VPN supported QoS and Bandwidth management SNMP Web and TR069 SMS for administrator to manage system 802 3at PoE Powered 5 2 Specifications MDM9225 3G 4G Chipset arg RT5592 WiFi
73. Network gt Static Routing Enable 2 Static Routing Rule List Add Delete ID Destination IP Subnet Mask Gateway Interface Metric Enable Actions NAT Bridging Routing Save Undo Client Server Proxy 4 1 6 1 Status Routing 2 Configuration Help Item Setting Static Routing Enable o Static Routing Rule List Add Delete ID Destination IP Subnet Mask Gateway interface Metric Enable Actions Save Undo For static routing you can specify up to 32 routing rules The routing rules allow you to determine which physical interface addresses are utilized for outgoing IP data grams You can enter the destination IP address Subnet Mask Gateway and Metric for each routing rule and then enable or disable the rule by checking or un checking the Enable checkbox Please click Add or Edit button to configure a static routing rule AirLive AirMax4GW User s Manual 66 LL 4 Web Management LE L NF LIve Static Routing Rule Configuration gt Destination IP 140 116 82 0 gt Subnet Mask 255 255 255 0 gt Gateway IP 192 168 121 253 gt Metric gt Rule I Enable 1 Destination IP Enter the subnet network of routed destination 2 Subnet Mask Input your subnet mask Subnet mask defines the range of IP address in destination network 3 Gateway The IP address of gateway that you want to route for t
74. O0GCSqGSIb3DOEBAQUAA4GNADCBiQKBgGDMEwWMo VgoESfWhrBFhbJw BbNDGycOCTjLMoa BAKEXOfXvDPOSPUAjUFVWShV4A JwlgqURBxP jZ fToF 4l sxUUsRdlPubVveWn3jxnT5BqMGmES5tkpcyAzmkhbza Y5SSwiFY xw 4 3 Application In this section you can finish the Mobile Application and Captive Portal settings For Mobile Application this device is equipped with a 3G 4G module as WAN interface and it also provide the SMS USSD Network Scan and Remote Management by SMS Besides it also serves as an Internet access gateway Any client host in the Intranet wants to surf the Internet the device will redirect the Internet surfing request to an external captive portal Web server for user authentication If the authentication is successful the requested client host will be allowed to access Internet by the device Mobile Applications Captive Portal Configuration Item Setting Physical Interface 3G 4G 1 v SMS vi SIM Status SIM A SMS Storage SIM Card Only v Q Alert Rule List Add Delete ID From Phone Number Alert Approach Destination Enable Actions SMS Summary New SMS SMS Inbox Item Setting Unread SMS 0 Received SMS 11 Remaining SMS 19 Save Refresh 4 3 1 Mobile Application 4 3 1 1 SMS AirLive AirMax4GW User s Manual 128 4 Web Management Air Live 2 Configuration Item Setting t Physical Interface 3G 4G 1 T SMS Storage SIM Card
75. ODDARBTUIUMRSwHdGYJKoZIhvc NAGKBF hBhbWil GQGFtaxQuY28tLnR3MBAXDTEOMTIWwNTAyND YxN10XDTIOMThwvMjAyND YXN10wczEL MAKGA1UEBhMCVF cxCzAJBgNVBAgMAIRXMOSswCQGYDVGOGOHDAJUTjENMAsGATUECqwE QU1JVDELMAKGA1 UECwwCUkKOxDTALBGNVBAMMBEFNSVOxHzAdBgkqhkiG9w0BCQEVY EGFtaxRAYV1 pdCSjb20udHewgZewDOyJKoZlhycNAQEBBOADGYOAMIGJAOGBAKSZ 5PmP2f3wUMSeJcLZ b1gqgdqm kGoF iy8cH7530I JTBIHs Y ScR OfQU 2q1VWO0Oz8 CRM kUdeSLuVeltLBhxgDEwRUDVBsyDTAX x1 3 085kS4a10zxonjmLHMD OT wR 4 2 6 1 2 Local Certificate List This feature can show the list of all certificates which contain information identifying the applicant Each certificate involves field of the certificate name subject issuer and valid to AirLive AirMax4GW User s Manual 122 Gamp 4 Web Management L E EK NF A E8W C You can generate one certificate by clicking on the Generate button o Local Certificate Configuration Item Satting Que e wu k Name sall signaed Key Key Type RSA vw Key Length 1024 bits v Country C State ST Lacation L PS Organization O Organization Unit OU Common Name cM E mail save Back 3 Name Enter the name of certificate 4 Key Key Type is RSA Key length The size of the private key in bits There are five key length can be selected 512 bits 65 bits 1024 bits 1536 bits 2048 bits 5 Subject Name The Subject Name include seven information Country C The two character country code of the certificate is located State ST
76. P Client The Business Security Gateway also can behave as a L2TP client except L2TP server and L2TP client tries to establish a L2TP tunnel to remote L2TP server All client hosts in the Intranet of Business Security Gateway can access LAN servers behind the L2TP server L2TP Client Configuration gt L2TP Client W Enable 4 2 3 4 6 L2TP Client List amp Status You can add new up to 22 different L2TP client tunnels by clicking on the Add button and modify each tunnel configuration by clicking on the corresponding Edit button at the end of each existed tunnel L2TP Client List amp Status Default L TP Client Name Virtual IP Remote IP Gateway Remote Tunnel Actions Subnet 1 Add You can add one new L2TP client tunnel by clicking on the Add button 2 Delete Delete selected tunnels by checking the Select box at the end of each tunnel list and then clicking on the Delete button 3 Tunnel Check the Enable box to activate the tunnel 4 Edit You can edit oneL2TPTP client tunnel configuration by clicking on the Edit button at the end of each tunnel list 111 AirLive AirMax4GW User s Manual i 4 Web Management LE L NF iIe 4 2 3 4 7 L2TP Client Configuration User Account Definition for Client HELP 1 ee 0 0 0 0 0 o 00 o Remote IP FQDN 192 168 12 108 t User Name i k Password Default Gateway Default Gateway t Connection Control Connect on demand Authenti
77. P server of the Business Security Gateway will be shown in this table PPTP Server Status it Gi 105 AirLive AirMax4GW User s Manual i 4 Web Management e L F LIve 1 Refresh To refresh the PPTP Server Status each 2 seconds by clicking on the Refresh button 2 Disconnect lIoterminate the connection between PPTP server and remote dialing in PPTP clients by clicking on the Disconnect button 4 2 3 3 4 User Account List You can input up to 10 different user accounts for dialing in PPTP server User Account List BETTE o o hh 8 50 6 eee t 0o s 1 Add You can add one new user account by clicking on the Add button 2 Delete Delete selected user accounts by checking the Select box at the end of each user account list and then clicking on the Delete button 3 Account Check the Enable box to validate the user account 4 Edit You can edit one user account configuration by clicking on the Edit button at the end of each user account list 4 2 3 3 5 User Account Configuration Add or edit one user account will activate the User Account Configuration screen User Account Configuration O m Pm UN 1 User Name Enter the user name of user account 2 Password Enter the password of user account 3 Account Check the Enable box to validate the user account 4 Save To save the user account configuration 4 2 3 3 6 PPTP Client The Business Secur
78. Pool Time Name DNS WINS WINS Gateway Enable Actions 182 168 123 100 DHCP 1 192 168 123 254 255 255 255 0 86400 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 d Edit 192 168 123 200 Fixed Mapping 4 1 7 2 2 DHCP Server Configuration DHCP Server Configuration DHCP Server Name DHCP 1 gt LAN IP Address 10 0 75 2 Subnet Mask 33 bad Starting Address 10 0 75 100 Ending Address 10 0 75 200 IP Pool gt Lease Time 86400 seconds Domain Name gt Primary DNS Secondary DNS gt Primary WINS Secondary WINS gt Gateway 1 DHCP Server Choose DHCP Server to Enable If you enable the DHCP server function this gateway will assign IP address to LAN computers or devices through DHCP protocol This device provides up to 4 DHCP servers to serve the DHCP requests from different VLANs 2 LAN IP Address Specify the local IP address of the enabled DHCP Server Its the LAN IP address of this gateway for DHCP 1 server Normally this IP address will be also the default gateway of local computers and devices 3 Subnet Mask Select the subnet mask for the specific DHCP n server Subnet Mask defines how many clients are allowed in one network or subnet The default subnet mask is 255 255 255 0 24 and it means maximum 254 IP addresses are allowed in this subnet However one of them is occupied by LAN IP address of this gateway
79. Pv6 VPN supported QoS and Bandwidth management SNMP Web and TR069 SMS for administrator to manage system 802 3at PoE Powered 1 6 Wireless Operation Modes The AirMax4GW can perform as a multi function wireless device Users can easily select which wireless mode they wish the AirMax4GW to perform The AirMax4GW can be configured to operate in the following wireless operation modes 1 6 1 WDS Bridge Mode This mode is also known as WDS Pure MAC mode When configured to operate in the Wireless Distribution System WDS Mode the AirMax4GW provides bridging functions with remote LAN networks in the WDS system The system will support up to total of 8 bridges in a WDS network by daisy chain However each bridge can only associate with maximum of 4 other bridges in the WDS configuration This mode is best used when you want to connect LAN networks together wirelessly for example between office and warehouse If you have more than 2 AP in WDS Bridges mode please remember to avoid duple connection to one device otherwise the network loop can be occurred This mode usually delivers faster performance than infrastructure mode 3 AirLive AirrMax4GW User s Manual 1 Introduction my Air Live WDS Bridge WDS Bridge g Office a Warehouse LAN LAN 1 6 2 AP Router Mode In AP Router Mode the AirMax4GW behaves like a wireless router Both the wireless and the PoE port of AirMax4GW becomes the LAN side and 3G 4G act
80. The central hub of a wireless LAN network Access Points have one or more Ethernet ports that can connect devices such as Internet connection for sharing Multi function Access Point can also function as an Ethernet client wireless bridge or repeat signals from other AP Access Points typically have more wireless functions comparing to wireless routers ACK Timeout Acknowledgement Timeout Windows When a packet is sent out from one wireless station to the other it will waits for an Acknowledgement frame from the remote station The station will only wait for a certain amount of time this time is called the ACK timeout If the ACK is NOT received within that timeout period then the packet will be re transmitted resulting in reduced throughput If the ACK setting is too high then throughput will be lost due to waiting for the Ack Window to timeout on lost packets If the ACK setting is too low then the ACK window will have expired and the returning packet will be dropped greatly lowering throughput By having the ability to adjust the ACK setting we can effectively optimize the throughput over long distance links This is especially true for 802 11a and 802 11g networks Setting the correct ACK timeout value need to consider 3 factors distance AP response time and interference The AirMax4GW provide ACK adjustment capability in form of either distance or direct input When you enter the distance parameter the AirMax4GW will automatically calculate
81. The default IP Address is 192 168 123 254 In the configuration section you may want to check the connection status of the device to do Basic or Advanced Network setup or to check the system status These task buttons can be easily found in the cover page of the UI User Interface 4 Windows Internet Explorer 192 168 123 254 Enter the default password airlive in the Password and then click Login button Password default airlive After logging in select your language from the Language list The user manual uses English for the illustration of all functions in the device Afterwards you can go Wizard Basic Network Advanced Network Applications or System respectively on left hand side of web page for device configuration 27 AirLive AirMax4GW User s Manual 4 Web Management Air Live www airlive com AirMax4GW 4G LTE Outdoor Gateway with WiFi English v Cogout Network Status itll LAN Client List Firewall Status WAN Interface IPv4 Network Status System Mgmt Status WAN ID Interface WAN Type IP Addr Subnet Mask Gateway DNS MAC Address Conn Status Actions j A 168 95 1 1 z WAN 1 3G 4G 3G 4G 100 77 219 61 255 255 255 252 100 77 219 62 168 95 192 1 N A Connected Edit WAN Interface IPv6 Network Status WAN ID Interface WAN Type Link Local IP Address Global IP Address Connection Status Actions WAN 1 Disable Edit
82. VWC WPA Select Encryption mode and enter RADIUS Server related information You have to specify the IP address and port number for the RADIUS Server and then fill in 64 hexadecimal 0 1 2 8 9 A B F digits or 8 to 63 ASCII characters as the shared key The key value is shared by the RADIUS server and this router This key value must be consistent with the key value in the RADIUS server The available encryption modes are TKIP AES or TKIP AES e WPA2 PSK Select Encryption mode and enter the Pre share Key You can fill in 64 hexadecimal 0 1 2 8 9 A B F digits or 8 to 63 ASCII characters as the pre share key The available encryption modes are TKIP AES or TKIP AES In this mode you don t need additional RADIUS server for user authentication e WPA2 Select Encryption mode and enter RADIUS Server related information You have to specify the IP address and port number for the RADIUS Server and then fill in 64 hexadecimal 0 1 2 8 9 A B F digits or 8 to 63 ASCII characters as the shared key The key value is shared by the RADIUS server and this router This key value must be consistent with the key value in the RADIUS server The available encryption modes are TKIP AES or TKIP AES WPA PSK WPA2 PSK If some of wireless clients can only support WPA PSK but most of them can support WPA2 PSK You can choose this option to support both of them Select
83. WHEN UPGRADE IS PROCEEDING 3 Ping Test This allows you to specify an IP FQDN and the test interface so system will try to ping the specified device to test whether it is alive after clicking on the Ping button A test result window will appear beneath it There is a Close command button there can let the test result windows disappear 141 AirLive AirMax4GW User s Manual 4 Web Management gt Air Live Ping Test Results Ping Result Logs During Ping Test PING www google com tw 173 194 72 94 56 data bytes ytes from 173 194 72 94 icmp seq 0 tt1 48 time 53 5 ms 64 bytes from 173 194 72 94 icmp seq 1 tt1 48 time 288 9 ms 64 bytes from 173 194 72 94 icmp seq 2 ttl1 48 time 182 8 ms 64 bytes from 173 194 72 94 icmp seq 3 tt1 48 time 116 6 ms www google com tw ping statistics 4 packets transmitted 4 packets received 0 packet loss round trip min avg max 53 5 160 4 288 9 ms 4 Tracert Test Trace route command is a network diagnostic tool for displaying the route path and measuring transit delays of packets across an IP network Trace route proceeds unless all three sent packets are lost more than twice then the connection is lost and the route cannot be evaluated Ping on the other hand only computes the final round trip times from the destination point First you need to specify an IP FQDN the test interface and used protocol number Used protocol number is either UDP or ICMP a
84. WiFi settings on this gateway If its released to UNCONFIGURED the WPS connection will generate a new profile 3 Configuration Mode Select your Configuration Mode from Registrar or Enrollee In most cases for an AP router or AP it should be in Registrar mode so that other wireless clients in Enrollee mode can connect to the discovered Registrar Briefly speaking Enrollee is the initiator of WPS connection Registrar Mode Configuration Mode gt WPS Trigger WPS Trigger AirLive AirMax4GW User s Manual 94 i 4 Web Management LE L AN LIve Enrollee Mode Configuration Mode Enrollee gt AP PIN Code amp New Generate 00020329 NewGenerate 4 WPS Trigger Registrar Mode Press this button to simulate you have push WPS button and let wireless clients to connect to this gateway in WPS PBC mode 5 Allowed STA PIN Code Registrar Mode Fill the PIN code of device so all SIA clients can operate the WPS process to the device with the certificated code 6 APPIN Code amp New Generate Enrollee Mode This PIN number is required for WiFi client during WPS connection You can press New Generate to get anew AP PIN 7 WPS status According to your setting and activity the status will show IDLE STARTPROCESS or NOT USED The status is IDLE by default If you want to start a WPS connection you need to push Trigger button to change its st
85. able WiFi Operation Mode APRouerMode Y 000 Green AP Enabla Multiple AP Names VAP1 Wi Enable Max STA Enable Time Schedule 0 Always T t Network ID SSID amp Broadcast live 3 1 Brmadeastg Enebe 0 WLAN Partition LJ Enable Channel Auto T b WiFi System B241bgn Mxed Authentication WPA PSK WPA2 PSK Encryption Ee Preshare Key E 1234567890 1 Wireless Module Enable the wireless function 2 Wireless Operation Mode Choose AP Router Mode from the drop list 3 Green AP Enable the Green AP function to reduce the power consumption when there is no wireless traffic By default it isdisabled 4 Multiple AP Names This device supports up to 8 SSIDs for you to manage your wireless network You can select VAP 1 VAP 8 and configure each wireless network if it is required 5 Time Schedule The wireless radio can be turn on according to the schedule rule you specified By default the wireless radio is always turned on when the wireless module is enabled If you want to add a new schedule rule please go to System Scheduling menu 6 Network ID SSID Network ID is used for identifying the Wireless LAN WLAN Client stations can roam freely over this device and other Access Points that have the same Network ID The factory default setting is default 7 SSID Broadcast The router will broadcast beacons that have some information including SSID so that wireless cl
86. an authentication response from the AP router WiFi gateway containing a success or failure message An example of when a failure may occur is if the client s MAC address is explicitly excluded in the AP router configuration In this mode you can enable 802 1x feature if you have another RADIUS server for user authentication You need to input IP address port and shared key of RADIUS server here 902 tx 1 Enable RADIUS Server IP 0 0 0 0 RADIUS Server RADIUS Server Port 1812 RADIUS SharedKey 1S In this mode you can only choose None or WEP in the encryption field e Shared Shared key authentication relies on the fact that both stations taking part in the authentication process have the same shared key or passphrase The shared key is manually set on both the client station and the AP router Three types of shared key authentication are available today for home or small office WLAN environments e Auto The gateway will select appropriate authentication method according to WiFi client s request automatically e WPA PSK Select Encryption mode and enter the Pre share Key You can fill in 64 hexadecimal 0 1 2 8 9 A B F digits or 8 to 63 ASCII characters as the pre share key The available encryption modes are TKIP AES or TKIP AES In this mode you don t need additional RADIUS server for user authentication AirLive AirMax4GW User s Manual 46 TN 4 Web Management o L E BN 1
87. ary link partitioning are eventually discovered by reception of their periodic unsolicited advertisements 4 1 5 NAT Bridging This part includes NAT related settings such as NAT loopback Virtual Server Virtual Computer Special AP ALG and DMZ o NAT Loopback Help Item Setting NAT Loopback Enable DT NU E P Save Undo 4 1 5 1 Configuration NAT Loopback Help t NAT Loopback Enable 1 NAT Loopback Allow you to access the WAN IP address from inside your local network This is useful when you run a server inside your network For example if you set a mail server at LAN side your local devices can access this mail server through gateways WAN IP address You don t need to AirLive AirMax4GW User s Manual 62 i 4 Web Management F LIve change IP address of mail server no matter you are at local side or go out This is useful when you run a server inside your network 4 1 5 2 Virtual Server amp Virtual Computer 4 1 5 2 1 Virtual Server Virtual Server List Delete Lr Public Port Server IP Private Port Time Schedule Enable This gateway s NAT firewall filters out unrecognized packets to protect your Intranet so all hosts behind this device are invisible to the outside world If you wish you can make some of them accessible by enabling the Virtual Server Mapping Press Add button to add new rule for Virtual Server A virtual server is defined
88. ask IPv6 Link Local Address IPv6 Global Address Actions 192 168 123 254 255 255 255 0 64 Edit IPv4 Edit IPv6 3 4 1 Networks Status In Network Status page you can review lots information of network status including a connection diagram WAN IPv4 status WAN IPv6 status LAN status and 3G 4G modem status You can also check the device time at the bottom of this page nnection Diagram m 3G 4G 1 3G 4G Icon Indicates if 3G 4G and USB 3G 4G WAN connections are established or not 19 AirLive AirMaxaGW User s Manual T 3 5 3 Configuring the AirMax4GW E L n Air IWC 2 Wired Client Icon Indicates how many Ethernet clients are connected now 3 WiFi Client Icon Indicates how many WiFi clients are connected now WAN Interface IPv4 Network Display WAN type IPv4 information MAC information and connection status of multiple WAN interfaces in IPv4 networking Press Edit button if you want to change settings WAN Interface IPv4 Network Status 0 0 0 0 WAN 1 3G 4G 3G 4G 0 0 0 0 0 0 0 0 0 0 0 0 ne WAN Interface IPv6 Network Status Display WAN type IPv6 information and connection status of multiple WAN interfaces in IPv6 networking Press Edit button if you wantto change settings LAN Interface Status Display IPv4 and IPv6 information of local network Press Edit button if you want to changesettings LAN Interface Status IPv4 Address IPv4 Subnet Mask IPv6 Link Local Add
89. ated antenna has forward coverage angle of 20 degree in vertical and 30 degree in horizontal direction B The AirMax4GW is a 2 4GHz CPE device only it cannot operate in 5GHz 2 2 Package Content The AirMax4GW package contains the following items m One AirMax4GW main unit m Users Guide CD m Quick Start Guide Mounting Kit CD QIG The PoE Ethernet cable and PoE injector is not included in the package You may choose an 802 3at PoE Injector such as PoE 48PB v2 or 802 3 at PoE switch 2 3 Knowing your AirMax4GW Below are descriptions and diagrams of the product AirLive AirMax4GW User s Manual 6 TN 2 Installing the AirMax4GW Air Live rai iIe Front LED Indicators SMA SIMA Slot SIMB Slot connector for cellular antenna Ai F L iro SMA connector for cellular antenna Reset Button Auto MDI MDIX RJ45 Port POE Input 1x LAN to connect local devices LED Behavior LED Icon Description AirMax4GW register on LTE Network Cellular AirMax4GW register on 3G Network Status AirMax4GW does not register on cellular network ireless Radio ON ireless Radio Off w ata is transmitting or receiving on the wireless O evice is power on ON WLAN 2 Off Green Off Flashing N ff gt O evice is power on 7 AirLive AirMax4GW User s Manual CP 2 Installing the AirMax4GW Air Live NF LIve Back Wall Mounting Kit Screw brass for optional pole mounting kit
90. ation will be referred in QoS function to manage the traffic load for each kind of services 4 VLAN Tagging If your ISP required a VLAN tag to be inserted into the WAN packets you can enable this setting and enter the specified tag value Afterwards click on Save to store your settings or click Undo to give up the changes 4 1 1 2 Internet Setup There is only 3G 4G physical WAN interface in the device that you can configure it to get proper Internet connection setup It supports only one WAN type to connect to Internet 3G 4G For 3G 4G WAN type the ISP is a mobile operator that can provide AirLive AirMax4GW User s Manual 30 lt Ty 4 Web Management e L eo F LIve LTE HSPA HSPA WCDMA EDGE GPRS data services And the device attached with two SIM cards can supports Dual SIM failover mechanism for uninterrupted Internet connection Hereafter are some details of 3G 4G WAN type configuration 3G 4G If you have subscribed 3G LTE data services from mobile operators This gateway can support LTE 3G 2G depends on respective specifications However if your 3G data plan is not with a flat rate it s recommended to set Connection Control mode to Connect on demand or Manually a Internet Connection List Interface Name Physical Interface Operation Mode WAN Type Action WAN 1 3G 4G 4 1 1 2 1 3G 4G WAN 3G AG Click on the Edit button for the 3G 4G WAN interface and you can get the detail WAN sett
91. atus PPTP Server Status Display the usage status of all activated accounts of PP TP server PPTP Server Status PPTPClientStatus Display the tunnel status of all activated PPTP clients PPTP Client Status PPTP Client Name Virtual IP Remote IP FQDN Default Gateway Remote Subnet Status L2TP Server Status Display the usage status of all activated accounts of L2 1P server L2TP Server Status Edit L2TP Client Status Display the tunnel status of all activated L2TP clients L2TP Client Status L TP Client Name Virtual IP Remote IP FQDN Default Gateway Remote Subnet Status O 3 4 6 System Management Status In System Management Status page you can review lots information of SNMP and TR 069 status SNMP Linking Status Display information of SNMP linking SNMP Linking Status 25 AirLive AirMax4GW User s Manual T 3 5 3 Configuring the AirMax4GW Air Liwe EF A EWC NMP Trap Information Display information of SNMP traps SNMP Trap Information TH Display link status of TR 069 AirLive AirMax4GW User s Manual 26 i 4 Web Management LE L AN LIve Web Management In this chapter we will explain about Airmax4GW settings in web management interface Please be sure to read through Chapter 3 first Whenever you want to configure your network or this device you can access the Configuration Menu by opening the web browser and typing in the IP Address of the device
92. atus to STARTPROCESS Only one wireless client is allowed for each WPS connection If you want to start a WPS connection you can click on the Trigger button of this device to change the WPS status to STARTPROCESS and then initiate the WPS process on other wireless client devices in two minutes to make the client device connected to the activated WLAN 4 1 3 2 Wireless Client List In Wireless Client List page the list of connected wireless clients will be shown consequently You can choose to see All of connected wireless clients or you can indicate which virtual AP SSID you want to browse You can check wireless clients of VAP 1 VAP 8 individually 55 AirLive AirMax4GW User s Manual 4 Web Management Air Live Configuration Wireless Client List Advanced Configuration Target WiFi Help Operation Band t Multiple AP Names Client List Refresh 4 1 3 3 Advance Configuration This device provides advanced wireless configuration for professional user to optimize the wireless performance under the specific installation environment Configuration Wireless Client List Advanced Configuration Target WiFi Help o m o k Operation Band 246 Advanced Configuration a t Short Gl k TX Rate RF Bandwidth t Transmit Power 1 Operation Band Select the WiFi operation band that you want to configure But the device supports only 2 4G single WiFi band 2 R
93. b Management 4 4 3 2 2 Host Group Configuration Host Group Configuration Item Setting gt Group Name B gt Member List 192 168 75 10 9 192 168 75 11 192 168 75 13 gt Multiple Bound Services Firewall v QoS gt Member to Join IP Address based 192 168 75 13 gt Group W Enable 1 2 4 4 3 3 4 4 3 3 1 Group Name Define the name of group Member List Show the list of members that have joined the group A delete button L is behind each member and can be used to remove the member from the group Multiple Bound Services The defined group object can be used in various applications like Firewall or QoS amp BWM Member to Join Io define a member by using IP address or MAC address Choose IP Address based or MAC Address based first and then type specific value for the member Click on the Join button to join the member in the group Group Check the Enable box to activate the group definition File Extension Grouping File Extension Group List File Extension Group List can show the list of all file extension groups and their member lists and bound services in this window You can add one new grouping rule by clicking on the Add command button But also you can modify some existed file extension groups by clicking corresponding Edit command buttons at the end of each group record in the File Extension Group List Bes
94. cate List Import Delete jl r ID Name Subject Issuer Vaild To Action 4 2 6 2 1 Trusted CA Certification List The device can let you import the certificate of trusted external CA by clicking on the Import button Trusted CA Certificate List There are two approaches to import it One is from a file and another is copy paste the PEM codes in Web UI and then click on the Apply button AirLive AirMax4GW User s Manual 124 4 Web Management Air Live o Trusted CA Certificate Import from a File EK HET Apply Cancel e Trusted CA Certificate Import from a PEM Apply Cancel After successful importing the trusted external CA you also can delete it by checking the Select box and clicking on the Delete button Trusted CA Certificate List Import DECHENC EMEN NC NN C IL O StartCom C IL O StartCom Ltd OU Secure Digital Ltd OU Secure Digital ges STARTCOM cer Certificate Certificate um Signing CN StartCom Signing CN StartCom Certification Authority Certification Authority You can view its PEM codes by checking the View button Trusted CA Certificate List Import fe tne ae RN NNNM C IL O StartCom C IL O StartCom Ltd OU Secure Digital Ltd OU Secure Digital mo STARTCOM cer Certificate Certificate J Select Signing CN StartCom Signing CN StartCom Certification Authority Certification Authority You can download the trusted CAfile by clicking on the Dow
95. cation Protocol PAP V CHAP F MS CHAP Vl MS CHAP v2 MPPE Encryption E Enable NAT before Tunneling NAT Auto ki LCP Echo Type Interval 30 seconds Max Failure Time 1 L2TP Client Name The name of thistunnel 2 Operation Mode Default is Always on and other options depend on product models Peer IP Domain The IP address or Domain name of remote L2TP server User Name The user name which can be validated by remote L2TP server Password The password which can be validated by remote L2TP server gt OF o3 amp Default Gateway Peer Subnet You can choose Default Gateway option or Peer Subnet option here When Default Gateway is chosen all traffic from Intranet of Business Security Gateway goes over this L2TP tunnel if these packets don t match the Peer Subnet of other L2TP tunnels There is only one L2TP tunnel to own the Default Gateway property However when Peer Subnet is chosen peer subnet parameter needs to be filled and it should be the LAN subnet of remote L2TP server If an Intranet packet wants to go to this peer subnet the L2TP tunnel will be established automatically 7 Connection Control There are three connection control options for users to choose when the L2TP tunnel is established You can choose Connect on Demand Auto Reconnect always on or Manually By default it is Auto Reconnect always on AirLive AirMax4GW User s Manual 112 TN
96. crease in the maximum data rate from 54 Mbps to 600 Mbps 802 11n standardized support for multiple input multiple output MIMO and frame aggregation and security improvements 802 1Q Tag VLAN In 802 1Q VLAN the VLAN information is written into the Ethernet packet itself Each packet carries a VLAN ID called Tag as it traveled across the network Therefore the VLAN configuration can be configured across multiple switches In 802 1Q spec possible 4096 VLAN ID can be created Although for some devices they can only view in frames of 256 ID at a time AirLive AirMax4GW User s Manual 154 TN 6 Wireless Network Glossary L E amp BN A EW C 802 1x 802 1x is a security standard for wired and wireless LANs In the 802 1x parlance there are usually supplicants client authenticator switch or AP and authentication server radius server in the network When a supplicants request a service the authenticator will pass the request and wait for the authentication server to grant access and register accounting The 802 1x is the most widely used method of authentication by WISP Adhoc A Peer to Peer wireless network An Adhoc wireless network do not use wireless AP or router as the central hub of the network Instead wireless client are connected directly to each other The disadvantage of Adhoc network is the lack of wired interface to Internet connections It is not recommended for network more than 2 nodes Access Point AP
97. cs Air Liwe Powered by OvisLink Corp AirMax4GW 4G LTE Outdoor CPE with WiFi User s Manual j WWW airlive com vy 9 Copyright and Disclaimer L NF Ive gt Air Live Powered by OvisLink Corp Version 1 0 This guide is written for firmware version 1 0 or later Copyright amp Disclaimer No part of this publication may be reproduced in any form or by any means whether electronic mechanical photocopying or recording without the written consent of OvisLink Corp OvisLink Corp has made the best effort to ensure the accuracy of the information in this user s guide However we are not liable for the inaccuracies or errors in this guide Please use with caution All information is subject to change without notice This product requires professional installation Please do not attempt to install the device without the necessary knowledge in regards to your country s wireless regulations Functions and features in your product s firmware might be different due to regulations in your country AirLive AirMax4GW User s Manual N Table of Contents o L e NF LIve Table of Contents DM MPO CUI UI ica E EE TETTE EE 1 TA UIS 1 1 2 Opca IN OUGC Caceres e m 2 1 3 How to Use This Guide eene 2 1 4 Firmware Upgrade and Tech Support ccceeeeeeeeeeeeeeeeeeeeeeeeaeeeees 2 T UOS ene nan een A IM EMEND I M OL MEL AD EUR CE 3 1 6 Wireless Operation MOS
98. d The last part is now you prioritize Once you get this information you can continue to learn more details in this section Flexible QoS Rule Definition e Multiple Group Categories gt Specify the group category in a QoS rule for the target objects that rule to be applied on QGroup Category can bases on VLAN ID MAC Address IP Address Host Name or Packet Length Category depends on model e Differentiated Services gt Specify the service type in a QoS rule for the target packets that rule to be applied on Differentiated services can be base on 802 1p DSCP TOS VLAN ID User defined Services and Well known Services Well known services include FTP 21 SSH TCP 22 Telnet 23 SMTP 25 DNS 53 TFTP UDP 69 HTTP TCP 80 POP3 110 Auth 113 SFTP TCP 115 SNMP amp Traps UDP 161 162 LDAP TCP 389 HTTPS TCP 443 SMTPs TCP 465 ISAKMP 500 RTSP TCP 554 POP3s TCP 995 NetMeeting 1720 L2TP UDP 1701 and PPTP TCP 1723 e Available Control Functions There are 4 resources can be applied in a QoS rule bandwidth connection sessions priority queues and DiffServ Code Point DSCP Control function that acts on target objects for specific services of packet flow is based on these resources For bandwidth resource control functions include guaranteeing bandwidth and limiting bandwidth For priority queue resource control function is setting priority For DSCP resource control function is DSCP
99. d command reboot to restart router All management commands are not case sensitive Notification in Notification Settings gt WAN Link Down Enable Disable WAN Link Up e Enable Disable Secondary WAN Link is Up e Enable Disable Secondary WAN Link is Down Enable Disable 1 WAN Link Down Enable it and this gateway will send a message to users if primary WAN connection is dropped 2 WAN Link Up Enable it and this gateway will send a message to users if WAN connection is established This message will also include WAN IP address 135 AirLive AirMax4GW User s Manual Em Air Live 4 Web Management 3 Secondary WAN is Up Enable it and this gateway will send a message to users if secondary WAN is connected This message will also include WAN IP address 4 Secondary WAN is Down Enable it and this gateway will send a message to users if secondary WAN is disconnected Access Control List Access Control List gt Access Control e Enable C Disable gt Phone 1 09376000 gt Phone 2 091 16 000x Management Yj Notification Management Yj Notification gt Phone 3 _ Management Notification gt Phone 4 Management Notification gt Phone 5 C Management Notification 1 Access Control Users can decide which phone number can send commands to
100. do to give up the changes 4 2 1 4 Web Content Filters Web Content Filters can block HTML requests with the specific extension file name like exe bat applications mpeg video and block HTML requests with some script types like Java Applet Java Scripts cookies and Active X AirLive AirMax4GW User s Manual 80 4 Web Management Configuration Help Item Setting Web Content Filters Enable Popular File Extension List Cookie Java ActiveX Log Alert Enable Web Content Filter List Add Delete ID Rule Name User defined File Extension List Time Schedule Enable Actions save Undo 4 2 1 4 1 Configuration Configuration Web Content Filters J Enable gt Popular File Extension List vj Cookie V Java V ActiveX b Erat 1 Web Content Filters Check the Enable box if you want to enable Web Content Filters function 2 Popular File Extension List Check which extension types Cookie Java ActiveX are to be blocked 3 Log Alert Enable the log alerting so that system will record Web content fillering events when filtering rules are fired 4 2 1 4 2 Web Content Filter Rule List It is a list of all Web Content Filter rules You can add one new rule by clicking on the Add command button But also you can modify some existed Web Content Filter rules by clicking corresponding Edit command buttons at the end of each filtering rule in the Web Content Filter List B
101. e 0 Always gt Rule v Enable Interface Select WAN 1 Group Select IP and enter IP range 10 0 75 16 28 Service Select ALL Resource Select Connection Sessions AirLive AirMax4GW User s Manual 94 TL 4 Web Management ir Live NF A E8W C Control Function Select Set Session Limitation and set session number to 20000 QoS Direction Select Outbound for outbound traffic only It is for the client devices under the gateway to establish multiple sessions with servers in the Internet Sharing Method Select Group Control Schedule Leave the default value of 0 Always as it is This rule defines that all client hosts whose IP address is in the range of 10 0 75 16 31 can access to the Internet and keep a maximum 20000 connection sessions totally at any time 4 2 3 VPN Setup A virtual private network VPN extends a private network across a public network such as the Internet It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network while benefitting from the functionality security and management policies of the private network This is done by establishing a virtual point to point connection through the use of dedicated connections encryption or a combination of the two The tunnel technology supports data confidentiality data origin authentication and da
102. e can send SNMP Trap message to the management PCs consequently 7 WAN Access IP Address The IP address of remote control site to manage the device by using SNMP protocol A User Privacy table is used for only SNMP v3 It defines the user list and their privacy and authority settings User Privacy Definition User Name t Authentication Encryption PrwacyKey Enable Actions e Read mm User1 Password MD5 v DES w authNoPriv w zs Read Write Use2 Passwoa2 Mbps v DES v aunPriv vw 1234567890 Q Read e Read Write AirLive AirMax4GW User s Manual 118 i 4 Web Management LE L AN LIve 1 User Name Input the name for a user 2 Password amp Authentication Input the password for a user and choose the hashing algorithm for authentication However they will not be necessary when you choose the privacy mode to be noAuthPriv for the user account 3 Privacy Mode Choose the privacy mode for the specific user There are three options noAuthNoPriv authNoPriv and authPriv 4 Privacy Key amp Encryption Input the privacy key for a user and choose the encryption algorithm for security 5 Authority Specify the Read or Write authority for the user account 6 Enable To activate the user account by checking the Enable box Afterwards click on Save to store your settings or click Undo to give up the changes 4 2 5 3 Telnet CLI A command line interface
103. e password to establish GRE tunnel with remote host 6 TTL Time To Live for packets The value is within 1 to 255 If a packet passes number of TTL routers and still can t reach the destination then this packet will be dropped 7 Default Gateway Peer Subnet You can choose Default Gateway option or Peer Subnet option here When Default Gateway is chosen all traffic from Intranet of Business Security Gateway goes over this GRE tunnel if these packets don t match the Peer Subnet of other GRE tunnels There is only one GRE tunnel to own the Default Gateway property However when Peer Subnet is chosen peer subnet parameter needs to be filled and it should be the LAN subnet of remote GRE server If an Intranet packet wants to go to this peer subnet the GRE tunnel will be established automatically AirLive AirMax4GW User s Manual 114 eee D 4 Web Management e L e EF WC 4 2 4 Redundancy 4 2 4 4 VRRP The Virtual Router Redundancy Protocol VRRP is a computer networking protocol providing device redundancy It allows a backup router or switch to automatically take over if the primary master router or switch fails This increases the availability and reliability of routing paths via automatic default gateway selections on an IP network Internet Access Q 211334142 7 11818 811 33 Master 192 168 12 254 aa Slave 197 168 127 753 VRRP Setting VRRP Setting Virtual Server ID 1 Virtual
104. e your settings or click Undo to give up the changes 4 2 1 5 MAC Control MAC Control allows you to assign different access right for different users based on device s MAC address Configuration Help Item Setting MAC Control Enable Black List White List Allow all to pass except those match the following rules Log Alert Enable Known MAC from LAN PC List select one Y Copy to MAC Control Rule List Add Delete 1D Rule Name MAC Address Time Schedule Enable Actions Save Undo 4 2 1 5 1 Configuration Configuration MAC Control Enable Black List White List Allow all to pass except those match the following rules Vv ia Enatio Known MAC fom LAN PC Lis AirLive AirMax4GW User s Manual 82 i 4 Web Management L e NF LIve 1 MAC Control Check the Enable box to activate the MAC Control function All of the settings in this page will take effect only when Enable is checked 2 Black List White List Select one of the two filtering policies for the defined rules Black List Allow all to pass except those match the specified rules White List Deny all to pass except those match the specified rules 3 Log Alert Enable the log alerting so that system will record MAC control events when control rules are fired 4 Known MAC from LAN PC List You can see all of connected clients from this list and copy their MAC address
105. ed in IPSec tunneling for user authentication AirLive AirMax4GW User s Manual 120 4 Web Management Air Live l Root CA Generate ID Name Subject Issuer Vaild To Action o Local Certificate List Generate Import Delete Issuer Vaild To Action ID Name Subject 4 2 6 1 My Certificate My Certificates include Root CA and Local Certificate List Root CAis the top most certificate of the tree the private key of which is used to sign other certificates Local Certificate is generated in this router it can be self signed by its Root CAor just generate a Certificate Signing Request CSR which can be signed by another external Root CA Root CA Generate 1D Name Subject Issuer Vaild To Action 2 Local Certificate List Generate Import Delete ID Name Subject Issuer Vaild To Action 4 2 6 1 1 Root CA The device can serves as the Root CA Root CA can sign local certificate when generate by selected self signed or the Certificate Signing Request CSR XT osea You can generate it by clicking on the Generate button Local Certificate Configuration Item Setting k Nama self signed Key Key Type RSA Key Length 1024 bits v Country State ST LocationiL Subject Name Organization O Organization Unit OU Common Namea CN E mail Save Back 121 AirLive AirMax4GW User s Manual i 4
106. egment with VLAN ID 4 The VLAN group includes Port 4 and VAP 8 SSID Guest with NAT mode and DHCP 3 server equipped He also configure Lab amp Servers segment with VLAN ID 3 The VLAN group includes Port 3 with NAT mode and DHCP 2 server equipped However he configure Office segment with VLAN ID 2 The VLAN group includes Port 2 and VAP 1 SSID Staff with NAT mode and DHCP 1 server equipped At last administrator also configure VoIP amp IPTV segment with VLAN ID 11 The VLAN group includes Port 1 with bridge mode to WAN interface as shown at following diagram Above is the general case for 4 Ethernet LAN ports in the gateway But the device has only one Ethernet LAN port So there is only one VLAN group in the device But it also supports two different kinds of application for the Port based VLAN tagging NAT or Bridge e Tag based VLAN Tagging for Location free Departments Tag based VLAN function can group Ethernet port Port 1 and WiFi Virtual Access Points VAP 1 VAP 8 together with different VLAN tags for deploying department subnets in Intranet All packet flows can carry with different VLAN tags even at the same physical Ethernet port for Intranet These flows can be directed to different destination because they have differentiated tags The approach is very useful to group some hosts in different geographic location to be asame department Tag based VLAN is also called a VLAN Trunk The VLAN Trunk collects all packet flows
107. egulatory Domain Indicate number of WiFi channel It depends on regional government regulations AirLive AirMax4GW User s Manual 96 TM 4 Web Management L E EK F EA EWC 3 Beacon interval Beacons are broadcast packets that are sent by a wireless AP router The main purpose of beacon packet is let wireless clients know this AP SSID when doing wireless network scan 4 DTIM interval A DTIM is a countdown informing clients of the next window for listening to broadcast and multicast messages When the wireless router has buffered broadcast or multicast messages for associated clients it sends the next DTIM with a DTIM Interval value 5 RTS Threshold lf an excessive number of wireless packet collision occurred the wireless performance will be affected It can be improved by adjusting the RTS CTS Request to Send Clear to Send threshold value 6 Fragmentation Wireless frames can be divided into smaller units fragments to improve performance in the presence of HF interference and at the limits of RF coverage 7 WMM Capable WMM can help control latency and jitter when transmitting multimedia content over a wireless connection 8 Short Gl Time setting of Guard Interval between two Wi Fi packets Decrease this time interval will increase Wi Fi data throughput But it may cause some side effects when the quality of Wi Fi signal is not good 800ns is the standard time setting of Gl 9 TX Rate For WiFi transmit rate you can c
108. eless encryption schemes are WEP WPA and WPA2 ESSID SSID The identification name of an 802 11 wireless network Since wireless network has no physical boundary liked wired Ethernet network wireless LAN needs an identifier to distinguish one network from the other Wireless clients must know the SSID in order to associate with a WLAN network Hide SSID feature disable SSID broadcast so users must know the correct SSID in order to join a wireless network Firewall A system that secures a network and prevents access by unauthorized users Firewalls can be software router or gateway Firewalls can prevent unrestricted access into a network as well as restricting data from flowing out of a network Firmware The program that runs inside embedded device such as router or AP Many network devices are firmware upgradeable through web interface or utility program FTP File Transfer Protocol A standard protocol for sending files between computers over a TCP IP network and the Internet Fragment Threshold Frame Size larger than this will be divided into smaller fragment If there are interferences in your area lower this value can improve the performance If there are not keep this parameter at higher value The default size is 2346 You can try 1500 1000 or 500 when there are interference around your network Full Duplex The ability of a networking device to receive and transmit data simultaneously In wireless environment this is
109. em Management This device supports many system management protocols such as TR 069 SNMP Telnet with CLI and UPnP You can finish those configurations in this sub section TRO PSNMP P TehetwihCLi UPnP Configuration Hep 9 Item Setting gt TR 069 l E Enable E Interface WAN 1 v ACS URL ACS UserName ACS Password QoS amp BWM dae a otii ConnectionRequest Port 8099 ConnectionRequest UserName Redundancy ConnectionRequest Password System Management Inform Enable Interval 900 Certificate Save Undo 4 2 5 1 TR 069 TR 069 Technical Report 069 is a Broadband Forum technical specification entitled CPE WAN Management Protocol CWMP It defines an application layer protocol for remote management of end user devices like this gateway device As a bidirectional SOAP HTTP based protocol it provides the communication between customer premises equipment CPE and Auto Configuration Servers ACS The oecurity Gateway is such CPE TRA SNMP Teinetwith Cli RUPRP Tt Item Setting a TR 069 mM ed Enable gt Interface wan e _ ACS URL ACS UserName ACS Password QoS amp BWM ConnectionRequest Port 8099 hilt ConnectionRequest UserName ME Redundancy ConnectionRequest Password 93 ystem Management Inform Enable Interval 900 Certificate Save Undo AirLive AirMax4GW User s Manua
110. encryption You also need to create a set of username and password for PPTP clients In this wizard you only create one user account If you want to create more user accounts please go to Advanced Network VPN PPTP to add more users Press Next to continue Step 3 3 L2TP If choosing L2TP there are two options of mode can be chosen Choose Client if you want this device to connect to another L2TP server Or choose Server if you want other L2TP clients to connect to it Press Next to continue If choosing L2TP Client please input tunnel name IP FQDN of LOTP server user name amp password choose authentication protocol and MPPE encryption option Please make sure these settings are accepted by remote L2TP server Otherwise L2TP server will reject the connection 17 AirLive AirMax4GW User s Manual 3 Configuring the AirMax4GW LZ Air Live Press Next to continue If choosing L2TP Server please choose options of authentication protocol and key length of MPPE encryption You also need to create a set of username and password for L2TP clients In this wizard you can only create one user account lf you want to create more user accounts please go to Advanced Network VPN L2TP to add moreusers Press Next to continue Step 3 4 GRE If choosing GRE please input tunnel name IP address of remote GHE peer Key ID and choose default gateway remote subnet Please make sure these
111. er Proxy WAN Physical Interface Support Ethernet 3G 4G USB 3G 4G or ADSL physical interfaces What kinds of WAN interfaces in the device depend on models Internet Setup There are variety of WAN types can be chosen for internet connection When Ethernet physical interface the WAN types include Static IP Dynamic IP PPPoE PPTP and L2TP When 3G 4G or USB 3G 4G physical interface there is only one WAN type 3G 4G When ADSL physical interface the WAN types include Ethernet over ATM with NAT IP over ATM PPPoE ADSL PPP over ATM and RFC 1483 Bridged Load Balance This device supports multi WAN load balance function and more than one WAN interface can access to Internet at the same time The load balance function can help you to manage the outbound traffics and to maximize the utilization of available bandwidth You can choose either one load balance strategy for operation By Smart Weight By Specific Weight and By User Policy LAN amp VLAN Ethernet LAN Configurations of Ethernet LAN for the Intranet of device It includes the IP address of Ethernet LAN interface and its subnet mask They both define the subnet of Intranet Besides the LAN IP address is the address of web GUI VLAN The VLAN function allows you to divide local network into different virtual LAN The device supports both VLAN tagging Port based VLAN and Tag based VLAN WiFi The feature depends on product model 2 4G Configuration If
112. er List caption Packet Filter List ID Rule Name Boal WU M Source IP Destination IP Protocol Time Schedule Actions 1 Block 75 2 Telnet Any Any 10 0 75 2 0 0 0 0 23 23 TCP 0 Always O elec 4 2 1 2 3 Packet Filter Rule Configuration It supports the adding of one new rule or the editing of one existed rule There are some parameters need to be specified in one packet filter rule They are Rule Name From Interface To Interface Source IP Destination IP Destination Port Protocol Time Schedule and finally the rule enable AirLive AirMax4GW User s Manual 76 i 4 Web Management e L e NF Iive Packet Filter Rule Configuration gt Rule Name Block 75 2 Telnet gt From Interface gt To Interface gt Source IP Specific IP Address 10 0 75 2 gt Destination IP Specific IP Address w 0 0 0 0 gt Destination Port Well known Service TELNET TCP 23 Protocol TCP v gt Time Schedule 0 Always v gt Rule W Enable 1 Rule Name Ihe name of packet filter rule 2 From Interface Any interface or someone LAN interface or someone WAN interface 3 To Interface Any interface or someone LAN interface or someone WAN interface 4 Source IP Specify the Source IP address of packets that want to be filtered out in the packet filter rule You can define a single IP address 4 3 2 1 or a range of IP add
113. er 2 identification for Networking Devices Each Ethernet device has its own unique address The first 6 digits are unique for each manufacturer When a network device have MAC access control feature only the devices with the approved MAC address can connect with the network Mbps Megabits Per Second One million bits per second a unit of measurement for data transmission MESH Mesh is an outdoor wireless technology that uses Spanning Tree Protocol STP and Wireless Distribution system to achieve self forming self healing and self configuring outdoor network MESH network are able to take the shortest path to a destination that does not have to be in the line of site MIMO Multi In Multi Out A Smart Antenna technology designed to increase the coverage and performance of a WLAN network In a MIMO device 2 or more antennas are used to increase the receiver sensitivity and to focus available power at intended Rx AirLive AirMax4GW User s Manual 160 TN 6 Wireless Network Glossary L E amp BN IVC NAT Network Address Translation A network algorithm used by Routers to enables several PCs to share single IP address provided by the ISP The IP that a router gets from the ISP side is called Real IP the IP assigned to PC under the NAT environment is called Private IP Node A network connection end point typically a computer Packet A unit of data sent over a network Passphrase Used much like a password a passphrase sim
114. erver If an Intranet packet wants to go to this peer subnet the PPTP tunnel will be established automatically 7 Connection Control There are three connection control options for users to choose when the PPIP tunnel is established You can choose Connect on Demand Auto Reconnect always on or Manually By default it is Auto Reconnect always on 8 Authentication Protocol You can choose authentication protocol as PAP CHAP MS CHAP or MS CHAP v2 The protocol you choose must be supported by remote PPTP server 9 MPPE Encryption Check the Enable box to activate MPPE encryption Please note that MPPE needs to work with MS CHAP or MS CHAP v2 authentication methods 10 NAT before Tunneling Check the Enable box to let hosts in the Intranet of Business Security Gateway can go to access Internet via remote PPTP server By default it is enabled However if you want the remote PPTP Server to monitor the Intranet of local Business Security Gateway the option can t be enabled 11 LCP Echo Type Choose the way to do connection keep alive By default it is Auto option that means system will automatically decide the time interval between two LCP echo requests and the times that system can retry once system LCP echo fails You also can choose User defined option to define the time interval and the retry times by yourself The last option is Disable 12 Tunnel Check the Enable box to activate thetunnel
115. esides unnecessary rules can be removed by checking the Select box for those rules and then clicking on the Delete command button at the Web Content Filter List caption Content Filter List RuleName Name User defined File Extension List Time Schedule Actions execution files exe com 0 Always LER 4 2 1 4 3 Web Content Rule Configuration It supports the adding of one new rule or the editing of one existed rule There are some parameters need to be specified in one Web Content Filter rule They are Rule Name User defined File Extension List Time Schedule and finally the rule enable 81 AirLive AirMax4GW User s Manual 4 Web Management Air Live Web Content Filter Configuration Rule Name User defined File Extension List Use to Concatenate Time Schedule Enable execution files exe com Always Vv 1 Rule Name The name of Web Content Filter rule 2 User defined File Extension List You can enter up to 10 file extensions to be blocked in a rule by using to concatenate these file extensions 3 Schedule The rule can be turn on according to the schedule rule you specified and give user more flexibility on access control By default it is always turned on when the rule is enabled For more details please refer to the System Scheduling menu 4 Enable Check the box if you want to enable the rule Each rule can be enabled or disabled individually Afterwards click on Save to stor
116. figuring the phone on the network 3 Configuration Item Setting Physical Interface 3G 4G 1 v SIM Status SIM A USSD Profile List Add Delete ID Profile Name USSD Command Comments Actions USSD Request Send Clear Item Setting USSD Profile ae USSD Command Save Refresh USSD Configuration You can compose a USSD message and sends it to the service provider where itis received by a computer dedicated to USSD The answer from this computer is sent back to this device but it is usually with a very basic presentation Configuration Item Setting Physical Interface 3G AG 1 w SIM Status 1 Physical Interface Indicate which 3G LTE modem is used for USSD feature And SIM Status indicates which SIM card is used for USSD feature 131 AirLive AirMax4GW User s Manual 4 Web Management m Air Live USSD Profile List You can edit USSD profile for some common used command Press Add button to add new profile And select some existed profiles to delete by clicking on Delete button D Profil nfiquration USSD Profile Configuration E 1 1 Profile Name Indicate name of this profile 2 USSD Command Type USSD command of this profile 3 Comments Add comments for this profile Send USSD Command USSD Request Clear Item t USSD Profile t USSD Command You can select USSD command from existed profile or tyoe command manually Then press Send button to
117. goal of QoS amp BWM Quality of Service and Bandwidth Management is prioritizing incoming data and preventing data loss due to factors such as jitter delay and dropping Another important aspect of QoS is ensuring that prioritizing one data flow doesn t interfere with other data flows So QoS helps to prioritize data as it enters your router By attaching special identification marks or headers to incoming packets QoS determines which queue the packets enter based on priority This is useful when there are certain types of data you want to give higher priority to such as voice packets given higher priority than Web data packets To utilize your network throughput completely administrator must define bandwidth control rules carefully to balance the utilization of network bandwidth for all users to access It is indeed required that an access gateway satisfies the requirements of latency critical applications minimum access right guarantee fair bandwidth usage for same subscribed condition and flexible bandwidth management AirLive Security Gateway provides a Rule based QoS to carry out the requirements 97 AirLive AirMax4GW User s Manual 4 Web Management System Resource Configuration Help Item Setting Total Priority Queues of All WANs 6 gt WAN Interface WAN 1 v WAN Interface Resource il f Item Settin QoS amp BWM g Bandwidth of Upstream 150 Mbps Y Redundancy
118. hange Password You can change the System Password here We strongly recommend you to change the system password for security reason Click on Save to store your settings or click Undo to give up the changes AirLive AirMax4GW User s Manual 138 4 Web Management jg Change Password Help Item Setting SAS Pasaia New Password New Password Confinnation Save Undo 1 Old Password Input the old password of administrator 2 New Password Input the new password of administrator for future logging in Certainly once the password is changed successfully system will ask you login again with new password 3 New Password Confirmation Re type new password again here It must be the same as the one in New Password otherwise an error message will be shown out 4 4 1 2 System Information You can view the System Information in this page It includes the WAN Type Display Time and Modem Information But the modem information will be existed only at the models with embedded modems like ADSL modem and 3G LTE modem a EE 2 System Information Item Setting 3G 4G Thu 25 Jun 2015 05 26 38 0000 gt WAN Type Display Time Refresh 4 4 1 3 System Status You can view the System Logs in Web UI You also can send the logs to specific email accounts periodically or instantly by clicking on the Email Now command button o System Web Log View
119. have as a PPTP server and it allows remote hosts to access LAN servers behind the PPTP server The device can support four authentication methods PAP CHAP MS CHAP and MS CHAP v2 Users can also enable MPPE encryption when using MS CHAP or MS CHAP v2 PPTP Server Configuration e a RAISES gt PPTP Server Enable Server Virtual IP 182 188 0 1 Authentication Protocol PAP W CHAP V MS CHAP Vl MS CHAP v2 MPPE Encryption 1 PPTP Server Enable or disable PPTP serverfunction 2 Server Virtual IP It is the virtual IP address of PPTP server used in PPTP tunneling This IP address should be different from the gateway one and members of LAN subnet of Business Security Gateway 3 IP Pool Starting Address This device will assign an IP address for each remote PPTP client T his value indicates the beginning of IP pool 4 IP Pool Ending Address This device will assign an IP address for each remote PPTP client This value indicates the end of IP pool 5 Authentication Protocol You can choose authentication protocol as PAP CHAP MS CHAP or MS CHAP v2 6 MPPE Encryption Check the Enable box to activate MPPE encryption Please note that MPPE needs to work with MS CHAP or MS CHAP v2 authentication method In the meantime you also can choose encryption length of MPPE encryption 40 bits 56 bits or 128 bits 4 2 3 3 3 PPTP Server Status The user name and connection information for each connected PPTP client to the PPT
120. he AirMax4GW using your PC 3 3 Easy Setup by Web Interface The AirMax4GW can be configured using the web interfaces Web Management HTTP You can manage your AirMax4GW by simply typing its IP address in the web browser Most functions of AirMax4GW can be accessed by web management interface We recommend using this interface for initial configurations To begin simply enter AirMax4GW s IP address default is 192 168 123 254 on the web browser The default password is airlive 13 AirLive AirMax4GW User s Manual 3 Configuring the AirMax4GW Air Live wwwairilve com AirMax4GW 4G LTE Outdoor Gateway with WIFI gou Client a WAN Interface IPv Network Status WAN ID Interface WAN Type IP Addr Subnet Mask Gateway DNS MAC Address Conn Status Actions WAN 1 364G 3546 10077 215 51 288 285 258 242 100 77 215 52 rere N Connected Edit ca WAN Interface IPvG Network Status WAN ID Interface WAN Type Link Local IP Address Global IP Address Connection Status Actions WAN Diset Edit a LAM Interface Status IPod Address IPv4 Subnet Mask IPv Link Local Address IPv Global Address Actions 152 188 123 254 2EB 255 258 0 i Edit Pwd Edit IPvt L 3 3 1 Wizard Select Wizard for basic network setting and VPN settings in a simple way Or you can go to Basic Network Advanced Network Applications System to setup the configuration by own selection 3 3 1 1 Configure
121. he corporate network Walled Garden On the Internet a walled garden refers to a browsing environment that controls the information and Web sites the user is able to access This is a popular method used by ISPs in order to keep the user navigating only specific areas of the Web WAN Wide Area Network A communication system of connecting PCs and other computing devices across a large local regional national or international geographic area A WAN port on the network device means the port or wireless connection that is connected to the Internet side of the network topology WEP Wired Equivalent Privacy A wireless encryption protocol WEP is available in 40 bit 64 bit 108 bit 128 bit or 152 bit Atheros proprietary encryption modes Wi Fi Wireless Fidelity An interoperability certification for wireless local area network LAN products based on the IEEE 802 11 standards The governing body for Wi Fi is called Wi Fi Alliance also known as WECA WiMAX Worldwide Interoperability for Microwave Access A Wireless Metropolitan Network technology that complies with IEEE 802 16 and ETSI Hiperman standards The orginal 802 16 standard call for operating frequency of 10 to 66Ghz spectrum The 802 16a amendment extends the original standard into spectrum between 2 and 11 Ghz 802 16d increase data rates to between 40 and 70 Mbps s and add support for MIMO antennas QoS and multiple polling technologies 802 16e adds mobility features na
122. heck the Enable checkbox to enable this function d Set Date amp Time Manually Set the date and time for system by manual But Auto Synchronization must be unchecked beforehand to doit Above is the first way to setup system date and time That is it is the manual way The second way is Sync with Timer Server Based on your selection of time server in basic information configuration system will communicate with time server by NTP Protocol to get system date and time after you click on the button The last way is Sync with my PC Click on the button to let system synchronizes its date and time to the ones of the configuration PC 2 FW Upgrade If new firmware is available you can upgrade router firmware through the WEB GUI here After clicking on the FW Upgrade command button you need to specify the file name of new firmware by using Browse button and then click Upgrade button to start the FW upgrading process on this device If you want to upgrade a firmware which is from GPL policy please check Accept unofficial firmware m ll TT BUT ee LR SY STAM iMormauor 3j Firmware Upgrade Help Firmware Filename EAE rl Current firmware versionis 0LSD0 1001 06171730 Note Do not interrupt the process or power off the unit when it is being upgraded When the process is done successfully the unit will be restarted automatically Accept unofficial firmware Upgrade Cancel NOTE PLEASE DO NOT TURN THE DEVICE OFF
123. her data flows 4 2 1 Firewall The firewall functions include Packet Filters URL Blocking Web Content Filters MAC Control Application Filters IPS and some firewall options AirLive AirMax4GW User s Manual 14 4 Web Management N Air Live 4 2 1 1 Configuration One Firewall Enable check box lets you activate some firewall functions that you want Configuration Item Setting Firewall Enable Firewall Save QoS amp BWM Redundancy System Management Certificate 4 2 1 2 Packet Filters Packet Filters function can let you define both outbound filter and inbound filter rules by specifying the source IP and destination IP in a rule It enables you to control what packets are allowed or blocked to pass the router Outbound filters are applied to all outbound packets However inbound filters are applied to packets that destined to virtual servers or DMZ host port only Configuration Help Item Setting Packet Filters Enable gt Black List White List Allow all to pass except those match the following rules v Log Alert Enable Firewall QoS amp BWM Packet Filter List Add Delete J Rule Name Source IP Destination IP From To Interface Interface Protocol Time Schedule Enable Actions Redundancy Save Undo MAC Level System Management Certificate 4 2
124. his destination subnet network The assigned gateway is required to be in the same subnet of LAN side or WAN side 4 Metric The router uses the value to determine the best possible route It will go in the direction of the gateway with the lowest metric 5 Rule Check the Enable box to enable this static routing rule 4 1 6 2 Dynamic Routing The feature of static route is for you to maintain routing table manually In addition this gateway also supports dynamic routing protocol such as RIPv1 RIPv2 OSPF BGP for you to establish routing table automatically The feature of dynamic routing will be very useful when there are lots of subnets in your network Generally speaking RIP is suitable for small network OSPF is more suitable for medium network BGP is more used for big network infrastructure 67 AirLive AirMax4GW User s Manual e 4 Web Management Air Live o RIP Configuration Help Item Setting RIP Disable v OSPF Configuration Item Setting OSPF Enable Backbone Subnet OSPF Area List Add Delete ID Area Subnet Area ID Enable Actions o BGP Configuration Item Setting gt BGP 3 Enable Self ID peo a menm lc SX n BGP Neighbor List Add Delete ID Neighbor IP Neighbor ID Enable Actions Save Undo RIP Configuration Help oom RIPv1 OSPF Configuration RIP Routing
125. hoose Best for auto adjustment according to WiFi signal quality in your environment or you can fix it in certain TX rate Please note the WiFi connection may be dropped if you fix at a higher date rate but in a noisy poor HF signal quality environment Besides there is only one Best option if following RF Bandwidth parameter is set to Auto When RF Bandwidth is HT40 you can set the WiFi TX Rate to be one of following option list by manual HT MCS 15 300 HT MCS 14 270 HT MCS 13 240 HT MCS 12 180 HT MCS 11 120 HT MCS 10 90 HT MCS 9 60 HT MCS 8 30 OFDM MCS 7 54 CCK MCSD 1 57 AirLive AirMax4GW User s Manual TM 4 Web Management L E EK F EA EWC When RF Bandwidth is HT20 you can set the WiFi TX Rate to be one of following option list by manual HT MCS 15 144 4 HI MGs 14 130 10 RF Bandwidth Select Auto HT20 or HT40 to define the RF bandwidth for a channel By default it is Auto for thedevice 11 Transmit Power Normally the wireless transmission power operates at 100 out power specification of this device You can lower down the power ratio to prevent transmissions from reaching beyond your corporate home office or designated wireless area 4 1 4 IPv6 Setup The growth of the Internet has created a need for more addresses than are possible with IPv4 IPv6 Internet Protocol version 6 is a version of the Internet Protocol IP intended to succeed IPv4 which is the protoco
126. ides unnecessary groups can be removed by checking the Select box for those groups and then clicking on the Delete command button at the File Extension Group List caption File Extension Group List Add Click on the button to add one file extension group Delete Click on the button to delete the file extension groups that are specified in advance by checking on the Select box of those groups 3 Edit Click on the button to edit the file extension group Select Select the file extension group to delete 4 4 3 3 2 File Extension Group Configuration 145 AirLive AirMax4GW User s Manual Em Air Live File Extension Group Configuration Item 4 Web Management Group Name File Extension Group List Execution 1 com exe gt Multiple Bound Services gt Member to Join y Firewall y Qos Execution w exe w Group J Enable 1 Group Name Define the name of group Member List Show the list of members that have joined the group A delete button is behind each member and can be used to remove the member from the group Multiple Bound Services The defined group object can be used in various applications like Firewall or QoS amp BWM Member to Join To define a member by selecting a file extension type category and a file extension name File extension categories include Image Video Audio Java Compression
127. ients can know how many AP devices by scanning the network Therefore if this setting is configured as Disable the wireless clients can t find the device from beacons 8 WLAN Partition You can check the WLAN Partition function to separate the wireless clients The wireless clients can t communicate each other but they can access the internet and other Ethernet LAN devices 9 Channel The radio channel number The permissible channels depend on the Regulatory Domain The factory default setting is auto channel selection It s recommended to choose a channel that is not used in your environment to reduce radio interference 10 WiFi System This gateway supports 2 4GHz 802 11b g n modes so you can choose adequate WiFi system from the option list of 802 11b Only 802 11g Only 802 11n Only 802 11b g Mixed 802 11g n Mixed and 802 11b g n Mixed according to your requirement The factory default setting is 802 11b g n Mixed 45 AirLive AirMax4GW User s Manual i 4 Web Management LE L AN LIve 11 Authentication amp Encryption You may select one of the following authentications to secure your wireless network Open Shared Auto WPA PSK WPA WPA2 PSK WPA2 WPA PSK WPA2 PSK or WPA WPA2 e Open Open system authentication simply consists of two communications The first is an authentication request by the client that contains the station ID typically the MAC address This is followed by
128. ietary turbo mode to increase speed over standard 802 11a mode It uses channel binding technology to increase speed There are 2 types of Turbo A modes Dynamic Turbo and Static Turbo In Dynamic Turbo the channel binding will be used only if necessary In Static Turbo the channel binding is always on This protocol may be combined with Super A model to increase the performance even more The used of channel binding might be prohibited in EU countries TX Output Power Transmit Output Power The TX output power means the transmission output power of the radio Normally the TX output power level limit for 2 4GHz 11g b is 20dBm at the antenna end The output power limit for 5GHz 802 11a is 30dBm at the antenna end UDP User Datagram Protocol A layer 4 network protocol for transmitting data that does not require acknowledgement from the recipient of the data Upgrade To replace existing software or firmware with a newer version Upload To send a file to the Internet or network device URL Uniform Resource Locator The address of a file located on the Internet 165 AirLive AirrMax4GW User s Manual 6 Wireless Network Glossary e L E amp AN AL EWACO VPN Virtual Private Network A type of technology designed to increase the security of information transferred over the Internet VPN creates a private encrypted tunnel from the end user s computer through the local wireless network through the Internet all the way to t
129. imary DNS address and secondary DNS address 2 Primary Secondary DNS Please enter IPv6 primary DNS address and secondary DNS address 3 MLD Snooping MLD snooping IPv6 multicast data is selectively forwarded to a list of ports that want to receive the data instead of being flooded to all ports ina VLAN This list is constructed by snooping IPv6 multicast control packets If necessary in your environment please enable this feature 59 AirLive AirMax4GW User s Manual 4 Web Management LAN Confiquration LAN Configuration t Global Address t Link local Address 1 Global Address Please enter IPv6 global address for LAN interface 2 Link local Address To show the IPv6 Link local address of LAN interface Address Auto configuration Address Auto configuration gt Auto configuration vj Enable gt Auto configuration Type Stateless v gt Router Advertisement Lifetime seconds 1 Auto configuration Disable or enable this auto configuration setting 2 Auto configuration type You may set stateless or stateful Dynamic IPv6 3 Router Advertisement Lifetime You can set the time for the period that the router send broadcast its router advertisement Each router periodically multicasts a Router Advertisement from each of its multicast interfaces announcing the IP address of that interface Hosts discover the addresses of their neighboring routers simply by listening for advertisements When a hos
130. information to DDNS service provider whenever there is a change Therefore users can build website or other Internet servers even if they don t have fixed IP connection DHCP Dynamic Hosting Configuration Protocol A protocol that enables a server to dynamically assign IP addresses When DHCP is used whenever a computer logs onto the network it automatically gets an IP address assigned to it by DHCP server A DHCP server can either be a designated PC on the network or another network device such as a router DMZ Demilitarized Zone When a router opens a DMZ port to an internal network device it opens all the TCP UDP service ports to this particular device The feature is used commonly for setting up H 323 VoIP or Multi Media servers DNS A program that translates URLs to IP addresses by accessing a database maintained on a collection of Internet servers Domain Name The unique name that identifies an Internet site Domain Names always have 2 or more parts separated by dots In www airlive com the airlive com is the doman name DoS Attack Denial of Service A type of network attack that floods the network with useless traffic Many DoS attacks such as the Ping of Death and Teardrop attacks exploit limitations in the TCP IP protocols 157 AirLive AirMax4GW User s Manual 6 Wireless Network Glossary e L E amp AN IVe Encryption Encoding data to prevent it from being read by unauthorized people The common wir
131. ing gt Application Filters M Enable gt Log Alert M Enable 0 Always vv gt Schedule 1 Application Filters Check the Enable box to activate the Application Filters function All of the settings in this page will take effect only when Enable is checked 2 Log Alert Enable the log alerting so that system will record Application Filter events when filtering rules are fired 3 Schedule All Application Filter rules can be turn on according to the schedule rule you specified and give user more flexibility on access control By default they are always turned on when Application Filters function is enabled For more details please refer to the System Scheduling menu 4 2 1 7 IPS IPS Intrusion Prevention Systems are network security appliances that monitor network and or system activities for malicious activity The main functions of IPS are to identify malicious activity log information about this activity attempt to block stop it and report it You can enable the IPS function and check the listed intrusion activities if necessary There are some intrusion prevention items need a further Threshold parameter to work properly for intrusion detection Beside you can enable the log alerting so that system will record intrusion events when corresponding intrusions are detected 85 AirLive AirMax4GW User s Manual Air Live 4 Web Management 4 2 1
132. ing system rebooting system resetting to default waking on LAN and configuration settings backup System Tools Item Setting System Time Configure Syne with Time Server Syne with my PC Thursday June 25 2015 13 27 24 Firmware Upgrade Via Web UI Firmware Upgrade k Ping Test Host IP Interface Auto Ping b Tracer Test Host IP Interface Auto v UDP Traceroute Rebaot Now 7 Reboot Reset to Default Reset Wake on LAN Wake up Backup Configuration Settings Backup Save 1 System Time There are three approaches to setup the system time Before the process some basic information must be filled by clicking on the Configure command button Basic information includes following items System Time Configuration gt Time Zone GMT 08 00 Taipei v gt Auto synchronization Enable Time Server 132 163 4 102 Available Time Servers RFC 868 132 163 4102 v gt Daylight Saving Time Enable 2014 w June w 24 w Year Month Day gt a 17 v 100 w 151 w HourMinute Second AirLive AirMax4GW User s Manual 140 TM 4 Web Management L E EK F EA EWC a Time Zone Select a time zone where this device locates b Auto Synchronization Check the Enable checkbox to enable this function Besides you can select a NTP time server to consult UTC time from the available list and by default it is 132 163 4 102 C Daylight Saving Time C
133. ing system in Applications AP Management and IO Management alerting handler in Applications IO Management Above usage examples depend on the provided functions of different product models 3 External Server List Add Delete ID Server Name Server IP FQDN Server Port Server Type Enable Setting 2 radius radius hotspotsystem com 1812 RADIUS Server a Edit Select Refresh 147 AirLive AirMax4GW User s Manual 4 Web Management LZ Air Live 4 4 4 1 External Server List External Server List can show the list of all defined external server objects and their attributes in this window You can add one new external server object by clicking on the Add command button But also you can modify some existed external server objects by clicking corresponding Edit command buttons at the end of each object record in the External Server List Besides unnecessary objects can be removed by checking the Select box for those objects and then clicking on the Delete command button at the External Server List caption External Server List Add JPEmailAccount email amit com tw 5 undefined v I Select JPEmailAccount email amit com tw Email Server i Select 1 Add Click on the button to add one external server object 2 Delete Click on the button to delete the external server objects that are specified in advance by checking on the Select box of those objects 3 Edit Click o
134. ings and then configure the settings as well Internet Connection List interface Name Physical Interface Operation Mode WAN Type Action 3G 4G Always on 3G 4G Edit i Internet Connection Configuration WAN 1 1 WAN Type Leave it be 3G 4G 3G 4G WAN Type Configuration 1 Preferred SIM Card Choose SIM A First SIM B First SIM A Only or SIM B Only for 3G 4G connection There are two SIM card slots on this gateway and with four kinds of SIM card usage scenarios including SIM A First SIM B First SIM A Only and SIM B Only By 31 AirLive AirMax4GW User s Manual i 4 Web Management e L e F LIve default SIM A First scenario is used to connect to mobile system for data transferring If using SIM A First scenario the gateway will try to connect to the Internet by using SIM A card first And when the connection is broken gateway system will switch to use SIM B card for an alternate automatically oystem will not switch back to use SIM A card unless SIM B connection is also broken That is SIM A and SIM B are used iteratively but either one will keep being used for data transferring when current connection is still alive In the same way the gateway will try to connect to the Internet by using SIM B card first if choosing SIM B First However when SIM A Only or SIM B Only is used that means the specified SIM slot of card is the ONLY one t
135. ion above diagram is just an example 4 1 7 Client Server Proxy 4 1 7 1 Dynamic DNS How does user access your server if your WAN IP address changes all the time One way is to register a new domain name and maintain your own DNS server Another simpler way is to apply a domain name to 3 party DDNS service provider It can be free orcharged To host your server on a changing IP address you have to use dynamic domain name service DDNS Therefore anyone wishing to reach your host only needs to know the name of it Dynamic DNS will map the name of your host to your current IP address which changes each time you connect your Internet service provider This device supports most popular 3 party DDNS service provider including TZO com No IP com DynDNS org Dynamic DynDNS org Custom and DHS org Before you enable Dynamic DNS you need to register an account on one of these Dynamic DNS servers that we list in Provider field AirLive AirMax4GW User s Manual 70 4 Web Management ir Liwe 5 Pre defined Domain Name List Add Delete IP Address Definition Enable Actions Domain Mame Help 3 Dynamic DNS t DDNS Host Name 4 1 7 2 4 1 7 2 1 t Provider t Username E mail Item Setting Enable Password Key Save Undo DDNS Check the Enable box if you would like to activate this function Provider The DDNS provider supports service for you to bind your IP even private IP with
136. ity Gateway also can behave as a PPTP client except PPTP server and PPTP client tries to establish a PPTP tunnel to remote PPTP server All client hosts in the Intranet of Business Security Gateway can access LAN servers behind the PPTP server AirLive AirMax4GW User s Manual 106 4 Web Management Air Live PPTP Client Configuration gt PPTP Client Enable 1 PPTP Client Enable or disable PP TP client function 4 2 3 3 7 PPTP Client List amp Status You can add new up to 22 different PPTP client tunnels by clicking on the Add button and modify each tunnel configuration by clicking on the corresponding Edit button at the end of each existed tunnel PPTP Client List amp Status Mee Default Gateway Remote PPTP Client Name Virtual IP IP FQDN PPTP Tunnel 192 168 0 11 192 168 0 1 Peer Subnet 0 0 0 0 0 omm m Connected Enable F Select 1 Add You can add one new PPTP client tunnel by clicking on the Add button 2 Delete Delete selected tunnels by checking the Select box at the end of each tunnel list and then clicking on the Delete button 3 Tunnel Check the Enable box to activate the tunnel 4 Edit You can edit one PPTP client tunnel configuration by clicking on the Edit button at the end of each tunnel list 4 2 3 3 8 PPTP Client Configuration 2 Configuration Help
137. l 116 TN 4 Web Management o L E BN IVE TR 069 is a customized feature for ISP it is not recommend that you change the configuration for this If you have any problem in using this feature for device management please contact with your ISP or the ACS provider for help At the right upper corner of TR 069 Setting screen one IHelp command let you see the same message about that 4 2 5 2 SNMP In brief SNMP the Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events In typical SNMP uses one or more administrative computers called managers have the task of monitoring or managing a group of hosts or devices on a computer network Each managed system executes at all times a software component called an agent which reports information via SNMP to the manager SNMP agents expose management data on the managed systems as variables The protocol also permits active management tasks such as modifying and applying a new configuration through remote modification of these variables Ihe variables accessible via SNMP are organized in hierarchies These hierarchies and other metadata such as type and description of the variable are described by Management Information Bases MIBs The device supports several public MIBs and one private MIB for the SNMP agent The supported MIBs are as follow
138. l currently used to direct almost all Internet traffic IPv6 also implements additional features not present in IPv4 It simplifies aspects of address assignment stateless address auto configuration network renumbering and router announcements when changing Internet connectivity providers This gateway supports two types of IPv6 connection 6to4 6in4 Please ask your ISP of what type of IPv6 is supported before you proceed with IPv6 setup AirLive AirMax4GW User s Manual 58 Air Live IPv6 NAT Bridging Client Server Proxy 4 1 4 1 6to4 Pv Configuration 4 Web Management IPv6 Configuration Help Item Setting gt IPv6 Enable Ll WAN Connection Type 6to4 v 6to4 WAN Type Configuration 6to 4 Address Primary DNS Secondary DNS MLD Snooping Enable Global Address 2002 0 0 1 Auto configuration Enable a LAN Configuration Link local Address Address Auto configuration Auto configuration Type Stateless Y Router Advertisement Lifetime 200 seconds Save Undo Help k WAN Connection Type When 6 to 4 is selected for the WAN Connection Type you need to do the following settings 4WANT nfiguration 6to4 WAN Type Configuration t 6to 4 Address k Primary DNS t Secondary DNS t MLD Snooping Enable 1 6 to 4 Address You may obtain IPv6 DNS automatically or set DNS address manually for Pr
139. le 802 11b International standard for wireless networking that operates in the 2 4 GHz frequency band 2 4 GHz to 2 4835 GHz and provides a throughput up to 11 Mbps 802 1d STP opanning Tree Protocol It is an algorithm to prevent network from forming The STP protocol allows network to provide a redundant link in the event of a link failure It is advice to turn on this option for multi link bridge network 153 AirLive AirrMax4GW User s Manual 6 Wireless Network Glossary e L E amp AN IVe 802 11d Also known as Global Roaming 802 11d is a standard for use in countries where systems using other standards in the 802 11 family are not allowed to operate 802 11e The IEEE QoS standard for prioritizing traffic of the VoIP and multimedia applications The WMM is based on a subset of the 802 116 802 11g A standard provides a throughput up to 54 Mbps using OFDM technology It also operates in the 2 4 GHz frequency band as 802 11b 802 11g devices are backward compatible with 802 11b devices 802 11h This IEEE standard define the TPC transmission power control and DFS dynamic frequency selection required to operate WiFi devices in 5GHz for EU 802 11i The IEEE standard for wireless security 802 11i standard includes TKIP CCMP and AES encryption to improve wireless security It is also know as WPA2 802 11n The IEEE 802 11 standard improves network throughput over 802 11a and 802 119 with a significant in
140. le configuration to be required in the device for Port based VLAN settings Port based VLAN List Pot NAT Bridge VLAN ID Tx TAG DHCP Server Available WAN WAN VID Action NAT m AR z DHCP 1 Enable NAT 10 0 0 0 8 DHCP 1 Enable 10 0 0 0 8 moa 1 Enable 0 0 0 8 DHCP 1 Enable 10 0 0 0 8 Qa a DHCP 1 Enable 10 0 0 0 8 DHCP 1 Enable 10 0 0 0 8 a m m m m m a a DHCP 1 Enable 10 0 0 0 8 DHCP 1 Enable 10 0 0 0 8 Port based VLAN Summary VLAN IDs Members NAT Bridge DHCP Server Bridged WAN Tx Tag IAP AD IAD IAP AP 5 V IAD 4 Port1 VAP 1 VAP 2 V an 4 VAP 5 VAP 6 VAP 7 NAT DHCP 1 X No By default the Ethernet LAN port Port 1 and 8 virtual APs belong to one VLAN and this VLAN is a NAT type network all the local device IP addresses are allocated by DHCP server 1 If you want to change Port 1 to be Bridge type of service interface click on the Edit button 1 Type Select NAT or Bridge to identify if the packets are directly bridged to the WAN port or processed by NAT mechanism 2 LAN VID Specify a VLAN identifier for this port The ports with the same VID are in the same VLAN group 3 Tx TAG If you want to let Intranet packets to be inserted with a VLAN Tag for the VLAN group please check the Tx TAG box 4 DHCP Server Specify a DHCP server for the configuring VLAN group at NAT type But the device provides only one DHCP
141. le this rule SMS Summar 1 Unread SMS Indicate number of unread SMS message 2 Received SMS Indicate number of total received SMS message 3 Remaining SMS Indicate number of new message can be received because of SMS storage limit Create New SMS Message You can create a new SMS message on this page After finishing the content of message and filling with phone number of receiver s you can press the Send button to send this message out You can see Send OK if the new message has been sent successfully New SMS t Receivers Use for International Format and to Compose Multiple Receivers t Text Message Length of Current Input 0 pres AirLive AirMax4GW User s Manual 130 4 Web Management y Air Live Read New SMS Message You can read delete reply and forward messages in this inbox section J le Refresh Delete From Phone SMS Text Timestamp Actions Number Preview 1 Refresh You can press Refresh button to renew SMS lists 2 Delete Reply Forward Messages After reading message you can check the checkbox on the right of each message to delete reply or forward this message 4 3 1 2 USSD Unstructured Supplementary Service Data USSD is a protocol used by GSM cellular telephones to communicate with the service provider s computers USSD can be used for prepaid callback service mobile money services location based content services and as part of con
142. ling protocol developed by Cisco Systems that can encapsulate a wide variety of network layer protocols inside virtual point to point links over an Internet Protocol internetwork 4 2 3 5 2 GRE Configuration There is one common GRE VPN connection scenario as follows e GRE Server ClientApplication The Business Security Gateway acts as GRE Server or Client role in SMB Headquarters or Branch Office 113 AirLive AirMax4GW User s Manual i 4 Web Management ir Live 4 2 3 5 3 GRE Tunnel Definition Default Gateway Tunnel Name Tunnel IP Peer IP Enable Actions Peer Subnet 1 Add You can add one new GRE tunnel M E on the Add button 2 Delete Delete selected tunnels by checking the Select box at the end of each tunnel list and then clicking on the Delete button 3 Tunnel Check the Enable box to activate the GREtunnel 4 Edit Youcan edit one tunnel configuration by clicking the Edit button at the end of each tunnel list 4 2 3 5 4 GRE rule Configuration 3 Configuration Help Item Setting GRE Tunnel Enable mu mu uu u 3 GRE Tunnel List ID Tunnel Name Interface van Tunnel IP Remote IP Key TTL ane ea M Enable Actions Save Undo 1 Tunnel Enable or disable this GRE tunnel 2 Tunnel Name The name of this GRE tunnel 3 Tunnel IP The gateway IP address of Business Security Gateway 4 PeerlP Enter the IP address of remote peer that you want to connect 5 Key Enter th
143. ment it is important to factor in the cable and connector loss Cable and connector loss will reduce the output power and receiver sensitivity of the radio at connector end The longer the cable length is the more the cable loss Cable loss should be subtracted from the total output power during distance calculation For example if the cable and connector loss is 3dBm and the output power is 20dBm the output power at the cable end is only 17dBm Client Client means a network device or utility that receives service from host or server A client device means end user device such as wireless cards or wireless CPE CPE Devices CPE stands for Customer Premises Equipment A CPE is a device installed on the end user s side to receive network services For example on an ADSL network the ADSL modem router on the subscribers home is the CPE device Wireless CPE means a complete Wireless usually an AP with built in Antenna that receive wireless broadband access from the WISP The opposite of CPE is CO AirLive AirMax4GW User s Manual 156 TN 6 Wireless Network Glossary L E amp BN IVC CTS Clear To Send A signal sent by a device to indicate that it is ready to receive data DDNS Dynamic Domain Name System An algorithm that allows the use of dynamic IP address for hosting Internet Server A DDNS service provides each user account with a domain name A router with DDNS capability has a built in DDNS client that updates the IP address
144. ming and outgoing data packets passing through WAN connection By default the Loading Checking is enabled Check Interval Indicate how often to send keep alive packet Check Timeout Set allowance of time period to receive response of keep alive packet If this gateway doesn t receive response within this time period this gateway will record this keep alive is failed AirLive AirMax4GW User s Manual 34 i 4 Web Management L e NF LIve Latency Threshold Set acceptance of response time This gateway will record this keep alive check is failed if the response time of replied packet is longer than this setting Fail Threshold Times of failed checking This WAN connection will be recognized as broken if the times of continuous failed keep alive checking equals to this value Target1 Target2 Set host that is used for keep alive checking It can be DNS1 DNS2 default Gateway or other host that you need to input IP address manually 6 IGMP Enable or disable multicast traffics from Internet You may enable as auto mode or select by the option list of IGMP v1 IGMP v2 IGMP v3 and Auto 7 WAN IP Alias The device supports 2 WAN IP addresses for a physical interface one is for primary connection that provides users devices in the LAN to access Internet the other is a virtual connection that let remote user to manage this device 4 1 2 LAN and VLAN Setup This device is equipped with one Gigabit PoE Ethernet LAN port as to
145. n Configuration Item Setting gt Connection Control Auto reconnect Always on v gt Time Schedule 0 Always w gt MTU O 0isAuto gt NAT gt Network Monitoring M Enable M Enable DNS Query ICMP Checking C Loading Check Check Interval Check Timeout Latency Threshold Fail Threshold Target Target2 3 seconds 3 seconds 3000 ms Ho Times DNS1 v None v gt IGMP gt WAN IP Alias Enable 10 0 0 1 33 AirLive AirMax4GW User s Manual TN 4 Web Management o L E BN 1VWC 1 Connection Control Select your connection control scheme from the drop list Auto reconnect Always on Dial on demand or Connect Manually If selecting Auto reconnect Always on this gateway will start to establish Internet connection automatically since its powered on It s recommended to choose this scheme if for mission critical applications to ensure Internet connection is available all the time If choosing Dial on demand this gateway won t start to establish Internet connection until local data is going to be sent to WAN side During normal operation this gateway will disconnect WAN connection if idle time reaches the value of Maximum Idle Time If choosing Connect Manually this gateway won t start to establish WAN connection until you press Connect button on web
146. n access property and QoS property You can select either one operation mode port based VLAN or tag based VLAN and then configure according to your network configuration Please be noted since there is only one physical Ethernet LAN port in the gateway there is only little configuration if you choose the Port based VLAN 4 1 2 2 1 VLAN Scenarios There are some common VLAN scenarios for the device as follows e Port Based VLAN Tagging for Differentiated Services Port based VLAN function can group Ethernet port Port 1 and WiFi Virtual Access Points VAP 1 VAP 8 together for differentiated services like Internet surfing multimedia enjoyment VoIP talking and so on Two operation modes NAT and Bridge can be applied to each VLAN group One DHCP server is allocated for an NAT VLAN group to let group host member get its IP address Thus each host can surf Internet via the NAT mechanism of business access gateway At bridge mode Intranet packet flow was delivered out WAN trunk port with VLAN tag to upper link for different services 37 AirLive AirMax4GW User s Manual TN 4 Web Management o L E BN 1VWC Port based VLAN is a group of ports on an Ethernet or Virtual APs of Wired or Wireless Gateway that form a logical LAN segment Following is an example In SMB or a company administrator schemes out 4 segments Lobby Lab amp servers Office and VoIP amp IPTV In a Wireless Gateway administrator can configure Lobby s
147. n the button to edit the external server object 4 Select Select the external server object to delete 4 4 4 2 External Server Configuration External Server Configuration gt Server Name JPEmailAccount Server IP FQDN email amit com tw gt Server Port Email Server gt Server Type User Name ip Password gt Server vj Enable Server Name Define the name of external serverobject Server IP FQDN Specify the IP address or domain name of external server Server Port Specify the service port of external server Server Type Select one server type from the option list of Email Server Syslog Server RADIUS Server Active Directory Server LDAP Server and UAM server Based on your selection there are several parameters need to specify When you select Email Server option for the Server Type you must specify two more parameters User Name and Password When Syslog Server no more parameter is required When RADIUS Server you can specify primary RADIUS server and secondary RADIUS server for redundancy For each server following parameters need to be specified Shared Key Authentication Protocol CHAP or PAP Session Timeout 1 60 Mins and Idle Timeout 1 15 Mins When Active Directory Server you must specify one more parameter Domain When LDAP Server one more parameter Base Domain
148. nction of remote Business Security Gateway is enabled all data traffic from remote clients behind remote Business Security Gateway will goes over the VPN tunnel That is if a user is operating at a PC that is in the Intranet of remote Business Security Gateway all application packets and private data packets from the PC will be transmitted securely in the VPN tunnel to access the resources behind local Business Security Gateway including surfing the Internet As a result every time the user surfs the web for shopping or searching data on Internet checking personal emails or accessing company servers all are done in a secure way through local Business Security Gateway 4 2 3 2 2 IPSes Configuration 9 Configuration Help Item Setting gt IPSec Enable NetBIOS over IPSec Enable NAT Traversal Enable Max Concurrent IPSec Tunnels j Tunnel List amp Status Tunnel ID Interface Scenario Tunnel Name Remote Address Gateway Status Enable Actions Save 1 IPSec You could trigger the function of IPSec VPN if you check Enable box 2 NetBIOS over IPSec If you would like two Intranets behind two Business Security Gateways to receive the NetBIOS packets from Network Neighborhood you have to check Enable box 3 NAT Traversal Some NAT routers will block IPSec packets if they don t support IPSec pass through If your Business Security Gateway connects to this kind of NAT router which doe
149. nd by default it is UDP Then system will try to trace the specified device to test whether it is alive after clicking on the Traceroute button A test result window will appear beneath it There is a Close command button there can let the test result windows disappear Iiis r4 ca Close Traceroute Result google public dns a google com 8 8 8 8 108 545 ms 76 877 o t Vv Reboot You can also reboot this device by clicking the Reboot button Reset to Default You can also reset this device to factory default settings by clicking the Reset button 7 Wake on LAN Wake on LAN WOL is an Ethernet networking standard that allows a computer to be turned on or awakened by a network message You can specify the MAC address of the computer in your LAN network to be remotely turned on by clicking on the Wake up commandbutton 8 Backup Configuration Settings You can backup your settings by clicking the Backup button and save it as a bin file Once you want to restore these settings please click Firmware Upgrade button and use the bin file you saved Afterwards click on Save to store your settings or click Undo to give up the changes AirLive AirMax4GW User s Manual 142 i 4 Web Management C L m NF E EW AC 4 4 2 Scheduling You can set the schedule time to decide which service will be turned on or off The added rules will be listed as below and they can be up to 100 rules
150. ned by you and used in IPSec phase of negotiation between two VPN peers 1 Encryption There are six algorithms can be selected DES 3DES AES auto AES 128 AES 192 and AES 256 2 Authentication here are five algorithms can be selected None MD5 SHA1 SHA2 256 and SHA2 512 3 PFS Group There are nine groups can be selected None Group 1 MODP768 Group 2 MODP1024 Group 5 MODP1536 and Group14 18 Once the PFS Group is selected in one IPSec proposal the one in other 3 IPSec proposals uses the same choice 4 Enable Check this box to enable the IKE Proposal during tunnel establishing 4 2 3 2 11 Manual Proposal Manual Proposal t Inbound SPI When Manually key management is used there are 4 further parameters need to be specified by you and used in IPSec tunnel establishing Te DES AirLive AirMax4GW User s Manual 102 TN 4 Web Management o L E BN 1VWC 1 Outbound SPI SPI is an important parameter during hashing Outbound SPI will be included in the outbound packet transmitted from local gateway The value of outbound SPI should be set in hex formatted 2 Inbound SPI Inbound SPI will be included in the inbound packet transmitted from remote VPN peer It will be used to de hash the coming packet and check its integrity The value of inbound SPI should be set in hex formatted 3 Encryption Algorithm There are five algorithms can be selected DES 3DES AES 128 AES 192 and AES 256 Enc
151. ng rules here to be applied at various applications in the device system Whatever one application needs a time schedule like the Work Hours is defined as AM8 00 PM5 00 from Monday to Friday the time schedule object can be defined in this sub section User Management The feature depends on product model User Management function provides you to manage user accounts group them and define their properties based on user groups You can manage user account in this section including user list user profile and user group User List shows out all user accounts and User Profile can let you add one new profile or edit it User Group offers you to collect several user accounts to one group to own same properties and bound services Certainly one individual user account also can be a unique group like Administrator group 4 4 1 System Related System Related section includes Change Password System Information System Status and System Tools Change Password is to change the password of administrator for configuring the device by using Web Ul System Tools support system time configuration FW upgrading system rebooting system resetting to default waking on LAN and configuration settings backup You also can check the system information and system status log here LESER LUE a Change Password Help Item Setting Old Password e New Password t New Password Confirmation i Save Unde 4 4 1 1 C
152. nload button EE C Ie ts 1e Ch B Download Bi Close m m e C m E n aul 2 m i gt MIIH YTCCBbGgAwIBAgIBATANBgkghkiG3wOBAQUFADBSMOswCOYDYQQGEwJJTDEVY MBQGA1 VECHMNU3RhcnRDb20gTHRKLJErMCKGA1 VECKMIU2VidxXJIIERpZ2I0YViwg Q2VydGImavvWNhdGUgU2InbmluZzEpMCcGAl VEAKMgU3RhcnRDb20gG2VydGimavyNh dGlvbiBBdXRob3JpdHkwHhcNMD wOTE3MTKONjM2WhcNMzYwOTE3MTKONjM2WIBS MQswCOQYDVvQGQGEwJJTDEWMBGGA1UEChMNU3RhcnRDb20gTHRKLjErMCKGAT1UE CxMi U2VjdXJIERpz2I0YWWwgG2vydGImavWNhdGUgU2InbmluZzEpMCcGA1UEAxMgU3Rh cnRDb20gG2VydGImaWWNhdGlvbiBBdXRob3JpdHkwggliMADGCSqGSIb3DQEBAQUA AA4ICDweAwgglkAoICAGDBINSJvGxOfHiflfxut M5DycmLWVwTYgliRezul38kMIKogZk pMyONvg45SiPwbm2xPN1yo4UcodMStDMr y v uqw GVlntsG GfGadqedlxXWelUNyANS3rf 125 AirLive AirMax4GW User s Manual 4 Web Management 9 a e Air Live 4 2 6 2 2 Trusted Client Certification List This feature can show the list of all certificates information Each Certificate involve field of certificate name subject issuer and valid to Trusted Client Certificate List Import You can import one trusted external client certificate by clicking on the Import button a Trusted CA Certificate Import from a File RRR HTS Apply Cancel O Trusted CA Certificate Import from a PEM N Apply Cancel There are two approaches to import it One is from a file and another is copy paste the PEM codes in Web Ul and then click on the Apply button You al
153. not Following is an example that VLAN groups of VID is 1 and 4 can access Internet but the one with VID is 3 can t That is visitors in Lobby and staffs in office can access Internet But ones in Lab can t since security issue Servers in Lab serve only for trusted staffs or are accessed in secure tunnels Inter VLAN Gr Routing In Port based tagging administrator can specify member hosts of one VLAN group to be able to communicate with the ones of another VLAN group or not This is a communication pair and one VLAN group can join many communication pairs But communication pair has not the transitive property That is Acan communicate with B and B can communicate with C that doesn t mean A can communicate with C An example is shown at following diagram VLAN groups of VID is 1 and 3 can access each other but the ones between VID 3 and VID 4 and between VID 1 and VID 4 cant 4 1 2 2 2 Port Based VLAN A port based VLAN is a group of ports on an Ethernet switch or router that form a logical Ethernet segment It also can integrate some WIFi virtual APs into the group to own same access policies and bandwidth policies But the device has only one 39 AirLive AirMax4GW User s Manual 4 Web Management y Air Live Ethernet port and up to eight WiFi virtual APs The Ethernet port can serve as NAT or Bridge type of service interface However WiFi VAPs can serve as NAT type only Since only one Ethernet port there is litt
154. ns in your country 1 3 How to Use This Guide AirMax4GW is an advanced LTE outdoor gateway with many functions It is recommended that you read through the entire user s guide whenever possible The user guide is divided into different chapters You should read at least go through the first 3 chapters before attempting to install the device Recommended Reading Q Chapter 2 Installation the AirMax4GW This chapter is about hardware installation You should read through the entire chapter Q Chapter 3 Configuration the AirMax4GW This Chapter is about how to configure each function of Airmax4GW 1 4 Firmware Upgrade and Tech Support lf you encounter a technical issue that cannot be resolved by information on this guide we recommend that you visit our comprehensive website support at www airlive com The tech support FAQ are frequently updated with latest information In addition you might find new firmware that either increase software functions or provide bug fixes for AirMax4GW You can reach our on line support center at the following link http www airlive com support support 2 sp AirLive AirMax4GW User s Manual 2 1 Introduction N Air Live 1 5 Features Cellular Gateway for outdoor LTE Fi Hotspot applications 1x embedded LTE module with dual SIM failover 1x10 100 1000 LAN PoE enabled port for local network connectivity 802 11n 2T2HR with 10 dBi directional Antenna Fully protocol stack for both IPv4 and I
155. ns that have some information including SSID so that wireless clients can know how many AP devices by scanning the network Therefore if this setting is configured as Disable the wireless clients can t find the device from beacons 9 Channel The radio channel number The permissible channels depend on the Regulatory Domain This channel number needs to be same as the channel number of peer AP 10 Authentication amp Encryption You may select one of the following authentications to secure your wireless network Open Shared Auto WPA PSK and WPA2 PSK e Open Open system authentication simply consists of two communications The first is an authentication request by the client that contains the station ID typically the MAC address This is followed by an authentication response from the AP router WiFi gateway containing a success or failure message An example of when a failure may occur is if the client s MAC address is explicitly excluded in the AP router configuration In this mode you can enable 802 1x feature if you have another RADIUS server for user authentication You need to input IP address port and shared key of RADIUS server here ROMS RADIUS Server IP 0 0 0 0 t RADIUS Server RADIUS Server Port 1812 RADIUS Shared Key In this mode you can only choose None or WEP in the encryption field e Shared Shared key authentication relies on the fact that both stations taking part in the authentication proce
156. nts IP Time unfold or fold the detected contents URL Blocking This window displays all fired rules and blocked URLs of firing activated URL blocking rules Besides the source IP address and firing time of these events are also shown there One Edit button in the URL Blocking caption can let you change its settings Another or button at the upper right corner can unfold or fold the blocked URLs URL Blocking Activated Blocking Rule Blocked URL Web Content Filters This window displays all fired rules and detected contents of firing activated Web content filter rules Besides the source IP address and firing time of these events are also shown there One Edit button in the Web Content Filters caption can let you change its settings Another or button at the upper right corner can unfold or fold the detected contents Web Content Filters Activated Filter Rule Detected Contents Time MAC Control This window displays all fired rules and blocked MAC addresses of firing activated MAC control rules Besides the source IP address and firing time of these events are also shown there One Edit button in the MAC Control caption can let you change its settings Another or button at the upper right corner can unfold or fold the blocked MAC addresses 23 AirLive AirMax4GW User s Manual 3 Configuring the AirMax4GW Air Live MAC Control Activated Control Rule Blocked MAC Addresse
157. o be used for negotiation parameters between gateway device and mobile base Station When you select SIM A First or SIM A Only there will be a configuration window of Connection with SIM A Card beneath the 3G 4G WAN Type Configuration window However when you select SIM B First or SIM B Only there will be a configuration window of Connection with SIM B Card beneath the 3G 4G WAN Type Configuration window All configuration items are the same in SIM A and SIM B configuration Furthermore there is also a common configuration window for 3G 4G connection after 3G AG WAN Type Configuration window Connection with SIM A Card window and Connection with SIM B Card window Connection with SIM A Card gt Dial up Profile Auto detection 0 Manual configuration gt PIN Code Optional Connection with SIM A Card gt Dial up Profile Auto detection Manual configuration pat umber 0 JE AirLive AirMax4GW User s Manual 32 LZ Air Live DUO X90 m 4 Web Management Dial up Profile After you subscribe 3G 4G data service your operator will provide some information for you to setup connection such as APN dialed number account or password If you know this information exactly you can choose Manual configuration option and type in that information by your own Otherwise you can select Auto detection to let this gateway detect automatically
158. of objects 143 AirLive AirMax4GW User s Manual 4 Web Management Configuration Item Setting b Grouping Enable Save 4 4 3 1 Grouping Configuration a Configuration Item Setting Grouping Enable Save 1 Grouping Check the Enable box to activate the grouping function 4 4 3 2 Host Grouping 4 4 3 2 1 Host Group List Host Group List can show the list of all host groups and their member lists and bound services in this window You can add one new grouping rule by clicking on the Add command button But also you can modify some existed host groups by clicking corresponding Edit command buttons at the end of each group record in the Host Group List Besides unnecessary groups can be removed by checking the Select box for those groups and then clicking on the Delete command button at the Host Group Listcaption Configuration Host Grouping File Extension Grouping L7 Application Grouping SS Host Group List Add Delete ID Group Name Group Type Member List Bound Services Enable Actions Refresh 1 Add Click on the button to add one hostgroup 2 Delete Click on the button to delete the host groups that are specified in advance by checking on the Select box of those groups 3 Edit Click on the button to edit the hostgroup 4 Select Select the host group to delete AirLive AirMax4GW User s Manual 144 Em Air Live 4 We
159. on List gt Multiple Bound Services I Firewall Qos gt L7 Application to Join P2P v eMule gt Group M Enable 1 Group Name Define the name of group 2 Member List Show the list of members that have joined the group A delete button is behind each member and can be used to remove the member from the group 3 Multiple Bound Services The defined group object can be used in various applications like Firewall or QoS amp BWM 4 Member to Join To define a member by selecting a L7 application category and an application name L7 application categories include Chat P2P Proxy and Streaming And each category has its own list of L7 application objects like eMule Choose one to join the group by clicking on the Join button 5 Group Check the Enable box to activate the group definition 4 4 4 External Servers This device supports six types of external server objects to be created They are Email Server objects Syslog Server objects RADIUS Server objects Active Directory Server objects LDAP Server objects and UAM Server objects These objects can be used in other applications of system like system log emailing to email server or sending to syslog server in System System Related System Status captive portable _ function in Applications Captive Portable SMS forwarding to email server or syslog server in Applications Mobile Applications SMS AP Management alert
160. otep 5 Ethernet LAN interface LAN interface configuration Change the LAN IP address and subnet mask of this gateway for the Intranet You can keep the default setting and go to next step Press Next to continue otep 6 WiFi LAN 2 4G WiFi LAN interface configuration Change the SSID Channel Number Authentication and Encryption for first virtual AP of this gateway You will see on your PC when doing wireless network scan It is strongly recommending to add authentication and encryption in your wireless network to prevent any unknown WiFi clients and keep transferred data secured You can also keep the default setting and go to next step Press Next to continue Step 7 Confirm and Apply Check the new settings again If all information is correct please press Apply 15 AirLive AirMax4GW User s Manual a 3 Configuring the AirMax4GW Air Live NF iIe button to save new settings Then it will take 65 seconds to restart this gateway and take new settings effective step 8 Counting Down Configuration is completed Press Finish button to close Setup Wizard and browser counts down for 65 seconds and provides you with Click here button to reconnect to the device 3 3 1 2 Configure with the VPN setup wizard Step 1 Guideline The VPN setup wizard will guide you to finish profiles of IPSec PPTP L2TP and GRE VPN connection quickly Press Next to start the wizard Step 2 VPN Type Select type of VPN connection
161. p AF Classt High Drop AF Class2 Low Drop AF Class3 High Drop AF Class4 Low Drop AF Class4iMedium Drop AF Class4 High Drop EF class You need to choose a correct one according to your device s specification When TOS is selected for Service TOS value must be chosen from a list of 4 options For example Minimize Cost Maximize Reliability Maximize Throughput Minimize Delay When User defined Services is selected two more parameters Protocol Number and Service Port Range must be defined Protocol Number is either TCP or UDP or Both Finally when Well known Service is selected you can choose the well known from a list like Any Both 1 655535 FTP 21 SSH TCP 22 Telnet 23 SMTP 25 DNS 53 TFTP UDP 69 LDAP TCP 389 HTIPS TCP 443 SMTPSs TCP 465 ISAKMP 500 RTSP ICP 554 POP3s TCP 995 NetMeeting 1720 L2TP UDP 1701 PPTP TCP 1723 4 Resource There are 4 resources can be chosen to control in the QoS rule They are Bandwidth Connection Sessions Priority Queues and DiffServ Code Points AirLive AirMax4GW User s Manual 92 i 4 Web Management LE L AN LIve 5 Control Function It depends on the chosen resource For Bandwidth resource the control function is Set MINH amp MAXR For Connection Sessions the control function is Set Session Limitation For Priority Queues itis Set Priority However for DiffServ Code Points it is
162. ple 1 for adding a DSCP type QoS rule QoS Rule Configuration gt Group v 10 0 75 196 Subnet Mask 255 255 255 252 30 V gt Service DSCP V DiffServ CodePoint IP Precedence 4 CS4 v gt Resource RM Control Function QoS Direction gt Sharing Method gt Time Schedule Interface Select All WANs Group Select IP and enter IP range 10 0 75 196 30 Service Select DSCP with DiffServ CodePoint is CS4 Resource Select DiffServ Code Points Control Function Select DSCP Marking with AF Class 2 High Drop QoS Direction Select Inbound for inbound traffic only Sharing Method Select Group Control Schedule Leave the default value of 0 Always as it is This rule means IP packets from all WAN interfaces to LAN IP address 10 0 75 196 10 0 75 199 which have DiffServ code points with IP Precedence 4 CS4 value will be modified by DSCP Marking control function with AF Class 2 High Drop value at any time Example Z2 for in Connection ion rul QoS Rule Configuration Item Setting gt Interface WAN 1 v 1 WAN 1 v gt Group v 10 0 75 16 Subnet Mask 255 255 255 240 28 v Service Resource Connection Sessions v Control Function Set Session Limitation w 20000 QoS Direction gt Sharing Method gt Time Schedul
163. plifies the WEP encryption process by automatically generating the WEP encryption keys for the company products POE Power over Ethernet A standard to deliver both power and data through one single Ethernet cable UTP STP It allows network device to be installed far away from power ource A POE system typically compose of 2 main component DC Injector Base Unit and oplitter Terminal Unit The DC injector combines the power and data and the splitter separates the data and power back A PoE Access Point or CPE has the splitter built in to the device The IEEE 802 3af is a POE spec that uses 48 volt to deliver power up to 100 meter distance Port This word has 2 different meaning for networking e The hardware connection point on a computer or networking device used for plugging in a cable or an adapter e The virtual connection point through which a computer uses a specific application on a Server 161 AirLive AirrMax4GW User s Manual 6 Wireless Network Glossary e L E amp AN IVe PPPoE Point to Point Protocol over Ethernet PPPoE relies on two widely accepted standards PPP and Ethernet PPPoE is a specification for connecting the users on an Ethernet to the Internet through a common broadband medium such as a single DSL line wireless device or cable modem PPTP Point to Point Tunneling Protocol A VPN protocol developed by PPTP Forum With PPTP users Can dial in to their corporate network via the Internet
164. quest here and let Root CA sign it There are two approaches to issue it One is from a file and another is copy paste the CSR codes in Web UI and then click on the Sign button e MyCertficates Trusted Certificates Issue Certificates Certificate Signing Request CSR Import from a File Si Sign Siete AES 4 Certificate Signing Request CSR Import from a PEM Sign A After signing the Issuer information can be show which is Root ca subject o Root CA Delete ID Name Subject Issuer Vaild To Action 1 C tw ST tw L Taipei O AirLive OU Produci C iC tw 3T tw L Taipei O AirLive OU Product C Aug 28 06 42 09 2025 G View Select N sammy emailAddress sammy chiu airlive com N sammy emailAddress sammy chiu airlive com MT Lan You also can view its PEM codes by checking the View button and download the issued certificate file by clicking on the Download button 127 AirLive AirMax4GW User s Manual N Air Live 4 Web Management Signed Certificate View MIICfIDC CAewgAwIBAgIBAzANBakgqhkiG8w BAGUFADBzMGswCaGYD vGGOGEwJUVzEL MAKGA1UECAwCVF cxCzAJBgNVBAcMAIROMQUOwCwYDVQQKDARBTUIUMGSwCQYDvGgGOL DAJSRDENMASGA1 UEAWWEQU1 JVDEMBOGCSqGSIb3DQEJARYOQYW1 pdEBhbyvi0LmNy bSS50dzAeFwOxNDEyMDUwNDISMZF aFwOyNDEyMDIwNDISMzF aMHkxCzAJBgNVBAYT AIRXMGOswCGYDVvGOQIDAJUVzELMAKGA1UEBwwCVE 4xDTALBgNVBAoaMBEF NSVGxCzAJ BgNVBAsMAIJEMQ4wDAYDVOQDDAVBYXJvbjEkMCIGCSqGSIb3DQEJAR YVYWTpdGFh cmS8uQGFtaxauYv28tLnR3MIGfMA
165. rLive AirrMax4GW User s Manual
166. raditional Interior Gateway Protocol IGP metrics but makes routing decisions based on path network policies and or rule sets For this reason it is more appropriately termed a reach ability protocol rather than routing protocol BGP Configuration om ULL EIE ERE Add poe oomen o mem ome omm o mee CL c CL Cy p BSinee You can enable the BGP routing function by click on the Setting button and fill in the corresponding setting for your BGP routing configuration When you finished setting click on Save to store your settings or click Undo to give up the changes Above settings are just for examples 69 AirLive AirMax4GW User s Manual S 4 Web Management ir Liwe 4 1 6 3 Routing Information Routing Table Destination IP Gateway IP Subnet Mask Metric Interface WAHN 1 tund lo WAN 1 111 80 62 48 0 0 0 0 255 255 255 248 192 168 123 0 0 0 0 0 299 299 299 0 127 0 0 0 0 0 0 0 255 0 0 0 0 0 0 0 111 80 62 53 0 0 0 0 elzoeljzs c Refresh A routing table or routing information base RIB is a data table stored in a router or a networked computer that lists the routes to particular network destinations and in some cases metrics distances associated with those routes The routing table contains information about the topology of the network immediately around it This page displays the routing table maintained by this device It is generated according to your network configurat
167. rame if the packet frame is larger than this value Lower this value can improve the performance if there are many clients in your network You can try 1500 1000 or 500 when there are many clients in your AP s network SNMP oimple Network Management Protocol A set of protocols for managing complex networks The SNMP network contains 3 key elements managed devices agents and network management systems NMSs Managed devices are network devices that content SNMP agents SNMP agents are programs that reside SNMP capable device s firmware to provide SNMP configuration service The NMS typically is a PC based software such as HP Openview that can view and manage SNMP network device remotely 163 AirLive AirrMax4GW User s Manual 6 Wireless Network Glossary e L E amp AN IVe SSH Developed by SSH Communications Security Ltd Secure Shell is a program to log into another computer over a network to execute commands in a remote machine and to move files from one machine to another It provides strong authentication and secure communications over insecure channels It is a replacement for rlogin rsh rcp and rdist SSL secure Sockets Layer It is a popular encryption scheme used by many online retail and banking sites to protect the financial integrity of transactions When an SSL session begins the server sends its public key to the browser The browser then sends a randomly generated secret key back to the server in order
168. ration This device is equipped with IEEE802 11b g n 2Tx2R wireless radio you have to configure 2 4G Hz operation band s wireless settings and then activate your WLAN Basic Configuration Help Operation Band 2 4G Single Band v 2 4G WiFi Configuration e a E E v Enable Max STA v Enable 1 16 43 AirLive AirMax4GW User s Manual S 4 Web Management Air Live There are several wireless operation modes provided by this device They are AP Router Mode WDS Hybrid Mode and WDS Only Mode You can choose the expected mode from the wireless operation mode list 4 1 3 1 1 AP Router Mode This mode allows you to get your wired and wireless devices connected with NAT 3G 4G Internet Q Air Lin AirMax4GW Notebook In this mode this gateway is working as a WiFi AP but also a WiFi hotspot It means local WiFi clients can associate to it and go to Internet With its NAT mechanism all of wireless clients don t need to get public IP addresses from ISP Basic Configuration gt WPS 2 4G WPS Setup gt Operation Band 2 4G Single Band Vv 1 Operation Band Select the WiFi operation band that you want to configure But the device supports only 2 4G single WiFiband 2 WPS Click on the button to setup WPS AirLive AirMax4GW User s Manual 44 eee D 4 Web Management e L e NF IVe 24G WiFi Configuration Item Setting n WiFi Module En
169. re used The IKE SA s are used to protect the security negotiations Aggressive mode will accelerate the establishing speed of VPN tunnel but the device will suffer from less security in the meanwhile Hosts in both ends of the tunnel must support this mode so as to establish the tunnel properly 2 X Auth For the extended authentication function XAUTH the VPN client or initiator needs to provide additional user information to the remote VPN Server or Business Security Gateway The VPN server would reject the connect request from VPN clients because of invalid user information even though the pre shared key is correct This function is suitable for remote mobile VPN AirLive AirMax4GW User s Manual 100 i 4 Web Management ir Liwe clients You can not only configure a VPN rule with a pre shared key for all remote users but you can also designate account password for specific users that are permitted to establish VPN connection with VPN server There are 3 roles to let Business Security Gateway behave as for X Auth authentication including None Server and Client For None role there is no X Auth authentication happens during VPN tunnel establishing For Server role click X Auth Account button to modify 10 user accounts for user validation during tunnel establishing to VPN server Finally for Client role there are two additional parameters to fill User Name and Password for valid user to initiate that tunnel
170. ress IPv6 Global Address Aden 3G 4G Modem Status Display modem information link status signal strength and network carrier name of 3G 4G connection 3G 4G Modem Status Physical Interface Card Information Signal Strength Network Name Actions AirLive AirMax4GW User s Manual 20 Tn 3 Configuring the AirMax4GW Air Live NF E EW AC Internet Traffi isti Display number of transmitted packets and received packets of each WAN interface Internet Traffic Statistics wan Physical Interface Received Packets Transmitted Packets Device Time Display current time information of device Device Time Thu 26 Jun 2014 14 25 15 0800 3 4 2 WiFi Status WiFi Virtual AP List In order to view the basic information of WiFi virtual APs it will display operation band virtual AP ID WiFi activity operation mode SSID channel WiFi system WiFi security approach and MAC address of all virtual APs on status page Besides there is an additional Edit command button for each virtual AP to link to the configuration page of that dedicated virtual AP WiFi Virtual AP List eedem wee opose t a wig sey we raaes An 21 AirLive AirMax4GW User s Manual 3 Configuring the AirMax4GW Air Live WiFi Traffic Statistics In order to view the traffic statistics of WiFi virtual APs it will display operation band virtual AP ID the numbers of received packets and transmitted packets of all virtual APs on status page
171. resses 4 3 2 20 30 A 0 0 0 0 implies all IP addresses 5 Destination IP Specify the Destination IP address of packets that want to be filtered out in the packet filter rule You can define a single IP address 4 3 2 1 or a range of IP addresses 4 3 2 20 30 A 0 0 0 0 implies all IP addresses 6 Destination Port Choose User defined Service to let you specify manually the destination service port of packets that want to be filtered out in the packet filter rule You can define a single port 80 or a range of ports 1000 1999 A O implies all ports are used You also can choose one well known service instead so that the chosen service will provide its destination port and protocol number for the rule The supported well known services include 77 AirLive AirMax4GW User s Manual 4 Web Management Em Air Live TELNET TCP 23 SMTP TCP 25 DNS UDP 53 TFTP UDP 59 POP3 TCP 110 SFTP TCP 115 SNMP amp traps UDP 161 162 LDAP TCP 389 HTTPS TCP 443 SMTPs TCP 465 ISAKMP UDP 500 RTSP TCP 554 POP3s TCP 995 L2TP UDP 1701 PPTP TCP 1723 7 Protocol Specify which packet protocol is to be filtered It can be TCP UDP or Both 8 Time Schedule The rule can be turn on according to the schedule rule you specified and give user more flexibility on access control By default it is always turned on when the rule is enabled For more details please refer to the System Scheduling menu
172. ring this phase setting up a secure channel for negotiating IPSec SAs in phase 2 At IPSec phase IKE negotiates IPSec SA parameters and sets up matching IPSec SAs in the peers After these both phases data is transferred between IPSec peers based on the IPSec parameters and keys stored in the SA database 4 2 3 2 1 IPSec VPN Tunnel Scenarios There are some common IPSec VPN connection scenarios as follows e Site to Site The device establishes IPSec VPN tunnels with security gateway in headquarters or branch offices Either local or remote peer gateway which can be recognized by a static IP address or a FQDN can initiate the establishing of an IPSec VPN tunnel Two peers of the tunnel have their own Intranets and the secure tunnel serves for data communication between these two subnets of hosts e Dynamic VPN Business Security Gateway can ignore IP information of clients when using Dynamic VPN so it is suitable for users to build VPN tunnels with Business Security Gateway from a remote mobile host or mobile site Remote peer is a host or a site will be indicated in the negotiation packets including what remote subnet is It must be noted that the remote peer has to initiate the tunnel establishing process first in this application scenario There is one more advanced IPSec VPN application AirLive AirMax4GW User s Manual 96 OD 4 Web Management ir Live e Site to Site Support Full TunnelApplication When Full Tunnel fu
173. rnet Packets will forward to Captive Portal Web site of the gateway when enabled this feature Please make sure that you had one account and password 4 4 System In the System section you can check system related information and execute some system operations define some time schedule rules make object grouping define external server objects and configure the operation parameters on Web UI surfing About system related you can see system related information and system logs use system tools for system update and do some network tests About Scheduling you can define some time scheduling rules here to be applied at various applications in the device system Whatever one application needs a time schedule like the Work Hours is defined as AM8 00 PM5 00 from Monday to Friday the time schedule object can be defined in the System Scheduling section About External Servers you can define some external server objects here to be applied at various applications in the device system Whatever one application needs an external server like a RADIUS server the external server object can be defined in the System External Servers section These server objects include Email Server objects Syslog Server objects RADIUS Server objects Active Directory Server objects LDAP Server objects and UAM Server objects About MMI Man Machine Interface it means the Web based GUI User can set the administrator timeout of Web UI surfing during config
174. rrower bandwidth a max of 5 mhz slower speed and smaller antennas Mobility is allowed up to 40 mph AirLive AirMax4GW User s Manual 166 TN 6 Wireless Network Glossary L E amp BN A EW C WDS Wireless Distribution System WDS defines how multiple wireless Access Point or Wireless Router can connect together to form one single wireless network without using wired uplinks WDS associate each other by MAC address each device WLAN Wireless Local Area Network A type of local area network that uses high frequency radio waves rather than wires to communicate between nodes The most popular standard for WLAN is the 802 11 standards WMM Wi Fi Multimedia WMM is a standard to prioritize traffic for multimedia applications The WMM prioritize tratfic on Voice over IP VoIP audio video and streaming media as well as traditional IP data over the AP WMS Wireless Management System An utility program to manage multiple wireless AP Bridges WPA Wi Fi Protected Access It is an encryption standard proposed by WiFi for advance protection by utilizing a password key TKIP or certificate It is more secure than WEP encryption The WPA PSK utilizes pre share key for encryption authentication WPA2 Wi Fi Protected Access 2 WPA2 is also known as 802 111 It improves on the WPA security with CCMP and AES encryption The WPA2 is backward compatible with WPA WPA2 PSK utilizes pre share key for encryption authentication 167 Ai
175. rules in URL Blocking Rule List e Allow all to pass except those match the specified rules Black List Deny all to pass except those match the specified rules White List 3 Log Alert Enable the log alerting so that system will record URL blocking events when blocking rules are fired 4 Invalid Access Web Redirection Users will see a specific web page to know their access is blocked by rules 5 Help At the right upper corner of screen one Help command let you see the on line help message about URL Blocking function 4 2 1 3 2 URL Blocking Rule List It is a list of all URL Blocking rules You can add one new rule by clicking on the Add command button But also you can modify some existed URL blocking rules by clicking corresponding Edit command buttons at the end of each blocking rule in the URL Blocking Rule List Besides unnecessary rules can be removed by checking the Select box for those rules and then clicking on the Delete command button at the URL Blocking Rule List caption DUNT TIU Add ID Rule Name URL Domain Name Keyword Destination Port Time Schedule Actions 1 anti gaming gaming 0 Always LEs n ele 4 2 1 3 3 URL Blocking Rule Configuration It supports the adding of one new rule or the editing of one existed rule There are some parameters need to be specified in one URL blocking rule They are Rule Name URL Domain Name Keyword Destination Port Time Schedule and finally the
176. ryption key is used by the encryption algorithm Its length is 16 in hex format if encryption algorithm is DES or 48 if 3DES However AES 128 uses 32 length of hex format AES 192 uses 48 length of hex format and AES 256 uses 64 length of hex format The key value should be set in hex formatted here 4 Authentication There are five algorithms can be selected None MD5 SHA1 SHA2 256 and SHA2 512 Authentication key is used by the authentication algorithm and its length is 32 in hex format if authentication algorithm is MD5 or 40 if SHA1 However SHA2 256 uses 64 length of hex format Certainly its length will be O if no authentication algorithm is chosen The key value should be also set in hex formatted 4 2 3 3 PPTP The Point to Point Tunneling Protocol PPTP is a method for implementing virtual private networks PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets The PPTP specification does not describe encryption or authentication features and relies on the Point to Point Protocol being tunneled to implement security functionality However the most common PP TPimplementation shipping with the Microsoft Windows product families implements various levels of authentication and encryption natively as standard features of the Windows PPTP stack The intended use of this protocol is to provide security levels and remote access levels comparable with typical VPN products 103 AirLive AirrMax4GW User s
177. s Time Application Filters This window displays all filtered applications and their categories of firing activated application filter rules Besides the source IP address and firing time of these events are also shown there One Edit button in the Application Filters caption can let you change its settings Another or button at the upper right corner can unfold or fold the filtered applications Application Filters Filtered Application Category Filtered Application Name IPS This window displays all events of firing activated rules of IPS Besides the source IP address and firing time of these events are also shown there One Edit button in the IPS caption can let you change its settings Another or button at the upper right corner can unfold or fold the intrusion events IPS Edit E Options Display option settings of firewall Options Edit Stealth Mode ES Discard Ping from WAN Remote Administrator Management Disable Enable Disable 3 4 5 VPN Status In VPN Status page you can review lots information of VPN status including IPSec status PPTP Server status PPTP Client status L2TP Server status and L2TP Client status IPSec Status Display the tunnel status of all activated tunnels of IPSec AirLive AirMax4GW User s Manual 24 3 Configuring the AirMax4GW Air Live IPSec Status Local Subnet Local Subnet Mask Remote P FQDN Remote Subnet Remote Subnet Mask st
178. section 2 1 2 29 AirLive AirMax4GW User s Manual 4 Web Management S Air Live 4 1 1 1 Physical Interface Click on the Edit button for the WAN interface and you can get the detail physical Interface settings and then configure the settings as well By default the WAN 1 interface is forced to Always on mode and operates as the primary internet connection Physical Interface List Interface Name Physical Interface Operation Mode Line Speed Action 3G 4G 50 Mbps 150 Mbps 1 WAN 1 The operation mode of first interface is forced to Always on mode and operates as the primary Internet connection You can click on the respective Edit button and configure the rest items for this interface Interface Configuration WAN 1 gt Physical Interface gt Operation Mode Always on vv gt Line Speed 90 Mbps v 150 Mbps w Upload Download 1 Physical Interface Select the WAN interface from the available list For this gateway there is only 3G 4G physical interface for Internet connection To use embedded 3G 4G modem to operate as the primary Internet connection WAN 1 please configure it with following parameters 2 Operation Mode Since there is only one physical interface as primary WAN connection for the device its operation mode must be Always on 3 Line Speed You can specify the upstream downstream speed Mbps Kbps for the corresponding WAN connection Such inform
179. server to serve the DHCP requests from the VLAN group Leave it be DHCP 1 5 WAN VID The VLAN Tag ID that come from the ISP service For NAT type VLAN no WAN VLAN tag is allowed and the value is forced to 0 For Bridge type VLAN You have to specify the VLAN Tag value that is provided by your ISP 6 VLAN Routing Group AirLive AirMax4GW User s Manual 40 4 Web Management N Air Live LAN VALN Settings Ethernet NAT Bridge Tx TAG Port1 Wireless LAN VLAN Settings Virtual AP NAT Bridge VLAN ID Tx TAG VLAN Group Internet Access Definition Port1 VAP1 VAP2 VAP3 VAP4 VAPS VAP6 VAP7 VAP8 Inter VLAN Group Routing Above configuration example shows one VLAN group It includes Port 1 and 8 WiFi virtual APs and play NAT mechanism between LAN and WAN sides They all can access the Internet and since there is only one VLAN group there is no other VLAN group to communicate with About the configuration of inter VAP routing please refer to Basic Network WiFi section Afterwards click on Save to store your settings or click Undo to give up the changes 4 1 2 2 3 Tag Based VLAN Configuration Help m mI VLAN Type Tag based Vv The second type of VLAN is the tag based VLAN VLAN membership in a tagged VLAN is determined by VLAN information within the packet frames that are received on a port This differs from a port based VLAN where the port VIDs assigned to the ports determine VLA
180. sn t support IPSec pass through you need to activate this option in your Business Security Gateway 4 Max Tunnels The device supports up to 32 IPSec tunnels but you can specify it with the number of maximum current activated IPSec tunnels that is smaller or equal to 32 5 You can add new edit or delete some IPSec tunnels in Tunnel List amp Status as follows 97 AirLive AirMax4GW User s Manual i 4 Web Management L e NF LIve 4 2 3 2 3 Tunnel List and Status Tunnel List amp Status 2 ID Interface Tunnel Name Remote Address Gateway Status Enable Actions IPSec 10 0 76 0 55 255 255 WAN 1 Site2Site 255 255 255 0 id My Dynamic i 1 Add You can add one new IPSec tunnel with Site to Site scenario by clicking the Add button 2 Delete Delete selected tunnels by checking the Select box at the end of each tunnel list and then clicking the Delete button 3 Refresh To refresh the Tunnel List amp Status each 2 seconds by clicking on the Refresh button Tunnel Check the Enable box to activate the IPSec tunnel 5 Edit You can edit one tunnel configuration by clicking the Edit button at the end of each tunnel list Www ipsec com tw Connecting 4 2 3 2 4 Tunnel Configuration Tunnel Configuration Setting Tunnel Name IPSec Site2Site gt Interface WAN 1 v gt Tunnel Scenario Site to Site v Operation Mode Al
181. so can delete one trusted client certificate by checking corresponding Select box and clicking on the Delete button E Trusted Client Certificate List alld To To Nov 29 05 41 E DE C ca CN client C ca CN ca 2024 GMT View 7 Select View 7 Select v Select You can view its PEM codes by checking the View button Trusted Client Certificate List DECHENC HN O e e Nov 29 05 41 36 t see C ca CN client C ca CN ca 2024 GMT view view Jo Select AirLive AirMax4GW User s Manual 126 4 Web Management You can download the trusted client certificate file by clicking on the Download button Trusted Client Certificate View MIICAjC CAVWugAwIBAglJAlkd qDK BMhMAO0GCSqGSIb3DGEBBGUAMBoxCzAJBgNV BAYTAmNhMOswCQQYDVGODDA JjYTAeFw xNDASMzAwMjUS5MTRaFw yNDASMjcwMjl5 MTRaMBoxCzAJBgNVBAYTAmNhMGswCQGYDVvGODDAJjYTCBnzANBgkqhkiG9Sw BAGEF AAOBjGAwgYkCgYEAzISKkJLMiYiB8hu MV8Yfo5DVxzMRS8NXIUOS3cZBIgrmkbP7be FbxjoglGw40O 2XBfya 7 CayGQAa1xUBkAisabg8ficdsyA7 Pbw Hedb3lL Osul ez2tQyTOWAajlmkVvbuozuyUIvDHuOkNHKgXM8gH7 cwrgB8kpnqvie0a0SIECAwEA AaNGME4wHGYDVROOBBYEF OzJIkYm d GpllffDpNkdbS8vwyYaHmMBSGA 1UdlwG YMBaA FOzJIkYYm d GpllffDpNkdbewyYaHmMAwGA1UdEwGFMAMBAfSwDGY JIKoZlIhvc NAGEF BGADgYEAZLAFAfvH1SAINivpG HcRfNRO4R2XZmKANSb975woFBOTPsietyRnjGQj 4 2 6 3 Issue Certificates When you have a Certificate Signing Request CSR that needs to be certificated by the root CA of the device you can issue the re
182. ss have the same shared key or passphrase The shared key is manually set on both the client station and the AP router Three types of shared key authentication are available today for home or small office WLAN environments AirLive AirMax4GW User s Manual 52 i 4 Web Management e L e F iIe e Auto The gateway will select appropriate authentication method according to WiFi client s request automatically e WPA PSK Select Encryption mode and enter the Pre share Key You can fill in 64 hexadecimal 0 1 2 8 9 A B F digits or 8 to 63 ASCII characters as the pre share key The available encryption modes are TKIP AES or TKIP AES In this mode you don t need additional RADIUS server for user authentication e WPA2 PSK oelect Encryption mode and enter the Pre share Key You can fill in 64 hexadecimal 0 1 2 8 9 A B F digits or 8 to 63 ASCII characters as the pre share key The available encryption modes are TKIP AES or TKIP AES In this mode you don t need additional RADIUS server for user authentication 11 Scan Remote AP s MAC List If you do not enable the Lazy mode you have to enter the wireless MAC address for each WDS peer one by one Or you can press the Scan button to get the available AP s MAC list automatically and select the expected item and copy its MAC address to the Remote AP MAC 1 4 one by one t Scan Remote AP s MAC List Remote AP MAC1 Remote
183. t Schedule The rule can be turn on according to the schedule rule you specified and give user more flexibility on access control By default it is always turned on when the rule is enabled For more details please refer to the System Scheduling menu Enable Check the box if you want to enable the rule Each rule can be enabled or disabled individually Afterwards click on Save to store your settings or click Undo to give up the changes Application Filters Application Filters can categorize Internet Protocol packets based on their application layer data and allow or deny their passing of gateway This device supports the application filters for various Internet chat software P2P download Proxy and A V streaming You can select the applications to be blocked after the function is enabled and specify the schedule rule for such Application Filters function gt Configuration Help Item Setting Application Filters Enable Log Alert Enable Schedule j Chat QQ Software Enable Facebook Skype Enable Enable r b Aliww Enable 3 P2P Software gt BT BitTorrent BitSpirit BitComet Enable eDonkey eMule Shareaza Enable HTTP Multiple Thread Download Enable Thunder Enable Baofeng Enable AirLive AirMax4GW User s Manual 84 dE ir Live 4 2 1 6 1 Configuration Configuration 4 Web Management Sett
184. t attached to a multicast link starts up it may multicast a Router Solicitation to ask for immediate advertisements rather than waiting for the next periodic ones to arrive if and only if no advertisements are forthcoming the host may retransmit the solicitation a small number of times but then must desist from sending any more solicitations Any routers that subsequently start up or that were not discovered because of packet loss or temporary link partitioning are eventually discovered by reception of their periodic unsolicited advertisements 4 1 4 2 6in4 Pv6 Configuration Help When 6 in 4 is selected for the WAN Connection Type you need to do the following settings AirLive AirMax4GW User s Manual 60 4 Web Management 6in4 WAN Type Confiquration 6in4 WAN Type Configuration E t Secondary ONS MLD Snooping 7 Enable 4 Remote Local IPv4 and IPv6 Address you may add remote local IPv4 address and local IPv6 address then set DNS address manually for Primary DNS address and secondary DNS address 5 DNS Please enter IPv6 primary DNS address and secondary DNS address 6 MLD Snooping MLD snooping IPv6 multicast data is selectively forwarded to a list of ports that want to receive the data instead of being flooded to all ports in a VLAN This list is constructed by snooping IPv6 multicast control packets If necessary in your environment please enable thisfeature LAN nfiquration
185. t en eer 24 54105 ystem Manasemient Statu Scendi aoo Hte ten aite bed a HE Cen O 25 4 Wep ManageMeN cranir a 27 Aol ASIC NEIWOIK secar ctae eausa etsi a a a a MEE S E 29 i AirLive AirMax4GW User s Manual m Table of Contents L amp Ar Live dll WAN SEUD NR 20 41 2 JAN dad VLAN SGUD ee oce iim ad emos atv E ns ed beu Ga ted 35 LES W S U Pesan QD m TID QU TT 43 ANOS a a T dodi Edd dde E 58 A MING Brido INE annA ates icnaruer sa aasebinne meaeeh ee iaanoeitiaase an 62 2 1 0 ROUDDE Sel iossisieictintonstiidiedum QUERI ee ay eohncaladend yay uM el te wan ean dacnlacied as aiamaniienes 66 Jel CHEM Server PEOXV uio assueti gepaeueptseda a i udenae septa ra Vica peto iod 70 4 2 Advanced INeDWOEK s sain dh mia om d Ye pH d eee eerteeienes 74 a MAN IC cc 74 d 2 2 COS cc BWM aui itta b sus Oe Uie ale die oivsus ou dee Us fever o uen 87 AN HEIN LUND c tore itc utu toretutu tco be tos tco or M todo 95 A IG CUNY tea sie Bt demic aide scpat ated T ates te au Duna ate mas poinaee aot 115 kA VS Ue Mid Manas eme IM oot aint cele aera ease desea ecu a seta dee eeu eaima nd lactnanc 116 4 2 0 COTUPICALES ieres a e EET EEE E EA EE E 120 AS ADDIC AUO Merini E s 128 4 3 L Mope Applicaton sespersona scntinntevuisedsienhantuvsvedsendueas 128 495 2 2ptiye PObtaLz 9 xiu tu Mu Rue LM EIC IS OM 136 d d SIG sesto dd Rel ate teal Rd oft R e Rab UNIS ME 137 A NN ITI ss RN ETT UTI 138 T2 Shed succendit tentus e
186. ta integrity of network information by utilizing encapsulation protocols encryption algorithms and hashing algorithms The product series supports following tunneling technologies to establish secure tunnels between multiple sites for data transferring including IPSec PPTP L2TP over IPSec and GRE Advanced functions include Full Tunnel Tunnel Failover Tunnel Load Balance NetBIOS over IPSec NAT Traversal and Dynamic VPN 4 2 3 1 Configuration Configuration Item Setting gt VPN Enable Save Undo To enable the VPN function you should go to Configuration before any setting 4 2 3 2 IPSec Internet Protocol Security IPSec is a protocol suite for securing Internet Protocol IP 95 AirLive AirMax4GW User s Manual i 4 Web Management LE L AN LIve communications by authenticating and encrypting each IP packet of a communication session IPSec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session An IPSec VPN tunnel is established between IPSec client and server Sometimes we call the IPSec VPN client as the initiator and the IPSec VPN server as the responder There are two phases to negotiate between the initiator and responder during tunnel establishment IKE phase and IPSec phase At IKE phase IKE authenticates IPSec peers and negotiates IKE SAs Security Association du
187. through the firewall 3 Time Schedule Each special AP setting can be turned off according to the schedule rule you specified By default it is always turned on when the rule is enabled 4 Rule Check this item to enable the Special AP rule 4 1 5 4 DMZ Configuration Help t IP Address of DMZ Host 7 Enable DMZ DeMilitarized Zone Host is a host without the protection of firewall It allows a computer to be exposed to unrestricted 2 way communication for Internet games Video conferencing Internet telephony and other special applications Otherwise if specific application is blocked by NAT mechanism you can indicate that LAN computer as a DMZ host to solve this problem 1 IP Address of DMZ Host Enter IP address of Server or Host 2 DHCP Relay DHCP Relay Agent component relays DHCP messages between DHCP clients and DHCP servers on different IP networks Because 65 AirLive AirMax4GW User s Manual TAA 4 Web Management ilr Live DHCP is a broadcast based protocol by default its packets do not pass through routers If you need this feature in the environment please enable it NOTE This feature should be used only when needed 4 1 6 Routing Setup If you have more than one router and subnet you will need to enable routing function to allow packets to find proper routing path and allow different subnets to communicate with each other o Configuration Help Item Setting e Basic
188. tuer tut eni tutd sens Nesta beraae out en unas bue etes 143 TOEOSOTOUDIDD eei oun toten abt taco oen E A uror oos Ut Ease quoted luci iS quei ends 143 T AU ExternalSebVeLS sedentes bad tate bates sha seh A E etd T 147 tA MMI etos qi eMe o ed MM tat este ted pM tac n battu edi dM aute cid 149 5 Installing the AirMax AGW aioiiaeosu t usus aaa Rasa VOS Dra c Eas Dun su tie et EE QC o RES EE esE EROR 150 oM IP ITE TO E D LRL 150 I2 0 2161 6c 8 epee eterna didam eer ce ern cere cer MU LE DI 150 6 Wireless Network GlOSSA PY cccsseeeeeeseeeneeeeneecnseeenesenseseneeoeneees 153 AirLive AirMax4GW User s Manual H my 1 Introduction Air Live 1 Introduction ITT E p a l Air Live peer FU 1 1 Overview The AirMax4GW is a 4G LTE Outdoor Gateway with 2 4 G wireless It can receive 3G 4G LTE signal and provide 802 11 b g n WiFi signal When installed in upright position it is rain and splash proof It features an integrated 10dBi patch antenna and 802 3at POE to simplify the installation It is an innovative product for loT Internet of Things application 1 AirLive AirMax4GW User s Manual 1 Introduction Air Live 1 2 Special Notice This product requires professional installation Please do not attempt to install the device without the necessary knowledge in regards to your country s wireless regulations Functions and features in your product s firmware might be different due to regulatio
189. uring the device by the administrator 137 AirLive AirMax4GW User s Manual 4 Web Management System System Related System Related sub section includes Change Password System Information System Status and System Tools Change Password is to change the password of administrator for configuring the device by using Web UI System Tools support system time configuration FW upgrading system rebooting system resetting to default waking on LAN and configuration settings backup You also can check the system information and system status log here Change Password You can change the System Password here We strongly recommend you to change the system password for security reason System Information You can view the System Information in this page It includes the WAN Type Display Time and Modem Information But the modem information will be existed only at the models with embedded modems like ADSL modem and 3G LTE modem System Status You can view the System Logs in Web UI You also can send the logs to specific email accounts periodically or instantly by clicking System Related on the Email Now command button Scheduling System Tools The device supports many system tools including system time configuration FW upgrading system rebooting system resetting to default waking on LAN and configuration settings backup External Servers Scheduling About Scheduling you can define some time scheduli
190. wayson wv gt Encapsulation Protocol ESP v Enable Ping IP Vv Interval 0 seconds gt Keep alive 1 Tunnel Name Enter the name of tunnel 2 Interface Decide the WAN Interface to establish the tunnel Tunnel Scenario Support Site to Site Site to Host Host to Site Host to Host and Dynamic VPN Select one fromthem 4 Operation Mode Default is Always on and other options depend on product models 5 Encapsulation Protocol Default is ESP and other options depend on product models 6 Keep alive Check Enable box to keep alive the tunnel By default keep alive method is Ping IP and other options depend on product models Input the IP address of remote host that exists in the opposite side of the VPN tunnel Ex You can input the LAN IP address of remote Business Security Gateway The Interval is specified with the time interval between two ping requests and by default it is 30 seconds Now the device will start to ping remote host when there is no traffic within the VPN tunnel If the device can t get ICMP response from remote host anymore it will terminate the VPN tunnel automatically AirLive AirMax4GW User s Manual 98 i 4 Web Management Air Live 4 2 3 2 5 Local amp Remote Configuration Local amp Remote Configuration 10 0 75 0 Local Subnet 255 255 255 0 select one gt Local Netmask select one
191. with different VLAN IDs from Router device and delivers them in the Intranet VLAN membership in a tagged VLAN is determined by VLAN ID information within the packet frames that are received on a port Administrator can further use a VLAN switch to separate the VLAN trunk to different groups based on VLAN ID Following is an example In SMB or a company administrator schemes out 3 segments Lobby amp Restaurant Lab amp Meeting Rooms and Office In a Security VPN Gateway administrator can configure Lobby amp Restaurant segment with VLAN ID 12 The VLAN group is equipped with DHCP 3 server to construct a 192 168 12 x subnet He also configure Lab amp AirLive AirMax4GW User s Manual 38 Gamp 4 Web Management L E EK NF A E8W C Meeting Rooms segment with VLAN ID 11 The VLAN group is equipped with DHCP 2 server to construct a 192 168 11 x subnet for Intranet only That is any client host in VLAN 11 group can t access the Internet However he configures Office segment with VLAN ID 10 The VLAN group is equipped with DHCP 1 server to construct a 192 168 10 x subnet In this example VLAN 10 and 12 groups can access the Internet as following diagram e VLAN Group Access Control Administrator can specify the Internet access right for all VLAN groups He also can configure which VLAN groups can communicate each other VLAN Group Internet Access Administrator can specify members of one VLAN group to be able to access Internet or
192. x4GW User s Manual 2 Installing the AirMax4GW Air Live Setp 1 Setp 2 Setp 3 Unscrew bottom Insert RJ45 Ethernet Put back bottom cover and cover and remove it cable firmly and settle fasten the screw cable in the fillister PoE Switch 2 4 3 Mount AirMax4GW AirMax4GW can be mounted on wall or pole It has designed with wall mount bracket for attaching to the wall or fixing on a pole by metal rings AirLive AirMax4GW User s Manual 10 2 Installing the AirMax4GW ZS Air Live Wall Mount Metal Ring for Bracket Pole Mounting 2 5 Restore Settings to Default If you have forgotten your AirMax4GW s IP address or password you can restore your AirMax4GW to the default settings by pressing on the reset button for more than 10 seconds The reset button is located on button of AirMax4GW 11 AirLive AirMax4GW User s Manual 3 Configuring the AirMax4GW Air Live Configuring the AirMax4GW In this chapter we will explain AirMax4GW s available management interfaces and how to get into them Then we will provide the introduction on Web Management and recommended initial settings For detail explanations on Web Management functions please go to Chapter 4 and 5 3 1 Important Information The following information will help you to get start quickly However we recommend you to read through the entire manual before you start Please note the password and SSID are case sensitive The default IP address is 1
193. you want to create Here you can choose IPSec PPTP L2TP or GRE Press Next to continue Step 3 1 IPSec If choosing IPSec there are five options of tunnel scenario can be chosen Site to oite is for two offices to create a VPN tunnel Site to Host is for one office to access one specific server via an IPSec tunnel Host to Site is for service agents in the device to access the intranet of an remote office via a tunnel Host to Host is for two agent peer to create a secure tunnel for data communication Dynamic VPN is for mobile users with dynamic IP address to connect to central office For other options please go to Advanced Network VPN to setup And then input the required network information and pre shared key for VPN connection otep 3 2 PPTP If choosing PPTP there are two options of mode can be chosen Choose Server if you want other PPTP clients to connect to it Press Next to continue AirLive AirMax4GW User s Manual 16 3 Configuring the AirMax4GW Air Live If choosing PPTP Client please input tunnel name IP FQDN of PPTP server user name amp password choose default gateway remote subnet authentication protocol and MPPE encryption option Please make sure these settings are accepted by remote PPTP server Otherwise PPTP server will reject the connection Press Next to continue If choosing PPTP Server please choose options of authentication protocol and key length of MPPE
Download Pdf Manuals
Related Search