USER MANUAL - Plantron.gr
Contents
1. When you re done with the configuration wizard press Save 8 2 Configuration profiles Router can have virtually unlimited number or configuration profiles which you can later apply either via WebUl or via SMS When you add New Profile you save current full configuration of the router Note profile names cannot exceed 10 symbols Configuration Profiles Manage Profiles Profile name Add profile Profile name Created Action first 2014 12 03 Apply Delete 115 8 3 Administration 8 3 1 General General Troubleshoot Administration Settings Router Name And Host Name Backup Access Control Diagnostics MAC Clone Overview Router name Teltonika Host mame Teltonika Administrator Password New pas sworc Confirm new pas sword Language Settings IPv6 support Login Page Language English Erable Show mobile info at login page Show WAN IP at login page Leds Management Creve leds Restore Default Settings Restore to default no Explanation Router name Host name Password Confirmation Language IPv6 support Show mobile info at login page Show WAN IP at login page On Off leds Restore to default Enter your new router name Enter your new host name Enter your new administration password Changing this password will change SSH password as well Re enter your new administration password Website will be translated into selected language Enable IPv6 support2. ele e ESSE a f l a Sa 17 4 iii A IA 4010 Ones ODO Wok f 34006 J00001 1 06 9000001 Ouu Ormoni Wo0 100018 id 07990900101 101011 Ja a no sy ay meu 1 O 000 0 0 00001 1010 J P me UUO 11 0000 00 0 00000000000 000 000000 000000 01 0111 C gt 30000001 00000 000 0 os EN 0000001 000000 00001 000000 1 0 he A 40003 0000001 DOC 0000001 00000 1 gpioo9a 000008010 00000001 0 0000001 me A a 110400000001 1010 0 1010 Legal notice Copyright O 2014 TELTONIKA Ltd All rights reserved Reproduction transfer distribution or storage of part or all of the contents in this document in any form without the prior written permission of TELTONIKA Ltd is prohibited The manufacturer reserves the right to modify the product and manual for the purpose of technical improvement without prior notice Other product and company names mentioned herein may be trademarks or trade names of their respective owners Attention Before using the device we strongly recommend reading this user manual first Do not rip open the device Do not touch the device if the device block is broken All wireless devices for data transferring may be susceptible to interference which could E affect performance d sas The device is not water resistant Keep it dry Device is powered by low voltage 9V DC power adaptor Table of Contents E A e A ee een renee eee ae 2 A Pe E Puno
3. K K K Le Link Layer Topology Discovery Responder Install Uninstall Properties Description Transmission Control Protocol Internet Protocol The default wide area network protocol that provides communication across diverse interconnected networks m Cancel Internet Protocol Version 4 TCP TP 4 Properties General Alternate Configuration 6 By default the router is going to have DHCP enabled which means that if you select Obtain an IP address automatically and Obtain DNS server address automatically the router should lease you an IP and you should be ready to login You can get IP settings assigned automatically if your network supports this capability Otherwise you need to ask your network administrator For the appropriate IP settings Obtain an IP address automatically 5 Use the Following IP address 5 Use the Following ONS server addresses Validate settings upon exit Advanced 7 If you choose to configure manually here s what you do n Cancel First select an IP address Due to the stock settings that your router has arrived in you can only enter an IP in the form of 192 168 1 XXX where XXX is a number in the range of 2 254 192 168 1 2 192 168 1 254 192 168 1 155 and so on are valid 192 168 1 0 192 168 1 1 192 168 1 255 192 168 1 699 and so on
4. SPEAR io 39 5 10 AA A O ab an ele nana a eerie ely necaiate E taiaaaclee ama taned dena actabuten 40 DOL O A A O oo A 40 5 102 System Events iaa as 41 5 103 NetW rk Eventer E A N 42 S104 A a a a at 43 5105 HREDOFUING CONMISUFA CON aii 45 IN GEWOT asias 47 yl MI e Nee fete an cette tac E emanate fetta cell te naadietas 47 Dll GEN 47 6 2 SIM Majagement ocana a a aa 48 Ola Network Operators uta a 49 64 Mobile Data Limites io o ii 50 02 WAN 51 OAL Operation Mode A cease eee a aia 51 522 COMMONCONI SURAT Oasis ett anota as 51 5 EAN A A E anaoas 57 Goal COMPUTATION a iaa 57 632 A A A Utd cet iach uate ae 57 S SS rar sive cect cates a ve Ss neeetral o Maceo na 59 See BACKUP 9 o DEC A st te a aca aed mastate a tt sos weet a canna tastatet a st ica aaa ehecsmiaanteoetteanaeetceceeess 62 e0 FIFE Walllietancsscssocticcomasanth concasnsbeesasol tondacaswandnn ei cnudacutlanaesui N A N 64 Sek General Senes annaa e te nacian e ten pace taco Lee eden abre ca Dee od 64 052 DN ais 65 6 039 POP FONWadIN Pia wanted 65 O MAMAS o o o O EOS 67 GOS A 72 6 6 6 DDOS AVENA adicto 73 Oar tale ROULCS e heise aah tet Sloe a 76 Services e o rs o ant goatee A O cena E EAT 77 Ta MBR lia 77 ALL WRRPLANCOMMeUratiOn Sete esas 77 EAD Advanced SCUUIN GS csi cieve ota teers t coats hs e E AET 77 ER ANC 78 TDM A A 78 22 Proxy Based URL Content ble ase eee ee 78 Dos A T ectanet 79 PA pete wctestese actions epdaua setae E aa ctet
5. 192 168 99 36 192 168 99 155 MAC Address Interface 02 50 F3 00 00 00 eth2 0 25 22 D7 CA A7 br lan 38 2C 4A 64 2D E5 br lan 00 00 00 00 00 00 br lan mu Field Name Sample Value Explanation IP Address 2 MAC Address 3 Interface 192 168 99 17 00 25 22 D7 CA A7 br lan Recently cashed IP addresses of every immediate device that was communicating with the router Recently cashed MAC addresses of every immediate device that was communicating with the router Interface used for connection 32 5 6 2 Active IP Routes Shows the routers routing table The routing table indicates where a TCP IP packet with a specific IP address should be directed to Active IP Routes Network ppp ppp Target 0 0 0 0 0 10 0 207 216 29 10 0 207 217 192 168 99 0 24 IP Gateway Metric 10 0 207 217 0 0 0 0 0 0 0 0 0 0 0 0 UN Field Name Sample Value Explanation 1 2 3 4 Network Target IP Gateway Metric ppp 192 168 99 0 24 0 0 0 0 0 5 6 3 Active IPv6 Routes Interface to be used to transmit TCP IP packets through Indicates where a TCP IP packet with a specific IP address should be directed Indicates through which gateway a TCP IP packet should be directed Metric number indicating interface priority of usage Displays active IPv6 routes for data packet transmittion Active IPv6 Routes Network loopback loopback loopback PPP loopback Target 0 0 0 0 0 0
6. General Setup Advanced Settings DHCP Enable Start 100 Limit 150 Lease time 12 Field Name Sample value Explanation DHCP Enable Disable Manage DHCP server 2 Start 100 The starting address of the range that the DHCP server can use to give out to devices E g if your LAN IP is 192 168 2 1 and your subnet mask is 255 255 255 0 that means that in your network a valid IP address has to be in the range of 192 168 2 1 192 168 2 254 192 168 2 0 and 192 168 2 255 are special unavailable addresses If the Start value is set to 100 then the DHCP server will only be able to lease out addresses starting from 192 168 2 100 3 Limit 150 How many addresses the DHCP server gets to lease out Continuing on the above example if the start address is 192 168 2 100 then the end address will be 192 168 2 254 100 150 1 254 4 Lease time 12 How long can a leased IP be considered valid An IP address after the specified amount of time will expire and the device that leased it out will have to request for a new one Select Hour or Minute minimum 2min 58 6 3 2 2 Advanced settings You can also define some advanced options that specify how the DHCP server will operate on your LAN network DHCP Server General Setup Advanced Settings Dynamic DHCP iv Force IP netmask DHCP Options Fy Field Name Sample Value Explanation Dynamic DHCP Checked Unchecked 2 Force Checked Unchecked 3 IP netmas
7. Wireless MAC address 12345670 RUT950 012345 002 001 060461024168398 246021004072223 00 1E 42 00 00 44 00 1E 42 00 00 45 00 1E 42 00 00 46 Field Name Sample Value Explanation Serial number Product code Batch number Hardware revision IMEI IMSI Ethernet LAN MAC Ethernet WAN MAC Wireless MAC 12345678 RUT950 012345 002 001 860461024168398 246021004072223 00 1E 42 00 00 44 00 1E 42 00 00 45 00 1E 42 00 00 46 Serial number of the device Product code of the device Batch number used during device s manufacturing process Hardware revision of the device Identification number of the internal modem Subscriber identification number of the internal modem MAC address of the Ethernet LAN ports MAC address of the Ethernet WAN port MAC address of the Wi Fi interface 31 5 5 Services The page displays usage of the available services Services Services Status WRRP LAN OpenVPN servers OpenVPN clients SNMP agent SNMP trap NTP client IPsec Ping reboot 5 6 Routes DDNS Site blocking Privoxy Enabled SMS utils rules Enabled Hotspot Enabled Hotspot logging GRE tunnel QoS Refresh E The page displays ARP table active IP routes of the device 5 6 1 ARP Shows the routers active ARP table An ARP table contains recently cached MAC addresses of every immediate device that was communicating with the router ARP IP Address 10 0 207 217 192 168 99 17
8. are not Next we enter the subnet mask this has to be 255 255 255 0 Then we enter the default gateway this has to be 192 168 1 1 Finally we enter primary and secondary DNS server IPs One will suffice though it is good to have a secondary one as well as it will act as a backup if the first should fail The DNS can be your routers IP 192 168 1 1 but it can also be some external DNS server like the one Google provides 8 8 8 8 14 Wireless Network Connection Internet Protocol Version 4 TCOP IPy4 Properties EEE Disable General Connect Disconnect You can get IP settings assigned automatically if your network supports Disgness this capability Otherwise you need to ask your network administrator For the appropriate IP settings Bridge Connections _ f Create Shortcut 5 Obtain an IP address automatically Use the Following IP address Rename IP address 197 Properties Subnet mask z255 Default gateway 192 Obtain DAS server address automatically Use the Following ONS server addresses Preferred DNS server 192 168 Alternate DNS server 5 6 Validate settings upon exit Advanced ok cancel Right click on the Wireless network icon and select Connect Disconnect A list should pop up with all available wireless networks Select Teltonika and click connect Then we launch our favorite browser
9. disable SMS status function 6 SMS text SMS text which will send SMS text can contain letters numbers spaces and routers status special symbols Capital letters also matters 7 Sender phone number Phone number of person who You can add as many phone numbers as you need can receive router status via Dropdown list with additional rows will show up if SMS message you click on add icon at the end of phone number row 8 Get Information Data state You can select which status elements to display Operator Connection type Signal Strength Connection State IP 9 Wireless On Off via This check box will enable and Allows Wi Fi control via SMS SMS disable this function 10 Wireless on SMS text SMS text which will turn Wi Fi SMS text can contain letters numbers spaces and ON special symbols Capital letters also matters 11 Wireless on SMS text SMS text which will turn Wi Fi SMS text can contain letters numbers spaces and OFF special symbols Capital letters also matters 12 Sender Phone number Phone number of person who You can add as many phone numbers as you need can receive router status via Dropdown list with additional rows will show up if SMS message you click on add icon at the end of phone number row 13 Write to config Permanently saves Wi Fi state With this setting enabled router will keep Wi Fi state even after reboot If it is not selected router will revert Wi Fi state after reboot 14 Mobile Settings via This
10. 1 1 5 Hardware High performance 560 MHz CPU with 128 Mbytes of DDR2 memory 5 5 2 5mm DC power socket Reset restore to default button 2 x SMA for 3G 2 x RP SMA for Wi Fi antenna connectors 4 x Ethernet LEDs 1 x power LED 1 x bi color connection status LED 5 x connection strength LEDs Software OpenVPN IPSec GRE L2TP PPTP Backup WAN PPPoE Dynamic DNS SMS and Ping reboot periodic reboot Status configuration via SMS Send read SMS via HTTP POST GET Monitoring by SNMP SNMP trap System log to record the status of the router VRRP Web filter Wireless hotspot with or without RADIUS server SIM card switch controlled by signal data limit roaming Configuration profiles Dual image with safemode firmware Firmware update from bootloader via WebUI Restore point Electrical Mechanical amp Environmental Dimensions H x W x D 80 mm x 106 mm x 46 mm Weight 250 g Power supply 100 240 VAC gt 9 VDC wall adapter Input voltage range 9 30 VDC Power consumption lt 7W Operating temperature 40 to 75 C Storage temperature 45 to 80 C Operating humidity 10 to 90 Non condensing Storage humidity 5 to 95 Non condensing 10 1 1 8 Applications RO U T E R Kerk WiFi 3G 3G WIFI WIFI ANTENNA ANTENNA f f J 3G AUX yo ANTENNA 3G MAIN ANTENNA Power Port Please use the included power adapter l WAN or LAN connection depending on your needs
11. 1 99999 1 1 4 Modem revision 5 1 3 6 1 4 1 99999 1 1 5 Modem serial number 6 1 3 6 1 4 1 99999 1 1 6 SIM status 7 1 3 6 1 4 1 99999 1 1 7 Pin status 8 1 3 6 1 4 1 99999 1 1 8 IMSI 9 1 3 6 1 4 1 99999 1 1 9 Mobile network registration status 10 1 3 6 1 4 1 99999 1 1 10 Signal level 11 1 3 6 1 4 1 99999 1 1 11 Operator currently in use 12 1 3 6 1 4 1 99999 1 1 12 Operator number MCC MNC 13 1 3 6 1 4 1 99999 1 1 13 Data session connection state 14 1 3 6 1 4 1 99999 1 1 14 Data session connection type 15 1 3 6 1 4 1 99999 1 1 15 Signal strength trap 16 1 3 6 1 4 1 99999 1 1 16 Connection type trap 91 7 6 2 TRAP Settings TRAP Service Settings SNMP Trap Host IP 192 168 99 155 Port 162 Community Public TRAP Rules Action Enable Connection type trap dit Delete signal strength trap New TRAP Rule Action signal strength trap IES E Explanation SNMP Trap Enable Disable Enable SNMP Simple Network Management Protocol trap functionality 2 Host IP 192 168 99 155 Host to transfer SNMP Simple Network Management Protocol traffic to 3 Port 162 Port for trap s host 4 Community Public Private The SNMP Simple Network Management Protocol Community is an ID that allows access to a router s SNMP data 92 7 7 SMS Utilities RUT900 has extensive amount of various SMS Utilities These are subdivided into 4 sections general SMS Utilities Send SMS SMS Management and Remote Configura
12. 2 Common configuration Common configuration allows you to configure your TCP IP settings for the wan network Common Configuration General Setup Advanced Settings Protocol DHCP Really switch protocol Switch protocol You can switch between the Static DHCP or PPPoE protocol by selecting the protocol that you want to use and then pressing Switch Protocol Note Mobile connection does not use either DHCP or Static protocol therefore it displays none in the dropdown menu 51 6 2 2 1 General Setup 6 2 2 1 1 Static 1 2 3 4 Common Configuration General Setup Advanced Settings Protocol IPv4 address IPv4 netmask IPv4 gateway IPv4 broadcast Use custom DNS servers Static 192 168 99 162 255 255 255 0 192 168 99 254 192 168 99 255 8 8 8 8 8 8 6 6 x x This is the configuration setup for when you select the static protocol METETE ETS Ee IPv4 address 192 168 99 162 IPv4 netmask 255 255 255 0 IPv4 gateway 192 168 99 254 IPv4 broadcast 192 168 99 255 custom DNS servers 8 8 8 8 8 8 6 6 6 2 2 1 2 DHCP General Setup Advanced Settings Hostname to send when requesting DHCP IP Aliases Your routers address on the WAN network A mask used to define how large the WAN network is Address where the router will send all the outgoing traffic Broadcast address autogenerated if not set It is best to leave this blank unless you kn
13. 3 Router Model Teltonika RUT9xx Routers model Firmware RUT9XX_T_00 00 372 Shows the version of the firmware that is currently loaded in the router Version Newer versions might become available as new features are added Use this field to decide whether you need a firmware upgrade or not 5 Kernel Version 3 10 36 The version of the Linux kernel that is currently running on the router 6 Local Time 2014 11 03 14 33 14 Shows the current system time Might differ from your computer because the router synchronizes it s time with an NTP server Format year month day hours minutes seconds 7 Uptime Oh 40m 46s since Indicates how long it has been since the router booted up Reboots will 2014 11 03 13 53 13 reset this timer to 0 Format day s hours minutes seconds since year month day hours minutes seconds 8 Load Average 1min 11 5 mins Indicates how busy the router is Let s examine some sample output 1 18 15 mins 17 min 11 5 mins 18 15 mins 17 The first number mean past minute and second number 11 means that in the past minute there have been on average 11 processes running or waiting for a resource 9 Temperature Device s temperature 19 Memory explanation Field Name Sample Value Explanation 1 Free 94532 kB 126452 kB The amount of memory that is completely free Should this rapidly 74 decrease or get close to O it would indicate that the router is running out of memory which could cause c
14. A 2 SAFE INFORMATION sra rita 7 DEVICES CONNEC O rere a a dr yan 8 1 A T A 9 Te SPEI ON a E T E aes 9 A E E E E A AE E E A 9 P G MW OPR FOGE iia eee eee iia 9 CELS A EE 0 E A A R 9 LLA WF o e O 9 LLS AINI E em ree eee a 10 LERO e ET toed titres puck en pha nla paste eteenectume duet E prea 10 1 1 7 Electrical Mechanical amp Environmental iii iia 10 la APGA valo 11 2 Setting UP your OUTED ccc ccecceeccsseccsscosecesecessceseceseceseceseccaeetseetaeeteesaeeseeeseeesaussesssesscesceseeeeceseesseetseenseetes 12 ZAM o A A A 12 Z El FROME PMC Back aie ia en 12 212 VAR ANG AGS last tioN iso 12 BP Lo CINE MW Ao O EX e O E A E E 13 3 Operon MOG aera A aa 16 4 PW SNS OT ONS e E E tdi 16 4 1 Powering the device from higher VOltage cscccccsssccccesseccceesecccsesececeeeceseeeececsensecessesecesseneceeteneeeetes 17 5 A E ates enews seteteseaeesese sana seenseeeucataee ss 18 o E o A eee eee 18 S32 SV SCCM PO AIO ers Reno net neones eos 19 Deo INGEWOC Ito mal Ntra E A E 20 s4 DEVICE MOM MAUION e E 31 Fo CINICO Seta ee ee E en ee ee re eer re 32 o 5 anccewenseeaesersnceemeccisnecane 32 O O o o A A e om 32 IOA AVE IP ROUS etapa ee eee 33 A Active aos A e o ea 33 A A Gane 34 5714 Moplesienal SEN Nec iia 34 6 7 S72 Reatime e e se vec wetness 35 Dela M eaa E 36 SAA Realtime Wireless errn a a 37 I9 Realtime CONMECTIONS srl 38 A LOC E o AA EEE O O EE 5 E anccananess ua teecaatoudamanaacauneteaneitt 39 DED
15. Change profile via SMS 6 SMS text to change profile 7 SMS text to get list of profiles 8 Sender Phone number Important Notes This check box will enable and disable this function Text to turn 3G connection ON Text to turn 3G connection OFF Permanently saves 3G network state This check box will enable and disable this function Keyword that must precede profile name Upon receiving this SMS router will send list of created profiles to the sender number Phone number of person who can control this function Function disabled by default SMS text can contain letters numbers spaces and special symbols Capital letters also matters With this setting enabled router will keep 3G state even after reboot If it is not selected router will revert 3G state after reboot Function disabled by default SMS text can contain letters numbers spaces and special symbols Capital letters also matters You can add as many phone numbers as you need Dropdown list with additional rows will show up if you click on add icon at the end of phone number row e 3G settings must be configured correctly If SIM card has PIN number you must enter it at Network gt 3G settings Otherwise SMS reboot function will not work e Sender phone number must contain country code You can check sender phone number format by reading the details of old SMS text massages you receiving usually 95 7 7 2 Call Utili
16. Configuration Events Log Report Configuration Modify events log file report rule Enable Events log System Y Transfer wpe FIP Compress file jw Host 192 168 123 123 Username Username Password Interval between reports Week Weekday Monday Hour 12 a Field Name Sample Value Explanation 1 Enable Enable Disable Make a rule active inactive 2 Events log System Event type for which the rule is applied 3 Transfer type FTP Event subtype for which the rule is applied Email ftp 4 Compress file Enable Action to perform when an event occurs 5 Host 192 168 123 123 FTP File transfer Protocol host name e g ftp exemple com 192 168 123 123 Allowed characters a z A Z0 9 S amp _ 6 User name Username User name for authentication on SMTP Simple Mail Transfer Protocol or FTP File Transfer Protocol server Allowed characters a z A Z0 9 H S amp 4 7 Password password Password for authentication on SMTP Simple Mail Transfer Protocol or FTP File Transfer Protocol server Allowed characters a z A Z0 910HS 18 2 4 Y 8 Interval Week Send report every select time interval between reports 9 Weekday Monday Day of the week to get events log report 10 Hour 12 Hour of the day to get events log report 46 6 Network 6 1 Mobile 6 1 1 General 6 1 1 1 Mobile configuration Here you can configure the mobile specific settings which are used when connecting to your lo
17. Mobile connection APH Dialing number Futhentication method Usemame Password Service mode Lan IP address IF netmask IP broadcast yr 36 F Use pppd mode Y intemet mnceOl moose 37 060000001 CHAP Y 3G preferred ll 192 168 1 1 255 255 255 0 192 165 1 255 Send Configuration Message Generate Generate Phone number 3 7060000001 Serial number 12345680 Send Send Field name Values Notes Generate SMS New Generate new SMS settings or use current device From current configuration configuration 2 Mobile Enable Disable Include configuration for mobile network 3 WAN Enable Disable Include configuration for WAN Wide Area Network 4 LAN Enable Disable Include configuration for LAN Local Area Network 5 Interface Wired Interface type used for WAN Wide Area Network Mobile connection 6 Protocol Static DHCP Network protocol used for network configuration parameters management IP address that router will use to connect to the internet That will be used to define how large the WAN Wide Area Network network is 7 IP address 217 147 40 44 8 IP netmask 1255 255 2550 11 IP gateway 217 147 40 44 The address where traffic destined for the internet is 98 12 13 14 15 16 17 18 19 20 21 22 23 IP broadcast Primary SIM card Mobile connection APN Dialing number Authentication method User name Password Service mode
18. These are the advanced settings for each of the protocols if you are unsure of how to alter these attributes it is highly recommended to leave them to a trained professional 6 2 2 2 1 Static Common Configuration General Setup Advanced Settings Disable NAT Override MAC address Override MTU Use gateway metric EIA Sample value Explanation Disable NAT On Off Override MAC address Override MTU 1500 Use gateway metric 0 6 2 2 2 2 DHCP 36 48 71 B7 E9 E4 Toggle NAT on and off Override MAC address of the WAN interface If your ISP gives you a static IP address it might also bind it to your computers MAC address i e that IP will only work with your computer In this field you can enter your computers MAC address and fool the gateway in thinking that it is communicating with your computer Maximum transmission unit specifies the largest possible size of a data packet The WAN configuration by default generates a routing table entry With this field you can alter the metric of that entry Common Configuration General Setup Advanced Settings Disable NAT Use broadcast flag Use default gateway Use DNS servers advertised by peer Use gateway metric Client ID to send when requesting DHCP Vendor Class to send when requesting DHCP Override MAC address Override MTU MITE ESTATE Explanation 1 2 Disable NAT Use broadcast flag Enable Disable Enable Disable
19. all your devices and computers that you connect to the router will reside 6 3 1 Configuration 6 3 1 1 General Setup Configuration General Setup Advanced Settings IP address 192 168 1 1 IP netmask 255 255 255 0 M IP broadcast Field name Sample value Explanation 1 IP address 192 168 1 1 Address that the router uses on the LAN network 2 IP netmask 255 255 255 0 A mask used to define how large the LAN network is 3 IP broadcast 0 IP broadcasts are used by BOOTP and DHCP clients to find and send requests to their respective servers 6 3 1 2 Advanced settings LAN Configuration General Setup Advanced Settings Override MTU Use gateway metric MITE ESTE Explanation 1 Enable LAN interface Enable Disable 2 Use custom DNS servers 8 8 8 8 Multiple DNS servers can be entered by clicking new entry button near a text input field 3 Override MTU 1500 MTU Maximum Transmission Unit specifies the largest possible size of a data packet 4 Use gateway metric 0 With this field you can alter the metric of that entry 6 3 2 DHCP Server The DHCP server is the router side service that can automatically configure the TCP IP settings of any device that requests such a service If you connect a device that has been configured to obtain IP address automatically the DHCP server will lease an address and the device will be able to fully communicate with the router 57 6 3 2 1 General Setup DHCP Server
20. and configuration Switch 11 2 Setting up your router 2 1 Installation After you unpack the box follow the steps documented below in order to properly connect the device For better Wi Fi performance put the device in clearly visible spot as obstacles such as walls and door hinder the signal 1 First assemble your router by attaching the necessary antennas and inserting the SIM card 2 To power up your router please use the power adapter included in the box IMPORTANT Using a different power adapter can damage and void the warranty for this product 3 If you have a wired broadband connection you will also have to connect it to the WAN port of the router 2 1 1 Front Panel and Back Panel 3G MAIN LAN Ethernet ports EN 3G auxiliary antenna connector WAN Ethernet port 3G main antenna connector oe LAN LEDs Wi Fi antenna connectors 8 WAN LED 4 Reset button 9 Power socket 10 Power LED 11 Connection status LED 12 Signal strength indication LEDs 2 1 2 Hardware installation 1 Remove back panel and insert SIM card which was given by your ISP Internet Service Provider Correct SIM card orientation is shown in the picture o i sii OD TIL F SIM 1 primary SIM 2 secondary 2 Attach 3G main and Wi Fi antennas 3 Connect the power adapter to the socket on the front panel of the device Then plug the other end of the power adapter into a wall outlet or power strip 4 Connect to the device wi
21. check box will enable and Allows cellular control via SMS SMS disable mobile settings function 15 SMS text Key word that will precede SMS text can contain letters numbers spaces and actual configuration special symbols Capital letters also matters parameters 16 Sender phone number Phone number of person who You can add as many phone numbers as you need can receive router status via Dropdown list with additional rows will show up if SMS message you click on add icon at the end of phone number row 94 Mobile Settings via SMS parameters MEL Value s Explanation apn 2 dialnumber 3 auth _mode 4 service 5 username 6 password i e internet gprs i e 99 1 none pap chap auto 3gpreferred 3gonly 2gpreferred 2gonly user user Sets APN e apn internet gprs Sets dial number Sets authentication mode You can add as many phone numbers as you need Dropdown list with additional rows will show up if you click on add icon at the end of phone number row Used only if PAP or CHAP authorization is selected Used only if PAP or CHAP authorization is selected All Mobile settings can be changed in one SMS Between each lt parameter value gt pair a space symbol is necessary Example cellular apn internet gprs dialnumber 99 1 auth_mode pap service 3gonly username user password user 2 Explanation Notes 3G On Off via SMS 2 3GonSMS text 3 3Goff SMS text Write to config 5
22. complex networks SNMP works by sending messages called protocol data units PDUs to different parts of a network 129
23. on rounter Show operator and signal strength at login page Show WAN IP at login page If uncheck all routers leds are off Router will be set to factory default settings 116 Important notes The only way to gain access to the web management if you forget the administrator password is to reset the device factory default settings Default administrator login settings are User Name admin Password admin01 8 3 2 Troubleshoot General Troubleshoot Backup Access Control Diagnostics MAC Clone Overview Troubleshoot Settings Troubleshoot System log level Debug Save login RAM memory Include GSMD information y Include PPPD information Include chat script information Include network topology information System log Show Kernel log Show Troubleshoot file Download Field name Explanation 1 System log level Debug level should always be used unless instructed otherwise 2 Save log in Default RAM memory should always be used unless instructed otherwise 3 Include GSMD information Default setting enabled should be used unless instructed otherwise 4 Include PPPD information Default setting disabled should be used unless instructed otherwise 5 Include Chat script Default setting enabled should be used unless instructed otherwise information 6 Include network topology Default setting disabled should be used unless instructed otherwise information 7 System Log Provides on screen Syste
24. peer 5 LCP echo failure 0 threshold 6 LCP echo interval 5 7 Inactivity timeout 0 If checked router will not perform NAT masquerade on this interface If unchecked no default route is configured If unchecked the advertised DNS server addresses are ignored Presume peer to be dead after given amount of LCP echo failures use O to ignore failures Send LCP echo requests at the given interval in seconds only effective in conjunction with failure threshold Close inactive connection after the given amount of seconds use O to persist connection 55 6 2 2 2 4 IP Aliases IP aliases are a way of defining or reaching a subnet that works in the same space as the regular network General Setup Advanced Settings IP Address 192 168 99 161 Metmask 255 255 2550 Gateway 192 168 99 254 Delete Adel As you can see the configuration is very similar to the static protocol only in the example a 99th subnet is defined Now if some device has an IP in the 99 subnet 192 168 99 xxx and the subnets gateway metric is higher and the device is trying to reach the internet it will reroute it s traffic not to the gateway that is defined in common configurations but through the one that is specified in IP aliases General Setup Advanced Settings IF Broadcast DNS Server You may also optionally define a broadcast address and a custom DNS server 56 6 3 LAN This page is used to configure the LAN network where
25. pressing button Reboot 9 Functionality not listed in menu 9 1 SMS by HTTP POST GET It is possible to read and send SMS by using valid HTTP POST GET syntax Use web browser or any other compatible software to submit HTTP POST GET string to router Router must be connected to GSM network when using SMS send feature 9 1 1 Syntax of HTTP POST GET string HTTP POST GET string Explanation http IP_ADDRESS cgi bin sms_read number MESSAGE_INDEX Read message cgi bin sms_send number PHONE NUMBER amp text MESSAGE TEXT Send message cgi bin sms_delete number MESSAGE_ INDEX Delete message cgi bin sms_list List all messages cgi bin sms_ total Number of messages in memory Note parameters of HTTP POST GET string are in capital letters inside curly brackets Curly brackets Y are not needed when submitting HTTP POST GET string 9 1 2 Parameters of HTTP POST GET string MC Explanation IP_ADDRESS IP address of your router 2 MESSAGE_INDEX SMS index in memory 3 PHONE_NUMBER Phone number of the message receiver Note Phone number must contain country code Phone number format is OO COUNTRY_CODE RECEIVER_NUMBER 125 E g 0037062312345 370 is country code and 62312345 is receiver phone number 4 MESSAGE TEXT Text of SMS Note Maximum number of characters per SMS is 160 You cannot send longer messages It is suggested to use alphanumeric characters only After every executed command router wil
26. request during the period 5 Limit burst oye Indicating the maximum burst before the above limit kicks in 6 6 6 3 SSH Attack Prevention Prevent SSH Allows a user to run commands on a machine s command prompt without them being physically present near the machine attacks by limiting connections in defined period SSH Attack Prevention Enable SSH limit Limit period Second Y Limit 10 Limit burst a Field Name Sample value Explanation 1 Enable SSH limit Enable Disable Enable ssh connections limit in selected period 2 Limit period Second Minute Hour Day Select in what period limit ssh connections 3 Limit 10 Maximum ssh connections during the period 4 Limit burst ois Indicating the maximum burst before the above limit kicks in 74 6 6 6 4 HTTP Attack Prevention HTTP attack sends a complete legitimate HTTP header which includes a Content Length field to specify the size of the message body to follow However the attacker then proceeds to send the actual message body at an extremely slow rate e g 1 byte 110 seconds Due to the entire message being correct and complete the target server will attempt to obey the Content Length field in the header and wait for the entire body of the message to be transmitted hence slowing it down HTTP Attack Prevention Enable HTTP limit Limit period Second Y Limit Limit burst a Field Name Sample value Explanation 1 Enable HTTP limit Enable Disable
27. same area contending 60 6 4 1 2 Interface 6 4 1 2 1 Security Encryption There are many modes of encryption a distinctive class is pointed out below Interface Configuration General Setup Wireless Security MAC Filter Advanced Settings Encryption WP4 PSOKAWPALPSK mixed mode Y Key NANA gt First select an encryption method TKIP CCMP TKIP amp CCMP and auto Note Some authentication methods won t support TKIP and TKIP amp CCMP encryption After you ve selected your encryption method you should enter your passphrase which must be at least 8 characters long 6 4 1 2 2 MAC Filter Interface Configuration General Setup Wireless Security MAC Filter Advanced Settings MAC address filter Allow listed only MAC list 00 11 22 33 44 55 Filter you can define a rule for what to do with the MAC list you ve defined You can either allow only the listed MACs or allow ALL but forbid only the listed ones 6 4 1 2 3 Advanced settings Separate clients prevents Wi Fi clients from communicating with each other on the sane subnet Interface Configuration General Setup Wireless Security MAC Filter Advanced Settings separate clients 61 6 4 1 3 Client RUT9xx can work as a Wi Fi client check 6 5 Chapter of this manual Client mode is nearly identical to AP except for the fact that most for the options are dictated by the wireless access point that the router is connecting t
28. such as packet network traffic port prioritization Quality of Service With QoS you can prioritize network traffic selected by addresses ports or services Interfaces Interface Enable Calculate overhead Half duplex WAN Interface name WAN Y Classification Rules Destination host Service Target Source host Priority All Normal All Express Y All Download speed kbit s 1024 Protocol 112 Upload speed kbit s 128 Number of bytes 20 21 25 80 Delete 8 System 8 1 Configuration Wizard The configuration wizard provides a simple way of quickly configuring the device in order to bring it up to basic functionality The wizard is comprised out of 4 steps and they are as follows Step 1 General change First the wizard prompts you to change the default password Simply enter the same password into both Password and Confirmation fields and press Next Step 1 General Step 2 Mobile Step3 LAN Step 4 WiFi Step General First let s change your router password from the default one Password settings New password e Confirm new password Time zone settings Current system time 2015 05 13 06 59 23 Sync with browser Time zone UTC Skip Wizard 113 Step 2 Mobile Configuration Next we have to enter your mobile configuration On a detailed instruction on how this should be done see the Mobile section under Network Step 1 General Step 2 Mobile St
29. the same VRRP Virtual Router Redundancy Protocol cluster will act as a master Enable Ping timeout sec Ping packet size Ping retry count METEO ET ENTES 1 2 3 4 5 On Enable Ping IP address Ping interval Ping timeout sec Ping packet size Ping retry count Enable Disable 8 8 4 4 10 1 50 10 Enable WAN s connection monitoring A host to send ICMP Internet Control Message Protocol packets to Time interval in minutes between two Pings Response timeout value interval 1 9999 ICMP Internet Control Message Protocol packet s size interval 0 1000 Failed Ping attempt s count before determining that connection is lost 77 7 2 Web filter 7 2 1 Site blocking Site Blocking Proxy Based Content Blocker Site Blocking Settings Site Blocking Enable Mode Whitelist Enable Host name www yahoo com Delete MITE ES Ee 1 Enable Enable Disable Enable host name based websites blocking 2 Mode Whitelist Blacklist Whitelist allow every site on the list and block everything else Blacklist block every site on the list and allow everything else 7 2 2 Proxy based URL content blocker Site Blocking Proxy Based Content Blocker Proxy Based URL Content Blocker Configuration Proxy Based URL Content Blocker Enable Mode Blacklist Y URL Filter Rules Enable URL content example com Delete Field name EXT Explanation 1 Enable Enable Disable En
30. will have to simply enter hours 6 and minutes 48 7 9 4 Landing Page General Restricted Internet Access Logging Landing Page Radius Server Wireless Hotspot Landing Settings Landing Page Settings Page title Teltonika Hotspot Theme Custom w Upload login page Browse Demo preview a Explanation 1 Page title Will be seen as landing page title 2 Theme Landing page theme selection 3 Upload login page Allows to upload custom landing page theme 4 Demo preview Allows preview theme without saving it 108 7 9 5 Radius server configuration An authentication and accounting system used by many Internet Service Providers ISPs When you dial in to the ISP you must enter your username and password This information is passed to a RADIUS server which checks that the information is correct and then authorizes access to the ISP system General Restricted Internet Access Logging Landing Page Radius Server Radius Server Configuration General Settings Enable Remote access Clients Configuration Settings Enable Client name IP address Netmask Radius shared secret There are no clients created yet Add Users Configuration Settings Enable user User name User password Reply Message There are no users created yet a Explanation 1 Enable Activates an authentication and accounting system 2 Remote access Activates remote access to radius server 109 7 10 Auto Reboot 7 10 1 Ping Reboot Ping Reboot f
31. 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 FFOO 0 0 0 0 0 0 0 8 0 0 0 0 0 0 0 0 0 IPvb6 Gateway Metric 0 0 0 0 0 0 0 0 0 FFFFFFFF 0 0 0 0 0 0 0 0 0 FFFFFFFF 0 0 0 0 0 0 0 0 0 00000000 0 0 0 0 0 0 0 0 0 000000100 0 0 0 0 0 0 0 0 0 FFFFFFFF UN Field Name Sample Value Explanation 1 2 a gt S Network Target IPv6 Gateway Metric loopback 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 FFFFFFFF Network interface used Indicates where a TCP IP packet with a specific IP address should be directed Indicates through which gateway a TCP IP packet should be directed Metric number indicating interface priority of usage 33 5 7 Realtime Graphs Real time graphs show how various statistical data changes over time 5 7 1 Mobile Signal Strenght Displays mobile signal strength variation in time measured in dBm Mobile Signal Load Traffic Wireless Connections Mobile Signal Strength 3 minutes window 1 second interval Connection type 3G WCDMA Signal 72 dBm Average 72 0 dBm Peak 72 dBm mb A A E a A hiie 3G HSUPA 3G HSPA 3G HSPA 3G DC HSPA 4G LTE _ Field Name Sample Value 1 Connection type 3G WCDMA Type of mobile connection used 2 Signal 72 dBm Current signal strength value 3 Average 72 0 dBm Average signal strength value 4 Peak 72 dBm Peak signal strength value 34 5 7 2 Realtime Load This tri graph illustrates average CPU load values in real time The graph c
32. 008 255 137 43 27 KB 508 Pkts 0 0 0 0 0 24 0 0 1 0 2 34 KB 75 Pkts 38 5 8 Mobile Traffic Displays mobile connection data sent and received in KB of this day week month Today Current Week Current Month Total Configuration Daily Data Usage SIM1 SIM2 Both Delete data Today s usage 5 08 KB Sent 2 13 KB Received 2 95 KB a usage accounting may diffe 5 9 Speed Test Speed test is a tool for measuring your internet connection upload and download speeds You can select servers for manual testing or use auto test Speed Test Begin auto test Get servers list Server Imhost It Vilnius Lithuania UAB Cgates Vilnius Lithuania Begin test Ping 158 ms Imhost lt Vilnius Lithuania Begin test Download speed 8 48 Mbits s Tele2 Vilnius Lithuania Begin test Upload speed 3 15 Mbits s Bite Lietuva Vilnius Lithuania Begin test Test again 39 5 10 Events Log Event log displays such actions as login reboot firmware flashing and reset 5 10 1 All Events Displays all router events their type and time of occurrence All Events System Events Network Events Events Reporting Reporting Configuration Events Log Events Log Events per page 10 Y Search ID Date Eventtype Event 3181S 2015 05 11 16 11 47 Config Firewall configuration has been changed 31805 2015 05 11 16 09 29 Port Wired WAN connection operational 31795 2015 05 11 16 05 13 Port Wired WAN connection non operatio
33. 11 2015 05 11 2015 05 11 2015 03 18 2015 03 18 2015 05 11 2015 05 07 2015 05 08 2015 05 08 Last Connections 10 36 39 10 37 54 10 38 41 15 56 44 16 31 47 11 36 23 09 07 22 10 48 52 13 39 11 IP 192 168 1167 192 166 1 167 192 166 1 167 192 168 1 167 192 166 1 167 192 168 1 167 192 168 1 167 192 168 1 167 192 168 1 167 Authentications Status Succeeded Succeeded Succeeded Succeeded Succeeded Succeeded Succeeded Succeeded Succeeded Last Remote Connections Type Date IP Authentications Status 33H 2015 05 07 10 36 01 192 168 99 109 Failed 2015 05 07 10 36 13 192 168 99 109 Failed 2015 05 07 10 36 16 192 168 99 109 succeeded 2015 05 07 09 07 17 2015 05 08 08 44 13 2015 05 08 09 45 21 19216899109 192168 99 109 19216899109 There are no records vel Refresh E Field Name Sample Value SEMEL Type SSH HTTP HTTPS Type of connection protocol 2 Date 2015 05 11 10 36 59 Date and time of connection 3 IP 192 168 1 167 IP address from which the connection was made 4 Authentications Failed Succeded Status of authentication attempt Status 30 5 4 Device information 1 2 3 4 5 6 6 7 8 The page displays factory information that was written into the device during manufacturing process Device Information Device Senal number Product code Batch number Hardware revision IMEI IMSI Ethernet LAN MAC address Ethernet WAN MAC address
34. 37 WIFI WiFi client connected FC C2 DE 91 36 46 android 9aed2b2077a5dc74 2015 05 11 15 48 31 WIFI WIFI client disconnected 20 34 47 41 4B 45 2015 05 11 15 36 56 WIFI WIFI client connected 20 34 47 41 4B 45 2015 05 11 15 36 55 WIFI WIFI client disconnected 00 1E 42 10 80 22 2015 05 11 15 30 32 WIFI WiFi client connected 00 16 42 10 80 22 2015 05 11 15 30 26 WIFI WIFI client disconnected 00 1E 42 10 80 22 2015 05 11 15 19 58 WIFI WIFI client connected 00 16 42 10 80 22 2015 05 11 15 19 52 WiFi WiFi client disconnected FC C2 DE 91 36 A6 android Saed2b2077a54c74 Showing 1 to 10 of 312 entries Next gt gt 42 5 10 4 Events Reporting Allows to view enable disable or modify created rules for events reporting All Events System Events Network Events Events Reporting Reporting Configuration Events Reporting Create rules for events reporting Events Reporting Rules Event type Event subtype Action Enable FW upgrade From file Send SMS Delete New DHEP client Connected from LAN Send SMS Delete Config change send SMS Delete All rules are executed in current list order Events Reporting Configuration Event type Event subtype Config change All 43 5 10 4 1 Events Reporting Configuration Allows to view created rules details and modify them so after event occurrence messages or emails are sent to specified address or phone numbers with information about the event All Events System Events Network Even
35. 54 0 MBit s Encryption Wireless MAC Signal quality Bit rate no encryption OO 1E 42 00 11 03 80 54 0 MBit s Signal RX Rate TX Rate 54 dBm 24 0 Mbits MCS 0 20MH2 54 0 Mbits MCS 0 20MHz Refresh The channel which is used to broadcast the SSID and to establish new connections to devices Country code The SSID that is being broadcast Other devices will see this and will be able to use to connect to your wireless network Connection mode Master indicates that you router is an access point The type of encryption that the router will use to authenticate establish and maintain a connection MAC address of your wireless radio The quality between routers radio and some other device that is connecting to the router Will show 0 if no devices are trying to connect or are currently maintaining a connection The bitrate will be shared between all devices that connect to the routers wireless network Additional note MBit s indicates the bits not bytes To get the throughput in bytes divide the bit value by 8 for e g 54MBits s would be 6 75MB s Mega Bytes per second 24 5 3 1 5 Associated Stations Outputs a list of all devices and their MAC addresses that are maintain a connection with your router right now This can either be the information of the Access Point that the router is connecting to in STA mode or a list of all devices that are connecting to the router in AP mode Field Name Sample Value Explanatio
36. 6 05 13 Port Wired WAN connection non operational 2015 05 11 16 02 39 Leased 192 168 1 232 IP address for client FC C2 DE 91 36 46 android 9aed2b2077a54c74 in WiFi 2015 05 11 16 02 39 Wired WAN connection operational 2015 05 11 16 02 38 Leased 192 168 1 232 IP address for client FC C2 DE 91 36 46 android 9aed2b2077a54c74 in WiFi 2015 05 11 16 02 37 Leased 192 168 1 232 IP address for client FC C2 DE 91 36 A6 android 9aed2b2077a54c74 in WiFi 2015 05 11 16 02 36 Leased 192 168 1 232 IP address for client FC C2 DE 91 36 46 android 9aed2b2077a54c74 in WiFi 2015 05 11 16 02 36 Leased 192 168 1 232 IP address for client FC C2 DE 91 36 46 android 9aed2b2077a54c74 in WiFi 2015 05 11 16 02 35 Leased 192 168 1 232 IP address for client FC C2 DE 91 36 46 android 9aed2b2077a54c74 in WiFi Showing 1 to 10 of 1600 entries Next gt gt 41 5 10 3 Network Events Displays information about recent network events like connection status change lease status change network type or operator change All Events System Events Network Events Events Reporting Reporting Configuration Connections Log All Wireless Mobile Data Network Type Network Operator Connections Log Events per page 10 search ID Date Action Result 312 2015 05 11 15 48 49 WIFI WiFi client connected FC C2 DE 91 36 46 android 9aed2b2077a54dc74 311 2015 05 11 15 48 43 WIFI WIFI client disconnected FC C2 DE 91 36 46 android 9aed2b2077a54c 7d 2015 05 11 15 48
37. 68 1 109 Redirect matched incoming traffic to the specified internal host 12 Internal port 80 Redirect matched incoming traffic to the given port on the internal host 13 Enable NAT loopback Enable Disable NAT loopback enables your local network i e behind your router modem to connect to a forward facing IP address such as 208 112 93 73 of a machine that it also on your local network 14 Extra arguments Passes additional arguments to iptables Use with care 6 6 4 Traffic Rules The traffic rule page contains a more generalised rule definition With it you can block or open ports alter how traffic is forwarded between LAN and WAN and many more things General Settings Port Forwarding Traffic Rules Custom Rules DDOS Prevention Firewall Traffic Rules raffic rules define policies for packets traveling between different zones for example to reject traffic between certain hosts or to open WAN ports on the router Traffic Rules Name Protocol Source Destination Action Enable Sort Allow DHCP Relay UDP From any host in wan To any router IP at Accept port 67 on this device input Allow DHCP Renew From any host in wan To any router IP at Accept g Edit port 68 on this device input Delete Allow Ping ICMP with type echo request From any host in wan To any router IF on Accept J Edit this device input Delete i Field Name Explanation 1 Name Name of the rule Used for easier rules management purpose only 2 Protocol Protocol
38. 7 5 3 1 10 Topology Network scanner allowing you to quickly retrieve information about network devices Mobile WAN LAN Wireless OpenVPN VRRP Topology Access Network Topology Network Topology MAP scan LAN scan WAN scan ALL Internet Online WAR Wired 192168599109 00 1E 42 00 11 02 RUT950 LTE 192 168 1 1 BE mu al 192 168 1 167 192 168 1 232 64 70 2 10 8D 26 FZ C2 DE 91 364A6 TELTONIKA androicl Saed2b2077a54c74 28 5 3 1 11 Access Displays information about local and remote active connections status Mobile WAN LAN Wireless OpenVPN VRRP Topology Access Access Status Access information Last Connections Local Access Type Status il Active Connections 33H Enabled O 0 00B Enabled 0 1 9 26KB Enabled iF 0 0 00B Remote Access Type Status 1 Active Connections 55H Disabled 2 O0 000B Disabled j 0 000B Enabled de 6 558 12 KB Refresh lt 3 Field Name Sample Value Explanation Type SSH HTTP HTTPS Type of connection protocol 2 Status Disabled Enabled Connection status 3 Port 22 80 443 Connection port used 4 Active 0 0 00B 1 9 26 KB Count of active connections and amount of data transmitted in KB Connections 6 558 12 KB Exclusive to other Modes with Slave 29 5 3 1 11 1 Last Connections Displays information about local and remote last 3 connections status Access Status Access information Last Local Connections Type 33H Date 2015 05
39. Address Virtual Address Connection Since Client 192 168 99 91 50850 172 16 1 6 2015 05 15 08 07 15 n Field Name Sample Value Explanation 1 Status Enabled OpenVPN status 2 Type Server A type of OpenVPN instance that has been created 3 IP 172 16 1 1 Remote virtual network s IP address 4 Mask 255 255 255 255 Remote virtual network s subnet mask 5 Time 20h 13m 9s For how long the connection has been established 5 3 1 8 Client information NN Field Name Sample Value Explanation 1 Common Name Client1 Client connection 2 Real Address 192 168 99 91 50850 Client s IP address and port number 3 Virtual Address 172 16 1 6 Virtual address which has been given to a client 4 Connection Since 2015 05 15 08 07 15 Since when connection has been established 26 5 3 1 9 VRRP VRRP Virtual Router Redundancy Protocol for LAN Mobile WAN LAN Wireless OpenVPN VRRP Topology VRRP Information VRRP LAN Status Status Enabled Virtual ip 192 168 1 253 Priority 100 Pouter Waster Refresh Field Name Sample Value Explanation Status Enabled VRRP status 2 Virtual IP 192 168 1 253 Virtual IP address es for LAN s VRRP Virtual Router Redundancy Protocol cluster 3 Priority 100 Router with highest priority value on the same VRRP Virtual Router Redundancy Protocol cluster will act as a master range 1 255 4 Router Master Since when connection has been established Exclusive to other Modes with Slave 2
40. C peaks from high voltage power supplies can harm the device If you want to use high voltage power supplies it is recommended to also use additional safety equipment to suppress voltage peaks from power supply One of the options is to use Teltonika PR1000 overvoltage protection device conforming ISO 7637 2 17 5 Status The status section contains various information like current IP addresses of various network interfaces the state of the routers memory firmware version DHCP leases associated wireless stations graphs indicating load traffic etc and much more 5 1 Overview Overview section contains various summary information SS TELTONIKA Overview System Y i Router uptime Local device time Free memory Firmware version Wireless Ul Es Mode Local Network El E IP netmask Clients connected Status Network Services ZO 7 0 CPU load Od 2h 21m 28s since 2015 05 11 11 35 24 2015 05 11 13 56 52 87 MB 70 RAM 0 9 MB 75 FLASH RUTSXX_R_00 01 290 a Teltonika_ Router AP 1 AP 11 CH 2 462 GHz 192 168 1 1 255 255 255 0 Recent System Events UY Ls 1 2015 05 11 13 52 14 2 2015 05 11 13 51 09 3 2015 05 11 11 56 27 4 2015 05 11 11 56 27 Port Wired WAN connection operational Config Network configuration has been Contig Access Control configuration ha Contig Firewall configuration has been Mobile ki Data connection
41. ET 2 Username admin User name used for authorization 3 Password admin01 Password used for authorization 7 8 2 Email to SMS Post Get Configuration Email To SMS Scheduled Messages Auto Reply POP3 Email To SMS Configuration Email To SMS Settings Enable POP 3 server Server port User name Password Secure connection SSL Check email every 1 Minutes Y Field name Values Notes Enable Enable Disable Allows to convert received Email to SMS 2 POP3 server pop gmail com POP3 server address 3 Server port 995 Server authentication port 4 Username admin User name using for server authentication 5 Password admin01 Password using for server authentication 6 Secure connection Enable Disable SSL is a protocol for transmitting private documents 101 SLL via the Internet SSL uses a cryptographic system that uses two keys to encrypt data a public key known to everyone and a private or secret key known only to the recipient of the message 7 Check mail every Minutes Mail checking period Hours Days 7 8 3 Scheduled Messeges Scheduled messeges allows to periodically send mobile messages to specified number Post Get Configuration Email To SMS Scheduled Messages Auto Reply Scheduled Messages Configure time and text for scheduled messages Messages To Send Recipients number Sending Interval There are no scheduled messages created yet Scheduled messages Configuration Phone numb
42. IP address IP netmask IP broadcast 217 147 40 255 SIM1 SIM2 Use pppd mode internet mnc012 mcc345 gprs 37060000001 CHAP PAP None admin password 2G only 2G preferred 3G only 3G preferred Automatic 192 168 1 1 255 255 255 0 192 168 1 255 99 routed to A logical address at which all devices connected to a multiple access communications network are enabled to receive datagrams A SIM card that will be used An underlying agent that will be used for mobile data connection creation and management APN is the name of a gateway between a GPRS 3G or 4G mobile network and another computer network frequently the public Internet A phone number that will be used to establish a mobile PPP Point to Point Protocol connection Select an authentication method that will be used to authenticate new connections on your GSM carrier s network User name used for authentication on your GSM carrier s network Password used for authentication on your GSM carrier s network Select network s preference If your local mobile network supports GSM 2G UMTS 3G you can specify to which network you prefer to connect to IP address that router will use on LAN Local Area Network network A subnet mask that will be used to define how large the LAN Local Area Network network is A logical address at which all devices connected to a multiple access communications network ar
43. If checked router will not perform NAT masquerade on this interface Required for certain ISPs e g Charter with DOCSIS 3 54 3 Use default gateway Enable Disable Use DNS server Enable Disable advertised by peer 5 User gateway metric 0 6 Client ID to send when requesting DHCP 7 Vendor Class to send when requesting DHCP 8 Override MAC address 86 48 71 B7 E9 E4 9 Override MTU 1500 6 2 2 2 3 PPPoE If unchecked no default route is configured If unchecked the advertised DNS server addresses are ignored The WAN configuration by default generates a routing table entry With this field you can alter the metric of that entry Override MAC address of the WAN interface If your ISP gives you a static IP address it might also bind it to your computers MAC address i e that IP will only work with your computer In this field you can enter your computers MAC address and fool the gateway in thinking that it is communicating with your computer Maximum transmission unit specifies the largest possible size of a data packet Common Configuration General Setup Advanced Settings Disable NAT Use default gateway v Use gateway metric Use DNS servers advertised by peer y LCP echo failure threshold LCP echo interval Inactivity timeout ECC Sample value Explanation Disable NAT Enable Disable Use default gateway Enable Disable 3 Use gateway metric 0 Use DNS servers Enable Disable advertised by
44. Limits HTTP connections per period 2 Limit period Second Minute Hour Day Select in what period limit HTTP connections 3 Limit 10 Maximum HTTP connections during the period 4 Limit burst 10 Indicating the maximum burst before the above limit kicks in 6 6 6 5 HTTPS Attack Prevention HTTPS Attack Prevention Enable HTTPS limit Limit period o Se Limit Limit burst MN Field Name Sample value Explanation 1 Enable HTTPS limit Enable Disable Limits HTTPS connections per period 2 Limit period Second Minute Hour Day Select in what period limit HTTPS connections 3 Limit 10 Maximum HTTPS connections during the period 4 Limit burst 10 Indicating the maximum burst before the above limit kicks in 75 6 7 Static Routes Static routes provide a way of entering custom entries in the internal routing table of the router Routes Static IP Routes Interface Target LAN 192 168 55 0 Add Routes specify over which interface and gateway a certain host or network can be reached Netmask Gateway Metric 200 5 209 255 0 192 168 55 145 Delete Save ECC EC Explanation Interface LAN WAN PPP WAN2 The zone where the Target resides 2 Target IP address The source of the traffic 3 Netmask IP mask Mask that is applied to the Target to determine to what actual IP addresses the routing rule applies 4 Gateway IP address To where the router should send all the traffic that applies to th
45. MA 7357 8146 Received Signal Strength Indicator RSSI Signal s strength measured in dBm Operator s name of the connected GSM network GSM network s status Indicates the GSM network s access technology How many bytes were received via mobile data connection How many bytes were sent via mobile data connection Displays information about WAN connection Mobile WAN LAN Wireless OpenVPN VRRP Topology Access WAN Information WAN Interface Type IP address WAN MAC Metmask Gateway DNS 1 Connected Wired Static 192 168 99 108 00 1 42 00 11 02 255 255 255 0 192168 99 254 6 8 8 8 Oh m 14s A Field Name Sample Value Explanation WAN information 1 Interface 2 Type 3 IP address WAN MAC 5 Netmask 6 Gateway 7 DNS 8 Connected Wired Static 192 168 99 108 00 1E 42 00 11 02 255 255 255 0 192 168 99 254 8 8 8 8 Oh Om 29s Specifies through what medium the router is connecting to the internet This can either be Wired Mobile or Wi Fi Specifies the type of connection This can either be static or DHCP The IP address that the routers uses to connect the internet MAC Media Access Control address used for communication in a Ethernet WAN Wide Area Network Specifies a mask used to define how large the WAN network is Indicates the default gateway an address where traffic destined for the internet is routed to Domain name server s Ho
46. Mobile Check box to show Mobile table in Overview page 3 Wireless Check box to show Wireless table in Overview page 4 WAN Check box to show WAN table in Overview page 5 Local network Check box to show Local network table in Overview page 6 Access control Check box to show Access control table in Overview page 7 Recent system events Check box to show Recent system events table in Overview page 8 Recent network events Check box to show Recent network events table in Overview page 8 4 User scripts Advanced users can insert their own commands to execute at the end of the boot process 121 8 5 Safe mode Router contains two firmware images in its internal flash memory One is master firmware which is the default firmware on is constantly used by the user Another is safe mode firmware which plays the role of the backup to the master firmware Safe mode firmware has most function of master firmware but to reduce its size some function were removed Removed functions are Wireless Hotspot VRRPD SNMP Web Filter Safe mode firmware can be recognized from different logo and reduced menu in the WebUI The sole purpose of safe mode firmware is to allow the user to update master firmware so all configuration options are removed To make safe mode useful it is strongly recommended to back up configuration of master firmware when the user is satisfied with the setup After configuration backup is created it can be tested by requesting safe mode Sa
47. State SIM card slot in use Bytes received sent WAN ES Es IP address Backup WAN status Access Control Ul Es LAN WAN 79 dBm eal Disconnected Registered home LT BITE GSM 3G WCDMA SIM 1 Ready 2 7KB 3 1 KB Wired 3 192 168 99 110 Backup link is disabled a eB elie HTTP Recent Network Events E Li 1 2015 05 11 13 51 07 2015 05 11 11 36 17 Mobile data disconnected Mobile data connected IP 10 14 12 123 2015 03 18 16 32 14 Joined 36 WCDMA 2015 03 18 16 04 26 18 Joined 36 WCDMA 5 2 System Information The System Information tab contains data that pertains to the routers operating system System Information System Router name Teltonika yo Host name eltonika Router model Teltonika RUT9XX Firmware version RUT9XX_T_00 00 372 Kernel version 3 10 36 Local device time 2014 11 03 14 29 09 Uptime Oh 35m 56s since 2014 11 03 13 53 13 Load average 1 min 10 5 mins 18 15 mins 17 Temperature Memory Free 94556 kB 126452 kB 74 Cached 10828 kB 126452 kB 8 Buffered 4308 kB 126452 kB 3 System explanation Field Name Sample value Explanation Router Name _ Teltonika Name of the router hostname of the routers system Can be changed in System gt Administration 2 Host name Teltonika Indicates how router will be seen by other devices on the network Can be changed in System gt Administration
48. Total count of SMS is managed automatically You should be aware of possible number of SMS and use this feature at your own responsibility It should not generally be used if you have high cost per SMS This is especially relevant if you will try to send whole OpenVPN configuration which might acumulate 40 SMS 96 7 7 5 1 Receive configuration This section controls how should configuation initiation party should identify itself In this scenario RUT9OO itself is being configured SMS Utilities Call Utilities User Groups SMS Management Remote configuration Receive Send Receive Configuration Enable Authorization method Mo authorization Allowed users From all numbers _ Field name Values Notes 1 Authorization method No authorization Method on Receiving and Sending ends must match By serial By administration password 2 Allowed users From all numbers Gives greater control and security measures From group From single number Note that for safety reasons Authorization method should be configured before deployment of the router 7 7 5 2 Send configuration This section lets you configure remote RUT900 devices The authorization settings must confirm to those that are set on the receiving party Generate Wan gF Interface Wired YT Protocol Static Y IFP address 217 147 40 44 IP netmask 255 255 755 0 IPF gateway 217 147 40 44 IP broadcast 217 147 40 255 97 WFH Generate Uan Interface
49. able proxy server based URL content blocking Works with HTTP protocol only 2 Mode Whitelist Blacklist Whitelist allow every part of URL on the list and block everything else Blacklist block every part of URL on the list and allow everything else 78 7 3 NTP NTP configuration lets you setup and synchronize routers time General Time Servers Time Synchronisation General Current system time 2014 11 24 03 30 49 Sync with browser Time zone UTC Enable NTP Y Update interval in seconds 3600 Save time to flash Count of time sync hronizations Clock Adjustment Offset frequency 0 Save METI EA ere Current System time Local time of router 2 Time zone Time zone of your country 3 Enable NTP Enables the functionality 4 Update interval How often router updates systems time 5 Count of time Total amount of times that If left blank the count will be infinite synchronizations router will do the synchronization 6 Offset frequency Adjust the minor drift of the clock so that it will be more accurate Note that under Time Servers at least one server has to be present otherwise NTP will not serve its purposes 79 7 4 VPN 74 1 OpenVPN VPN Virtual Private Network is a method for secure data transfer through unsafe public network This section explains how to configure OpenVPN which is implementation of VPN supported by the RUT900 router A picture below demonstrates default OpenVPN conf
50. able wireless traffic logging This feature will produce logs which contain data on what websites each client was visiting during the time he was connected to your hotspot The IP address of the FTP server to which you want the logs uploaded The username of the user on the aforementioned FTP server The password of the user The TCP IP Port of the FTP server FTP Upload Settings YOU can configure your timing settings forthe log Upload via FTP feature here Mode Fixed Hours 8 Minutes 14 Days D Monday O Tuesday E wednesday l Thursday E Friday l Saturday E Sunday METIO Explanation Mode 2 Weekdays 3 Interval The mode of the schedule Use Fixed if you want the uploading to be done on a specific time of the day Use Interval If you want the uploading to be done at fixed interval This field specifies on what weekdays the uploading should be done The entry format is numbers from 1 to 7 separated by only commas E g If you want to upload the logs on Monday Wednesday and Saturday you should enter 1 3 6 Shows up only when Mode is set to Interval Specifies the interval of regular uploads on one specific day E g If you choose 4 hours the uploading will be done on midnight 4 00 8 00 12 00 16 00 and 20 00 107 4 Hours Minutes Shows up only when Mode is set to Fixed Uploading will be done on that specific time of the day E g If you want to upload your logs on 6 48 you
51. al value meaning that packets inherit the TTL value 9 PMTUD Check the box to enable the Path Maximum Transmission Unit Discovery PMTUD status on this tunnel 10 Enable Keep alive It gives the ability for one side to originate and receive keepalive packets to and from a remote router even if the remote router does not support GRE keepalives 11 Keep Alive host Keep Alive host IP address Preferably IP address which belongs to the LAN network on the remote device 12 Keep Alive interval Time interval for Keep Alive Range 0 255 86 744 PPTP Point to Point Tunneling Protocol PPTP is a protocol set of communication rules that allows corporations to extend their own corporate network through private tunnels over the public Internet Effectively a corporation uses a wide area network as a single large local area network A company no longer needs to lease its own lines for wide area communication but can securely use the public networks This kind of interconnection is known as a virtual private network VPN OpenVPN IPsec GRE Tunnel PPTP L2TP PPTP Server Instance Pptpd_server Main Settings Enable Local IP 192 168 0 1 Remote IP range start 192 168 0 20 Remote IP range end 192 168 0 30 User name Password User IP youruser E Delete Enable Check the box to enable the PPTP function Local IP IP Address of this device RUT Remote IP range begin IP address leases beginning Remote IP range end IP address le
52. and enter the routers IP into the address field e 10216811 Press enter If there are no problems you should be greeted with a login screen such as this Authorization Required Please enter your username and password Username admin Password Login Enter the default password which is admin01 into the Password field and then either click Login with your mouse or press the Enter key You have now successfully logged into the RUT900 From here on out you can configure almost any aspect of your router 15 3 Operation Modes The RUT9xx series router supports various operation modes It can be connected to the internet WAN via mobile standard Ethernet cable or via a wireless network If you connect to the internet via an Ethernet cable of Wi Fi you may also backup your connection with mobile for added stability On every case except when you connect to the internet via Wi Fi you can distribute your internet via an Ethernet cable 3 ports and or a wireless network When you connect via Wi Fi you cannot have Wi Fi in your LAN WAN Mobile Backup link Wi Fi Mobile Ethernet In later sections it will be explained bit by bit how to configure your router to work in a desired mode 4 Powering Options The RUT9xx router can be powered from power socket or over Ethernet port Depending on your network architecture you can use LAN 1 port to power the device LANI LAN2 alil RUT9xx ca
53. ases end Username Username to connect to PPTP this server Password Password to connect to PPTP server Fieldname Explanation Ae 2 3 4 5 6 8 74 5 L2TP Allows setting up a L2TP server or client and should it be needed using it with IPsec L2TP IPSec Below is L2TP server configuration example OpenVPN IPsec GRE Tunnel PPTP L2TP L2TP Server Instance L2tpd_server Main Settings Enable Local IP 192 168 0 1 Remote IP range begin 192 168 020 Remote IP range end 192 168 0 30 User name Password Delete Enable Check the box to enable the GRE Tunnel function Local IP IP Address of this device RUT Remote IP range begin IP address leases beginning Remote IP range end IP address leases end Username Username to connect to L2TP this server Password Password to connect to L2TP server Field name Explanation OO 1 2 3 4 5 6 Client configuration is even simplier which requires only Servers IP Username and Password 88 7 5 Dynamic DNS Dynamic DNS DDNS is a domain name service allowing to link dynamic IP addresses to static hostname To start using this feature firstly you should register to DDNS service provider example list is given in description You are provided with add delete buttons to manage and use different DDNS configurations at the same time You can configure many different DDNS Hostnames in the main DDNS Configuration section DDNS Configuration DDNS Name Hostname My
54. cal 3G network General SIM Management Network Operators Mobile Data Limit SIM Idle Protection Mobile Configuration Mobile Configuration SIM 1 SIM 2 Mobile connection Use NDIS mode APN APN PIN number 1234 Dialing number 99 Authentication method CHAP Username username Password s s Service mode 4G LTE preferred Y Deny data roaming Field Name Sample value Explanation APN APN Access Point Name APN is a configurable network identifier used by a mobile device when connecting to a GSM carrier 2 PIN number 1234 or any number A personal identification number is a secret numeric password that falls between 0000 shared between a user and a system that can be used to and 9999 authenticate the user to the system 3 Dialing 99 1H Dialling number is used to establish a mobile PPP Point to Point number Protocol connection 4 Authentication CHAP PAP or none Authentication method which your carrier uses to authenticate new method connections This selection is unavailable on the alternate model 5 Username username Your username and password that you would use to connect to your carriers network These field become available when you select an authentication method i e authentication method is not none These fields are always enabled on the alternate model 6 Password password Shows the current system time Might differ from your computer because the router synchron
55. d Start day Start hour Enable Disable 200 Month Week Day 1 6 1 4 2 SMS Warning Configuration Disables mobile data when a limit for current period is reached Disable mobile data after limit value in MB is reached Period for which mobile data limiting should apply A starting time for mobile data limiting period SMS Warning Configuration Enable SMS warning Data limit MB Period Start day Phone number Y 300 Month M gt 37012345678 Field Name Sample value Explanation Enable SMS warning 2 Data limit MB Period 4 Start day Start hour 3 Phone number Enable Disable 200 Month Week Day 37012345678 Enables sending of warning SMS message when mobile data limit for current period is reached Send warning SMS message after limit value in MB is reached Period for which mobile data limiting should apply A starting time for mobile data limiting period A phone number to send warning SMS message to e g 37012345678 50 6 2 WAN 6 2 1 Operation Mode Your WAN configuration determines how the router will be connecting to the internet Operation Mode Interface e Wired G Mobile WiFi a Wired An Ethernet cable connected to the WAN port of the router 2 Wi Fi The router will be able to connect to a local wireless access point and reach the internet through it 3 Mobile The router will connect to your local mobile network for Mobile access 6 2
56. ddns yourhost example org mypersonaldomain dyndns org New configuration name To edit your selected configuration Enable Status Service Hostname User name Password IP source Network IP renew interval min Force IP renew min Status Enabled N A No Delete Delete Add New hit Edit N A 3322 org yourhost example org Your USemame Custom F WAN 10 4f2 ee E Explanation Enable 2 Status 3 Service 1 dydns org 2 3322 org 3 no ip com 4 easydns com 5 zoneedit com 4 Hostname Yourhost example org Enables current DDNS configuration Timestamp of the last IP check or update Your dynamic DNS service provider selected from the list In case your DDNS provider is not present from the ones provided please feel free to use custom and add hostname of the update URL Domain name which will be linked with dynamic IP address 89 5 User name your_username 6 Password your_password 7 IP Source Public Private Custom 8 IP renew interval 10 minutes min 9 Force IP renew 472 minutes 7 6 SNMP Name of the user account Password of the user account This option allows you to select specific RUT interface and then send the IP address of that interface to DDNS server So if for example your RUT has Private IP i e 10 140 56 57 on its WAN 3G interface then you can send this exact IP to DDNS server by selecting Private or by selecting Cu
57. dio and the physical channel frequency Important note As seen in the picture you should always Save before toggling the radio on and off ESSID Your wireless networks identification string This is the name of your Wi Fi network When other Wi Fi capable computers or devices scan the area for Wi Fi networks they will see your network with this name Hide ESSID Will render your SSID hidden from other devices that try to scan the area 6 4 1 1 Device 6 4 1 1 1 Advanced Settings General Setup Advanced Settings Mode 802 11g n Y Country code 00 World Transmit power 100 Y Fragmentation threshold RTS CTS threshold Here you can configure more advanced parameters META Sample value Explanation Mode Auto b g g n Different modes provide different throughput and security options 2 Country Code Any ISO IEC 3166 alpha2 Selecting this will help the wireless radio configure its country code internal parameters to meet your countries wireless regulations 3 Transmit power 20 40 60 80 100 Select WiFi signal power Frag Threshold 2346 The smallest packet size that can be fragmented and transmitted by multiple frames In areas were interference is a problem setting a lower fragment threshold might help reduce the probability of unsuccessful packet transfers thus increasing speed 5 RTS CTS Threshold 2346 Request to send threshold It can help resolve problems arising when several access points are in the
58. e rule 5 Metric integer Used as a sorting measure If a packet about to be routed fits two rules the one with the higher metric is applied Additional note on Target Netmask You can define a rule that applies to a single IP like this Target some IP Netmask 255 255 255 255 Furthermore you can define a rule that applies to a segment of IPs like this Target some IP that STARTS the segment Netmask Netmask that defines how large the segmentis E g 192 168 55 161 255 255 255 255 Only applies to 192 168 55 161 192 168 55 0 255 255 255 0 192 168 55 240 255 255 255 240 192 168 55 161 255 255 255 0 192 168 0 0 255 255 0 0 Applies to IPs in range 192 168 55 0 192 168 55 255 Applies 192 168 55 240 192 168 55 255 192 168 55 0 192 168 55 255 192 168 0 0 192 168 255 255 76 7 Services 7 1 VRRP 7 1 1 VRRP LAN Configuration Settings VRRP LAN Configuration Settings Enable IP address 192 166 1 253 Virtual ID Priority METEO ETT ESE 1 2 Enable IP address Virtual ID Priority Enable Disable 192 168 1 253 100 7 1 2 Advanced settings Check internet connection Fing IF address Fing interval Enable VRRP Virtual Router Redundancy Protocol for LAN Virtual IP address for LAN s VRRP Virtual Router Redundancy Protocol cluster Routers with same IDs will be grouped in the same VRRP Virtual Router Redundancy Protocol cluster Router with highest priority value on
59. e enabled to receive datagrams Send Configuration Message Phone number Authorization method No authorization Send _ Field name Values Notes 1 Phone number 37060000001 A phone number of router which will receive the configuration 2 Authorization method No authorization What kind of authorization to use for remote By serial configuration By router admin password 7 8 SMS Gateway 7 8 1 Post Get Configuration Post Get Configuration allows you to perform actions by writing these requests URI after your device IP address Do not forget to change parameters in the url according to your POST GET Configuration MEN POST GET url e g View mobile messages list 2 Read mobile message 3 Send mobile messages 4 View mobile messages total 5 Delete mobile message cgi bin sms_list username admin amp password admin0O1 cgi bin sms_read username admin amp password admin01 amp number 3 7060000001 cgi bin sms_send username admin amp password admin01 amp number 3 7060000001 amp text testmessag e cgi bin sms_total username admin amp password admin0O1 cgi bin sms_delete username admin amp password admin01 amp number 3 7060000001 100 Post Get Configuration Email To SMS Scheduled Messages Auto Reply Post Get Configuration SMS Post Get Settings Enable User name Password Field name Values Notes Enable Enable Disable Enable SMS management functionality through POST G
60. e given destination port or port range on this host 6 6 4 2 New Forward Rule New Forward Rule Name Source Destination Forward rule new LAN WAN gt Field Name Sample value Explanation Name 2 Source 3 Protocol Forward_rule_new LAN VPN WAN TCP UDP Any ICMP Custom Used to make rule management easier Match incoming traffic from selected address family only Protocol of the packet that is being matched against traffic rules 69 6 6 4 3 Source NAT Source NAT Source NAT is a specific form of masquerading which allows fine grained control over the source IP used for outgoing traffic for example to map multiple WAN addresses to internal subnets Name Protocol Source Destination SNAT Enable SNAT TCP UDP From any host To any host port 22 in wan Rewrite to Edit Delete in lan source IP 10 101 1 10 pont 22 New Source NAT Name Source Destination Source IP Source port SMAT LAN WAN 10 101 1 10 22 Ade MEA EA e Name Forward_rule_new Used to make rule management easier 2 Protocol TCP UDP Any ICMP Custom Protocol of the packet that is being matched against traffic rules 3 Source LAN VPN WAN Match incoming traffic from selected address family only 4 Destination Redirect matched traffic to the given IP address and destination port 5 SNAT SNAT Source Network Address Translation rewrite packet s source IP address and port 6 Enable Enable Disable Make a rule active inactive 70 F
61. ep3 LAN Step4 WIFI Mobile Configuration Next let s configure your mobile settings so you can start using internet right away Mobile Configuration SIM 1 Operator profile APN PIN number Dialing number 99 Authentication method None gt Service mode 4G LTE preferred gt Show mobile info at login page Skip Wizard Step 3 LAN Next you are given the chance to configure your LAN and DHCP server options For a detailed explanation see LAN under Network Step 1 General Step 2 Mobile Step 3 LAN Step 4 WiFi Step LAN Here we will setup the basic settings of a typical LAN configuration The wizard will cover 2 basic configurations static IP address LAN and DHCP client General Configuration IP address 192 168 1 1 Netmask 255 255 255 0 Enable DHCP Start Limit Lease time Skip Wizard 114 Step 4 Wi Fi The final step allows you to configure your wireless settings in order to set up a rudimentary Access Point Step 1 General Step 2 Mobile Step3 LAN Step4 WiFi Step Wireless Now let s configure your wireless radio Note if you are currently connecting via wireless and you change parameters like SSID encryption etc your connection will be dropped and you will have to reconnect with a new set of parameters WiFi Configuration Enable wireless y SSID Teltonika_Router Mode 802 11g n gt Channel Auto gt Encryption No encryption Country Code 00 World Skip Wizard
62. er Message sending interval Day 102 7 8 3 1 Sheduled Messages Configuration Post Get Configuration Email To SMS Scheduled Messages Auto Reply Scheduled Messages Configuration Modify scheduled message Enable Recipient s phone number Message text Message sending Interval Hour Minute Field name Values Notes Enable Enable Disable Activates periodical messages sending 2 Recipient s phone 37060000001 Phone number that will receive messages number 3 Message text Test Message that will be send Message sending Day Message sending period interval Week Month Year 103 7 8 4 Auto Reply Configuration Auto reply allows replying to every message that router receives to everyone or to listed numbers only Post Get Configuration Email To SMS Scheduled Messages Auto Reply SMS Forwarding Auto Reply Configuration Reply Configuration Enable Dont save recieved message Mode Everyone Message Field name Values Notes Enable Enable Disable Auto mobile message reply to every received message 2 Don t save received Enable Disable Do not save received messages message 3 Mode Everyone Message will be auto replyed to everyone or to only Listed numbers listed numbers 4 Message Text Message that will be replyed 104 7 9 Hotspot Wireless hotspot provides essential functionality for managing an open access wireless network In addition to standard RADIUS server authenticati
63. es s Field Name Explanation Bridge Cumulative graph which encompasses wired Ethernet LAN and the wireless network 2 LAN Graphs the total traffic that passes through both LAN network interfaces 3 WAN Wired Graphs the amount of traffic which passed through the current active WAN connection 4 Mobile Graphs the amount of traffic which passed through the mobile network connection 5 Wi Fi Shows the amount of traffic that has been sent and received through the wireless radio 36 5 7 4 Realtime Wireless Displays the wireless radio signal signal noise and theoretical maximum channel permeability Average and peak signal levels are displayed Realtime Wireless Teltonika Router AP 43 dBm 81 dBm 3 minutes window 3 seconds interval Signal 46 dBm SNR 49 dBm Average 45dBm SNR 49 dBm Peak 31 dBm SNR 64 dBm Noise 95dBm Average 95dBm Peak 95dBm O MBit s 0 MBit s O MBit s 3 minutes window 3 seconds interval Phy Rate 1 MBit s Average 1 MBit s Peak 1 MBit s 37 5 7 5 Realtime Connections Displays currently active network connections With the information on network protocol source and destination addresses transfer speed Connections Realtime Connections Peak 2 Peak 2 Peak 1 Source Destination Transter 182 1688 90 36 137 182 158 008 255 137 253 35 KB 3326 Pkts 142 108 00 30 40042 182 168 84 1 28 80 110 60 KB 619 Pkts 182 168 489 105 137 182 158
64. ets separated by colons 4 Lease time 11h 59m 49s Remaining lease time for addresses handed out to clients remaining 22 5 3 1 4 Wireless Wireless can work in two modes Access Point AP or Station STA AP is when the wireless radio is used to create an Access Point that other devices can connect to STA is when the radio is used to connect to an Access Point via WAN 5 3 1 4 1 Station Displays information about wireless connection Station mode Mobile WAN LAN Wireless OpenVPN Wireless Information Wireless Information VRRP Topology Access Channel 1 2 41 GHZ Country code 00 World Wireless Status SSID Mode Teltonika_Pouter Station STA Teltonika_ Router Test Access Point AP Associated Stations MAC Address Device Name Signal 00 16 42 10 80 22 67 dBm Client mode information Encryption Wireless MAC Signal quality Bit rate no encryption 00 1 42 10 80 22 61 43 3 MBit s no encryption 02 1 42 00 11 03 790 1 0 MBit s RX Rate TX Rate 1 0 Mbits MCS 0 20MHz 43 3 Mbits MCS 10 20MHz Pefresh lt 3 E Field Name Sample Value Explanation 1 Channel 1 2 41 GHz 2 Country 00 3 SSID Teltonika_Router 4 Mode Station STA 5 Encryption WPA2 PSK CCMP 6 Wireless MAC 00 1E 42 10 80 22 7 Signal Quality 61 8 Bitrate 43 3 MBit s The channel that the AP to which the routers is connected to uses Your wireless radio is forced to work in this channel in order to mainta
65. eucasecan dan stgtins uoduedees sennerauoesaicenatetene wedged eee ee 80 Tiked A O 80 PAZ NCC A rs o se a coe da ee tase sena nape comics sees nulepemen at seu eondacneatua E pum geeeneagurece 82 GAS A A 85 LAA PP aan 87 FAS A A A AA 88 Ho BYM MIC DIN SN o 89 TS ANI Po an oa ca 90 TA SNMP SUING sala oasrids 90 EZ TRAP SECURES sna a AA 92 IL SMS OIE Ss iia iia Nadia asada 93 LLL AMS 93 Tela CAM NITIES A A ca 96 A UP NS 96 E SMS Mana eMe dnd 96 HITS Remote COnteuU ra A calco 96 Fd E Lo OO A a 100 Tel ROS Gel COn euro a iaa 100 1 82 MEV LOS MS carro 101 1283 Scheduled Messer aldo 102 FEA Auto Reply COMICI ON ito libri lc ide lisina lili cdo nan 104 BoD AOS DO AAA 105 FIL General Sens leia 105 7 9 2 Internet Access Restriction Settings oococococonocononoronaronaronanononononcnnncnnocnnncnnncnnncnnncnnacenacenanennnns 106 Ls MOB iio 107 LT ANAL PAT E 108 795 Radius Server contigua is 109 TAO AUTO REDOO Nino 110 A A A A ceesteee 110 FAQ Penodie ReDeS 111 PAL DO to 112 8 SV SECM ast schaace sofuceesiusagcatinctes esata e uel ecares ves uceraladindvneu E agra nes euats 113 Oak AGOMMC ULATION Wizard ctra E 113 3 2 GCOMMBUPAUIOM pro nes ic SA AA eae 115 an 116 Co A A E A 116 832 Troublesno0tinsiadaaanioa a 117 8 3 3 IBACKUD ii 118 sd Danos tesina riada oia E 120 BB MAC iio 120 5 30 COVE Wi icad 121 o USES CDS Na 121 I IM ica 122 A ashes siete hecho ees aaah eens aan N 123 a FIRM aC sct
66. fe Mode Status Safe mode FW version RUT9XX_SM_00 01 292 Safe mode config backup date 2015 05 12 12 12 09 Safe Mode Configuration Write configuration to config partition Write Delete configuration from config partition Delete Request safemode after reboot Reboot 122 8 6 Firmware 8 6 1 Firmware Firmware FOTA Firmware Current Firmware Information Firmware Available On Server Firmware version RUT9XX_R_00 01 299 Firmware version RUT9XX_R_00 01 50 Firmware build date 2015 05 13 11 26 59 o o Check for New FW Kernel version 3 10 36 Firmware Upgrade Settings Keep all settings Keep dynamic DNS settings Keep network settings Keep wireless settings Keep mobile settings Keep firewall settings Keep LAN settings Keep OpenVPN settings Upgrade from file Firmware image file Browse No file selected Upgrade Keep settings when check box is selected router will keep saved user configuration settings after firmware upgrade When check box is not selected all router settings will be restored to factory defaults after firmware upgrade When upgrading firmware you can choose settings that you wish to keep after the upgrade This function is useful when firmware is being upgraded via Internet remotely and you must not lose connection to the router afterwards In such case cellular settings should be kept FW image router firmware upgrade file Warning Do not ever remove router power supply and do not p
67. g 192 168 1 1 or www host com if DNS server is configured correctly IP address or domain name which will be used to send ping packets to E g 192 168 1 1 or www host com if DNS server is configured correctly 110 Ping Reboot is disabled by default This check box must be unselected if you want to use Ping Reboot feature as Keep Alive function Minimum time interval is 5 minutes Range 1 9999 Should be left default unless necessary otherwise Minimum retry number is 1 Second retry will be done after defined time interval Ping packets will be sending from SIM1 Ping packets will be sending from SIM2 7 10 2 Periodic Reboot Ping Reboot Periodic Reboot Periodic Reboot Periodic Reboot Setup Enable Days 7 sunday E Monday FT Tuesday E Wednesday E Thursday C Friday E Saturday Hours 23 Minutes 0 2 Explanation Enable This check box will enable or disable Periodic reboot feature 2 Days This check box will enable router rebooting at the defined days 3 Hours Minutes Uploading will be done on that specific time of the day 111 7 11 QoS QoS Quality of Service is the idea that transmission rates error rates and other characteristics can be measured improved and to some extent guaranteed in advance QoS is of particular concern for the continuous transmission of high bandwidth video and multimedia information QoS can be improved with traffic shaping techniques
68. icates to the router For client Certificate Authority CA Client certificate Client key For server Certificate Authority CA Server certificate Server key and Diffie Hellman DH certificate used to key exchange through unsafe data networks All mention certificates can be generated using OpenVPN or OpenSSL utilities on any type host machine Certificate generation and theory is out of scope of this user manual 8 Remote host IP IP address of OpenVPN server applicable only for client configuration address 9 Resolve Retry Sets time in seconds to try resolving server hostname periodically in case of first resolve failure before generating service exception 10 Keep alive Defines two time intervals one is used to periodically send ICMP request to OpenVPN server and another one defines a time window which is used to restart OpenVPN service if no ICPM request is received during the window time slice Example Keep Alive 10 60 11 Remote network IP address of remote network an actual LAN network behind another VPN endpoint IP address 12 Remote network Subnet mask of remote network an actual LAN network behind another VPN endpoint IP netmask 13 Certificate Certificate authority is an entity that issues digital certificates A digital certificate certifies the authority ownership of a public key by the named subject of the certificate 14 Client certificate Client certificate is a type of digital certificate that is u
69. ield Name Sample value Explanation Allow DHCP Relay Used to make rule management easier TCP UDP Any ICMP Custom Protocol of the packet that is being matched against OT E E SS You can configure firewall source NAT rule by clicking edit button Name Protocol Source zone LAN VPN WAN Source MAC address any Rule is enabled Disable Mame SNAT Protocol All protocols gt Source Zone e lan lan a vpn empty wan wan 4 ppp Gr wanz l source MAC address source IP address Source port Destination zone lan lan 50 vpn empty wan wan 0 ppp El wanz l Destination IP addres Destination port SNAT IP address 10 101 1 10 SNAT pot 22 Extra arguments traffic rules Source address any Source port any Destination zone LAN VPN WAN Match forwarded traffic to the given destination zone only 71 Match incoming traffic from this zone only Match incoming traffic from these MACs only Match incoming traffic from this IP or range only Match incoming traffic originating from the given source port or port range on the client host only 8 Destination address Select from the list Match forwarded traffic to the given destination IP address or IP range only 9 Destination port any Match forwarded traffic to the given destination port or port range only 10 SNAT IP address 10 101 1 10 Rewrite matched traffic to the given IP address 11 SNAT port OLA Rewrite matched traffic
70. igurations list which is empty so you have to define a new configuration to establish any sort of OpenVPN connection To create it enter desired configuration name in New configuration name field select device role from Role drop down list For example to create an OpenVPN client with configuration name Demo select client role name it Demo and press Add New button as shown in the following picture OpenVPN IPsec GRE Tunnel PPTP L2TP OpenVPN OpenVPN Configuration Tunnel name Protocol Enabled There are no open VPN configurations yet Role Client New configuration name demo OpenVPN IPsec GRE Tunnel PPTP L2TP New OpenVPN instance was created successfully Configure it now OpenVPN OpenVPN Configuration Tunnel name TUN TAP Protocol Enabled Client_demo Tun_c_ demo UDP Role Client Y New configuration name To see at specific configuration settings press edit button located in newly created configuration entry A new page with detailed configuration appears as shown in the picture below TLS client example 80 There can be multiple server client instances OpenVPN IPsec GRE Tunnel PPTP L2TP OpenVPN Instance Client_demo Main Settings Enable TUN TAP TUN tunnel Protocol UDP Pot 1194 LZO W Encryption BF CBC 128 default Authentication TLS w Remote host IP address 215 45 60 66 Resolve retry Infinite Keep alive 1060 Remote network IP addres
71. ility but it also extends the time before the backup link can be brought up or down FieldName Samplevalue sf Explanation 1 Enable Enable Disable Here you can setup your backup WAN If your conventional WAN connection such as wired Ethernet or Wireless fails the backup link will be enabled and take over to keep the router connected 2 Health monitor Interval Disable 5 10 20 30 60 120 The interval at which health checks are performed Seconds 3 Health monitor ICMP host s Disable DNS WAN Where to Ping for a health check As there is no GW Custom definitive way to determine when the connection to internet is down for good you ll have to define 62 4 Health monitor ICMP timeout 5 Attempts before WAN failover 6 Attempts before WAN recovery 7 ICMP host 1 3 4 5 10 Seconds 1 3 5 10 15 20 1 3 5 10 15 20 8 8 4 4 6 5 1 1 How do I set up a backup link a host whose availability that of the internet as a whole How long to wait for an ICMP request to come back Set a higher value if your connection has high latency or high jitter latency spikes How many checks should fail for your WAN connection to be declared DOWN for good How many checks should pass for your WAN connection to be declared UP This is where the address of an ICMP host that will be used to check the health of your Mobile backup link goes This has to be a Ping able host First we must pick a main link Wired or Wi Fi and ensure that the lin
72. in the connection Country code The SSID that the AP to which the routers is connected to uses Connection mode Client indicates that the router is a client to some local AP The AP to which the router is connected to dictates the type of encryption The MAC address of the access points radio The quality between routers radio and some other device that is connecting to the router Will show 0 if no devices are trying to connect or are currently maintaining a connection The physical maximum possible throughput that the routers radio can handle Keep in mind that this value is cumulative The bitrate will be shared between the router and other possible devices that connect to the local AP 23 5 3 1 4 2 Access Point Displays information about wireless connection Access Point mode Mobile WAN LAN Wireless OpenVPN Wireless Information Wireless Information Channel Country code VRRP Topology Access 11 2 46 GHz eee g OO World J World Wireless Status SSID Mode Teltonika Router Test Access Paint AP Associated Stations MAC Address Device Name FC C2 DE 91 36 A6 android 9aed2b2077a54c74 Wireless AP information Field Name Sample Value Explanation Channel 2 Country code 3 SSID 4 Mode 5 Encryption 6 Wireless MAC 7 Signal Quality 8 Bitrate 11 2 46 GHz 00 World Teltonika_Router_Test Access Point AP No Encryption 00 1E 42 00 00 03 80
73. ion Ping Traceroute Nslookup META Explanation Host Enter server IP address or hostname 2 Ping Utility used to test the reachability of a host on an Internet IP network and to measure the round trip time for messages sent from the originating host to a destination server Server echo response will be shown after few seconds if server is accessible 3 Traceroute Diagnostic tool for displaying the route path and measuring transit delays of packets across an Internet IP network Log containing route information will be shown after few seconds 4 Nslookup Network administration command line tool for querying the Domain Name System DNS to obtain domain name or IP address mapping or for any other specific DNS record Log containing specified server DNS lookup information will be shown after few seconds 8 3 5 MAC Clone General Troubleshoot Backup Access Control Diagnostics MAC Clone Overview MAC Address Clone MAC Address Clone WAN MAC address 00 1E 42 00 00 51 Get PC MAC address Save Restore to default _ Field name sf Explanation O OOOO O 1 WAN MAC address Enter new WAN MAC address 120 8 3 6 Overview General Troubleshoot Backup Access Control Diagnostics MAC Clone Overview Overview Page Configuration Overview Tables System Mobile Wireless WAN Local network Access control Recent system events Recent network events METE ETT 1 System Check box to show System table in Overview page 2
74. isete ca selec ee ea ite Slee ahh eae Seasick ne stands 123 Oey Zs PR RA 124 Bol RESTO DO Mba tias 124 8 7 4 Restore point Cee da 124 Sale RESTOS DON A e E 0 O A 125 0 MRS OO dao hc tan naan teeta eaves 125 9 Funcuonallty notlistedin Med ia cads 125 SL SMD HTTP POSTEE ce ee ee 125 Salad SVntaxcor HIP POS U GEV SINE iaa A id 125 O12 Parameters OF Hite POSI GET STO 125 9 1 3 Possible responses after command execution cccccccssscccceesececceececeeeecceceuseceesuneceesugeceetenseeetes 126 O14 ATIPPOST GET String examples iaa igcon s 126 LO DEVIC CEROC OVE Md da 126 10 1 RESSGEDUTON aia 126 tO MAMI O o o o io e hat tetas 127 10 3 BOOEIO AGI S Web e E E E A 127 T GOSS I a E a a A S N 128 SAFETY INFORMATION In this document you will be introduced on how to use a RUT900 router safely We suggest you to adhere to the following recommendations in order to avoid personal injuries and or property damage You have to be familiar with the safety requirements before using the device To avoid burning and voltage caused traumas of the personnel working with the device please follow these safety requirements The device is intended for supply from a Limited Power Source LPS that power consumption should not exceed 15VA and current rating of overcurrent protective device should not exceed 2A The highest transient overvoltage in the output secondary circuit of used PSU shall not exceed 36V peak The device can be u
75. izes it s time with an NTP server Format year month day hours minutes seconds 7 Service mode 2G only 2G preferred Your network preference If your local mobile network supports 2G 3G only 3G preferred 3G you can specify to which network you wish to connect E g if automatic you choose 2G the router will connect to a 2G network so long as it is available otherwise it will connect to a network that provides 47 better connectivity If you select auto then the router will connect to the network that provides better connectivity 8 Deny data Enable Disable If enabled this function prevents the device from establishing mobile roaming data connection while not in home network Warning If an invalid PIN number was entered i e the entered PIN does not match the one that was used to protect the SIM card your SIM card will get blocked To avoid such mishaps it is highly advised to use an unprotected SIM If you happen to insert a protected SIM and the PIN number is incorrect your card won t get blocked immediately although after a couple of reboots OR configuration saves it will 6 1 1 2 Mobile Data On Demand Mobile Data On Demand Enable Mo data timeout sec 10 Save ee Possible values Explanation Enable Enable Disable Mobile Data On Demand function enables you to keep mobile data connection on only when it s in use 2 No data 1 99999999 A mobile data connection will be terminated if no data is tran
76. k 4 DHCP Options 6 4 Wireless Dynamically allocate client addresses if set to 0 only clients present in the ethers files are served Forces DHCP serving even if another DHCP server is detected on the same network segment You can override your LAN netmask here to make the DHCP server think it s serving a larger or a smaller network than it actually is Additional options to be added for this DHCP server For example with 26 1470 or option mtu 1470 you can assign an MTU per DHCP Your client must accept MTU by DHCP for this to work On this page you can configure your wireless settings Depending on whether your WAN mode is set to Wi Fi or not the page will display either the options for configuring an Access Point or options for configuring a connection to some local access point Access Point Wireless General Site Survey Wireless Access Point Device Configuration General Setup Advanced Settings Enable wireless Interface Configuration Hide SslD Here you can configure your wireless settings like radio frequency mode encryption etc Channel auto General Setup Wireless Security MAC Filter SSID Teltonika_Router Advanced Settings 59 Here you can see the Overview of the wireless configuration It is divided into two main sections device and interface One is dedicated to configuring hardware parameters other software Here you can toggle the availability of the wireless ra
77. k is working Configure your WAN settings to use that link and see whether you have internet access If the main link is working we can continue configuring our Backup Link Now go to Backup WAN page and configure the settings to your liking Click Save and wait until the settings are applied Now in the Status gt Network Information gt WAN page there should be a status indication for the backup WAN If everything is working correctly you should see this Backup WAN Status WAN Wired IM USE ih m7 LL EIST FR h Backup WAN The above picture shows the status for Backup WAN configured on a wired main link You can now simulate a downed link by simply unplugging your Ethernet WAN cable When you ve done so you should see this Backup WAN Status L F r Backup WAR 36 IN USE And if you plug the cable back in you should again see this Backup WAN Status WAN Wired IM USE kup WAR E Erai If you do not witness the above sequence your backup link is working 63 6 6 Firewall In this section we will look over the various firewall features that come with RUT90O0 6 6 1 General Settings The routers firewall is a standard Linux iptables package which uses routing chains and policies to facilitate control over inbound and outbound traffic General Settings Port Forwarding Traffic Rules Custom Rules DDOS Prevention Firewall General settings allows y
78. l respond with return status 9 1 3 Possible responses after command execution a Explanation Command executed successfully 2 ERROR An error occurred while executing command 3 TIMEOUT No response from the module received 4 WRONG NUMBER SMS receiver number format is incorrect or SMS index number is incorrect 5 NO MESSAGE There is no message in memory by given index 6 NO MESSAGES There are no stored messages in memory 9 1 4 HTTP POST GET string examples http 192 168 1 1 cgi bin sms_read number 3 http 192 168 1 1 cgi bin sms_send number 0037061212345 amp text test http 192 168 1 1 cgi bin sms_delete number 4 http 192 168 1 1 cgi bin sms_list http 192 168 1 1 cgi bin sms_total 10 Device Recovery The following section describes available option for recovery of malfunctioning device Usually device can become unreachable due to power failure during firmware upgrade or if core files were wrongly modified in the file system Teltonika s router does offer several ways to recover from these situations 10 1 Reset button Reset button is located on the back panel of the device Reset button has several functions Reboot the device After the device has started if the reset button is pressed for up to 4 seconds the device will reboot Start of the reboot will be indicated by flashing of all 5 signal strength LEDs together with green connection status LED Reset to defaults After the device has started if the reset button is p
79. le to near perfection if you should desire that Rule is enabled Name Protocol Source Zone Source MAGC addre Source IP address source port External IP address External port Internal zone Internal IP address Internal port Erable WAT loopbac k Extra arguments Disable local We bs ite TGP kan lan a vpn empty i wan wan 2 ppp EF wane i rs 12345 tam lar Za vpn empty wan wan 22 ppp EF wane 4 192168 1 108 BO Field Name Sample value Explanation E E E Name Protocol Source zone Source MAC address Source IP address Source port External IP address localWebsite Name of the rule Used purely to make it easier to manage rules TCP UDP TCP You may specify multiple by selecting custom and then UDP ICMP Custom entering protocols separated by space LAN VPN WAN Match incoming traffic from this zone only Any Match incoming traffic from these MACs only any Match incoming traffic from this IP or range only any Match incoming traffic originating from the given source port or port range on the client host only any Match incoming traffic directed at the given IP address only 66 9 External port 12345 Match incoming traffic directed at the given destination port or port range on this host only 10 Internal zone LAN VPN WAN Redirect matched incoming traffic to the specified internal zone 11 Internal IP address 192 1
80. m logging information It does not however substitute troubleshooting file that can be downloaded from System gt Backup and Firmware menu 8 Kernel Log Provides on screen Kernel logging information lt does not however substitute troubleshooting file that can be downloaded from System gt Backup and Firmware menu 9 Troubleshoot Downloadable archive that contains full router configuration and all System log files 117 8 3 3 Backup General Troubleshoot Backup Access Control Diagnostics MAC Clone Overview Backup Backup Configuration Backup archive Download Restore Configuration Restore from backup Browse No file selected Upload archive f Field name ENE 1 Backup archive Download current router settings file to personal computer This file can be loaded to other RUT900 with same Firmware version in order to quickly configure it 2 Restore from backup Upload and restore router settings file from personal computer 8 3 3 1 Access Control General General Troubleshoot Backup Access Control Diagnostics MAC Clone Overview General Safety Access Control SSH Access Control Remote SSH access Web Access Control Enable HTTP ac Enable remote HTTP access Enable remote HTTPS Remote Access Control Enable remote monitoring MELIA E Enable SSH access Check box to enable SSH access functionality 2 Remote SSH access If check box is selected user can access the router via SSH from
81. n MAC Address FC C2 DE 91 36 A6 Associated station s MAC Media Access Control address 2 Device Name Android DHCP client s hostname 9aed2b2077a54c74 3 Signal 54dBm Received Signal Strength Indicator RSSI Signal s strength measured in dBm 4 RX Rate 24 0Mbit s MCS O The rate at which packets are received from associated station 20MHz 5 TX Rate 54 0Mbit s MCS O The rate at which packets are sent to associated station 20MHz 5 3 1 6 OpenVPN Client must be updated Displays openVPN connection client side information Mobile WAN LAN Wireless OpenVPN VRRP Topology Access OpenVPN Information Client Client OpenVPN Status Enabled Type Client IP 172 16 1 6 Mask 255 255 255 255 Server IP 172 16 1 0 Time 0h 48m 43s Status Enabled OpenVPN status Type Client A type of OpenVPN instance that has been created IP 172 16 1 6 Remote virtual network s IP address Mask 255 255 255 255 Remote virtual network s subnet mask Server IP 172 16 1 0 Remote virtual server s IP address Time Oh 48m 43s For how long the connection has been established _ FieldName Sample Value Explanation OO le 2 3 4 5 6 25 5 3 1 7 OpenVPN Server Displays openVPN connection server side information Mobile WAN LAN Wireless OpenVPN VRRP Topology Access OpenVPN Information Server Server OpenVPN Status Enabled Type Server IP 172 16 1 1 Mask 255 255 255 255 Time 20h 13m 9s Clients Information Common Name Real
82. n be powered from power socket and over Ethernet simultaneously Power socket has higher priority meaning that the device will draw power from power socket as long as it is available When RUT9xx is switching from one power source to the other it loses power for a fraction of the second and may reboot The device will function correctly after the reboot 16 Signal ID T568A Color T568B Color Pins on plug face socket is reversed TX white green stripe white orange stipe TX green solid orange soled winte orange stnpe white green sinpe blue solid blue solid 7 30VDC white blue stnpe white blue stripe RX A orange solid green solid GROUND white brown stnpe white brown stripe GROUND p p brown solid brown solid Though the device can be powered over Ethernet port it is not compliant with IEEE 802 3af 2003 standard Powering RUT9xx from IEEE 802 3af 2003 power supply will damage the device as it is not rated for input voltages of PoE standard 4 1 Powering the device from higher voltage If you decide not to use our standard 9 VDC wall adapters and want to power the device from higher voltage 15 30 VDC please make sure that you choose power supply of high quality Some power supplies can produce voltage peaks significantly higher than the declared output voltage especially during connecting and disconnecting them While the device is designed to accept input voltage of up to 30 VD
83. nal 3178S 2015 05 11 16 02 39 DHCP Leased 192 168 1 232 IP address for client FC C2 DE 91 36 A6 android 9aed2b2077a54c74 in WiFi 3177S 2015 05 11 16 02 39 Port Wired WAN connection operational 3176S 2015 05 11 16 02 38 Leased 192 168 1 232 IP address for client FC C2 DE 91 36 A6 android 9aed2b2077a54c74 in WiFi 3175S 2015 05 11 16 02 37 Leased 192 168 1 232 IP address for client FC C2 DE 91 36 A6 android 9aed2b2077a54c74 in WiFi 3174S 2015 05 11 16 02 36 Leased 192 168 1 232 IP address for client FC C2 DE 91 36 46 android 9aed2b2077a54c74 in WiFi 3173S 2015 05 11 16 02 36 Leased 192 168 1 232 IP address for client FC C2 DE 91 36 A6 android 9aed2b2077a54c74 in WiFi 3172S 2015 05 11 16 02 35 Leased 192 168 1 232 IP address for client FC C2 DE 91 36 A6 android 9aed2b2077a54c74 in WiFi Showing 1 to 10 of 1912 entries Next gt gt 40 5 10 2 System Events Displays all system events their type and time of occurance Events include authentication or reboot requests safemode incoming and outgoing SMS and calls configuration changes DHCP events All Events System Events Network Events Events Reporting Reporting Configuration System Log All Authentication Reboot Safemode SMS Call Configuration DHCP Events Log Events per page 10 Y Search ID Date Eventtype Event 2015 05 11 16 11 47 Config Firewall configuration has been changed 2015 05 11 16 09 29 Port Wired WAN connection operational 2015 05 11 1
84. nel when data from router to remote site over tunnel is sent For automatic tunnel establishment used tunnel Keep Alive feature 82 OpenVPN IPsec IPsec IPsec Configuration GRE Tunnel PPTP L2TP Enable Mode Enable NAT traversal Enable initial contact My identifiertype Address My identifier 100 121 122 123 Pre shared key password Remote VPN endpoint 215 148 3 15 Enable DPD Delay sec 30 Field name Explanation 1 10 Enable Mode Enable NAT traversal Enable initial contact My identifier type My identifier Preshare key Remote VPN endpoint Enable DPD Delay sec Check box to enable IPSec Select Main Aggressive or Base mode accordingly to your IPSec server configuration Enable this function if client to client applications will be used Enable this to send an INITIAL CONTACT message Set the device identifier for IPSec tunnel E g You can use your IP address Set the device identifier for IPSec tunnel In case RUT has Private IP its identifier should be its own LAN network address In this way the RoadWarrior approach is possible Specify the authentication secret string Secret s length depends on selected algorithm eg 128 bit long secret is 16 characters in length 128 bits 8 bits one character 16 Set remote IPSec server IP address If the RUT does not receive DPD ACK message from its IPSec peer RUT shuts the connection down Select dela
85. o Changing them can result in an interrupted connection to an AP In addition to standard options you can also click the Scan button to rescan the surrounding area and attempt to connect to a new wireless access point 6 5 Backup WAN Backup WAN is function that allows you to back up your wired OR wireless connection in case they go down At the current moment you can only backup wired and Wi Fi Backup WAN Backup Link Enable PF Backup Configuration tmobile is selected as WAM you cannot enable backup link Timing and other parameters will indicate how and when it will be determined that your conventional connection has gone down Health monitor interval 5 sec Health monitor CMP hostisi ONS Serveris hd Health monitor ICMP timeout 1 sec hd Attempts before WAN failover 1 Attempts before WAN recovery 1 hd Backup Check A remote host that willbe used to test wether your backup link is alive ICMP host 5 5 4 4 The majority of the options consist of timing and other important parameters that help determine the health of your primary connection Regular health checks are constantly performed in the form of ICMP packets Pings on your primary connection When the connections state starts to change READY gt NOT READY and vice versa a necessary amount of failed or passed health checks has to be reached before the state changes completely This delay is instituted so as to mitigate spikes in connection availab
86. o make rule management easier Match traffic from selected address family only Protocol of the packet that is being matched against traffic rules any Match traffic with selected ICMP type only Any zone LAN VPN WAN Match incoming traffic from this zone only any Match incoming traffic from these MACs only any Match incoming traffic from this IP or range only 68 8 Source port 9 Destination zone 10 Destination address 11 Destination port 12 Action any Device Any zone LAN VPN WAN any 67 Drop Accept Reject chain additional rules 6 6 4 1 Open Ports On Router Match incoming traffic originating from the given source port or port range on the client host only Match forwarded traffic to the given destination zone only Match forwarded traffic to the given destination IP address or IP range only Match forwarded traffic to the given destination port or port range only Action to be taken on the packet if it matches the rule You can also define additional options like limiting packet volume and defining to which chain the rule belongs Name Open_Port_rule Open Ports On Router Protocol External port TCP M 22 Field Name Sample value Name 2 Protocol 3 External port Open_Port_rule Explanation Used to make rule management easier TCP UDP Any ICMP Custom Protocol of the packet that is being matched against traffic rules 1 65535 Match incoming traffic directed at th
87. on there is also the ability to gather and upload detailed logs on what each device denoted as a MAC address was doing on the network what sites were traversed etc 7 9 1 General settings General Restricted Internet Access Logging Landing Page Radius Server Wireless Hotspot Configuration General Settings Enable AP IP 192 168 2 254 24 Authentication mode Without radius Protocol HITP HTTPS redirect List Of Addresses The Client Can Access Without First Authenticating Enable Address There are no addresses created yet Users Configuration User name Password There are no users created yet METEO EEC 1 Enabled Check this flag to enable hotspot functionality on the router 2 AP IP Access Point IP address This will be the address of the router on the hotspot network The router will automatically create a network according to its own IP and the CIDR number that you specify after the slash E g 192 168 2 254 24 means that the router will create a network with the IP address 192 168 182 0 netmask 255 255 255 0 for the express purpose of containing all the wireless clients Such a network will be able to have 253 clients their IP addresses will be automatically granted to them and will range from 192 168 2 1 to 192 168 2 253 3 Authentication External radius mode 4 Radius server 1 The IP address of the RADIUS server that is to be used for Authenticating your wireless clients 105 5 Radi
88. onnected to IP networks must be configured before they can communicate with other hosts The most essential information needed is an IP address and a default route and routing prefix DHCP eliminates the manual task by a network administrator It also provides a central database of devices that are connected to the network and eliminates duplicate resource assignments ETHERNET CABLE Refers to the CAT5 UTP cable with an RJ 45 connector AP Access point An access point is any device that provides wireless connectivity for wireless clients In this case when you enable Wi Fi on your router your router becomes an access point DNS Domain Name Resolver A server that translates names such as www google t to their respective IPs In order for your computer or router to communicate with some external server it needs to know it s IP its name www something com just won t do There are special servers set in place that perform this specific task of resolving names into IPs called Domain Name servers If you have no DNS specified you can still browse the web provided that you know the IP of the website you are trying to reach ARP Short for Adress Resolution Protocol a network layer protocol used to convert an IP address into a physical address called a DLC address such as an Ethernet address PPPoE Point to Point Protocol over Ethernet PPPoE is a specification for connecting the users on an Ethernet to the internet thro
89. onsists out of three color coded graphs each one corresponding to the average CPU load over 1 red 5 orange and 15 yellow most recent minutes Mobile Signal Load Traffic Wireless Connections Realtime Load 1 Minute Load 0 83 Average 0 86 5 Minutes Load 0 66 Average 0 66 15 Minutes Load 0 37 Average 0 37 3 minutes window 3 seconds interval Peak 1 50 Peak 0 69 Peak 0 37 Field Name Sample Value Explanation 1 5 15 Minutes 0 83 Load 2 Average 0 86 3 Peak 1 50 35 Time interval for load averaging color of the diagram Average CPU load value over time interval 1 5 15 Minute Peak CPU load value of the time interval 5 7 3 Traffic This tri graph illustrates average system load over the course of 3 minutes each new measurement is taken every 3 seconds The graph consists out of three color coded graphs each one corresponding to the average system load over 1 red 5 orange and 15 yellow most recent minutes Although not graphed the page also displays peak loads over 1 5 and 15 minutes Mobile Signal Load Traffic Wireless Connections Realtime Traffic Bridge LAN WAN Wired Mobile WiFi iy AY AA AA A AAA 3 minutes window 3 seconds interval Inbound 3 85 Kbits s Average 4 88 Kbits s Peak 22 28 Kbits s 0 48 KBytes s 0 61 KBytes s 2 79 KBytes s Outbound 0 73 Kbits s Average 9 33 Kbits s Peak 287 74 Kbits s 0 09 KBytes s 1 17 KBytes s 35 97 KByt
90. or tunneling RFC1812 private address space traffic over an intermediate TCP IP network such as the Internet GRE tunneling does not use encryption it simply encapsulates data and sends it over the WAN 152 158 0 2 In the example network diagram two distant networks LAN1 and LAN2 are connected To create GRE tunnel the user must know the following parameters 1 Source and destination IP addresses 2 Tunnel local IP address 3 Distant network IP address and Subnet mask 85 OpenVPN IPsec GRE Tunnel PPTP L2TP Gre tunnel Instance Gre_tunnel Main Settings Enabled Remote endpoint IP address 84 148 7 87 Remote network 192 166 2 0 Remote network netmask 24 Local tunnel IP Local tunnel netmask MTU TTL PMTUD Enable Keep alive Keep Alive host Keep Alive interval Field name PEE 1 Enabled Check the box to enable the GRE Tunnel function 2 Remote endpoint IP address Specify remote WAN IP address 3 Remote network IP address of LAN network on the remote device 4 Remote network netmask Network of LAN network on the remote device Range 0 32 5 Local tunnel IP Local virtual IP address Can not be in the same subnet as LAN network 6 Local tunnel netmask Network of local virtual IP address Range 0 32 7 MTU Specify the maximum transmission unit MTU of a communications protocol of a layer in bytes 8 TTL Specify the fixed time to live TTL value on tunneled packets 0 255 The O is a speci
91. ou to set up default firewall policy General Settings Drop invalid packets Input Accept Y Output Accept Y Forward Reject Y Field Name Sample value Explanation Drop Invalid packets Checked Unchecked A Drop action is performed on a packet that is determined to be invalid 2 Input Reject Drop Accept DEFAULT action that is to be performed for packets that pass through the Input chain 3 Output Reject Drop Accept DEFAULT action that is to be performed for packets that pass through the Output chain 4 Forward Reject Drop Accept DEFAULT action that is to be performed for packets that pass through the Forward chain DEFAULT When a packet goes through a firewall chain it is matched against all the rules for that specific chain If no rule matches said packet an according Action either Drop or Reject or Accept is performed Accept Packet gets to continue down the next chain Drop Packet is stopped and deleted Reject Packet is stopped deleted and differently from Drop an ICMP packet containing a message of rejection is sent to the source of the dropped packet 64 6 6 2 DMZ DMZ Configuration Enable DMZ host IP address By enabling DMZ for a specific internal host for e g your computer you will expose that host and its services to the routers WAN network i e internet 6 6 3 Port Forwarding 1 Name localWebsite 2 Protocol TCP UDP TCP UDP Other 3 External Po
92. outside WAN 3 Port Port to listen for SSH access 4 Enable HTTP access Check box to enable HTTP access functionality 118 5 Enable remote SSH If check box is selected users can access the router via the HTTP WEB Interface from the access outside WAN 6 Enable remote If check box is selected users can access the router via the HTTPS WEB Interface from the HTTPS access outside WAN 7 Enable remote Check box to enable remote monitoring server access monitoring Contact support to get account Note The router has 2 users admin for WebUl and root for SSH When logging in via SSH use root 8 3 3 2 Access Control Safety General Troubleshoot Backup Access Control Diagnostics MAC Clone Overview General Safety Block Unwanted Access SSH Access Secure Enable Clean after reboot Fail count WebUl Access Secure Enable Clean after reboot Fail count List Of Blocked Addresses Service Blocked address There are no addresses blocked MET Explanation SSH access secure Check box to enable SSH access secure functionality enable 2 Clean after reboot If check box is selected blocked address removed after reboot 3 Fail count How much time can try to connect 4 WebUI access Check box to enable WebUl access secure functionality secure enable 119 8 3 4 Diagnostics General Troubleshoot Backup Access Control Diagnostics MAC Clone Overview Diagnostics Network Utilities Act
93. over IP network VPN Virtual Private Network a network that is constructed by using public wires usually the Internet to connect to a private network such as a company s internal network VRRP Virtual Router Redundancy Protocol an election protocol that dynamically assigns responsibility for one or more virtual router s to the VRRP router s on a LAN allowing several routers on a multiaccess link to utilize the same virtual IP address GRE Tunnel Generic Routing Encapsulation a tunneling protocol developed by Cisco Systems that can encapsulate a wide variety of network layer protocols inside virtual point to point links over an Internet Protocol internetwork PPPD Point to Point Protocol Daemon it is used to manage network connections between two nodes on Unix like operating systems It is configured using command line arguments and configuration files SSH Secure SHell a program to log into another computer over a network to execute commands in a remote machine and to move files from one machine to another It provides strong authentication and secure communications over insecure channels VRRPD Virtual Router Redundancy Protocol it is designed to eliminate the single point of failure associated with statically routed networks by automatically providing failover using multiple LAN paths through alternate routers SNMP Simple Network Management Protocol a set of protocols for managing
94. ow what you are doing Usually the gateway has some predefined DNS servers As such the router when it needs to resolve a hostname www google com www cnn com etc to an IP address it will forward all the DNS requests to the gateway By entering custom DNS servers the router will take care of host name resolution You can enter multiple DNS servers to provide redundancy in case the one of the server fails IP aliases are a way of defining or reaching a subnet that works in the same space as the regular network There are no IP aliases created yet Add When you select the DHCP protocol you can use it as is because most networks will not require any additional advanced configuration 52 6 2 2 1 3 PPPoE This protocol is mainly used by DSL providers Common Configuration General Setup Advanced Settings Protocol PPPoE PAP CHAP username test PAP CHAP password eee 5 Access Concentrator Service Name This is the configuration setup for when you select PPPoE protocol MET BA E Explanation PAP CHAP username test Your username and password that you would use to connect to your carriers network 2 PAP CHAP password your_password A mask used to define how large the WAN network is 3 Access Concentrator iSp Specifies the name of access concentrator Leave empty to auto detect 4 Service Name isp Specifies the name of the service Leave empty to auto detect 53 6 2 2 2 Advanced
95. r s WebUI Bootloader also provides a way to recover the router from damaged firmware To make it easy for the user bootloader has its own webserver that can be accessed with any web browser Bootloader s webserver can be started Automatically It happens when bootloader does not detect neither master nor safemode firmware Flashing all 4 Ethernet LEDs indicate that bootloader s webserver has started Manually Bootloader s webserver can be requested by holding reset button for 3 seconds while powering the device on Flashing all 4 Ethernet LEDs indicate that bootloader s webserver has started Bootloader s WebUI can be accessed by typing this address in the web browser http 192 168 1 1 index html Note it may be necessary to clear web browser s cache and to use incognito anonymous window to access bootloader s WebUI 127 11 Glossary WAN Wide Area Network is a telecommunication network that covers a broad area i e any network that links across metropolitan regional or national boundaries Here we use the term WAN to mean the external network that the router uses to reach the internet LAN A local area network LAN is a computer network that interconnects computers in a limited area such as a home school computer laboratory or office building DHCP The Dynamic Host Configuration Protocol DHCP is a network configuration protocol for hosts on Internet Protocol IP networks Computers that are c
96. r purchasing a RUT900 3G router RUT9OO is part of the RUT9xx series of compact mobile routers with high speed wireless and Ethernet connections This router is ideal for people who d like to share their internet on the go as it is not restricted by a cumbersome cable connection Unrestricted but not forgotten the router still supports internet distribution via a broadband cable simply plug it in to the wan port set the router to a correct mode and you are ready to browse 1 1 Specifications 1 1 1 UMTS e 850 900 AWS1700 1900 2100 MHz e HSDPA mode DL up to 21 Mbps UL 5 76 Mbps e UMTS mode 384 kbps DL 384 kbps UL e RX diversity antenna 1 1 2 GSM GPRS EDGE e 850 900 1800 1900 MHz e Power Class 4 2 W 33 dBm GSM GPRS 850 900 MHz e Power Class 1 1 W 30 dBm GSM GPRS 1800 1900 MHz e Power Class E2 0 5 W 27 dBm for EDGE 850 900 MHz e Power Class E2 0 4 W 26 dBm for EDGE 1800 1900 MHz e GSM 14 4 kbps DL 14 4 kbps UL e GPRS 107 kbps DL 85 6 kbps UL class 33 e EDGE 296 kbps DL 236 8 kbps UL class 33 1 1 3 Ethernet e EEE 802 3 IEEE 802 3u standards e 3xLAN 10 100Mbps Ethernet ports e 1xWAN 10 100Mbps Ethernet port e Supports Auto MDI MDIX 1 1 4 Wi Fi e EEE 802 11b g n Wi Fi standards e 2x2 MIMO e AP and STA modes 64 128 bit WEP WPA WPA2 WPA amp WPA2 encryption methods e 2 401 2 495GHz Wi Fi frequency range e 20dBm max Wi Fi TX power e SSID stealth mode and access control based on MAC address
97. rashes and unexpected reboots 2 Cached 10828 kB 126452 kB The size of the area of memory that is dedicated to storing frequently 8 accessed data 3 Buffered 4308 kB 126452 kB The size of the area in which data is temporarily stored before moving 3 it to another location 5 3 Network Information 5 3 1 1 Mobile Displays information about mobile modem connection GS TEL TONIKA Status Network Services System Mobile WAN LAN Wireless OpenVPN VRRP Topology Mobile Information Mobile af Data connection state Connected IMEI 560461024164561 IMSI 246021004265840 Sim card state Ready Signal strength 74 dBm Operator LT BITE GSM Operator state Registered home Connection type 36 WCDMA Bytes received V2 KB 7357 bytes Bytes sent 8 0 KB 8146 bytes Mobile information SIM card slot in use SIM 1 Refresh E mun Field Name Sample Value Explanation Data Connected Mobile data connection status connection state 2 IMEI 860461024164561 Modem s IMEI International Mobile Equipment Identity number 3 IMSI 246021004265840 IMSI International Mobile Subscriber Identity is used to identify the user in a cellular network 4 SIM card Ready Indicates the SIM card s state e g PIN required Not inserted etc state 20 5 Signal strength 6 Operator state 7 Operator 8 Connection type 3 Bytes received 10 Bytes sent 5 3 1 2 WAN 74 dBm LT BITE GSM Registered home 3G WCD
98. relessly SSID Teltonika_Router or use Ethernet cable and plug it into any LAN Ethernet port 12 2 2 Logging in After you re complete with the setting up as described in the section above you are ready to start logging into your router and start configuring it This example shows how to connect on Windows 7 On windows Vista click Start gt Control Panel gt Network and Sharing Centre gt Manage network Connections gt Go to step 4 On Windows XP Click Start gt Settings gt Network Connections gt see step 4 You wont s see Internet protocol version 4 TCP IPv4 instead you ll have to select TCP IP Settings and click options gt Go to step 6 We first must set up our network card so that it could properly communicate with the router 1 Press the start button 2 Type in network connections wait for the results to pop up Calculator Sg snipping Tool IN sticky Motes aay if F Faint qi XPS Viewer Control Panel 19 a Find and fix networking and connection problems SE Set up a connection or network Set up a virtual private network VPN connection View network connections Manage network passwords Add a wireless device to the network Connectto a network gi Windows Fax and Scan Identify and repair network problems 9 ncll1nt wireshark A Rernote Desktop Connection MO ic COMODO Antivirus gt AllPrograms Search programs and files dic
99. ress reset button during upgrade process This will totally damage your router and it won t be accessible If you have any problems related to firmware upgrade you should always consult with local dealer 123 8 6 2 FOTA Firmware FOTA Firmware Over The Air Configuration Server Settings Server address http teltonika sritis It rut User name admin Password eeeeeee Enable auto check y Auto check mode On router startup gt WAN wired E Explanation Server address Specify server address where to check for firmware updates E g http teltonika sritis It rut9xx_auto_update clients 2 Username Use user name for server authorization 3 Password Use password name for server authorization 4 Enable auto check Check box to automatically check for new firmware updates 5 Auto check mode Select when to perform auto check function 6 WAN wired Allows to update firmware from server only if routers WAN is wired if box is checked 8 7 Restore point 8 7 1 Restore point create Create Load Create Restore Point Create Restore Point And Download Download Allows create firmware with all custom configuration 124 8 7 2 Restore point load Create Load Load Restore Point Restore Point File Browse No file selected Allows restoring firmware and configuration from restore point 8 8 Reboot Router reboot Warning During reboot you will temporarily lose the connection Reboot router by
100. ressed for at least 5 seconds the device will reset all user changes to factory defaults and reboot To help the user to determine how long should reset button be pressed signal strength LEDs count elapsed time All 5 lit LEDs mean that 5 seconds have elapsed and reset button can be released Start of the reset to defaults will be indicated by flashing of all 5 signal strength LEDs together with red connection status LED SIM PIN on the main SIM card SIM1 is the only parameter that is kept after reset to defaults 126 10 2 Safemode Router contains two firmware images in its internal flash memory One is master firmware which is the default firmware on is constantly used by the user Another is safemode firmware which plays the role of the backup to the master firmware Safemode firmware has most function of master firmware but to reduce its size some function were removed Removed functions are e Wireless Hotspot e VRRPD e SNMP e Web Filter Safemode firmware can be recognized from different logo and reduced menu in the WebUI The sole purpose of safemode firmware is to allow the user to update master firmware so all configuration options are removed To make safemode useful it is strongly recommended to back up configuration of master firmware when the user is satisfied with the setup described in Error Reference source not found section After configuration backup is created it can be tested by requesting safemode 10 3 Bootloade
101. rt 1 65535 4 Internal IP address IP address of some computer on your LAN 5 Internal port 1 65535 Here you can define your own port forwarding rules General Settings Port Forwarding Traffic Rules Firewall Port Forwarding Port forwarding allows remote computers on the Internet to connect to a specific computer or service within the private LAN Port Forwarding Rules Name Protocol Source Via localWebsite TCP From any host in wan To any router IP at port 12345 New Port Forward Rule Protocol TCP Name External port localWebsite 12345 Custom Rules Destination Enable Sort Forward to IP 192 168 1 109 g ts Edit Delete port 80 in lan Internal IP Internal port Add 192 168 1 109 gt so You can use port forwarding to set up servers and services on local LAN machines The above picture shows how you can set up a rule that would allow a website that is being hosted on 192 168 1 109 to be reached from the outside by entering http routersExternallp 12345 Field Name Sample value Explanation Name of the rule Used purely to make it easier to manage rules Type of protocol of incoming packet From what port on the WAN network will the traffic be forwarded The IP address of the internal machine that hosts some service that we want to access from the outside To what port on the internal machine would the rule redirect the traffic 65 When you click edit you can fine tune a ru
102. s 10 0 0 0 Remote network IP netmask 255 255 255 0 Certificate authority Browse Client certificate Browse Client key Browse You can set custom settings here according to your VPN needs Below is summary of parameters available to set a Field name Explanation 1 Enabled Switches configuration on and off This must be selected to make configuration active 2 TUN TAP Selects virtual VPN interface type TUN is most often used in typical IP level VPN connections however TAP is required to some Ethernet bridging configurations Si Protocol Defines a transport protocol used by connection You can choose here between TCP and UDP 4 Port Defines TCP or UDP port number make sure that this port allowed by firewall 5 LZO This setting enables LZO compression With LZO compression your VPN connection will generate less network traffic however this means higher router CPU loads Use it carefully with high rate traffic or low CPU resources 6 Encryption Selects Packet encryption algorithm Authentication Sets authentication mode used to secure data sessions Two possibilities you have here Static means that OpenVPN client and server will use the same secret key which must be uploaded to the router using Static pre shared key option Tls authentication mode uses 81 X 509 type certificates Depending on your selected OpenVPN mode client or server you have to upload these certif
103. sed by client systems to make authenticated requests to a remote server Client certificates play a key role in many mutual authentication designs providing strong assurances of a requester s identity 15 Client key Authenticating the client to the server and establishing precisely who they are After setting any of these parameters press Save button Some of selected parameters will be shown in the configuration list table You should also be aware of the fact that router will launch separate OpenVPN service for every configuration entry if it is defined as active of course so the router has ability to act as server and client at the same time 7 4 2 IPSec The IPsec protocol client enables the router to establish a secure connection to an IPsec peer via the Internet IPsec is supported in two modes transport and tunnel Transport mode creates secure point to point channel between two hosts Tunnel mode can be used to build a secure connection between two remote LANs serving as a VPN solution IPsec system maintains two databases Security Policy Database SPD which defines whether to apply IPsec to a packet or not and specify which how I Psec SA is applied and Security Association Database SAD which contain Key of each Psec SA The establishment of the Security Association IPsec SA between two peers is needed for IPsec communication It can be done by using manual or automated configuration Note router starts establishing tun
104. sed with the Personal Computer first safety class or Notebook second safety class Associated equipment PSU power supply unit LPS and personal computer PC shall comply with the requirements of standard EN 60950 1 Do not mount or service the device during a thunderstorm To avoid mechanical damages to the device it is recommended to transport it packed in a damage proof pack Protection in primary circuits of associated PC and PSU LPS against short circuits and earth faults of associated PC shall be provided as part of the building installation gt gt gt To avoid mechanical damages to the device it is recommended to transport it packed in a damage proof pack While using the device it should be placed so that its indicating LEDs would be visible as they inform in which working mode the device is and if it has any working problems Protection against overcurrent short circuiting and earth faults should be provided as a part of the building installation Signal level of the device depends on the environment in which it is working In case the device starts working insufficiently please refer to qualified personnel in order to repair this product We recommend forwarding it to a repair center or the manufacturer There are no exchangeable parts inside the device Device connection Automatic Shutdown Wall Outlet Device L gt ri oMo NS Switch 230V AC A ES Board ACIDC 9V 1 Introduction Thank you fo
105. sends TCP connection requests faster than the targeted machine can process them causing network saturation General Settings Port Forwarding Traffic Rules Custom Rules DDOS Prevention DDOS Prevention SYN Flood Protection Enable SYN flood protection a SYN flood rate SYN flood burst TCP SYN cookies Field Name Sample value Explanation Enable SYN flood Enable Disable Makes router more resistant to SYN flood attacks protection 2 SYN flood rate 252 Set rate limit packets second for SYN packets above which the traffic is considered a flood 3 SYN flood burst 50 Set burst limit for SYN packets above which the traffic is considered a flood if it exceeds the allowed rate 4 TCP SYN cookies Enable Disable Enable the use of SYN cookies particular choices of initial TCP sequence numbers by TCP servers 73 6 6 6 2 Remote ICMP requests Attackers are using ICMP echo request packets directed to IP broadcast addresses from remote locations to generate denial of service attacks Remote ICMP requests Enable ICMP requests Enable ICMP limit Limit period Second Y Limit 10 Limit burst a Field Name Sample value Explanation 1 Enable ICMP requests Enable Disable Blocks remote ICMP echo request type 2 Enable ICMP limit Enable Disable Enable ICMP echo request limit in selected period 3 Limit period Second Minute Hour Day Select in what period limit ICMP echo request 4 Limit 10 Maximum ICMP echo
106. sferred timeout sec during the timeout period 6 1 2 SIM Management General SIM Management Network Operators Mobile Data Limit SIM Idle Protection SIM Switching Primary Card SIM Switching SIM1 to SIM2 SIM2 to SIM1 oe Possible values Explanation Primary SIM card SIM1 SIM 2 SIM card that will be used in the system as a primary SIM card 2 Enable automatic Enable Disable Automatically switch between primary and secondary SIM cards switching based on the various rules and criterions defined below 48 3 Check interval 20 3600 Check interval in seconds On weak signal Enable Disable Perform a SIM card switch when a signal s strength drops below a certain threshold 5 On data limit Enable Disable Perform a SIM card switch when mobile data limit for your currrent SIM card is exceeded 6 Onsms limit Enable Disable Perform a SIM card switch when sms limit for your currrent SIM card is exceeded 7 On roaming Enable Disable Perform a SIM card switch when roaming is detected 8 Ondata connection Enable Disable Perform a SIM card switch when data connection fails fail 9 Switch back to Enable Disable Switch back to primary SIM card after timeout has been reached primary SIM card after timeout 6 1 3 Network Operators This function lets you Scan Select and enter manual Network Operator to which router should connect Function will provide great utility when router is in Roaming conditions Operator is selected only for the ac
107. stom and WAN interface The DDNS server will then resolve hostname queries to this specific IP Time interval in minutes to check if the IP address of the device have changed Time interval in minutes to force IP address renew SNMP settings window allows you to remotely monitor and send GSM event information to the server 7 6 1 SNMP Settings SNMP Configuration SNMP Service Settings SNMP Settings TRAP Settings Enable SNMP service Enable remote access Port Community Location Contact Name Y Y 161 Public gt Location email example com Name Save MET E Explanation E E TS Enable SNMP service Enable remote access Enable Disable Enable Disable Run SNMP Simple Network Management Protocol service on system s start up Open port in firewall so that SNMP Simple Network Management Protocol service may be reached from WAN Port 161 SNMP Simple Network Management Protocol service s port Community Public Private Custom The SNMP Simple Network Management Protocol Community is an ID that allows access to a router s SNMP data Community name custom Set custom name to access SNMP Location Location Trap named sysLocation Contact email example com Trap named sysContact Name Name Trap named sysName 90 Variables OID POI Description 1 1 3 6 1 4 1 99999 1 1 1 Modem IMEI 2 1 3 6 1 4 1 99999 1 1 2 Modem model cy 1 3 6 1 4 1 99999 1 1 3 Modem manufacturer 4 1 3 6 1 4
108. they were sent 128 TKIP Temporal Key Integrity Protocol scrambles the keys using hashing algorithm and by adding an integrity checking feature ensure that the keys haven t been tampered with CCMP Counter Mode Cipher Block Chaining Message Authentication Code Protocol encryption protocol designed for Wireless LAN products that implement the standards of the IEEE 802 11i amendment to the original IEEE802 11 standard CCMP is an enchanged data cryptographic encapsulation designed for data confidentiality and based upon the Counter Mode with CBC MAC CCM of the AES Advanced Encyprion Standard standard MAC Media Access Control hardware address that uniquely identifies each node of a network In IEEE 802 networks the Data Link Control DCL layer of the PSO Reference Model is divided into two sub layers the Logical Link Control LLC layer and the Media Access Control layer The MAC layer interfaces directly with the network medium Consequently each different type of network medium requires a different MAC layer DMZ Demilitarized Zone a computer or small subnetwork that sits between a trusted internal network such as a corporate private LAN and an untrusted external network such as the public internet UDP User Datagram Protocol a connectionless protocol that like TCP runs on top of IP networks Provides very few error recovery services offering instead a direct way to send and receive datagrams
109. ties Allows users to Call the router in order to perform one of the actions Reboot Get Status turn WiFi ON OFF turn Mobile data ON OFF Only thing that is needed is to call routers SIM card number from allowed phone user and RUT900 will perform all actions that are assigned for this particular number 7 7 3 User Groups Gives possibility to group phone numbers for SMS management purposes You can then later use these groups in all related SMS functionalities This option helps if there are several Users who should have same roles when managing router via SMS 7 74 SMS Management You can send SMS from RUT WebUI Under SMS Management you can read and delete received stored SMS Fieldmame Explanation A 1 Phone number Recipients phone number to Should be preceded with country code i e 370 send SMS to 2 Message SMS message text All special characters are allowed With storage option you can choose for router NOT to delete SMS from SIM card If this option is not used router will automatically delete all incoming messages after they have been read Message status read unread is examined every 60 seconds All read messages are deleted 7 7 5 Remote Configuration RUT9xx can be configured via SMS from another RUT9xx You only have to select which configuration details are to be sent generate the SMS Text type in the phone number and Serial number of the router that you wish to configure and Send the SMS
110. tion 7 7 1 SMS Utilities SMS Utilities Call Utilities User Groups SMS Management Remote configuration SMS Utilities SMS Rules SMS Text Enable reboot J Delete Get status status Switch WiFi on wifion Switch WiFi off wifioff Delete Switch mobile data on mobileon Switch mobile data off mobileoff Change mobile data settings cellular Get list of profiles profdisp You can choose your SMS Keyword text to be sent and authorized phone number in the main menu You can edit each created rule by hitting Edit button All configuration options are listed below 93 MTS Explanation A Enable SMS Reboot This check box will enable and If you select Get Status it will send routers status disable SMS reboot function once it has rebooted and is operational again For Get Status description see item No 4 of this table 2 SMS text SMS text which will reboot SMS text can contain letters numbers spaces and router special symbols Capital letters also matters 3 Sender phone number Phone number of person who You can add as many phone numbers as you need can reboot router via SMS Dropdown list with additional rows will show up if message you click on add icon at the end of phone number row 4 Get status Check this to receive This is both separate SMS Rule and an option under connection status via SMS after SMS Reboot rule a reboot 5 Enable SMS Status This check box will enable and SMS status is disabled by default
111. tionary usr Cisco dictionary Usertdanual DPH401 en Wt UserhManualDPH411 en na A see more results 3 Click View network connections 4 Then right click on your wireless device that you use to connect to other access points It is the one with the name Control Panel 10 Wireless Network Connection and has signal bars on its Icon Eo View network status and tasks AS View network connections CA A A View network computers Network and sharing Center go JE Control Panel Network and Internet Network Connections d n i a View devices and printers View network connections Organize v Disable this network device Diagnose this connection Lk se Manage wireless networks A le Wireless Network Connection Disabled Il Intel R PRO Wireless 394 Enable Status Diagnose Create Shortcut Delete Rename Properties 13 5 Select Internet Protocol Version 4 TCP IPv4 and then click Properties 2 Wireless Network Connection Properties Networking Sharing Connect using a Intel R PRO Wireless 39454BG Network Connection This connection uses the following items ME Client for Microsoft Networks A QoS Packet Scheduler File and Printer Sharing for Microsoft Networks GCT WiMax Protocol Driver 4 Internet Protocol Version 6 TCP IP v6 Ss Internet Protocol Version 4 TCP IP y4 Link Layer Topology Discovery Mapper 10 Driver IS
112. tive SIM card In order to specify operator for the other SIM card it must first be selected as primary SIM in SIM Management Network Operators Current SIM SIM card in use Current operator Scan For Network Operators Status Operator name Shot name Numeric name Metwork access type Connect Available Tele2 LT Tele2 LT 24603 3G 2G Connect Forbidden LT BITE GSM 24602 6 26 Connect Available OMNITEL LT 24601 26 36 46 Connect Connect a Field Name Sample Value Explanation 1 SIM card in use SIM 1 SIM 2 Shows current SIM card s in use 2 Current operator y VELEZ Operator s name of the connected GSM network Note after clicking Scan button You will lose current mobile connection For changing network operator status have to be available There is manual connection to network operator you have to fill numeric name and it s have to be available 49 6 1 4 Mobile Data Limit This function lets you limit maximum amount of data transferred on WAN interface in order to minimize unwanted traffic costs 6 1 4 1 Data Connection Limit Configuration General SIM Management Network Operators Mobile Data Limit SIM Idle Protection Mobile Data Limit Configuration SIM1 SIM2 Data Connection Limit Configuration Enable data connection limit Data limit MB Period Start day 200 Month 1 T Field Name Sample value Explanation Enable data connection limit 2 Data limit MB 3 Perio
113. to the given source port May be left empty to only rewrite the IP address 12 Extra arguments Passes additional arguments to iptables Use with care 6 6 5 Custom Rules Here you have the ultimate freedom in defining your rules you can enter them straight into the iptables program Just type them out into the text field ant it will get executed as a Linux shell script If you are unsure of how to use iptables check the internet out for manuals examples and explanations General Settings Port Forwarding Traffic Rules Custom Rules Firewall Custom Rules Custom rules allow you to execute arbitrary iptables commands which are not otherwise covered by the firewall framework The commands are executed after each firewall restart right after the default ruleset has been loaded This file is interpreted as shell script Put your custom iptables rules here they will be executed with each firewall re start Internal uci firewall chains are flushed and recreated on reload so put custom rules into the root chains e g INPUT or FORWARD or into the special user chains e g input_wan_rule or postrouting_lan_rule Reset Submit 72 6 6 6 DDOS Prevention 6 6 6 1 SYN Flood Protection SYN Flood Protection allows you to protect from attack that exploits part of the normal TCP three way handshake to consume resources on the targeted server and render it unresponsive Essentially with SYN flood DDoS the offender
114. ts Events Reporting Reporting Configuration Event Reporting Configuration Modify event reporting rule Enable Event type Reboot Event subtype After unexpected shut down Y Action Send SMS Custom message Recipient s phone number 123456789 mu Field Name Sample Value Explanation Enable Enable Disable Make a rule active inactive 2 Event type Reboot Select event type about which occurrence information will be sent 3 Event subtype After unexpected shut Specifie event subtype to activate the rule down Action Send SMS Action to perform when an event occurs 5 Custom message Enable Disable When action occurs custom message will be send 6 Recipient s 123456789 For whom you want to send a SMS phone number 44 5 10 5 Reporting Configuration Displays configured services for event reporting allows to enable disable view and modify the parameters All Events System Events Network Events Events Reporting Reporting Configuration Events Log Files Report Create rules for Events Log reporting Events Log Report Rules Events log Transfer type Enable System Email Network Delete All rules are executed in current iisi order Events Log Reporting Configuration Events log Transfer type system Email 45 5 10 5 1 Events Log Report Configuration Allows to change the configuration of periodic events reporting to email or ftp All Events System Events Network Events Events Reporting Reporting
115. type of incoming or outgoing packet 3 Source Match incoming traffic from this IP or range only 4 Destination Redirect matched traffic to the given IP address and destination port 5 Action Action to be taken for the packet if it matches the rule 6 Enable Self explanatory Uncheck to make the rule inactive The rule will not be deleted but it also will not be loaded into the firewall 7 Sort When a packet arrives it gets checked for a matching rule If there are several rules that match the rule the first one is applied e the order of the rule list impacts how your firewall operates therefore you are given the ability to sort your list as you wish 67 You can configure firewall rule by clicking edit button Rub E disabled Mame Resinel lo address family Piotocol Maich ICMP type Soure zone Source MAC address Soure address SouIce por Declination zone Destination addres Destination por Action xim a RQ ume nts Enable Allow DHCP Relay IPv4 only UDP any Any zone lan lan Sa vpn empty wan wan 3 ppp a wanz a Device inp ut Any zone forward lan lan sh vpn empty wan wan a ppp Ei wane a Br accepi sa um Field Name Sample value Explanation spe O Name Restrict to address family Protocol Match ICMP type Source zone Source MAC address Source address Allow DHCP Relay IPv4 only TCP UDP Any ICMP Custom Used t
116. ugh a common broadband medium such as DSL line wireless device or cable modem DSL digital subscriber line it is a family of technologies that provide internet access by transmitting digital data using a local telephone network which uses the public switched telephone network NAT network address translation an internet standard that enables a local area network LAN to use one set of IP addresses for internet traffic and a second set of addresses for external traffic LCP Link Control Protocol a protocol that is part of the PPP Point to Point Protocol The LCP checks the identity of the linked device and either accepts or rejects the peer device determines the acceptable packet size for transmission searches for errors in configuration and can terminate the link if the parameters are not satisfied BOOTP Bootstrap Protocol an internet protocol that enables a diskless workstation to discover its own IP address the IP address of a BOOTP server on the network and a file to be loaded into memory to boot the machine This enables the workstation to boot without requiring a hard or floppy disk drive TCP Transmission Control Protocol one of the main protocols in TCP IP networks Whereas the IP protocol deals only with packets TCP enables two hosts to establish a connection and exchange streams of data TCP guarantees delivery of data and also guarantees that packets will be delivered in the same order in which
117. unction will periodically send Ping command to server and waits for echo receive If no echo is received router will try again sending Ping command defined number times after defined time interval If no echo is received after the defined number of unsuccessful retries router will reboot It is possible to turn of the router rebooting after defined unsuccessful retries Therefore this feature can be used as Keep Alive function when router Pings the host unlimited number of times Ping Reboot Periodic Reboot Ping Reboot Ping Reboot Settings Enable Reboot router if no echo is received Interval between pings 5 mins Y Ping timeout sec 1 Packet size 56 Retry count 2 127 0 0 1 Host to ping from SIM 1 Host to ping from SIM 2 127 0 0 1 MESITA Explanation Notes Enable 2 Reboot router if no echo received 3 Interval between Pings Ping timeout sec 5 Packet size 6 Retry count 7 Host to ping from SIM 1 8 Host to ping from SIM 2 This check box will enable or disable Ping reboot feature This check box will disable router rebooting after the defined number of unsuccessful retries Time interval in minutes between two Pings Time after which consider that Ping has failed This box allows to modify sent packet size Number of times to try sending Ping to server after time interval if echo receive was unsuccessful IP address or domain name which will be used to send ping packets to E
118. us server 2 The IP address of the second RADIUS server 6 Authentication port RADIUS server authentication port Z Accounting port RADIUS server accounting port 8 Authentication Internal radius A 9 IP address or E g 192 168 1 1 or 192 168 1 0 24 network of the client 10 Eaa oln Without radius A a 11 Doesn t require any RADIUS configuration Allows simple user connection based on username password 12 Protocol Either HTTP or HTTPs 13 HTTPS redirect Redirects HTTP pages to landing page 7 9 2 Internet Access Restriction Settings Allows to disable internet access in current day and hour every week General Restricted Internet Access Logging Landing Page Radius Server Teltonika_ Router Internet Access Restriction Settings Select Time To Restrict Access On Hotspot Teltonika_Router Days Hours 0 1 3h 2 3h 3 4h 45h 55h 6 7h 78h 8 9h 9 10h 10 11h 11 12h 12 13h 13 14h 14 15h 15 18h 18 17h 17 18h 18 18h 19 20h 20 21h 21 22h 22 23h 23 2 Monday Tuesday Wednesday Thursday Friday Saturday Sunday Internet access allowed EN Internet access blocked 106 7 9 3 Logging General Restricted Internet Access Logging Landing Page Radius Server Wireless Hotspot Logging Settings Logging To FIP Settings Enable Server address your ftp server Username usemame Password Port ESC Explanation Enable Server address User name Password Port a ES Check this box if you want to en
119. w long the connection has been successfully maintained These fields show up on other connection modes _Exclusive to other Modes with DHCP 21 5 3 1 3 LAN Displays information about LAN connection Mobile WAN LAN Wireless OpenVPN VRRP Topology LAN Information LAN IP address 192 168 1 1 Ethernet LAN MAC address 00 1 42 00 11 01 Metmask 255 255 255 0 Connected for 3h 18m 40s DHCP Leases Hosmame IF address MAC address Lease time remaining android 9aed2b2077a54c74 192168 1 232 FC 0C2 DDE 91 36 A6 11h 59m 49s LAN eae 2 ee IP address 192 168 1 1 Address that the router uses on the LAN network 2 EthernetLAN 00 1E 42 00 11 01 MAC Media Access Control address used for communication in a Ethernet MAC address LAN Local Area Network 2 Netmask 255 255 255 0 A mask used to define how large the LAN network is 3 Connected 3h 18m 40s How long LAN has been successfully maintained DHCP Leases If you have enabled a DHCP server this field will show how many devices have received an IP address and what those IP addresses are Field Name Sample Value Explanation Hostname Android DHCP client s hostname 9aed2b2077a54c74 2 IP address 192 168 1 232 Each lease declaration includes a single IP address that has been leased to the client 3 MAC address FC C2 DE 91 36 A6 The MAC Media Access Control address of the network interface on which the lease will be used MAC is specified as a series of hexadecimal oct
120. y between peer acknowledgement requests 83 Phase 1 and Phase 2 must be configured accordingly to the IPSec server configuration thus algorithms authentication and lifetimes of each phase must be identical Phase The phase must match with another incoming connection to establish IPSec Phase 1 Phase 2 Encryption algorithm 3DES T Hash algorithm SHA1 Y DH group MODP768 Lifetime sec 28800 Phase The phase must match with another incoming connection to establish IPSec Phase 1 Phase 2 Encryption algorithm 3DES Authentication HMAC SHAT Y Life time sec 3600 Remote Network Secure Group Set the remote network Secure Policy Database information It must be LAN network of remote IPSec host Remote Network Secure Group IP address Subnet mask Tunnel Keep Alive Allows sending ICMP echo requests to the remote tunnel network Enable Host Ping period sec WET Explanation Tunnel keep alive Allows sending ICMP echo request Ping utility to the remote tunnel network This function may be used to automatically start the IPSec tunnel This function should be used every time 2 Enable Allows sending ICMP echo requests to the remote tunnel network 3 Host Enter IP address to which ICMP echo requests will be sent 4 Ping period sec Set sent ICMP request period in seconds 84 7 4 3 GRE Tunnel GRE Generic Routing Encapsulation RFC2784 is a solution f
Download Pdf Manuals
Related Search