Maipu English Template
Contents
1. Product Models MP1800 10 router adopts the general basic platform and individual application to adapt the different industry application requirements and network environment of the carrier Currently MP1800 10 series router has various models To distinguish the product models we describe as follows MP1800 10 router models RM1800 10x Table 2 1 Product model list Network type CDMA2000 Product Shapes 1 Front Panel Maipu Confidential amp Proprietary Information Page 7 of 94 MP1800 10 3G Router User Manual RM1800 10x SIM MP1800 Front panel DCM2V 1 54 Back panel RESET The reset button press the button for 2 3s with power and the system resets press the button for 6 10s and the device restores the factory setting CONSOLE Serial console platform the baud rate is 9600 8 bit data bit no parity one bit stop bit FEO FE4 RJ45 Ethernet interface USB Outer USB interface ANTO is 3G antenna ANT1 is WIFI antenna The outer power adaptor is DC 12V 1 5A Indicator description Indicator____ Status Description sis SYS The system already runs normally SIM On The SIM card is connected normall 3G has data received and sent Indicate the signal intensity When the signals are strongest three indicators are all on when there is no signal three indicators are all off 3G signal indicator Maipu Confidential Proprietary Information Page 8 of 94 MP1800 10 3G Rou2. Add Modify IPSec rule Maipu Confidential amp Proprietary Information Page 67 of 94 MP1800 10 3G Router User Manual Click E in the above created tunnel list and you can enter the interface of configuring and editing the IPSec tunnel as shown in Figure 4 51 For the parameter description refer to the above section 3 View tunnel status Enter Status gt Tunnel status and you can view the connection status of the current IPSec tunnel as follows IPSec Status Refresh SAD Info Tunnel 1 192 168 30 0 24 any 171 209 229 221 lt gt 119 6 69 212 192 168 110 0 24 any Package esp des cbc hmac md5 Tunnel SPI Oxc5bcO8ca Ox0bca8c1d Receive Flow 408 bytes 3 packets Send Flow 408 bytes 3 packets Lifetime 28800 s Run Time 0 DayO Hour Minute27 Second Tunnel Num 1 Tunnel connection status SA IPSec security association Tunnel Display the gateway address at the two sides of the tunnel Package Display the security protocol of the tunnel such as esp and ah encryption algorithm gt authentication algorithm gt negotiation mode transport or tunnel the security association spi security parameter index of the two directions Receive Flow The data traffic received from the peer via the tunnel Send Flow The data traffic sent to the peer via the tunnel Lifetime The maximum using time of IPSec sa Run Time The time of setting up the tunnel Tunnel Num The total number of the tunnels set up in the de
3. Do not need to add in the static route Dynamic Route MP1800 10 router supports RIP dynamic route Enter Network gt Dynamic Route and you can perform the RIP dynamic route configuration as follows 1 Dynamic route Dynamic Routing Enable E Version 2 H Recevie V1 s Packet E Enable Source Check Update Interval 30 range 5 2147483 seconds Failure Time 180 range 5 2147483 seconds Lock Time 180 range 0 2147483 seconds Refresh Time 240 range 5 2147 483 seconds Publish Route O LAN CO 3G Interface C Ethernet WAN Dynamic route configuration interface Enable Whether to enable the RIP service Version Select the RIP version that is RIPv1 and RIPv2 Receive Vi s packet When selecting RIPv2 select whether to receive RIPv1 packets Enable Source Check Select whether to detect the source address of the point to point interface By default it is disabled Update Interval Update time of RIP route the interval of sending the route information Failure time Set the invalid interval of the route information If not receiving update packets after exceeding the time set the route information unavailable but do not clear the route information Maipu Confidential Proprietary Information Page 37 of 94 MP1800 10 3G Router User Manual Lock time Set the locking time of the route information The lock time is to prevent the route loop Refresh time The time of clearing the route information When the route
4. If passing the CA authentication organization get one certificate file issued by CA the suffix is crt and then upload the issued certificate to the certificate application file list of the router note that the uploaded location corresponds to the private key After uploading successfully the user can adopt the certificate on the IPSec configuration interface note the center certificate of the CA also needs to be uploaded Maybe the upper CA certificate of the CA also needs to be uploaded 2 Import other certificate get one valid certificate and private key from the certificate authorization organization as well as CA certificate After getting the certificates the user can upload the related certificate in Upload Certificate for details refer to the following figure Maipu Confidential amp Proprietary Information Page 71 of 94 MP1800 10 3G Router User Manual 3 Online certificate Configure the related parameters to make the system get the CA certificate device certificate and crl file from the certificate server online Currently support the Windows certificate server and Maipu CMS certificate server 1 Certificate uploading management To upload the certificate click VPN gt Certificate management gt Certificate uploading management and you can enter the IPSec certificate uploading configuration interface as follows Cert Upload Select Mode E Cert Key Upload CA Cert Upload CRL Upload P12 Cert
5. The external virtual IP address provided by the master and standby routers group as the default service gateway of the terminal the settings between the master and standby routers group should be consistent AAA Configuration The AAA module of MP1800 10 router provides the log authentication service including serial port web Telnet and SSH Maipu Confidential amp Proprietary Information Page 44 of 94 MP1800 10 3G Router User Manual Enter Service gt AAA Configuration and you can see the following interface AAA AAA Basic Information edit Status Disable None Mode Disable Radius Server Retry Times 3 Radius Server Timeout 10 AAA Server List Edit Radius Server Address Radius Server Port Key AAA configuration interface AAA Base Information Enable Enable None Auth Radius Retries 3 range 1 100 Radius Timeout 10 range 1 6000 seconds MK Cancel ud Save AAA basic configuration interface Enable Whether to enable the AAA authentication function Enable None Auth When it is impossible to interact with all Radius servers pass the authentication automatically Radius Retries The re try times before initiating the authentication to the next Radius server Radius Timeout The time of waiting for the response of the Radius server the unit is s AAA Keys List Server Address Server Port Key This section contains no values yet Add Cancel id Save AAA server key configuration list Server A
6. also requires the client host to enable the auto get IP address function Hot Backup Hot backup means that when MP1800 10 router halts it can turn to the Standby router directly so as to continue the normal work Enter Service gt Hot backup and you can see the following configuration interface Maipu Confidential amp Proprietary Information Page 43 of 94 MP1800 10 3G Router User Manual VRRP Enable E Interface LAN Y Synchronized Interface LAN H Priority 100 Range 1 254 lterval 1 Range 1 255 Seconds Authentication Type AH Y Authentication Password Maxlength is 8 Virtual IP MK Cancel id Save Hot backup configuration interface Enable Whether to enable the VRRP function Interface Load balance work interface it is LAN port Synchronized Interface The communication interface of the VRRP broadcast packets usually it is set as LAN port Priority The one with the highest priority becomes the master router Interval The interval of sending the VRRP packets By default it is set as s Authentication type The authentication mode of the packets exchanged between the master router and the standby router group The settings of the master and standby routers group should be consistent PASS is the un encrypted plain text authentication mode AH is the encrypted authentication mode Authentication password The settings of the master and standby routers should be consistent Virtual IP
7. 16 bits Confirm password Shortest 4 bits longest 16 bits Reset Submit Modify password Restart System When you want to restart MP1800 10 router via software enter System gt Restart System and you can see the following interface Click Restart Restart system Click Reboot to restart the system Reboot System restarting interface amp Caution After restarting successfully you need to re log into the system so that you can configure Log Out When you want to log out the web configuration interface of MP1800 10 router enter System gt Log out Network MP1800 10 router network setting includes the following functions e Dialing interface eo WAN interface e LAN interface e Forwarding mode Maipu Confidential Proprietary Information Page 22 of 94 MP1800 10 3G Router User Manual e Dynamic domain name e Static route e Dynamic route e Get online manually e WIFI setting Dial Interface 1 Basic Setting Click Network gt Dial Interface gt Basic Setting and you can see the basic configuration interface of the mobile network 3G Basic Setting Network Mode AUTO M Username card a Password Enable Back up Account EJ Enable SIM Card Bind E Enable Hardware ID Bind El MH Cancel amp Save Basic setting of mobile network Network mode Set the mobile network access mode 2 5G 3G auto Switchover User name Set the user name used by dialing you can get from the
8. 1P Configure the IP address of the remote log server Log Source Interface The source address of the remote log packet is the selected interface address Management Control The management control function of MP1800 10 router can control whether to enable the SSH service Telnet service or HTTP service Enter System gt Management Control and you can see the following configuration interface Management control Enable 55H Enable remote 33H E EnableTelnet E Enable remote HTTP XX Cancel Save Management control configuration interface Maipu Confidential amp Proprietary Information Page 18 of 94 MP1800 10 3G Router User Manual Configuration Management The configuration management function of MP1800 10 provides the backup and recovery for the user configuration Backup can save the configured parameters to the PC Recovery can restore the saved configuration parameters to the system 1 Backup configuration Enter System gt Configuration Management and you can see the following interface Configuration management Select Uploaded file Browse Restore Backup Restore tactory setting Backup configuration interface Click Backup and you can back up the current user configuration of the system A Caution Save the backup file to the desired host CD avoiding being lost 2 Recover configuration When you need to restore the user configuration to the system enter Sys
9. 28 85148948 85148139 URL http www maipu com Mail overseas maipu com All other products or services mentioned herein may be registered trademarks trademarks or service marks of their respective manufacturers companies or organizations Maipu Confidential amp Proprietary Information Page 2 of 94 MP1800 10 3G Router User Manual Contents Product Ad al TTT dE Y FFE CPV SCC ed le 5 A A A aca ace 6 Heel TT aleet or a triana 7 Product SU seco eee aces eee 7 OMS LOGIN A EA N T A E E O Enyronment e En EE 9 Using PreparatiOn E 9 Coniac EE 10 Mora ip isie cj ee ee O er re 14 CONTIQUESCIO E E SEE EE 15 SS tE T Brescia 16 ROMOL e 18 Management Conlara 18 Conia uration Manada Meer ets 19 SEU e Lee 20 SN ce eee er ere Rca 21 Klee ee 21 Restart EE 22 Eos o A Po 22 A A eo 22 DR e e II es 23 WAN Inten Cros acotada 28 EAN Interlace EE 34 Forwarding MOG rra 34 Dynamit Doman TL 35 St t ROUT E 36 Dynami eo A E E A O he nnn re Tn rT er 37 Manual Olinda 38 Oe SONO rca IA 39 EE 40 Pe UN aaa cesses em conc oe o o E 41 Maipu Confidential amp Proprietary Information Page 3 of 94 MP1800 10 3G Router User Manual elei we te E 43 EH 44 ENEE Eege 46 PIN Code Management sensnsernsmreaie scone wines tae cana aaa 48 Regular gie ln OIM mirrors 53 SERIES EE 3 Multi WAN Port Genie 54 og lg le BE 57 BASIS SOU pepe apena pasee 57 ACCESS CON Ol ere 58 Gelee E el ee EE 59 let Geelen DE 60 EE 61 Bandwidth Mana
10. 62 of 94 MP1800 10 3G Router User Manual 3 The IPSec tunnel configuration includes two phases phase 1 and phase 2 1 Add rule After inputting the tunnel name on the interface as shown in Figure 4 50 click Add to enter the interface for configuring the IPSec tunnel parameters as follows Basic configuration IKE Configuration IKE Name test Enable NAT Traversal Auto Up DPD Interval 30 Range 0 3600 Seconds DPD Max Fail Times 5 Range 1 100 Remote Gateway Local Interface 3G Interface H Authentication Method Pre Shared Key Y Exchange Mode Main Y My Identifier address H My ID Value Verify ID FJ Peer Identifier address Y Peer ID Value ge Encryption Algorithm DES Y Hash Algorithm MDS Y DH Key Group GROUPI Y Lifetime 86400 Range 0 31536000 Seconds Back To IKE List MK Cancel a Save IPSec phase 1 basic configuration Phase 1 configuration Maipu Confidential amp Proprietary Information Page 63 of 94 MP1800 10 3G Router User Manual Enable The switch of enabling the IPSec tunnel By default it is disabled If ticking it is enabled NAT Traversal To prevent the NAT gateway from affecting the IPSec tunnel it is recommended to enable the NAT traverse the tunnel data can traverse the NAT gateway Auto Up After completing and saving the tunnel configuration the system automatically negotiates the tunnel If ticking it is enabled DPD interval The interval of the security tunnel detecting the p
11. Ipsec sa View the ipsec sa information E no crypto ca certificate name Delete the certificate according to the CN domain value in the subject name of the certificate no crypto ca certificate name commonname Syntax Description commonname The CN value in certificate subject E no crypto ca certificate type Maipu Confidential amp Proprietary Information Page 90 of 94 MP1800 10 3G Router User Manual Delete the certificate according to the type no crypto ca certificate e fall crl myjroot Syntax Description all Delete all certificates and crl files in the system CH Delete all crl files my Delete all device certificates in the system root Delete all center certificates in the system a Configuration Mode Command per ip route static View the route information of the system ip route netaddr mask Add route information gatewa ip route Add route ip route e 0ddr mask gateway Syntax Description netaddr The destination network address such as 192 168 10 0 mask The network mask such as 255 255 255 0 gateway The next hop IP address Firewall Command Description Configuration Mode show firewall configure View the firewall all chain name table configuration information name Ze eer information mm eee the system E show firewall View the firewall configuration information show firewall configure all chain zame table name Syntax Description configure View the fir
12. Nov 18 23 32 28 Maipu daemon info dnsmasq 536 using nameserver 2711 10 5 198 53 Noe 18 23 32 28 Maipu daemon info dnsmasq 536 using local addresses only for domain lan Mov 18 23 32 40 Maipu daemon info dnsmasq 536 reading tmp resolvy conf auto Nov 18 23 32 40 Maipu daemon info dnsmasq 536 using nameserver 2711 10 5 198 53 Nov 18 23 32 40 Maipu daemon info dnsmasq 536 using nameserver 61 139 2 69f53 Mov 18 23 32 40 Maipu daemon info dns masq 536 using nameserver 2168 6 200 139 53 2 System logs LA Prompt The system logs include route IPSEC firewall DHCP and system The user can select from the drop down list to view system Information The system information mainly displays the hardware and software version information of MP1800 10 router so that you can select the corresponding upgrade file according to the version information when you update the system in the future Maipu Confidential amp Proprietary Information Page 77 of 94 MP1800 10 3G Router User Manual Click Status gt System information and you can see the following interface System Information Basic Information Device Model RM1800 10 Device Serial Number f bddb Hardware Version 001 Software Version 1 4 0 1579 Software Build Time 2012 11 18 23 59 CPU Frequency 320MHz Memory 32M Device Information Modem Information Modem attached System information Device Model MP1800 10 product model information such as RM1800 106 Device Se
13. Received Bytes Display the number of the bytes received by the WAN port Sent Packets Display the total number of the packets sent by the WAN port Sent Errors Display the number of the error packets sent by the WAN port Sent Drops Display the number of the dropped packets sent by the WAN port Sent Bytes Display the number of the bytes sent by the WAN port LAN Status LAN status displays the current LAN setting connection status and the received and forwarded traffic of the LAN interface Click Status gt LAN status and you can see the following interface LAN Status LAN Status IP Address 192 168 30 1 Netmask 255 255 255 0 MAC 00 01 7a f6 bd db LAN status IP Address Display the configured 1P address of the LAN port Maipu Confidential Proprietary Information Page 83 of 94 MP1800 10 3G Router User Manual Netmask Display the network address number of the configured LAN interface MAC Display the physical address of the LAN adapter Usually the address is fixed and unique LAN Stream Received Packets 18433 Received Errors 0 Received Drops 0 Received Bytes 1844374 Sent Packets 21003 sent Errors 0 Sent Drops 0 sent Bytes 17733635 LAN traffic information Received Packets Display the total number of the packets received by the LAN port Received Errors Display the number of the error packets received by the LAN port Received Drops Display the number of the dropped packets received by the
14. amp Proprietary Information Page 5 of 94 MP1800 10 3G Router User Manual Idle 300MA 12VDC Max 800A 12VDC 5 Other parameters Demission lt 100mmx140mmx35mm excluding antenna and installation parts Weight lt 1000g Work environment temperature 25 70 C Storage temperature 30 70 C Relative humidity lt 95 no condensing Functions 1 Basic Features Convenient flexible reliable Support CDMA 2000 and WCDMA Data terminal online forever NTP Remote logs Remote SSH Telnet HTTP management Local Firmware upgrade configuration backup SNMP management Support DDNS Inbuilt with DHCP and VRRP services Firewall and virtual address translation NAT Support packet filter Support mobile network traffic statistics Support VPDN and APN private network access 2 Advanced functions Support IPSEC GRE Maipu Confidential amp Proprietary Information Page 6 of 94 MP1800 10 3G Router User Manual e Support Windows 2008 2003 CMS offline digital certificate e Support Windows 2008 2003 CMS online digital certificate e Support dialing on demand and online forever e Support static route black hole route dynamic route RIP v2 e Support PIN code management of SIM card e Support AAA login authentication e Support 802 1x authentication e Support disconnection detection e Support multi WAN port backup e Support getting time via 3G e Support regular online offline e Support E3G management
15. de Men br rai 61 VEN CONIO Urea eta 62 EE 62 GRE ero oo q e e actsleentet utinesteseanetvewosaatenaes ean teenes 69 Cenicate Managemen blusas ninia 71 E Po PA 76 A A A 77 SUS IO lg Le EE 77 IPSec Tunnel Mesa E 78 Dialer Interface Gtatus resns esssrtesssrtessreressseeest 79 WAN STATS iio ewer ee 82 LAN StatUS a oa 83 ef ee ln elen DEE 84 DA OLE IRON cenas 85 Connection IM Omm a CIOI DEE 85 RESTE gelen EON pronta 86 E KE 87 PP E PO re e o Asin iene Ale o PI 87 Date 88 ee 89 Ee 90 ert EE 91 Rev o 91 ele A tas 92 a Maipu Confidential Proprietary Information Page 4 of 94 MP1800 10 3G Router User Manual Product Introduction This chapter describes the specifications functions and product models of MP1800 10 router letting you have a primary impression for MP1800 10 router and helping you to use the product better in the future 1 Hardware specifications 2 Functions 3 Product models 4 Product shapes Hardware Specifications 1 3G data e Support two kinds of 3G module that is WCDMA and CDMA2000 2 Interface o Wireless interface 500 SMA female e SIM UIM card 3V e Series data interface RJ45 RS 232 DCE eo Series data interface rate 9600 bits s e Ethernet interface 10 100BaseT RJ45 auto sensing e USB interface only for RM1800 10C RM1800 10W RM1800 10 e 802 11b g n only for RM1800 10C RM1800 10W RM1800 10 3 Power supply e Voltage 12VDC 4 Power consumption Maipu Confidential
16. dial interface status interface is as follows Maipu Confidential amp Proprietary Information Page 80 of 94 MP1800 10 3G Router User Manual 3G Status Status Information Current Dial Account Connection Status IMSI Network Mode Signal IP Address Gateway 3G Stream Received Packets Received Errors Received Drops Received Bytes Sent Packets Sent Errors Sent Drops Sent Bytes Modem Information Hardware Version Software Version Rediall Refresh Main Account Modem attached SIM exist Online 460030253834523 CDMA HDR HYBRID i 110 dBm 110 191 3 212 172 22 209 165 954 CE66TCPUVer A 11 002 05 00 45 Dial interface status The dialer interface traffic information displays the wireless interface traffic information of the current device as follows 3G Stream Received Packets Received Errors Received Drops Received Bytes Sent Packets Sent Errors sent Drops sent Bytes 954 Dialer interface traffic information The mobile network device information displays the wireless device information of the current device as follows Maipu Confidential Proprietary Information network network Page 81 of 94 MP1800 10 3G Router User Manual Modem Information Hardware Version CE66TCPUVer A Software Version 11 002 05 00 45 Mobile network device information WAN Status The WAN status displays the current WAN interface connection mode connection status and the receiving and forward
17. entry enters the invalid state enable the refresh timer If not receiving the update packets after exceeding the time clear the related route information Publish Route Tick the desired interface If not ticking the interface does not send or receive the route update information 2 Neighbor Enter Network gt Dynamic route as follows Neighbor IP Address add Cancel i Save Neighbor node configuration interface Neighbor IP Address Set the neighbor node of the RIP route When RIP updates the route information every time send the update to the host in the unicast mode amp Caution After adding the neighbor information click Save to make the device valid Before saving do not switch to other interface Manual Online MP1800 10 router already knows the IP address of the E3G server and the telephone number of the short message gateway E3G server can manage the device via the traditional mode of delivering the configuration and also can let the E3G server to manage via the manual online Enter Network gt Manual online to see the following configuration interface Maipu Confidential amp Proprietary Information Page 38 of 94 MP1800 10 3G Router User Manual Manual Online Enable E E3G Server IP E3G Phone Number si Managent Interface LAN H Notification Source Interface 3G Interface Y X Cancel W Save Manual online configuration interface E3G Server IP The IP address of the E3G server E3G Phone num
18. network provider the maximum length is 128 bits Password Set the password used by dialing you can get from the network provider the maximum length is 128 bits Enable Back up account Set using the standby account to dial If enabling the item and when the master account dialing fails use the Standby account to dial Enable SIM Card Bind Set the binding function of the SIM card If enabling the option bind the IMSI code of the SIM card with the system When using the 3G module for the first time record the card number If using other card subsequently and enabling the option there is error Maipu Confidential amp Proprietary Information Page 23 of 94 MP1800 10 3G Router User Manual Enable Hardware ID Bind After enabling the function carry the hardware ID hardware ID is MAC address of LAN port the format of dial user name is MAC user name in the dial user name LNS adopts the hardware ID user name password and IMSI to authenticate The function needs LNS and AAA server to cooperate For the common user after completing the above basic parameter configuration and saving MP1800 10 router performs the wireless network dialing connection automatically after powering on every time It is convenient to use After ticking Enable standby account the basic setting interface of the dial interface is as follows 3G Basic Setting Network Mode AUTO H Username card dl Password ij Enable Back up Account M
19. processing and debug IP setting Async Control Character Map Range 0 fitttitf Hexadecimal Debug Disable M Use Peer DNS Enable z Check Invalid DNS E No Default Route E LCP Echo Interval 10 Range 1 2147483647 Seconds LCP Echo Failure 6 Range 1 2147483647 MTU 1500 Range 128 16384 MRU 1500 Range 128 16384 Local IP Remote IF x Cancel Save Other parameters Asyn Control Character Map The asyn control character mapping is one 32 bit set Each bit indicates one ASCII value 0 31 ASCII character Each bit with the value 1 indicates that the corresponding control character should not be in the PPP packet sent by the peer The mapping table uses the hexadecimal coding do not need Ox The least significant bit 00000001 indicates the character O and the most significant bit 80000000 indicates the character 31 Debug Set whether to output the details of LCP IPCP negotiation during PPP dialing By default it is disabled Maipu Confidential amp Proprietary Information Page 27 of 94 MP1800 10 3G Router User Manual Use Peer DNS Whether to permit using peer DNS By default it is enabled Check invalid DNS If ticking detect whether the got DNS is valid If invalid re dial No Default Route If ticking do not add the default route to the dialing interface Otherwise after dialing succeeds add the default route to the dialing interface LCP Echo Interval PPP link control protocol LCP echo interval setti
20. service data flow If the router is configured with the service that needs to use the 3G traffic such as NTP remote log and IPSec DPD the dial on demand function becomes invalid Idle time Set the idle time of the connection when reaching the idle time close the connection 3 Advanced setting If you are advanced user enter Network gt Dial Interface gt Advanced Setting and you can complete the following advanced parameter configuration Authentication and encryption parameters Maipu Confidential amp Proprietary Information Page 25 of 94 MP1800 10 3G Router User Manual PPP Configuration CHAP Auto 7 PAP Auto H MS CHAP Auto H MS CHAPv2 Auto 7 EAP Auto H Authentication amp encryption parameters CHAP Challenge Handshake Authentication Protocol It is one encrypted authentication mode and can avoid transmit the actual password of the user when setting up the connection For PPP the key information does not need to be transmitted in the channel during the authentication and the information switched during each authentication is different which can avoid monitoring attack and improve the security PAP It is one simple plain text authentication mode It is required that the key information is transmitted in plain text via the channel so it is easy to be monitored and leaked by sniffer MS CHAP It is similar to CHAP MS CHAP is also one encryption authentication mechanism using MPPE based data encryption
21. the spi of the security association at the two directions Receive Flow The data traffic received from the peer via the tunnel Send Flow The data traffic sent to the peer via the tunnel Lifetime The maximum using time of IPSec SA Run Time The time of setting up the tunnel Tunnel Num The total number of the tunnels set up in the device Dialer Interface Status The dialer interface status interface displays the dialer interface status dialer interface traffic information and mobile network device information The dialer interface status displays the used wireless network module connection information network connection information and whether SIM card is in place of MP1800 10 router With the information you can get to know the wireless network connection status of the current device as follows Maipu Confidential amp Proprietary Information Page 79 of 94 MP1800 10 3G Router User Manual 3G Status Redial Status Information Connection Status Modem attached SIM exist Online IMSI 460030253834523 Network Mode CDMA HDR HYBRID Signal 1 107 dBm IP Address 171 209 229 221 Gateway 172 22 209 174 3G Stream Received Packets 146 Received Errors 119 Received Drops 0 Received Bytes 13446 Sent Packets 149 Sent Errors 0 Sent Drops 0 Sent Bytes 13894 Modem Information Hardware Version CE66TCPUVer A Software Version 11 002 05 00 45 Dialer interface status After enabling the standby account the
22. AN port interface status interface 1 Multi WAN Backup Multiwan Interface Policy Master Back Mode H Backup Mode Each Other Mode H Interface Name Status Role Weight Track Ip Ping Count Timeout Interval Down Up Ethernet WAN Disactive Master 10 8 8 8 8 3 3 m 3 3 B 3G Interface Disactive Master 10 8 8 8 8 3 3 10 3 3 A Cancel a Save Multi WAN port interface status interface 2 Multiwan Interface Policy Select multi WAN work policy There are two policies that is manual mode and backup mode The manual mode means that when using dial interface and Ethernet WAN port separately the user needs to configure the static route manually the backup mode means to select one interface as the work interface according to the status of the dial interface and Ethernet WAN port and the other interfaces work as the backup of the work interface Backup Mode There are two work modes in the backup mode that is active mode and active standby mode The active mode means that the first working mode works and does not switch to the other interface unless being disconnected The active standby mode means that as long as the active interface is normal we use the active interface to work Interface configuration information Click the edit button of the interface configuration information and you can configure it The configuration interface is as follows Maipu Confidential amp Proprietary Information Page 55 of 94 MP1800 10 3G Router User Manual Multi
23. After upgrading successfully the interface turns to the login interface automatically A Caution During upgrade do not power off Otherwise the device cannot be used Maipu Confidential Proprietary Information Page 20 of 94 MP1800 10 3G Router User Manual SNMP When you want to configure SNMP enter System gt SNMP and you can see the following interface SNMP ECC System location ils Contact admin irl18 com system name 3GRouter System description 3GRouter Community name public SNMP management IP 192 168 30 200 Xm SNMP configuration interface Enable Whether to enable SNMP System location Input the location of the router Contact Input the contact of the administrator of the router System name Input the name of the router System description Input the description of the router Community name Specify the community name of SNMP SNMP management IP Specify the server IP address to which the Trap message of the device is sent LA Prompt The above configurations are all set to the nodes in MIB Modify Password MP1800 10 router provides the authority of modifying user password Enter System gt Modify Password and you can set the new password for the system administrator admin as follows Maipu Confidential amp Proprietary Information Page 21 of 94 MP1800 10 3G Router User Manual Modify password Old password nonan Shortest 4 bits longest 16 bits New password Shortest 4 bits longest
24. Common Name m Email Reset Submit Offline Cert Application Application Way Key Length subject Name ROUGH H 512 H Maipu Confidential amp Proprietary Information Reset Submit Certificate application Application Way There are two modes of filling the certificate One is to fill by the prompt the other is to fill the whole subject name applicable to apply for the certificates with multiple same attributes such as CN test OU mp1 OU mp2 C CN Key Length mandatory the private key length Country Name optional usually we select CN Province optional input the locating province Locality optional input the name of the locating street Organization optional input the name of the locating organization Page 73 of 94 MP1800 10 3G Router User Manual Organization Unit optional input the locating unit Common Name mandatory You cannot input the special characters suchas gt lt itis unique Email optional the email address of the company Click Submit and the interface turns to the certificate uploading management interface In the certificate application file list you can download and delete the certificate request file LA Prompt When downloading the certificate request file from the certificate application file list it is recommended to place the mouse on the corresponding certificate application file right click and select Save as to download If usin
25. LAN port Received Bytes Display the number of the bytes received by the LAN port Sent Packets Display the total number of the packets sent by the LAN port Sent Errors Display the number of the error packets sent by the LAN port Sent Drops Display the number of the dropped packets sent by the LAN port Sent Bytes Display the number of the bytes sent by the LAN port Route Information View all route information of MP1800 10 router Click Status gt Route information to view all route information of the system as follows Maipu Confidential amp Proprietary Information Page 84 of 94 MP1800 10 3G Router User Manual Network Destination Netmask Gateway Metric Wan 172 22 209 175 299 299 299 255 0 0 0 0 lan 192 168 30 0 299 299 2595 0 0 0 0 0 0 wanl 192 168 10 0 299 255 255 0 0 0 0 0 0 wan 0 0 0 0 0 0 0 0 172 227 209 175 O wanl 0 0 0 0 0 0 0 0 192 168 10 1 O wanl 0 0 0 0 0 0 0 0 0 0 0 0 O Route information DHCP Information The DHCP client information list displays the IP distribution information of all DHCP clients of MP1800 10 router Click Status gt DHCP information and you can see the auto distributed addresses as follows DHCP Status Host Name IP Address MAC Address Remaining Time maple 192 168 30 245 38 83 45 e9 d9 7d 09h 59m 50s DHCP information Connection Information The connection information displays all ARP table information of MP1800 10 router and the connection information of the curre
26. MAIPU MP1800 10 3G Router User Manual V1 0 Maipu Communication Technology Co Ltd No 16 Jiuxing Avenue Hi Tech Park Chengdu Sichuan Province P R China 610041 Tel 86 28 85148850 85148041 Fax 86 28 85148948 85148139 URL http www maipu com Mail overseas maipu com Maipu Confidential amp Proprietary Information Page 1 of 94 MP1800 10 3G Router User Manual All rights reserved Printed in the People s Republic of China No part of this document may be reproduced transmitted transcribed stored in a retrieval system or translated into any language or computer language in any form or by any means electronic mechanical magnetic optical chemical manual or otherwise without the prior written consent of Maipu Communication Technology Co Ltd Maipu makes no representations or warranties with respect to this document contents and specifically disclaims any implied warranties of merchantability or fitness for any specific purpose Further Maipu reserves the right to revise this document and to make changes from time to time in its content without being obligated to notify any person of such revisions or changes Maipu values and appreciates comments you may have concerning our products or this document Please address comments to Maipu Communication Technology Co Ltd No 16 JiuXing Avenue Hi Tech Park Chengdu Sichuan Province P R China 610041 Tel 86 28 85148850 85148041 Fax 86
27. MS2 CHAP MS CHAP version 2 EAP It is one expansible authentication protocol The protocol is used by the authentication in the point to point network such as PPP It can Support various authentication mechanisms With the expansible authentication protocol any ID authentication mechanism can authenticate the remote access connection Compression and control protocol parameters Compression Control Protocol Forbid Y Address Control Compression Forbid Y Protocol Field Compression Forbid Y VJ TCP IP Header Compression Forbid H VJ Connection D Compression Forbid Y Compression amp Control protocol Compression control protocol Responsible for the configuration on the PPP link and negotiating which compression algorithm to adopt And adopt the reliable mode to identify the failure of the compression and de compression mechanism Maipu Confidential Proprietary Information Page 26 of 94 MP1800 10 3G Router User Manual Address control compression Whether to permit PPP packet address domain and control compression setting Protocol domain compression Whether to enable the protocol domain compression VJ TCP IP header compression Whether to permit TCP IP data to perform the Van Jacobson header compression Connection ID compression Whether to permit the connection ID compression Other parameters Other parameter setting provides you whether to permit using the peer DNS LCP echo interval LCP echo failure packet side
28. Restart the device when provisioning the service via E3G Update configuration Restart the device when updating the configuration via E3G CLI After logging in via the CLI of the device serial port Telnet SSH you can use the command to perform the basic viewing and configuration operations including e System Interface 3G IPSec Route Firewall DHCP amp VRRP System Command Description Configuration Mode version clock intermediate value realtime Restart the device Exit o LLog out the device Activate the locked device login key Log into the shell command line traceroute dst Track the route ping dst Network connectivity test Maipu Confidential amp Proprietary Information Page 87 of 94 MP1800 10 3G Router User Manual WN show Syntax Description arp View the arp table information process View the system process information version View the system version information clock View the system time NW show logging View the real time and history logs of the system show logging buffer realtime Syntax Description realtime View the system real time logs buffer View the system history logs EH show otp key Get the intermediate value of logging into to shell NW login Log into the shell command line login ey Syntax Description key Key is the login value after calculation Interface Command Description Configuration Mode show interface View the interface information of the syst
29. SIM card including PIN code protect status PIN code remaining input times and remaining input times of PUK code PIN The PIN code is the personal identification code comprising 4 8 digitals Enable protect Enable the PIN code protect Enter Service gt PIN code management gt Modify PIN code and you can modify the PIN code The configuration interface is as follows PIN Change SIM Status Show Status SIM Card Info SIM Exist Prompt Old PIN New PIN Confirm New PIN MH Cancel id Save The interface of modifying the PIN code SShow status Query the current status of the SIM card including PIN code protect status PIN code remaining input times and remaining input times of PUK code Old PIN It comprises 4 8 digitals New PIN It comprises 4 8 digitals Maipu Confidential amp Proprietary Information Page 50 of 94 MP1800 10 3G Router User Manual Confirm new PIN It comprises 4 8 digitals Click Show Status and the interface for modifying the PIN code is as follows PIN Change SIM Status Show Status SIM Card Info SIM Exist PIN Protect State Protected PUK State PUK unlocked PIN Retries 3 PUK Retries 10 Prompt Old PIN New PIN Confirm New PIN x Cancel a Save Interface for modifying the PIN code After modifying the PIN code successfully and if the PIN code protect is enabled before modifying the PIN code the system automatically records the new PIN code and uses the PIN code during di
30. TCP IP Properties General You can get IP settings assigned automatically iF your network supports this capability Otherwise you need to ask your network administrator For the appropriate IP settings Obtain an IP address automatically f Use the Following IP address IP address 197 168 10 125 Subnet mask 255 1 255 255 0 Default gateway 192 168 10 1l f Obtain DNS server address automatically e Use the Following DNS server addresses Preferred ONS server l l Advanced Alternate OWS server cence TCP IP attribute configuration The configuration is as follows IP address 192 168 10 refers to any integer from 2 254 Subnet mask 255 255 255 0 Default gateway 192 168 10 1 After configuration click OK D Caution 1 The method interrupts the communication between the computer and LAN for a moment 2 The factory setting of MP1800 10 router LAN interface e IP address 192 168 10 1 e Subnet mask 255 255 255 0 2 Method 2 Maipu Confidential amp Proprietary Information Page 12 of 94 MP1800 10 3G Router User Manual In the previous network configuration environment when you do not want to interrupt the communication between the local PC and LAN but still can configure MP1800 10 router you can consider adding route IP to realize Click Advanced in the above figure 3 3 as shown in Figure 3 3 Advanced TCP IP Settings El IP Settings pus wins O
31. Upload Choose File No file chosen Cert File Choose File No file chosen Private Key File D Cert List Cert Name Cert Type Key Name CRL Name Delete Cert Request List Cert Type Key Name CRS Name CRS File Upload Cert Delete Upload certificate Cert Upload Used to upload the certificate applied from other device Here you should upload the device certificate and private key center certificate CA certificate The uploaded certificate is displayed in the certificate list The certificate revoke file can be used to make one specified certificate become invalid Cert list Used to display the current digital certificates uploaded to the router Certificate Request List Used to upload the certificate files The certificate is the csr rile generated in the certificate application the certificate issued by CA crt for the application steps refer to certificate application Click x and you can delete the related certificate Maipu Confidential amp Proprietary Information Page 72 of 94 MP1800 10 3G Router User Manual 2 Certificate application To apply for the certificate click VPN gt Certificate management gt Certificate application and you can enter the IPSec certificate application configuration interface as follows two application modes Offline Cert Application Application Way DETAIL H Key Length 512 H Country Name M Province Locality Organization Organization Unit
32. User Manual Access Concentrator Name Set the name of the access server requested during the PPPoE dialing LAN Interface LAN interface configuration provides the configuration for MP1800 10 router Ethernet port Enter Network gt LAN interface and you can see the following configuration interface LAN Settings LAN IP 192 168 30 1 Netmask 255 255 255 0 MH Cancel id Save LAN setting IP Set or modify the LAN IP address of MP1800 10 router The default value is 192 168 10 1 Usually it is the gateway IP or LAN gateway of the direct connected computer Netmask Set or modify the special IP address identifying the network address of the LAN IP such as 255 255 255 0 LA Prompt 1 If you do not need to modify the LAN IP of MP1800 10 router you can jump over the LAN setting 2 If you modify the factory LAN IP of MP1800 10 router you need to return to Chapter 3 to re configure the computer and re log into MP1800 10 router Forwarding Mode Forwarding mode is used to set the forwarding mode of the packet to be based on route searching or IP address pretending Enter Network gt Forwarding mode and you can see the following configuration interface Maipu Confidential Proprietary Information Page 34 of 94 MP1800 10 3G Router User Manual Network Mode Network Mode Route Mode H NAT Mode Route Mode MK Cancel d Save Forwarding mode setting Route mode Decide the forwarding path by searching f
33. WAN Configure Interface Ethernet WAN Enable Interface El Role Master v Weight 10 Y Track Ip 8 8 8 8 vw Ping Count 3 H Timeout 3 sec H Interval D Sec H Down Try Times 3 Y Up Try Times 3 H Back to multiwan list x Cancel i Save Multi WAN service interface configuration interface Interface The name of the interface Enable interface After ticking enable the multi WAN port service on the interface Role The role of the interface in the multi WAN port backup function The metric value in the load balance Weight The weight of the route in the load balance Track IP Detect whether the link is the fluent IP address It is suggested to fill in one fixed address in the network Ping Count The times of ping keepalive address in the link detection Timeout The timeout of the ping keepalive address in the link detection The timeout value had better be larger than the ping count Interval The interval of detecting the link Down Try Times The interface becomes invalid when the link detection reaches the invalid times Up Try Times The interface becomes valid when the link detection reaches the valid times Maipu Confidential amp Proprietary Information Page 56 of 94 MP1800 10 3G Router User Manual Status Firewall The status firewall functions of MP1800 10 router include eo Basic setting e Access control e Port mapping MAC IP binding Basic Setting Basic setting is the default action used to set th
34. ain Account Recovery Time 600 Range 0 1000000 Minutes Redial Count 3 Range 0 255 Username gt Password Enable SIM Card Bind Enable Hardware ID Bind MX Cancel amp Save Basic setting of mobile network Main Account Recovery Time After setting standby account dialing successfully restore the dialing interval of the master account The unit is minute the default value is 600 minutes O means not to restore the master account Re dial Count Set the re dialing times of each account By default it is three times O means always trying to use the master account dialing and do not use standby account User name Set the user name used by dialing it can be got from the network provider The maximum length is 128 bits Password Ser the password used by dialing it can be got from the network provider The maximum length is 128 bits Maipu Confidential Proprietary Information Page 24 of 94 MP1800 10 3G Router User Manual 2 Link Type Set link connection mode including online forever and dial on demand Enter Network gt Dial interface gt Link type and you can see the configuration interface of the link type Link Type Link Type Alaways on line 7 Cancel Save Online forever Always on line Make the network connection be online forever Link Type Link Type Dial on Demand B ldle Time 10 Range 0 2147483647 Seconds MX Cancel amp Save Dial on demand Dial on demand Trigger dial when there is
35. aling The PIN code is still in the protect state If not enabling the PIN code protect before modifying the PIN code the PIN code is still in the un protect state after modifying the PIN code Enter Service gt PIN management gt PUK code unblock and the configuration interface is as follows PUK Unlock SIM Status Show Status SIM Card Info SIM Exist Prompt PUK New PIN MK Cancel i Save PUK code unblocking configuration interface Show status Query the current status of the SIM card including PIN code protect status PIN code remaining input times and remaining input times of PUK code Maipu Confidential amp Proprietary Information Page 51 of 94 MP1800 10 3G Router User Manual PUK It comprises 8 digitals New PIN It comprises 4 8 digitals Click Show status and the PUK code unblocking configuration interface is as follows PUK Unlock SIM Status Show Status SIM Card Info SIM Exist PIN Protect State Protected PUK State PUK unlocked PIN Retries 3 PUK Retries 10 Prompt Do not need PUK to unlock PUK New PIN MH Cancel a Save PUK code unblocking configuration interface After unblocking PUK code successfully and the PIN code protect is enabled the system automatically records the new PIN code and uses the PIN code during dialing When the PUK code status in the SIM card status is do not need PUK code unlock you cannot operate the interface You can input the PUK code to un
36. amp Proprietary Information Page 47 of 94 MP1800 10 3G Router User Manual Accept MAC Configuration Accept MAC Address This section contains no values yet MH Cancel y Save Accept MAC address configuration interface Accept MAC address Configure the accepted MAC address The MAC address can directly access the network resources without authentication Deny MAC Configuration Deny MAC Address This section contains no values yet Add MX Cancel Save Deny MAC address configuration interface Deny MAC address Configure the denied MAC address The MAC address cannot pass the authentication or access the network resources PIN Code Management PIN code Personal Identification Number is the personal identifying code of the SIM card PUK PIN Unblocking Key comprises one group of 8 digital numbers It is set when the SIM card is delivered from the factory One SIM card corresponds to one unique PUK code and cannot be modified PIN code management means that MP1800 10 router manages the PIN code of the SIM card including enabling or disabling PIN code protect and modifying the PIN code and PUK code un blocking so as to improve the security of the SIM card amp Caution When using the management function of the PIN code 3G dialer is disconnected automatically Enter Service gt PIN code management gt PIN code protect and you can enable or disable the PIN code protect Maipu Confidential amp Propri
37. atus Firewall gt Access control and the configuration interface is as follows ACL Enable EJ Protocol TCP Y Source Interface LAN M Source IP 192 168 10 0 24 Source Port Dest Interface 3G Interface u Dest IP Dest Port Action Reject M Back to ACL list XX Cancel ud Save Access control Enable If ticking the item enable the rule Protocol It can be TCP protocol UDP protocol ICMP protocol or specify the TCP and UDP protocol at the same time Source IP It is the IP or segment of the intranet PC such as 192 168 10 0 24 Source Port It can be a section such as 22 8888 If you are not sure about the source port you d better not fill Dest IP It can be a section same as the source IP address Dest port It can be a section same as the source port Action Specify the processing mode of the rule for packets accept refuse drop Maipu Confidential amp Proprietary Information Page 58 of 94 MP1800 10 3G Router User Manual Click e and you can delete the corresponding rule LA Note If you want to prohibit LAN from accessing most of Internet services you can add settings as follows Step 1 Prohibit the access for all Internet services Step 2 Enable the exceptional services All rules of the firewall comply with the principle Configure later and match earlier Port Mapping With the NAT function of MP1800 10 router you can perform the one to one mapping between Internet public IP address an
38. ber The telephone number of the E3G server short message gateway Management interface The interface used when the E3G server accesses the device It can be LAN port or dial interface Notification Source Interface The source interface used when the device sends the register keepalive and alarm information to the E3G server It can be LAN port or dial interface A Cautions 1 For the using of E3G management interface usually select LAN port when using the IPSec tunnel that is let the E3G server manage the device via the tunnel when not using the IPSec tunnel and the 3G interface can be accessed you can select Dial interface 2 For the using of the device report interface the device reports the information via the 3G dial interface as the source interface use LAN port as the report source interface of the device so that the user can clearly understand the IP segment used by the device It is convenient for the user to plan and manage the network WIFI Setting WIFI of MP1800 10 router supports the 802 11b g n mode and Open WEP WPA WPA2 security mode For the configuration enter Network gt WiFi setting and the configuration interface is as follows Maipu Confidential Proprietary Information Page 39 of 94 MP1800 10 3G Router User Manual Wireless Settings Enable Name SsiD RM1800 Forbid SSID Broadcast Authentication WPA B WIFI Key 11111111 Cipher AES H Channel Automatic MN Wifi Mode Mixed b g n z MH Can
39. cel g Save WiFi setting Enable Whether to enable the WiFi function If ticking it is enabled Name SSID Set the access point name of the wireless network Forbid SSID broadcast After ticking do not broadcast SSID Authentication Select the security mode of the wireless network You can select OPEN WEP WPA WPA2 and WPA WPA2 mixed OPEN means not encrypting The WEP encrypted password comprises 5 or 13 ASCII characters the length of the WPA WPA2 and WPA WPA2 encrypted password is 8 63 Set the encryption algorithm of WPA WPA2 WPA WPA2 mixed encrypting mode You can select AES TKIP and AES TKIP mixed By default it is AES Channel Set the WiFi work channel You can select auto or specify one channel WiFi Mode Set the WiFi work mode You can select b mode g mode n mode mixed b g mixed g n and mixed b g n Service The service functions of MP1800 10 router include DHCP setting e Hot backup Maipu Confidential amp Proprietary Information Page 40 of 94 MP1800 10 3G Router User Manual e AAA configuration e 802 1x authentication e PIN code management e Regular online and offline e Disconnection detection Multi WAN port service DHCP Setting 1 DHCP server DHCP Dynamic Host Configuration Protocol is used to distribute the dynamic IP address to the network host so as to make the fussy configuration become simple and easy Especially for the large LAN IP configuration using DHCP service can re
40. d internal private IP address Enter Status firewall gt Port mapping and you can see the following configuration interface NAT Enable Protocol Src Iface Source Port Dest IP Dest Port E TCP z 3G Interface 7 22 192 168 10 100 22 xj XK Cancel G Save Port mapping Enable If ticking the item it is enabled Protocol It can be TCP UDP or specify the two at the same time Source interface The interface for receiving packets Source port It is one specified integer It refers to the source port of the desired mapping Dest IP It is the IP address of Internet one PC It refers to the IP address of the destination host to be mapped Dest Port One port of the destination IP The number of the destination port to be mapped Click sl and you can delete the corresponding port mapping amp Caution Maipu Confidential amp Proprietary Information Page 59 of 94 MP1800 10 3G Router User Manual After adding the port mapping information you should click Save to make the device valid Before saving do not switch to the other interface MAC IP Binding The MAC IP binding function is used to limit the host with the specified IP address in LAN to filter the packets according to the mode of matching IP and MAC at the same time The optional filter modes are accept refuse or drop Rule setting MAC IP Rule Enable E Source P Source MAC Action ACCEPT MN Back to MAC JD list MH Cancel id Save MAC IP binding rule set
41. ddress The address of the Radius server Maipu Confidential Proprietary Information Page 45 of 94 MP1800 10 3G Router User Manual Server Port The port of the Radius server Key The key when the Radius server interacts with the client 802 1x Authentication The 802 1x protocol is C S based access control and authentication protocol It can limit the un authorized user device from accessing LAN WLAN via the access port Before getting the services provided by the switch or LAN 802 1x authenticates the user device connected to the switch Before passing the authentication 802 1x just permits EAPoL LAN based extended authentication protocol data to pass the switch port connected to the device After passing the authentication the normal data can pass the Ethernet port smoothly 8021X Configuration Base Configuration edit Status Disable NAS ID Protocol Version 1 Control Mode MAC Authentication Server List Edit Server IP Server Port Shared Key Accept MAC List Edit Accept MAC Address Deny MAC List edit Deny MAC Address 802 1x main configuration interface Base Configuration The basic configuration of 802 1x such as enable protocol version and access control mode Authentication Server List You can configure multiple authentication servers When one authentication server fails the time of switching to the next authentication server is 6s Accept MAC List Configure the accepted MAC address Th
42. device The specific configuration mode Enter Service gt Disconnection detection as follows Maipu Confidential Proprietary Information Page 53 of 94 MP1800 10 3G Router User Manual Network Detect Enable El Probe IP 8 8 8 8 ii Interval 30 range gt 30 second Retry 3 range gt 2 Count 3 range gt 1 Abnormal Time Cancel id Save Disconnection detection Enable If ticking enable the disconnect detection function Probe IP The destination address of the ICMP detect packet Interval The interval of sending the ICMP packet Retry When detecting for the configured times successively failed the device automatically restarts Count The number of the ICMP packets every time Abnormal Time The waiting time for the device to restart because of the SIM card arrears wrong dial parameter configuration and poor network signal A Caution The function does not take effect when dialing on demand and the device is forced to offline Multi WAN Port Service The multi WAN port service mainly realizes the backup function of the WAN port The WAN port backup function has two work modes that is active mode and active standby mode Enter Service gt Multi WAN port service status interface as follows Maipu Confidential Proprietary Information Page 54 of 94 MP1800 10 3G Router User Manual Multi WAN Backup Multiwan Interface Policy Manual Mode Master Back Mode XK Cancel ud Save Multi W
43. duce the workload of the network management staff greatly MP1800 10 router is inbuilt with DHCP server letting it provide the dynamic IP distributing service for your LAN Enter Service gt DHCP Setting and you can see the following configuration interface DHCP Service Interface LAN Enable DHCP Service Start IP 192 168 10 200 End IP 192 168 10 250 Lease Time 10h i DHCP setting interface Enable DHCP service If ticking the item enable the DHCP service Otherwise disable the DHCO service Start IP The set start address should be in the same network as the IP address of LAN port and cannot be the broadcast address or LAN port address End IP The set end address should be in the same network as the IP address of the LAN port and cannot be the broadcast address or LAN port address Maipu Confidential amp Proprietary Information Page 41 of 94 MP1800 10 3G Router User Manual Lease Time Set the keeping time of one IP address The minimum value is 2 minutes the unit is h or m or s LA Prompt When applying the DHCP service it is required to enable the Auto get IP address function of the client host For the enabling of the auto get IP address of other kinds of client hosts refer to the using instruction of the device Internet Protocol TCP IP Properties General Alternate Configuration You can get IP settings assigned automatically iF your network supports this capability Oth
44. e current MP1800 10 router firewall including the default processing policy of the firewall whether to filter Ping packets from Internet whether to prevent DOS attack and whether to enable the status firewall Enter Status firewall gt Basic setting and the setting interface is as follows Basic Setting Default Policy ACCEPT H Defensive DDos Ki Drop Invalid Pkt E Drop Ping El Drop Multicast Fixed MTU Auto Setting Y MH Cancel a Save Basic setting Default Policy Set the default action of the firewall If the packets forwarded via the firewall do not match any valid rule execute the default processing action Filter Ping packets from Internet If ticking the item filter the external Ping packets TCP MSS setting mode You can select the manual setting and auto setting modes TCP MSS Set the TCP MSS value manually The value range is 500 1460 Prevent Dos attack If ticking the item the system can prevent the external Dos attacks Maipu Confidential amp Proprietary Information Page 57 of 94 MP1800 10 3G Router User Manual Error packet detect If selecting the item the system can filter the invalid packets Access Control The firewall security control is realized via the added security rule To realize one IP filter control you should add the corresponding control rule to the IP filter rule base of MP1800 10 router so that you can use MP1800 10 to perform the security control protect Enter St
45. e host in the list can access the network resources without authentication Deny MAC List Configure the refused MAC address The host in the list cannot access network resource without passing authentication Maipu Confidential amp Proprietary Information Page 46 of 94 MP1800 10 3G Router User Manual 8021X Base Configuration Enable E NAS ID E Protocol Version 1 H Control Mode MAC H x Cancel amp Save Basic configuration of 802 1x authentication Enable If ticking enable the 802 1x authentication NAS ID The ID of the RADIUS client Control Mode Set the 802 1x access control mode including port port based and mac MAC based access control mode In the port mode as long as one port passes authentication all devices of the port can access the network resources via the port In mac mode each device cannot access the network resources unless passing the authentication Authentication Server Configuration Server IP Server Port Shared Key This section contains no values yet Cancel Save Authentication server configuration interface Server IP Configure the IP address of the authentication server Server port Configure the port of the authentication server RFC2058 port is 1645 and RFC2866 port is 1812 it is also the most general port Usually it is configured as 1812 Shared key Configure the share key of the server It should be consistent with the configured share key of the server Maipu Confidential
46. eer status description With the DPD interval IPSEC sends one DPD detection packet to judge whether the tunnel peer exists If the peer does not respond IPSEC initiates re negotiation DPD Max Fail Times Set the maximum re transmission times of the security tunnel peer status detection Remote gateway The remote gateway address usually it is the remote public IP address Local Interface Select the interface at the local used to set up the tunnel with the remote Authentication Method You can select the pre share key or digital certificate Usually we select the pre share key Center certificate name Select the certificate of the authentication center CA certificate The certificate requires uploading the corresponding certificate in the certificate uploading configuration item The item depends on the authentication mode as digital certificate and the local ID type as ASD1DN Certificate content Select the digital certificate The certificate requires uploading the corresponding certificate in the certificate uploading configuration item The item depends on the authentication mode as digital certificate and the local ID type as ASD1DN Certificate private key Select the corresponding private key of the digital certificate The certificate requires uploading the corresponding certificate in the certificate uploading configuration item or being got from the certificate application The item depends on the authenticati
47. em MO View the configuration or configure status status of the interface ip address address mask Configure the IP address of config if wan the interface mip address Syntax Description address mask Address refers to the IP address of the interface mask refers to the network mask of the interface mM show interface View the information of all interfaces or one interface show interface 7 zame configure status ifname can be wan lan wanl and lani Maipu Confidential amp Proprietary Information Page 88 of 94 MP1800 10 3G Router User Manual Syntax Description ifname configure View the interface configuration information ifname status Just used to view the ppp interface status The command is wan status 3G Command Description Configuration Mode sms sendto phone num Send short message config content sms gateway phone num Set the number of the short config message gatewa show device usb View the usb device information ZE a e O O message gatewa Ea MS cil OOO information show configure View the module modularname configuration information NW sms sendto Send content to phone num yn Description phone num content phone num refers to the destination number content refers to the content of the short message Note Before the telephone number there needs to be county code sometimes such as China 86 Here the whole phone num should be as follows 8613912345678 E
48. erwise you need to ask your network administrator For the appropriate IP settings fe Obtain an IP address automatically Use the Following IP address IP address subnet mask Default gateway Use the Following ONS server addresses Preferred DMS server Alternate DNS server Setting of auto get IP address 2 Statics IP Mapping Static IP mapping is the IP MAC map setting that is the binging setting of the IP address and MAC address You can bind the IP address with the adapter physical address MAC of the network device to distribute the IP address for the LAN device to connect Internet This not only saves the work time but also protects the LAN from being affected by some virus such as ARP proofing Enter Service gt DHCP Setting as follows Maipu Confidential amp Proprietary Information Page 42 of 94 MP1800 10 3G Router User Manual MAC IP Binding MAC Address IP Address add MH Cancel ad Save Setting of auto get IP address MAC Address Set the MAC address of the static IP host such as 00 50 56 C0 00 08 IP Address Set the distributed static IP address The IP address should be in the same network as the IP address of the LAN port and cannot be the broadcast address or LAN port address A Caution After adding the static IP mapping information click Save to make the device valid Before saving do not switch to other interface LA Prompt Static IP mapping
49. etary Information Page 48 of 94 MP1800 10 3G Router User Manual The configuration interface of enabling the PIN code protect is as follows PIN Protect SIM Status Show Status SIM Card Info SIM Exist Prompt PIN Lock PIN Configuration interface of enabling PIN code protect Show status Query the current status of the SIM card including PIN code protect status PIN code remaining input times and remaining input times of PUK code PIN The PIN code is the personal identification code comprising 4 8 digitals Enable protect Enable the PIN code protect After enabling the PIN code protect the system automatically records the valid PIN code Use the PIN code when dialing Click Show Status and the PIN code protect interface is as follows PIN Protect SIM Status Show Status SIM Card Info SIM Exist PIN Protect State Unprotected PUK State PUK unlocked PIN Retries 3 PUK Retries 10 Prompt PIN Lock PIN Configuration interface of enabling PIN code protect The configuration interface of disabling the PIN code protect is as follows Maipu Confidential Proprietary Information Page 49 of 94 MP1800 10 3G Router User Manual PIN Protect SIM Status Show Status SIM Card Info SIM Exist PIN Protect State Protected PUK State PUK unlocked PIN Retries 3 PUK Retries 10 Prompt PIN Unlock PIN Configuration interface of disabling PIN code protect Show status Query the current status of the
50. ewall configuration all View all rules of the firewall chain name Configure the rules of the name rule chain table name View the rules of the name rule table W show conntrack Maipu Confidential amp Proprietary Information Page 91 of 94 MP1800 10 3G Router User Manual View the connection track information of the system E clear conntrack Clear all link tracks in the system DHCP amp VRRP Command 1 Description Configuration Mode show ip dhcp configure View the dhcp configuration show vrrp configure View the vrrp configuration Maipu Confidential amp Proprietary Information Page 92 of 94 MP1800 10 3G Router User Manual Appendix APN CDMA DHCP DNS GPRS GSM IP IPv4 IPv6 IPSEC L2TP MTU NAT NTP PAP QoS RADIUS RIP SIM SMS SMSC SNMP TCP Access Point Name Code Division Multiple Access Dynamic Host Configuration Protocol Domain Name System General Packet Radio Service Global System for Mobile Communications Internet Protocol IP version 4 IP version 6 IP Secure Protocol Layer 2 Tunneling Protocol Maximum Transmission Unit Network Address Translation Network Time Protocol Password Authentication Protocol Quality of Service Remote Authentication Dial In User Service Routing Information Protocol Subscriber Identity Module Short Message Service Short Message Service Center Simple Network Management Protocol Transmission Control Protocol Maipu Confidential amp Proprietary Info
51. face gt PPPoE advanced setting and you can complete the configuration of the following advanced parameters 1 Link type parameter PPPoE Configuration Link Type Alaways On Line H Holdoff Time 30 Range 0 2147483647 Seconds Max Fail Count g Range 0 2147483647 Forever online setting Always online Always try to connect Internet until reaching the maximum error times If connecting Internet successfully the device is always in the online state When the network is disconnected automatically re dial Holdoff Time Set the waiting time for re dialing after dialing fails The default value is 30s It is mandatory Maipu Confidential amp Proprietary Information Page 30 of 94 MP1800 10 3G Router User Manual Max Fail Count Set the maximum dialing failure times After reaching the maximum feature times do not dial any more The default value is O and it means always trying It is mandatory PPPoE Configuration un Type al on emana y Idle Time 120 Range 0 2147483647 Seconds Holdoff Time 30 Range 0 2147483647 Seconds Max Fail Count 0 Range 0 2147483647 Forever online setting Dial on demand Traffic triggers dialing Idle Time Set the idle time of connection no any data traffic After reaching the idle time disable the connection The default value is 120s It is mandatory Holdoff Time Set the waiting time for re dialing after dialing fails The default value is 30s It is mandatory Max Fail Count Set the max
52. g rule The interface for modifying the tunnel is as shown in Figure 4 62 3 Delete rule When one GRE tunnel is not needed click x and you can delete the GRE tunnel Certificate Management Introduction to related certificates of the router The certificate is one security authentication mode It validates whether the peer certificate is valid to ensure the data security Therefore when using the certification authentication we need to get the valid certificate Currently the router supports certificate application direct importing of other certificate and online certificate application 1 Certificate application Input the corresponding configuration item to get the certificate application file Submit the application file to CA for issuing the authentication Issuing the authentication is to make the certificate valid Detailed description The user adopts the application mode of the router certificate to apply for one certificate request file the suffix is csr For the application mode refer to the certificate application After the router generates the certificate request file it turns to the certificate uploading management interface The user can download to get the certificate request file when the router generates the certificate request rile generate one private key which is automatically saved by the router to the router inside and then submit the certificate application file to CA for issuing the authentication
53. g the third party download tool such as thunder you need to tick download only from original address 3 Online certificate To apply for the certificate click VPN gt Certificate Management gt Online certificate and you can enter the IPSec online certificate application configuration interface as follows Online Cert Identity CA Type CA URL Common Name This section contains no values yet Input Identity Name Add Certificate Limit up to 4 ca certificates up to 5 device certificates and a maximun of 256 KB CRL file Online certificate management ID Input the certificate management ID used to distinguish different online certificate applications such as a and then enter the following configuration interface two application modes Maipu Confidential Proprietary Information Page 74 of 94 MP1800 10 3G Router User Manual Online Cert Identity a Application Way Download CRL CA Type CA URL Password Key Length Common Name Country Name Province Locality Organization Organization Unit Email Back To Configuration List Online Cert Identity a Application Way Download CRL CA Type CA URL Password Key Length Subject Name Back To Configuration List X Cancel i Save X Cancel Save Online certificate CA Type mandatory select the certificate server type Currently the system supports Maipu CMS and Windows certificate server Select mpcms Maipu Confidential Proprietary Informa
54. imum dialing failure times After reaching the maximum feature times do not dial any more The default value is O and it means always trying It is mandatory 2 Authentication and encryption parameters CHAP Auto H PAP Auto H MS CHAP Auto H MS CHAPW2 Auto A EAP Auto H Authentication mode configuration CHAP Challenge Handshake Authentication Protocol It is one encrypted authentication mode and can avoid transmitting the real password of the user when setting up the connection As for PPP the key information does not need to be transmitted in the communication channel during the authentication Moreover the information exchanged during each authentication is different It can prevent the monitor attack efficiently and improve the security PAP It is one simple plain text authentication mode It is required that the key information is transmitted in plain text in the communication channel Therefore it is easy to be listened by sniffer and leaked Maipu Confidential amp Proprietary Information Page 31 of 94 MP1800 10 3G Router User Manual MS CHAP Similar to CHAP MS CHAP is one encrypted authentication mechanism using the MPPE based data encryption MS2 CHAP MS CHAP protocol version 2 EAP It is one extended authentication protocol The protocol is used for the authentication in the point to point network such as PPP It supports various authentication mechanisms With the extendable authentication protocol an
55. ing traffic of the WAN interface Enter Status gt WAN status and you can see the following interface WAN Status WAN Status Network Status Protocol IP Address Netmask Gateway DNS Server MAC WAN Stream Received Packets Received Errors Received Drops Received Bytes Sent Packets Sent Errors Sent Drops sent Bytes Connected disconnect Static IP 192 168 10 2 255 255 255 0 192 168 10 1 10 0 0 250 00 01 7a f6 bd db SO OO CH 5 34 0 0 2328004 WAN status Network Status Display the current connection status of the WAN port Protocol Display the protocol used by the WAN interface IP address Display the IP address of the WAN port Netmask Display the subnet mask of the WAN port Gateway Display the gateway address of the WAN port DNS Server Display the DNS server address of the WAN port MAC Display the physical address of the WAN port The address is fixed and unique Maipu Confidential amp Proprietary Information Page 82 of 94 MP1800 10 3G Router User Manual WAN Stream Received Packets 0 Received Errors 0 Received Drops 0 Received Bytes 0 Sent Packets 5734 Sent Errors 0 Sent Drops 0 Sent Bytes 2328004 WAN traffic information Received packets Display the total number of the packets received by the WAN port Received Errors Display the number of the error packets received by the WAN port Received Drops Display the number of the dropped packets received by WAN port
56. ion This chapter describes how to configure MP1800 10 router via web the functions configuration parameters precautions and problems of the product 1 System 2 Network 3 Service 4 Status firewall 5 QoS 6 VPN configuration 7 Status 8 CLI System The system tool of MP1800 10 router provides the following functions for you to manage the system eo System time e Remote logs e Management control e Configuration management e System upgrade o SNMP e Modify password eo System restarting Maipu Confidential amp Proprietary Information Page 15 of 94 MP1800 10 3G Router User Manual e Log out system Time MP1800 10 provides three kinds of clock synchronizing modes that is manual setting NTP network time and get time via 3G module 1 Manual setting Enter System gt System Time and you can see the interface for setting time manually as follows System time Current time 2012Year03Month31Date 23 00 31 System time setting sale iia T Date setting 2012 05 01 Time setting 10 25 00 Interface for setting time manually Current time Display current system time System time setting Manual setting time server Date setting Set system date Time setting Set system time 2 NTP Synchronizing Time Setting NTP network time protocol that is synchronize time automatically via the local host and network clock server Enter System gt System Time and you can see the following interface for co
57. ion contains no values yet Add 2 Cancel ud Save Pre share key setting After clicking Add on the above figure enter the following interface for configuring the pre share key IPSec Pre Shared Key Configuration Peer ID Key Value Add MH Cancel amp Save Pre share key Maipu Confidential Proprietary Information Page 66 of 94 MP1800 10 3G Router User Manual Peer ID The peer ID it can be character string IP address domain name Key Value Used to fill in pre share key Click x and you can delete the corresponding key amp Caution After adding the IPSec pre share key configuration information you should click Save to make the device take effect Before clicking Save do not switch to other interface Advanced setting IPSec Advanced Configuration IPSec Fragment Enable SM1 SCB2 Compatibility E MK Cancel amp Save Advanced setting IPSec Fragment If ticking the item enable the IPSec pre fragment function Enable SM1 SCB2 Compatibility If ticking the item enable SM1 compatible with SCB2 mode function 2 Modify IPSEC tunnel configuration When modifying one IPSec tunnel configuration enter VPN gt IPSec gt Configure tunnel and you can enter the IPSec tunnel configuration interface as follows IPSec Information age Enable ett ee local Net Remote Net ma Name Gateway Gateway Level i 14 test 3G Interface 192 168 30 1 10 25 187 0 24 11 74 213 0 24 MAIN ei Input IKE Name
58. lock only when the PUK code status is need PUK code unlock After using the PUK code unlock successfully the PIN code is in the protect state The PUK code unblock interface is as follows PUK Unlock SIM Status Show status SIM Card Info SIM Exist PUK State PUK locked PIN Retries O PUK Retries 10 Prompt PUK New PIN XK Cancel Q Save Maipu Confidential Proprietary Information Page 52 of 94 MP1800 10 3G Router User Manual PUK code unlock configuration interface Regular Online Offline The regular online offline module of MP1800 10 router is used to set the 3G online time and offline time of the system so that the 3G network is used only within the online time range so as to save the traffic and improve the device security Enter Service gt Regular online offline and the configuration interface is as follows Timing On Line Enable Start Time End Time 2 Cancel ud Save PUK code unlock configuration interface Enable If ticking enable the regular online offline function Start time Set the 3G to be online at one time point The format is hour minute The range is 00 00 23 59 End time Set the 3G to be offline at one time point The format is hour minute The range is 00 00 23 59 Disconnection Detection The disconnection detection function checks whether the specified server is available via the ICMP packet so as to judge whether the network is normal When the network is abnormal restart the
59. map FJ LCP Echo Interval 10 Range 1 2147483647 Seconds LCP Echo Failure 6 Range 1 2147483647 MTU 1492 Range 128 1492 MRU 1492 Range 128 1492 Local IP Remote IP service Name Access Concentrator Name Others Debug Set whether to output the details of the LCP and IPCP negotiation during the PPP dialing By default it is disabled Use Peer DNS Whether to permit using the peer DNS By default it is enabled Add Default Route If ticking add the default route pointing to the dial interface Use Default Asyncmap Whether to enable the default asyn control character mapping asyncmap By default it is disabled LCP Echo Interval Set the PPP LCP keepalive interval The setting range is 1 2147483647 By default send one LCP every 10s LCP Echo Failure Set the PPP LCP keepalive times The setting range is 1 2147483647 The default value is 6 times MTU Set the maximum packet transmitted on the PPP link The unit is byte and the maximum value is 1492 MRU Set the maximum packet received on the PPP link The unit is byte and the maximum value is 1492 Local IP Set the local IP requested to distribute when performing the PPP IPCP negotiation during dialing Remote IP Set the peer IP specified when performing the PPP IPCP negotiation during dialing Service Name Set the name of the service requested during the PPPoE dialing Maipu Confidential amp Proprietary Information Page 33 of 94 MP1800 10 3G Router
60. ndatory Netmask Set the subnet mask of the WAN interface It is mandatory Gateway Set the default gateway of the WAN interface DNS Server Set the DNS server of the WAN interface The DNS server uses the IP address format Multiple DNS servers are separated by the blank After selecting the connection mode as DHCP the setting interface of WAN interface is as follows WAN Setting Protocol DHCP v DNS Server Automatic Y A Cancel F Save DHCP setting DNS server Set the DNS server of the WAN interface The DNS server uses the IP address format Multiple DNS servers are separated by the blank By default use the DNS server distributed by the DHCP server After selecting the connection mode as PPPoE the setting interface of WAN interface is as follows Maipu Confidential amp Proprietary Information Page 29 of 94 MP1800 10 3G Router User Manual WAN Setting Protocol PPPoE 7 Username Password XX Cancel ud Save PPPoE setting User name Set the user name used when the WAN interface uses the PPPoE protocol to dial Passsword Set the password used when the WAN interface uses the PPPoE protocol to dial When using the PPPoE protocol you can configure other parameters by Network gt WAN interface gt PPPoE advanced setting After selecting the connection mode as Disable you cannot connect Internet via Ethernet WAN interface 2 PPPoE advanced setting If you are advanced user enter Network gt WAN inter
61. ner Lan Mask Local Gateway 3G Interface 7 Inner Tunnel IP ww Inner Tunnel Mask Back To Tunnel List X Cancel Save GRE connection configuration Enable GRE The switch of enabling the GRE tunnel By default it is disabled If ticking the item enable the GRE tunnel Outer IP Address Set the external interface IP of the GRE tunnel peer network Usually it is the public IP Internet address It also can be enterprise intranet IP Inner Lan Network Set the internal interface segment of the peer network of the GRE tunnel It also can be one single IP address Inner Lan Mask Set the subnet mask of the peer intranet of the GRE tunnel If it is one single host you need to input the 32 bit mask Inner Tunnel IP Set the IP address of the local GRE tunnel Inner Tunnel Mask Set the network mask of the local GRE tunnel It d better be at the same segment as the peer tunnel 2 Modify GRE tunnel configuration To modify one GRE tunnel configuration enter VPN gt GRE and you can enter the interface for configuring and editing the GRE tunnel as follows GRE Protocol GRE Name Enable GRE Local Gateway Tunnel IP Outter IP Address Inner Lan Net qw Enable 3G Interface 8 8 8 8 218 214 75 93 192 168 20 0 A x Input the tunnel name Add Maipu Confidential Proprietary Information Page 70 of 94 MP1800 10 3G Router User Manual Edit GRE configuration To modify one configured tunnel click 4 at the correspondin
62. nfiguration x Cancel ia Save IPSec phase 2 basic configuration Phase 2 configuration Local subnet Tunnel Level Realize the tunnel backup function If there is no tunnel backup select the active tunnel Local Net IPSec local protect subnet such as 192 168 10 0 Local Mask IPSec local protect subnet mask such as 255 255 255 0 select 24 Maipu Confidential amp Proprietary Information Page 65 of 94 MP1800 10 3G Router User Manual Remote Net IPSec remote protect subnet such as 192 168 20 0 network number or single host depending on the peer IPSEC tunnel configuration Remote Mask IPSec remote protect subnet mask such as 255 255 255 0 select 24 Tunnel Mode You can select ESP protocol and AH protocol Usually we select ESP protocol Encryption Algorithm The encryption algorithm used by IPSec phase 2 You can select DES and 3DES BLOWFISH AES128 AES192 AES256 NULL DES for RM1800 10C RM1800 10W RM1800 10 Hash Algorithm The authentication algorithm used by IPSec phase 2 You can select MD5 SHA1 SHA2 256 and NULL The default value is MD5 PFS key group Perfect forward encryption DH algorithm You can select off 768bit 1024bit and 1536bit The parameter needs to match the peer Lifetime IPSec phase 2 life period After the life period ends IPSEC initiates the phase 2 parameter re negotiation Pre share key configuration IPSec Pre Shared Key Configuration Peer ID Key Value This sect
63. nfiguring time server Maipu Confidential Proprietary Information Page 16 of 94 MP1800 10 3G Router User Manual System time Current time 2012Y ear03Month31Date 23 01 31 System time setting 7 Synchronization interval 60 Range 15 65535 unit s Time server time windows cor MH Cancel a Save NTP configuration interface Synchronization interval Set the interval of synchronizing time Time server Specify the domain name or IP address of the server providing the service of synchronizing time amp Caution NTP server is not sure to be the server on Internet but should be the server that MP1800 10 router can access 3 Setting via 3G module System Time system Time 2012 11 20 01 29 55 System Time Setting 3G Module M x Cancel i Save Get time via 3G module amp Caution When setting the time via the 3G module the device should be inserted with the available SIM card and it can take effect only after restarting the device Maipu Confidential amp Proprietary Information Page 17 of 94 MP1800 10 3G Router User Manual Remote Logs The system can send the device log information to the remote log server Enter System gt Remote log and you can see the following configuration interface Remote Log Enable El Remote Log Server IP Local Source Interface LAN M 2 Cancel ud Save Remote log configuration interface Enable Whether to send the device log information to the remote log server Remote Log Server
64. ng The value range is 1 2147483647 LCP Echo Failure PPP link control protocol LCP echo failure times setting The value range is 1 2147483647 MTU Maximum transmission packet size setting of MP1800 10 router on the PPP link Take byte as unit For LAN the maximum transmission unit is 1 500 bytes The maximum packet transmitted on the PPP link can be set smaller MRU The maximum packet size received by MP1800 10 router Local IP Set the local IP of MP1800 10 router when performing PPP IPCP negotiation Remote IP Set the peer IP of MP1800 10 router when performing PPP IPCP negotiation WAN Interface 1 WAN interface Ethernet based WAN interface supports various protocols including static IP DHCP and PPPOE Enter Network gt WAN interface gt WAN interface and you can see the setting interface of WAN interface WAN Setting Protocol DHCP z DNS Server Automatic 7 MX Cancel ul Save WAN interface setting Protocol Set the protocol used when WAN interface is connected to Internet including static IP DHCP PPPoE or disable Maipu Confidential amp Proprietary Information Page 28 of 94 MP1800 10 3G Router User Manual After selecting the connection mode as static IP the setting interface of WAN interface is as follows WAN Setting Protocol static IP Y IP Address Netmask Y Gateway DNS Server MH Cancel hd Save Static IP setting IP address Set the IP address of the WAN interface It is ma
65. nt system Click Status gt Connection information and you can see the status of the system connection as follows Maipu Confidential amp Proprietary Information Page 85 of 94 MP1800 10 3G Router User Manual ARP Infomation 192 168 10 1 192 168 30 100 192 168 30 245 00 00 00 00 00 00 etho 1 38 83 45 E9 D9 7D br lan 38 83 45 E9 D9 7D br lan Network IPV4 UDP IPV4 TCP IPV4 UDP IPV4 UDP IPV4 UDP IPV4 UDP IPV4 UDP IPV4 UDP IPV4 UDP IPV4 UDP IPV4 UDP IPV4 UDP IPV4 UDP IPV4 UDP IPV4 UDP IPV4 UDP IPV4 UDP IPV4 UDP IPV4 UDP IPV4 UDP IPV4 UDP IPV4 UDP IPV4 TCP IPV4 UDP IPV4 UDP 192 168 30 245 192 168 30 1 192 168 30 245 192 168 30 1 182 144 126 82 61 139 2 69 192 168 30 245 192 168 30 1 192 168 30 245 192 168 30 255 182 144 126 82 61 139 2 69 182 144 126 82 61 139 2 69 192 168 30 245 65 55 21 25 192 166 300 245 192 168 30 1 192 168 30 245 192 168 30 1 182 144 126 82 10 0 0 250 192 168 30 245 192 168 30 1 192 168 30 245 192 168 30 245 295 299 255 255 192 166 350 245 192 168 30 1 192 168 30 1 192 168 30 1 295 299 255 255 0 0 0 0 295 299 255 255 192 166 300 245 192 168 30 1 182 144 126 82 119 6 69 212 192 168 10 2 218 6 200 139 192 168 30 245 192 168 30 1 192 168 10 2 211 10 5 198 192 168 30 245 663 151 118 135 192 168 30 245 192 168 30 1 192 168 30 245 192 168 30 1 Connection information Restart Information The restart information displays the recent 10 times of restart record informati
66. on Enter Status gt Restart information and you can view the restart record information of the recent several times including restart time and restart reason The restart record information is ranged by the restart order and the last restart is at the first as follows Reboot Information No Reboot Time 2012 11 18 23 32 40 2012 11 18 23 32 45 2012 11 18 23 32 38 2012 11 18 23 32 41 2012 11 18 23 32 39 2012 11 18 23 32 44 2012 11 18 23 32 38 2012 11 18 23 32 39 2012 11 18 23 32 39 2012 11 18 23 32 39 D 0 sl Oh D A WM ri LA a Maipu Confidential Proprietary Information Reboot Reason Cold reboot Power down or System upgrade Cold reboot Power down or System upgrade Cold reboot Power down or System upgrade Cold reboot Power down or System upgrade Cold reboot Power down or System upgrade Cold reboot Power down or System upgrade Cold reboot Power down or System upgrade Cold reboot Power down or System upgrade Cold reboot Power down or System upgrade Cold reboot Power down or System upgrade Page 86 of 94 MP1800 10 3G Router User Manual Restart information The restarting reasons are as follows No Restarting Reason Remarks The network is disconnected Restart when the Disconnect detect function detects that the network is disconnected Restart via CLI The command lines include serial port Telnet SSH off or the system upgrades system upgrades available unavailable 7 Provision service
67. on mode as digital certificate and the local ID type as ASD1DN Exchange mode You can select the master mode and positive mode Usually we select the master mode My Identifier You can select address FQDN USER_FQDN and ASD1DN My ID value You can input the corresponding tag according to the selected local ID The inputting method depends on the local ID type When selecting IP address input the local IP address when selecting FQDN or USER_FQDN you can fill in the character string when selecting ASD1DN the item does not exist ASD1DN is used for the digital certificate Maipu Confidential amp Proprietary Information Page 64 of 94 MP1800 10 3G Router User Manual Verify ID If ticking the item it is necessary to identify the peer ID Encryption algorithm The encryption algorithm used by IPSec phase 1 You can select DES 3DES blowfish and aes The default value is DES for RM1800 10C RM1800 10W RM1800 10 Hash Algorithm The authentication algorithm used by IPSec phase 1 You can select MD5 SHA1 and SHA256 The default value is MD5 DH Key Group Select the desired key group the key group is also the DH algorithm Lifetime IPSec phase 1 life period IPSec Configuration Tunnel Level MAIN H Local Net 192 168 30 0 Local Mask 24 7 Remote Net vw Remote Mask 24 M Tunnel Mode ESP H Encryption Algorithm DES H Hash Algorithm MDS M PFS key group OFF H Lifetime 28800 Range 0 31536000 Seconds Back To IKE Co
68. or the system route table NAT mode Perform the source address pretending for the packet to realize the requirement of LAN sharing one IP for accessing Internet amp Caution In the application environment of dialing for Internet the recommended forwarding mode is NAT mode which can reduce the configuration for the route table Dynamic Domain Name DDNS is short for dynamic domain system DDNS protocol provides the querying function between the dynamic IP and domain name With MP1800 10 router you can access LAN internal mapping to the services on the dynamic IP quickly Enter Network gt Dynamic Domain Name and you can see the following configuration interface Dynamic DNS Enable E Service 3322 A Username Username maxlength is 20 Password Maxlength is 16 minlength is 4 DNS X Cancel ud Save Dynamic domain name configuration interface Enable If ticking the item activate DDNS Otherwise disable DDNS Service Select DDNS service Currently just support 3322 Username User name applied from the DDNS service provider Maipu Confidential amp Proprietary Information Page 35 of 94 MP1800 10 3G Router User Manual Password The password applied from the DDNS service provider DNS The DNS domain name set by the DDNS service provider Static Route Static route can confirm the external route for the packet sent out When the router network and the target access network have multiple routers or subnets
69. ptions IP addresses foo foo 200 0 Add Edit Remove Default gateways 192 168 10 1 Automatic Add Edit Remove vw Automatic metric Interhace metric Advanced configuration interface of TCP IP attributes Click Add A in IP address R of Figure 3 4 input the desired IP address as shown in the following figure TCP IP Address IP address 192 168 10 123 Subnet mask 255 DEE 255 0 zen Interface for adding TCP IP address After configuration click Add In this way one route to MP1800 10 router is added UI Note Maipu Confidential amp Proprietary Information Page 13 of 94 MP1800 10 3G Router User Manual If you just configure MP1800 10 router we recommend you to select Method 2 which can save time Log into System Open and configure the IE browser of the computer and input http 192 168 10 1 in the address bar e http 192 168 10 1 Web login Press Enter to enter the login interface of the user as follows MAIPU i Password User login authentication When the user logs into the system for the first time it is necessary to adopt the default user name and password eo User name admin e Password admin After inputting correctly the user can log into the web configuration interface of MP1800 10 router Maipu Confidential Proprietary Information Page 14 of 94 MP1800 10 3G Router User Manual Configurat
70. re Select Local Connection of the network adapter on the interface e Network Connections File Edit View Favorites Tools Advi Back CH FP A Search gt Fale Address e Network Connections LAN or High Speed Internet d ee adi 2 S Conmected la Marvell Yukon BBEB057 PCI E oai Configure local connection of the computer Enter double click or right click Local Connection gt Properties as shown in the following figure Maipu Confidential Proprietary Information Page 10 of 94 MP1800 10 3G Router User Manual l Local Area Connection Properties General Authentication Advanced Connect using EY Marvell Yukon 88E8057 PCI E Gigabi This connection uses the following tems Network Load Balancing dB File and Printer Sharing for Microsoft Networks Internet Protocol TCP IP KA H Install Uninstall Properties Description Transmission Control Protocol nternet Protocol The default wide area network protocol that provides communication across diverse interconnected networks M Show icon in notification area when connected Iw Notify me when this connection has limited or no connectivity Configure local connection properties of the computer Select Internet Protocol TCP IP and click Properties to enter the following figure Maipu Confidential Proprietary Information Page 11 of 94 MP1800 10 3G Router User Manual Internet Protocol
71. rial Number The device factory serial number information Hardware version The current hardware version information Software version The current operation system application software version information CPU frequency The main frequency information of MP1800 10 device Memory The memory information of MP1800 10 device SMi Information The current SM1 card connection information If the device does not support the module do not display Modem Information The current modem connection information SIM Information The current SIM connection information IPSec Tunnel Status The tunnel status displays the IPSec tunnel information displaying the tunnel SA information Click Status gt Tunnel status and you can see the following interface Maipu Confidential amp Proprietary Information Page 78 of 94 MP1800 10 3G Router User Manual IPSec Status SAD Info Tunnel 1 192 168 30 0 24 any 171 209 229 221 lt gt 119 6 69 212 192 168 110 0 24 any Package esp des cbc hmac md5 Tunnel SPI Oxc5bc08ca 0x0bca8c1d Receive Flow 408 bytes 3 packets Send Flow 408 bytes 3 packets Lifetime 28800 s Run Time 0 Day0 Hour25 Minute Second Tunnel Num 1 Tunnel status SA IPSec security association Tunnel Display the gateway addresses at the two sides of the tunnel Package Display the security protocol of the tunnel such as esp and ah encryption algorithm authentication algorithm negotiation mode Transport or Tunnel
72. rmation Page 93 of 94 MP1800 10 3G Router User Manual TDMA Time Division Multiple Access UDP User Datagram Protocol UIM User Identity Module UMTS Universal Mobile Telecommunication System VPN Virtual Private Network VRRP Virtual Router Redundancy Protocol WAN Wide Area Network WAP Wireless Application Protocol Maipu Confidential amp Proprietary Information Page 94 of 94
73. sms gateway Set the number of the short message gateway Syntax Description phone num phone num indicates the number of the short message gateway such as 13912345678 NW show device usb View the usb device information in the system E show sms gateway View the number of the short message gateway E show ppp View the PPP configuration information NW show configure Maipu Confidential Proprietary Information Page 89 of 94 MP1800 10 3G Router User Manual View the configuration information of the module show configure odularname Syntax Description modularname The module name such as raccoon network and firewall IPSec Command Description Configuration Mode show crypto ca cris View the certificate certificates show crypto ike ipsec View the sa information OF sa show crypto policy View the ipsec policy FF information clear crypto ike ipsec Clear the sa information SS sa no crypto ca certificate Delete the certificate config name commonname according to the CN value of the certificate no crypto ca certificate Delete the certificate config type all cri my root SEN to the certificate E show crypto ca View the certificate information in the system Syntax Description cris View the ca certificate certificates View the device certificate WE show crypto View the ike or ipsec sa information show crypto ike ipsec sa Syntax Description ike sa View the ike sa information
74. tem gt Configuration Management click Browse to select the desired backup file and then click Recover as follows Configuration management select uploaded file DAFILES Application Data Mictbsoft Browse Restore Backup Restore factory setting Maipu Confidential amp Proprietary Information Page 19 of 94 MP1800 10 3G Router User Manual Recover configuration 3 Recover factory configuration When you want to restore the system to the factory status enter System gt Configuration Management and click Restore Factory Setting system Upgrade MP1800 10 router can perform the remote web upgrade Before upgrading you need to ensure that you have got the target file During upgrading enter System gt System Upgrade and you can see the following interface System upgrade Please select one upgrade mirror to Upgrade the device Lipgrade mirror file A Browse Upload mirror System upgrading interface Click Browse to find the target file click Upload Mirror and the system starts to upload the mirror After uploading you can see the following figure System upgrade Mirror file is uploaded It is checking the file please click Kun to enable the update program e Check c15630e0a78a85560f963de21201e969 e File size 5 63 MB 7 69 MB available Run Cancel Upgrading process Click Run to start upgrading system The upgrading is slow and you can view the upgrade process via the upgrade process bar
75. ter User Manual Online Login This chapter describes the using requirement installation wiring and configuration login of MP1800 10 router which can help you log into the management system of the product 1 2 Environment requirement Using preparations Configure computer Log into system Environment Requirement The requirements of MP1800 10 router for the using environment Work environment temperature 25 70 C Storage temperature 30 70 C Relative humidity lt 95 no condensing Using Preparations To configure using MP1800 10 router you need to prepare as follows One computer 1 Computer with Ethernet adapter and TCP IP protocol 2 IE 8 0 browser other browser also can ensure the normal using of the functions 3 It is recommended to adopt 1024x768 resolution to display One UIM SIM card Maipu Confidential amp Proprietary Information Page 9 of 94 MP1800 10 3G Router User Manual amp Caution The starting order of the device is Insert SIM card gt Insert antenna gt Power on If the starting order is wrong maybe the functions of the device cannot be used normally Configure Computer The following takes the LAN connection mode and adopts Windows XP as an example to describe the configuration steps of the computer network connection 1 Method 1 In LAN select one computer for configuration and enter Control Panel gt Network Connection as shown in the following figu
76. tificate uploading management interface you can see the applied certificate files Status With the Status menu you can view the current configuration and running status of MP1800 10 router including e System logs e System information e IPSec tunnel status Maipu Confidential amp Proprietary Information Page 76 of 94 MP1800 10 3G Router User Manual e Dialer interface status WAN status LAN status e Route information e DHCP information e Connection information o Restart information System Logs System logs mainly displays the log information of MP1800 10 router Click Status gt System logs and you can see the following interface System Log DHCP Log View Route Log 7 Maipu daemon info dnsmasq 536 started version 27 45 cachesize 150 IPSec Log 7 Maipu daemon info dnsmasq 536 compile time options IPy6 GHU getopt ISC Firewall Log 24s no 118N TFTE DHCP Lo 7 Maipu daemon info dns masq 536 DHCP IP range 192 168 10 200 nea lease time 10h NOW Lo 23332707 Maipu daemon info dnsmasq 536 using local addresses only for domain lan Nov 18 23 32 07 Maipu daemon warn dnsmasq 536 failed to access tmp resolv conf auto No such file or directory Nov 18 23 32 07 Maipu daemon info dnsmasq 536 read etc hosts 2 addresses Nov 18 23 32 07 Maipu daemon info dnsmasq 536 read etc ethers 0 addresses Mov 18 23 32 28 Maipu daemon info dns smasgq 536 reading tmp resolv conf auto
77. ting Source IP The actual valid IP address of one host in the LAN such as 192 168 10 11 Source MAC The MAC address of the LAN computer such as MAC 00 50 56 C0 00 08 Action Specify the processing action It can be accept refuse or drop Click sl and you can delete the MAC IP binding Advanced setting MAC P Advanced Setting Default Policy ACCEPT A X Cancel a Save Advanced setting of MAC IP binding Maipu Confidential amp Proprietary Information Page 60 of 94 MP1800 10 3G Router User Manual Default Policy The default processing mode of the firewall for the IP address not on the rule setting interface QOS The QoS of MP1800 10 router includes bandwidth management Bandwidth Management Enter QoS gt Bandwidth Management tick Enable and you can set the downloading speed and uploading speed as follows Qos Interface Enable Qos Download Speed Upload Speed Interface Enable Qos Download Speed Upload Speed 3G Interface 128 64 Ethernet WAN 1024 128 range 1 15000 Unit kbps Range 1 15000 Unit kbps range 1 15000 Unit kbps Range 1 15000 Unit kbps x Cancel Bandwidth management Interface The name of the network interface L Save Enable QoS You can set as enabled state or disabled state After setting as enabled you can specify the downloading and uploading rate Download speed Specify the downloading speed the unit is kbps Upload speed Specif
78. tion Page 75 of 94 MP1800 10 3G Router User Manual to indicate Maipu CMS server select Windows to indicate Windows certificate server Application Way There are two modes of filling the certificate One is to fill by the prompt the other is to fill the whole subject name applicable to apply for the certificates with multiple same attributes such as CN test OU mp1 OU mp2 C CN Download CRL Whether to download the certificate cancel file By default it is not ticked that is not download CA URL optional the url path of the server such as Windows certificate server http 192 168 10 1 certsrv CMS certificate server http 192 168 10 1 Password optional the request password when applying for the certificate The maximum length is 30 bits Common Name CN mandatory you cannot input the special characters suchas gt lt County Name C optional you can select CN HK or do not input Province optional input the locating province Locality optional input the name of the locating street Organization optional input the name of the locating organization Organization Unit optional input the locating unit Email optional the email address of the company Click Save and the system executes the online certificate application at once If the configuration is correct you can get the applied center certificate device certificate private key and crl file within several seconds On the Cer
79. vice 4 Delete rule When one IPSec tunnel configuration is not needed you can click a to delete the corresponding IPSEC tunnel Maipu Confidential amp Proprietary Information Page 68 of 94 MP1800 10 3G Router User Manual GRE GRE defines how to use one network protocol to encapsulate another network protocol The GRE protocol has two usages Enterprise internal protocol encapsulation and private address encapsulation In China nearly all enterprise networks adopt the TCP IP protocol so there is no market requirement for the enterprise internal protocol encapsulation when setting up the tunnel in China The unique reason why the enterprise adopts GRE is the encapsulation for the internal address Enter VPN gt GRE and you can enter the interface for configuring and editing the GRE tunnel as follows GRE Protocol GRE Name Enable GRE Local Gateway Tunnel IP Outter IP Address Inner Lan Net This section contains no values yet Input the tunnel name Add GRE tunnel configuration Input the tunnel name Used to identify one GRE tunnel amp Caution When modifying the VPN tunnel configuration the tunnel name cannot be modified 1 Add rule Click Add on the above interface to enter the interface for configuring the GRE tunnel parameters as follows Maipu Confidential amp Proprietary Information Page 69 of 94 MP1800 10 3G Router User Manual GRE Protocol Enable GRE E Outter IP Address t Inner Lan Network In
80. y ID authentication mechanism can authenticate the remote access connection 3 Compression protocol configuration Address Control Compression a D Protocol Field Compression S Compression Control Protocol El VJ TCP IP Header Compression S VJ ConnectionID Compression Compression protocol configuration Compression Control Compression Responsible for the configuration of the two sides on the PPP link negotiate which compression algorithm to adopt and use the reliable mode to identify the failure of the compression and de compression mechanism If ticking it means enable Protocol Field Compression Whether to permit address domain and control domain compression in the PPP packet If ticking it means enable Compression Control Protocol Whether to enable the protocol domain compression If ticking it means enable VJ TCP IP Header Compression Whether to permit Van Jacobson header compression for the TCP IP packet If ticking it means enable VJ Connection ID Compression Whether to permit the connection ID compression If ticking it means enable 4 Other parameters The other parameter setting provides you whether to use the processing of the peer DNS LCP echo interval LCP echo failure and packet size and the setting of the debugging Maipu Confidential amp Proprietary Information Page 32 of 94 MP1800 10 3G Router User Manual Debug FJ Use Peer DNS Add Default Route Use Default Async
81. y the uploading speed kbps Maipu Confidential amp Proprietary Information Page 61 of 94 MP1800 10 3G Router User Manual VPN Configuration VPN Virtual Private Network is one security LAN based on Internet Currently MP1800 10 router supports IPSec and GRE providing the flexible economical and valid scheme for the enterprise network security The VPN configuration function of MP1800 10 router includes IPSEC o GRE eo Certificate management IPSec IPSec IP Secure Protocol is one of VPN technologies The protocol not only refers to the data encryption and decryption technology but also refers to the data transmission and validation technology It is often used for the end to end network security transmission IPSEC tunnel configuration Enter VPN gt IPSec gt Configure Tunnel and you can enter the IPSEC configuration interface as follows IP Sec Information IKE Name Enable Local Gateway Remote Gateway local Net Remote Net Tunnel Level This section contains no values yet Input IKE Name Add IPSec tunnel management Input IKE Name The phase 1 ID setting one name for the IPSec tunnel amp Caution 1 When modifying the VPN tunnel configuration the phase 1 ID cannot be modified 2 By default the IPSec service of MP1800 10 router is disabled To make all created rules take effect you should enable the service when enabling one rule Maipu Confidential amp Proprietary Information Page
82. you need to set the static route so that different subnets can communicate with each other Enter Network gt Static route and you can see the following configuration interface Static Routing Destination Netmask Gateway Interface 192 168 10 0 755 259 255 0 192 168 10 5 LAN z x Add MK Cancel Save Interface for adding static route Destination Set the destination address of the static route such as 192 168 0 1 Netmask Set the subnet mask Gateway Set the next hop IP address of the static route that is the port address of the neighboring router Interface Specify the interface on which the static route functions Click sl and you can delete the corresponding static route amp Caution 1 After adding route information you should click Save to make the device valid before saving do not switch to other interface 2 When the destination address is set as one IP the subnet mask Should be set as 255 255 255 255 Otherwise the system calculates one network address automatically according to the subnet mask 3 If you want to add route information click Add to add the static route Maipu Confidential amp Proprietary Information Page 36 of 94 MP1800 10 3G Router User Manual 4 If selecting Black hole for interface the one is the black hole route and the packets matching the route are dropped directly 5 When the dial interface and Ethernet WAN interface are up add the default route automatically
Download Pdf Manuals
Related Search