User manual

UW-R4 series
Be careful
Due to product version upgrade or other reasons, the contents of this document will be
updated from time to time.Unless otherwise agreed, this document is only used as a
guide, and all statements, information and suggestions in this document do not constitute
any express or implied warranty.
 Catalogue

Preface............................................................................................................1
Summary..................................................................................................1
Target audience........................................................................................1
Chapter I product introduction..........................................................................2
1.1 summary.............................................................................................2
1.2 Functions and features.......................................................................2
1.3 Product parameters............................................................................3
1.3.1 WiFi wireless parameters..........................................................5
1.3.2 Hardware system…………………………………………………5
Chapter II product structure…………………………………………………………6
2.1 Product appearance drawing………………………………..……………6
2.2 Product dimension drawing………………………………..………………7
2.3 Definition of product interface………………………………………...……7
2.4 Product indicator status description……………………………….………8
2.5 Description of product accessories……………………………..…………8
Chapter 3 setup preparation…………………………………………….……………9
3.1 Unpacking……………………………………………………….……………9
3.2 Installation and wiring…………………………………………….…………9
3.2.1 Installation of SIM / UIM card…………………………….…………9
3.2.2 Connection of antenna………………………………….…………10
3.3 Login configuration interface…………………………….…………………10
3.3.1 Computer network configuration……………………………………11
3.3.2 Confirm that the computer is connected to the router…………..12
3.3.3 Log in to the router…………………………………………….……12
3.3.4 Enter the router web settings page…………………………..……13
Chapter 4 network settings………………………………………….…………………14
4.1 Network settings………………………………………………….…………14
4.1.1 Wide area network………………………………………..…………14
4.1.2 LAN settings………………………………………......………………16
4.1.3 DHCP server……………………………………………..……………17
4.1.4 DTU...............................................................................................18
4.1.5 Peanut shell inner net version………………………………………20
4.1.6 Network detection tools………………………………………………21
4.2 Wireless security settings……………………..………………………………22
4.2.1 Basic settings…………………………………………….……………22
4.2.2 Wireless client…………………………………………………………23
4.2.3 WIFI Dog........................................................................................ 24
4.3 VPN settings…………………………....………………………………………24
4.3.1 PPTP settings………………………...…………………………………24
4.3.2 L2TP................................................................................................ 25
4.3.3 IPSEC............................................................................................. 26
4.3.4 GRE................................................................................................ 30
4.4 Static routing…………………………..………………………………………32
 4.4.1 Static routing list………………………………………..……………………32
4.4.2 Add static routing rules……………………………...………………………32
4.4.3 VRRP....................................................................................................... 33
4.4.4 Policy routing…………………………………………….……………………34
4.5 Firewall settings………………………………………………………………………36
4.6.1 Port mapping…………………………………………….………………….…36
4.6.2 DMZ setting………………………………………….…….………………….…37
4.6 System settings…………………………………………………...………………….…38
4.6.1 Management settings……………………………………………………….…38
4.6.2 Configuration management………………………………………..……….…39
4.6.3 Update firmware……………………………………………………………..…40
4.6.4 restart………………………………………………………..………………..……40
Chapter V typical application………………………………………………….……………..……41
5.1 How to use IPSec……………………………………………………..…………..……41
5.1.1 How Cisco routers and uw-r400 series routers build IPSec..…………..……41
5.1.2 How to build IPSec between H3C router and uw-r400 Series Router………42
5.1.3 How juniper firewall and uw-r400 series routers build IPSec…………………45
5.2 How to use PPTP………………………………………………………………..………56
5.2.1 Building PPTP server under Windows Server 2003………………….………56
5.2.2 Building PPTP server under Windows XP…………………………..…………67
5.3 How to use L2TP…………………………………………………………………………75
5.3.1 Setting up routing and remote access………………………………….………75
5.3.2 Server registry modification (L2TP only)…………………………………..……81
5.3.3 Create a new account with dial in permission…………………………….……81
5.3.4 Client settings…………………………………………………………………...…83
5.4 How to use GR……………………………………………………………………....……84
Chapter VI FAQ exception handling……………………………………………………..…………86
6.1 Hardware problems………………………………………………………………………86
6.1.1 All indicator lights are off………………………………………………………..…86
6.1.2 SIM card holder connection problem…………………………………..…………86
6.1.3 Network interface connection problem…………………………………….……86
6.1.4 Antenna connection problem…………………………………………..…………87
6.2 System problems………………………………………………………………..…………87
6.2.2 No signal display……………………………………………………………………87
6.2.3 Unable to find SIM / UIM card………………………………………..……………87
6.2.4 Weak communication signal…………………………………….…………………87
6.3 Vdpn connection problems………………………………………………….………………88
6.3.1 VPDN cannot connect…………………………………………………..……………88
6.3.2 VPN fails to communicate……………………………………………………………88
6.3.3 Route communicable but subnet non communicable……………………………88
6.4 Web configuration operation problems……………………………………………..………89
6.4.1 Failed to upgrade firmware……………………………………………………………89
6.4.2 Failed to recover parameters………………………………………………..………89
6.4.3 Forget the router login password……………………………………………………90
 Preface
Summary
Uw-r400 4G router is a data communication terminal product.The product is based on 3G /
4G wireless communication technology, adopts high-performance 32-bit embedded
operating system, full industrial design concept and durability.Through the embedded 4G
module, it can access the global 3G / 4G network and provide high-speed 3G / 4G
network. It is widely used in telecommunications, finance, information media, power,
transportation, vehicle and environmental protection.
By reading this document, you can understand the functional characteristics and typical
application methods of this product, be familiar with the installation, deployment and configuration
operation methods of this product, and master the handling of common faults in the process of
use.

Reader object
This document applies to the following persons:
 R & D Engineer
 Technical support engineer
 customer

If you are the first time to contact and use the router product, it is recommended that you read
all the contents of this document from Chapter 1 in order to obtain the corresponding product
understanding and correct use.
If you have known or used this router product or similar products produced by other
companies, it is recommended that you can selectively read the chapters you want to know
through the document structure navigation.

Chapter I product introduction

1.1 Summary
 Uw-r400 industrial 3G / 4G wireless router is a wireless communication product with
excellent performance developed based on 3G / 4G network requirements.It is mainly used
in the data transmission business of industrial users, and supports the functions of data
transparent transmission, image transmission, equipment monitoring and wireless routing
internet access.
Uw-r400 adopts a high-performance 32-bit processor, which can process protocols
and a large amount of data at high speed, support WCDMA / EVDO / TD-SCDMA / TD-
LTE / fdd-lte network systems, support APN / VPDN access to the operator's private
network, support PPTP / L2TP / gre / IPSec VPN, support line backup, support SSH login,
so that application data can be transmitted on multi-layer security chain,Greatly improve
the high reliability and high security of wireless applications.Widely used in:
telecommunications, finance, information media, power, transportation, vehicle and
environmental protection industries.

1.2 Functions and features

 Industrial application design
 Support tdd-lte, fdd-lte, WCDMA, EVDO, TD-SCDMA, CDMA and GPRS networks
 Support APN and VPDN
 Support low power consumption modes, including sleep mode, timed uplink and downlink mode
and timed switch mode (special version only)
 Support mobile network and wired Wan dual link intelligent switching backup, VRRP
 Support IPSec VPN, L2TP, PPTP and GRE to ensure safe data transmission
 Support peanut shell intranet domain name, and private IP can also realize remote access router
 Support remote management, syslog / SNMP / telnet / HTTP and other functions,
support local and remote online upgrades, and import and export configuration files
 Support DTU function and transparent data transmission of RS232 / RS485 interface
 Support SPI packet state detection, firewall, ACL access control, anti DDoS attack, intrusion
protection (prohibit Ping) and attack defense, IP-MAC binding and other firewall functions
ensure that the network is not attacked by the outside world.
 Support local storage
 Double watchdog design ensures system stability

1.3 Product parameters

Project Describe
Wireless module Industrial 3G / 4G wireless communication module
Wireless network Telecom 2G CDMA1X, 3G CDMA2000, EVDO Rev0, Reva, revb networks;
support Unicom 2G GSM / GPRS / edge, 3G WCDMA HSDPA / HSUPA / HSPA / HSPA
+ / dc-hspa+
Network;
Mobile GSM / GPRS / edge, 3G TD-SCDM / TD-HSDPA / td-hsupa
network;4G FDD LTE network;
4G TD-LTE network;
Support GPRS / edge class 12;
UMTS / HSPA / HSUPA / HSPA / HSPA + / dc-hspa + (WCDMA / FDD)
2100mhz or 850 / 1900 / 2100mhz or 850 / 900 / 1900 / 2100mhz / AWS;

GSM 900 / 1800MHz dual band or 850 / 900 / 1800 / 1900MHz Quad Band;
 CDMA1X / EVDO: 800 / 1900MHz or 450MHz optional;
TD-SCDMA/TD-HSDPA/TD-HSUPA 2010~2025MHz/1880~1920MHz；
4G FDD LTE:
Band 1--2100Mhz
Band 2--1900Mhz
Band 3--1800Mhz
Band 4—AWS(1700/2100Mhz)
Band 5--850Mhz Band
7--2600MHz
wireless spectrum Band 8--900Mhz Band
12--700Mhz
Band 13--700(B13)Mhz
Band 17--700(B17)/AWS
Band 19—800Mhz
Band 20--DD800Mhz
Band 21
Band 25 –1900Mhz G Block
Band 31– 450Mhz
Other FDD LTE bands4G
TDD LTE (TD-LTE):
Band 41 – 2500/2600Mhz
Band 40 -- 2300Mhz
 Band 39 – 1900MHz
band 38 -- 2600mhz
other TDD LTE bands
Note: 4G LTE covers many frequency bands. Please confirm the required
frequency bands before ordering
4G LTE
Network:
FDD LTE downlink 100Mbps, uplink
50Mbps, TDD LTE downlink 150Mbps,
uplink 50Mbps
Network rate Dc-hspa + Network:
Downlink: 42mbps;Uplink: 5.76mbps
HSPA + (H) network:
Downlink: 21mbps optional;Uplink: 5.76mbps
HSPA + (L) network:
Downlink: 14.4mbps optional;Uplink: 5.76mbps
HSUPA / HSPA network
Network rate Downlink: 7.2Mbps;Uplink: 5.76mbps
HSDPA network
Downlink: 7.2 Mbps;Uplink: 384k BPS
WCDMA / UMTS Network
Uplink / downlink: 384 kbps
Edge network
Downlink: 236.8 Kbps;Uplink: 118 kbps
GPRS network
Downlink: 85.6 Kbps;Uplink: 42.8 kbps
CDMA1X network
Uplink / downlink: 153.6kbps
CDMA2000 EVDO
Rev B: 14.4mbps downlink, 5.7mbps uplink
Rev A: 3.1mbps downlink, 2.4mbps uplink
Rev o: 2.4mbps downlink, 153.6kbps uplink
3G TD-SCDMA:
The downlink rate is 2.8mbps and the uplink rate is 2.2mbps

Transmit power < 24dbm

Acceptance sensitivity <-109dBm

1.3.1 WiFi wireless parameters

Project Describe

Standard and IEEE802.11b/g/n

frequency band
Theoretical IEEE802.11b / G: maximum speed 54Mbps
bandwidth
IEEE802.11n: maximum speed 300mbps

Security and WPA/WPA2

encryption
Transmit power 15dBm

Receiving <-72dBm@54Mbps
sensitivity
 1.3.2 hardware system

Project Describe

CPU 32Bit communication processor

FLASH 64Mbit

SDRAM/DDR DDR2 512Mbit

Chapter II product structure

2.1 Product appearance drawing

Side A

Side B
2.2 Product dimension drawing

2.3 Product interface definition

Side A:
1. Drawer SIM card slot: a self-locking slot. Poke the round hole on the right and the card holder will
pop up.
2. indicator light:
Sys: system indicator, which is always on when
starting and flashing when working.4G: Dial
status light, flash when dialing, and always on
after successful networking.WiFi: WiFi status
light, normally on.
Link: wired network access indicator, which is always on when the connection is normal and
flashes when there is data flow.
3. 3G / wifi antenna interface: SMA external rotation inner hole interface.
4. Surface:6pin industrial serial port: the standard serial port is
used for DTU function, and the standard power supply is
connected.B
1, WAN / LAN Ethernet interface
2Reset key: press the reset key once to restart the router. Long press the reset key for 10
seconds, and the system light (sys) will flash. Then the router starts to restart and the
reset is successful.
3DC interface: IR4 series route provides 2.0mm standard round hole DC power supply,
and the electrode is internal positive and external negative.The power supply voltage
range is 9-30v. It is recommended to use the standard 12V / 2A power supply provided
by the manufacturer.

2.4 Product indicator status description

Indicator status description
name state describe
Chang It indicates that the power supply is normal and starting
System light (sys) Liang
Slow flash About 10 seconds after power on, it changes from constant light to slow
flash, indicating that the system operates normally
Chang RJ45 port is connected
Link light Liang
Extinguish RJ45 port not connected
4G Chang This indicates that the router has successfully dialed up for networking
Liang
twinkle Indicates that the router is dialing up
WiFi light Chang WiFi has been enabled
Liang
Extinguish WiFi function is not enabled

2.5 Description of product accessories

Product standard configuration list
Fitting name quantity remarks
Uw-r400 4G router 1 individual Equipment host
3G / 4G antenna 1 root nothing
Wifi antenna 2 root nothing
The power adapter 1 individual 12v2a power access
Install the fixings 1 yes Packaging according to
customer requirements

Chapter 3 setting preparation

3.1 Unpack
After the whole package of equipment arrives at the site, it is necessary to open the box and
check whether the accessories are complete according to the list of product accessories.After
unpacking, please keep the packaging materials for later use.

3.2 Installation and wiring

3.2.1 Installation of SIM / UIM card

 Uw-r400 4G router supports SIM card, so it is necessary to install SIM card in the SIM
card slot during normal installation and use. The following is only an example of installing
SIM card in the SIM slot on the right side of the front panel.

Step 1 gently press the yellow button on the SIM card holder with a sharp object to eject the card holder:

Step 2 insert the SIM card into the card holder with the metal side facing upward, and the missing
corner end facing outward.Then press the card holder into the card slot:

3.2.2 Antenna connection

Please connect all antennas to the antenna interface in a clockwise direction according to the
following view:
3.3 Login configuration interface
Uw-r400 router has built-in web interface, management and debugging tools. Users
should configure relevant parameters before using the router;In the process of use, it can
flexibly change relevant parameters, software upgrade and simple test.

3.3.1 Computer network configuration

Set your computer network configuration correctly. Now take XP system as an example,
right-click "network neighborhood" > "properties". In the subsequent open window, right-click
"local connection" > "properties";

In the pop-up dialog box, first select "Internet Protocol (TCP / IP)", and then click the "properties"
button with the mouse;
 Select get IP address automatically.

3.3.2 Confirm that the computer is connected to the router

When your computer shows that it has successfully obtained IP, please use the ping
command to confirm whether the connection between the computer and the router is
successful.
For example, in the Windows XP environment, execute the ping
command: Ping 192.16810.1 if the screen displays as follows, it indicates
that the computer has successfully established a connection with the
router.

3.3.3 Login router

Next, you will log in to the router web settings page.

Enter in the web browser address bar“http://192.168.10.1”, enter the login user name
and password in the pop-up box.
When logging in for the first time, please enter the default user name: admin, password:iradm
3.3.4 Enter the router web settings page

After successful login, enter the web settings page, and then you can set and manage the router,

Chapter 4 network settings

4.1 Network settings

Through the basic network configuration, you can complete the configuration of LAN, Wan,
mobile network, Wi Fi (optional), parameter switching, network connection type, link backup
and DHCP server. After the configuration, you can meet the needs of basic network
communication.

4.1.1 Wide area network

4.1.1.1 WWAN interface settings

The system defaults to the 3G / 4G wireless routing mode. Insert the 3G / 4G tariff card, and
the router will automatically identify the 3G / 4G network.You only need to enter your user name and
password. After saving, you can surf the Internet.
4.1.1.2 Wired Wan
Wired Wan includes three connection modes: DHCP client, static IP and PPPoE:
PPPoE parameter configuration is shown as follows:
Configure according to the example above, enter the correct broadband dial-up
account and password, and click "save".Static address parameter
configuration, as shown in the following figure:

Configure according to the example above and click "save".

DHCP client parameter configuration, as shown in the following figure:

Configure according to the example above and click "save".

 4.1.1.3 Disconnection detection

After the disconnection detection function is enabled, the system will automatically Ping the IP
address in the setting.

The detection duration is the cumulative packet loss duration;How long is the detection
interval for the ping function;The IP address is the target address for the system to Ping.If you
fail to Ping the IP address for a long time during the detection, the system will restart
automatically.

4.1.2 LAN settings

LANLocal area network (LAN) refers to a computer group interconnected by multiple computers in a
certain area. LAN can realize the functions of file management, application software sharing, printer
sharing, schedule in the working group, e-mail and fax communication services. LAN is closed, which
can be composed of two computers in the office or one computerThe company consists of thousands of
computers.This setting is generally the default.

4.1.3 DHCP server

 DHCP (Dynamic Host Configuration Protocol) is a LAN network protocol. It works
using UDP protocol. It has two main purposes: automatically assigning IP addresses to
internal networks or network service providers, and giving users or internal network
administrators as a means of central management of all computers.

4.1.3.1 DHCP server settings

It is used to set the DHCP server on or off, DHCP gateway, starting address, lease duration, etc.
generally, it can be turned on by default.

4.1.3.2 DHCP client list

Displays the device currently using the assigned address.
4.1.3.3 DHCP address binding
Specify an IP address for the device based on its MAC address.

4.1.4 DTU

DTU is set to off state by default. It can be used in server and client modes.

4.1.4.1 As server-side settings

 Server mode setting Description:

DTU type: server mode

protocol: supports TCP
and UDP.
Port: the port number used by the server.
Baud rate: baud rate of serial port. Support:
96001920384005760015200.Data bit: serial port data bit setting,
support: 8, 7, 6, 5.
Stop bit: serial port stop bit setting, support: 1, 2.
Check bit: serial port check bit setting. Support: none, odd, even,
mark, space.Flow control: serial port flow control options, support:
none, RTS / CTS, Xon / XOFF.
4.1.4.2 Set as client

Client mode setting description

Protocol: support TCP and UDP.
IP address: the IP address or domain
name of the server.Port: the port
number used by the server.
Baud rate: baud rate of serial port. Support:
96001920384005760015200.Data bit: serial port data bit setting,
support: 8, 7, 6, 5.
Stop bit: serial port stop bit setting, support: 1, 2.
Check bit: serial port check bit setting. Support: none, odd, even,
mark, space.Flow control: serial port flow control options, support:
none, RTS / CTS, Xon / XOFF.

4.1.5 Peanut shell inner screen

No public IP is required. With the intranet penetration function, the domain name can be accessed
remotely.
 After opening the peanut shell intranet version, you will get a random device serial number,
click "login management", the web page will jump to the peanut shell login page, enter the
correct password, and click "login";

Select the intranet mapping function, edit the corresponding domain name resolution settings, and take
effect after saving.

4.1.6 Network detection tool

 Cooperate with testers to monitor the line status of the whole network in real time and take
corresponding measures.

4.2 Wireless security settings

Wireless security settings are mainly used to set the SSID, password, power, etc. of
the wireless network. Customers can set them according to their own needs and restart
after saving.

4.2.1 Basic settings

4.2.2 Wireless client

 The wireless client allows you to easily expand the wireless network without WDS support.
You need to set the connection parameters of the remote AP. The AP client will connect these
parameters to the remote AP. Please confirm that the correct security parameters are set, and
the working channel of the wireless network must be the same as the AP to be connected.
4.2.3 WIFI Dog

It is used to realize the web authentication function. When you connect to a wireless
hotspot and send a data request, you will first open the web authentication page for user
authentication.

4.3 VPN settings

4.3.1 PPTP settings

PPTP (point to point Tunneling Protocol) is a new enhanced security protocol developed
on the basis of PPP protocol. It supports multi protocol virtual private network (VPN) and
can pass password authentication protocol (Pap) and extensible authentication
protocol(EAP) and other methods to enhance security. Remote users can safely access
the enterprise network by dialing in to ISP, directly connecting to the Internet or other
networks.

New PPTP client

As shown in the figure below, click - New PPTP client in PPTP client to add a new PPTP connection.
Click to see the following settings:

Name: the name of this client connection. It can be customized.

Server address: fill in the address of PPTP server here, which can be
domain name or IP address.User: fill in the user name given by PPTP
server here.
Password: password of PPTP user.
MTU value: set the MTU information of PPTP excuse here, usually 1490.

4.3.2 L2TP

L2TP is an industry standard Internet tunneling protocol. Its function is roughly similar
to PPTP protocol. For example, it can also encrypt network data streams.However, there
are differences. For example, PPTP requires the network to be IP network, and L2TP
requires packet oriented point-to-point connection;PPTP uses a single tunnel and L2TP
uses multiple tunnels;L2TP provides header compression and tunnel verification, which
PPTP does not support.

New L2TP client connection

As shown in the figure below, click New L2TP client in L2TP client to add a new L2TP connection.
 Click to see the following settings:

Name: the name of this client connection. It can be customized.

Server address: fill in the address of L2TP server here, which can be
domain name or IP address.User: fill in the user name given by L2TP
server here.
Password: password of L2TP user.
MTU value: set MTU information of L2TP excuse here, which can usually be set to 1490.

4.3.3 IPSEC

IPSec protocol works in the third layer of OSI model,Make it suitable for protecting
TCP or UDP based protocols (such as secure socket sublayer) when used alone(SSL)
cannot protect the traffic flow of UDP layer). This means that compared with the transport
layer or higher-level protocols, IPSec protocol must deal with the problems of reliability and
fragmentation, which also increases its complexity and processing overhead. Relatively
speaking, SSL / TLS relies on higher-level TCP (layer 4 of OSI) to manage reliability and
fragmentation.

4.3.3.1 IPSec list

The existing IPSec connection status information is displayed here.

4.3.3.2 new IPSec connection

As shown in the figure below, click - New IPSec connection in the IPSec list to add a new IPSec
connection.
Click to see the following settings:

Name: Ike policy name, please use pure English or combination of numbers beginning with
English.Mode: optional main mode, savage mode.
IPSec networking type: network to network mode is supported.
Working mode: optional, not enabled, active connection,
automatic discovery, waiting for connection.Local ID: IPSec ID
can not be set or set as a pure English custom name.Local
subnet: local subnet address.
Remote address: the IP address or domain name
of the opposite IPSec.Remote ID: IPSec ID name
of the opposite end.
Remote subnet: the subnet address of the opposite end.
Ike version: optional versions ikev1 or IKEv2.
Ike security policy: Ike security policy, which needs to be added in IKE security policy first.
IPSec Security Policy: IPSec Security Policy, which needs to be
added in IPSec Security policy first.Tunnel authentication: ike-psk,
ike-xauth-psk, never
PSK: PSK key of IPSec connection.
 DPD mode: none, clear, hold and restart are
optional.Note: a note about this link.

4.3.3.3 IPSec Security Policy

Existing IPSec Security policies are displayed here

New IPSec Security Policy

As shown in the figure below, click - New IPSec Security Policy in IPSec Security Policy to add a
new IPSec Security Policy.

Click to see the following settings:

Name: Ike policy name, please use pure English or combination

of numbers beginning with English.Protocol: optional ah, esp.
Ah verification algorithm: optional MD5, SHA1.

4.3.3.4 Ike security policy

The existing IPSec Ike security policy is displayed here

Add Ike security policy
As shown in the figure below, click New Ike security policy in IKE security policy to add a new Ike
security policy.

Click to see the following settings:

Name: Ike policy name, please use pure English or combination

of numbers beginning with English.Encryption algorithm: DES,
3DES, aes128, aes192 and aes256 can be selected.
Verification algorithm: SHA1 and MD5 can be selected.
DH group: DH1, DH2, DH5, DH14, DH15, dh16, dh17, DH18 can be selected.
Ike life cycle: the minimum value is 1 hour.

4.3.4 GRE
GRE (generic routing encapsulation), that is, the general routing encapsulation protocol,
encapsulates the datagrams of some network layer protocols (such as IP and IPX), so that these
encapsulated datagrams can be transmitted in another network layer protocol (such as IP).
 GRE is the third layer tunnel protocol of VPN (virtual private network), that is, a
technology called tunnel is adopted between the protocol layers.

4.3.4.1 GRE list

The existing GRE connection status information is displayed here.

4.3.4.2 new GRE connection

As shown in the figure below, click - New GRE connection in GRE to add a new GRE tunnel
connection.

Click to see the following settings:

Name: GRE tunnel name, please use pure English or
combination of numbers beginning with English.Tunnel address:
GRE tunnel IP address.
Remote address: the IP address of the remote GRE connection.
Remote subnet / mask: the subnet and
mask of the remote gre.Password:
connection password of GRE tunnel
MTU value: MTU value of
GRE tunnel.
TTL: TTL period of GRE
tunnel.

4.4 Static routing

Static routing refers to the routing information manually configured by users or network
administrators.When the network topology or link state changes, the network administrator
needs to manually modify the relevant static routing information in the routing table.Static
routing information is private by default and will not be passed to other routers.Of course, the
network administrator can also set the router to be shared.Static routing is generally applicable
to a relatively simple network environment. In this environment, the network administrator is
easy to clearly understand the network topology and set the correct routing information.

4.4.1 Static routing list

Existing static routing information is displayed here.

4.4.2 Add static routing rules

As shown in the figure below, click new static routing rule in static routing to add a new static
routing rule.

Click to see the following settings:

Destination address: the destination
address of the static routing
rule.Subnet mask: the subnet mask of
the destination address.
Gateway: gateway of destination address.
Route hop point: refers to a variable value obtained after the routing protocol algorithm
completes the calculation, such as network delay. Its purpose is to determine the best route.
MTU value: the MTU value of the static route.

4.4.3 VRRP

VRRP is a routing fault-tolerant protocol, which can also be called backup routing
protocol.All hosts in a local area network set the default route. When the destination
address sent by the host in the network is not in the network segment, the message will be
sent to the external router through the default route, so as to realize the communication
between the host and the external network.When the default router goes down (i.e. the
port is closed), the internal host will not be able to communicate with the outside. If the
router is set with VRRP, the virtual router will enable the backup router to realize the whole
network communication.

4.4.3.1 VRRP list

As shown in the figure below, click - New VRRP rule in VRRP to add a new VRRP rule.

4.4.3.2 new VRRP rules

As shown in the figure below, click new static routing rule in static routing to add a new static
routing rule.
Click to see the following settings:

Mode: support master and backup

modes.Virtual ID: virtual ID of VRRP.
Virtual IP: virtual IP of VRRP.
Priority: the VRRP priority of the
machine.Password: the
password of vrpp.
Remarks: the remarks of this VRRP can be used to explain the function.

4.4.4 Policy routing

4.4.4.1 policy routing

Policy routing is an advanced option for routing

function. It is not enabled by default.Support: line
backup and load balancing.
4.4.4.2 line backup

Line backup: when one WAN port is abnormal due to the existence of multiple Wan ports, the
router can timely switch the data to other normal Wan ports, providing a strong guarantee for the
stability of the network.

Main WAN interface: wired wide area network (WAN) and cellular wide area network (WWAN
interface) are optional. Main Wan detection mode: Currently, only Ping detection IP mode
is supported.
Primary Wan Ping IP address: Ping is the target IP address for detection.
Standby Wan: wired wide area network (WAN) and cellular wide area network (WWAN
interface) are optional. Standby Wan detection mode: Currently, only Ping detection IP
mode is supported.
Alternate Wan Ping IP address: Ping is the target IP address for detection.

4.4.4.3 load balancing

The load balancing in policy routing will automatically overlay and divert the existing
Wan addresses that can be used. You only need to select Load Balancing in the routing
mode, as shown in the following figure.
4.5 Firewall settings

4.6.1 Port mapping

Use of port
mapping

As shown in the figure: there are aB (IR1 device) and C are three routers, and u is the client. A
and u are in the same LAN. A&apos;s IP address is 192.168.1.1, and U&apos;s IP address is
192.168.1.56. B and C are in another LAN, and their IP addresses are 192.168.10.1192.168.10.5
respectively. The WAN port of router B is connected to the LAN port of router a, and the obtained
Wan address is 192.168.1.55.
The definition of virtual server is: user u accesses router B through a across the network, and
router B automatically transfers the service request to server (router) C.
Here, the connection mode and setting of B are very
important.The connection mode requirements are as follows:
1. B connects the external network through the WAN port.
2．B connects C through LAN port.
Setting method: enter the setting interface of router B - Firewall - commodity mapping. The setting
parameters are as follows:
 The external port can be filled in freely, and the internal port should be consistent with the
corresponding service port of server (router) C (port 80 is the web configuration interface port of
router C).
After filling in according to the above contents, save it.
Now, connect router a through client u and enter enter in the address bar. The browser will
directly enter the setting interface of router C.http://192.168.1.55:1000

4.6.2 DMZ settings

DMZ is the abbreviation of "demilitarized zone" in English, and the Chinese name is "isolation zone", also
known as "demilitarized zone".It is a buffer between non security system and security system to solve the
problem that external network access users cannot access internal network server after installing
firewall.The buffer is located in a small network area between the enterprise internal network and the
external network.Some server facilities that must be disclosed can be placed in this small network area,
such as enterprise web server, FTP server and forum.On the other hand, through such a DMZ area, the
internal network is more effectively protected.Because of this network deployment, compared with the
general firewall scheme, there is another barrier for attackers from the external network.

4.6 System settings

4.6.1 Management settings

Used to manage router interface language and password security.

4.6.1.1 password setting

Manage the login password of the router and restart it after saving.

4.6.1.2 language setting

The language setting of routing web interface can be changed to English display, which will take
effect after saving.
4.6.2 configuration management
You can save the current configuration information locally or import the previous backup file locally.

4.6.3 Update Firmware

With this setting, you can upgrade the router firmware.
4.6.4 Restart
You can use this item to set the device to restart regularly.
 Chapter V typical applications

5.1 How to use IPSec

5.1.1 How to build IPSec between Cisco routers and uw-r400 series
routers
Taking Cisco 7200 as an example, Cisco 7200 is used as the server of IPSec.The router configuration
is as follows:
crypto keyring IPSEC1
pre-shared-key hostname IPSEC1
key test crypto isakmp profile IPSEC1
description china SZ
IPSEC1 vrf SMEP
keyring IPSEC1
match identity host
IPSEC1 keepalive 60
retry 10

crypto ipsec transform-set vpnset esp-des esp-

md5-hmac crypto ipsec profile IPSEC1
set transform-set vpnset
set isakmp-profile
IPSEC1

crypto dynamic-map IPSEC1

set security-association lifetime kilobytes
536870912 set security-association lifetime
seconds 28800
set transform-set vpnset
set isakmp-profile
IPSEC1 reverse-route
Crypto map corevpn 26 IPSec ISAKMP dynamic
IPSec 1 uw-r400 is the IPSec client. The
configuration is as follows:
Create a new IPSEC policy, as shown in the following figure:

Create a new IKE policy, as shown in the following figure:

Create a new IPSec client connection. The configuration is shown in the figure below:

5.1.2 How to build IPSec between H3C router and uw-r400 Series
Router

First, set the H3C router through the wizard so that it can dial up and go online through PPPoE,
and set the H3C router as a server.At the same time, insert the sl-r7m22 router into the SIM card
to dial up the Internet.
Configure the H3C router according to the following figure:
Enter the IP address pre shared key obtained by the local WAN port at the opposite gateway address /
host name, and set it to be consistent with the key of uw-r400.
In gateway ID, select FQDN in opposite end ID type.Set the ID to be consistent with the connection
name of uw-r400.

Advanced parameter settings can be consistent with the figure below

Create a new IPSec policy, as shown in the following figure:

Create a new Ike policy, as shown in the following figure:

Create a new IPSec client connection. The configuration is shown in the figure below:
5.1.3 How to build IPSec with juniper firewall and uw-r400 series
routers

Set juniper firewall as IPSec server and uw-r400 router as IPSec client.
Add two different zones and apply them to different tunnels.As shown in the figure below (general)
Ssg5 supports multiple zones (5gt only supports 3 zones)

Configure using the configuration wizard

First, enter the juniper configuration wizard, which can be accessed in the following two
ways: 1) after juniper is restored to the factory settings, a configuration wizard will appear
when you enter the router for the first time.2) After entering the router, select route based
VPN under the Wizards directory to enter the VPN wizard configuration.
Next, take the second method as an example for configuration
1) After entering the router, see the figure below

2) Select route based VPN under the Wizards directory, as shown in the following figure
As shown in the figure above, select trust for the local site and untrust for the remote site. Click next

The figure above shows the establishment of a VPN tunnel. If no tunnel has been established in the
router, make new tunnel interface
Select Trust (trust VR) or untrust (trust VR) to go to the next step. If a tunnel has been established
previously, directly select used existing tunnel interface to the next step.

Select LAN to LAN and click next

As shown in the figure above, because juniper is the server side, select local startup IP < - > remote
dynamic IP,

Note that the remote user ID is the user name in establishing VPN. When uw-r400 and
juniper are established, this ID needs to be filled in the form of domain name (111. Vpn1.
Com).

The above figure shows the key in establishing VPN. The key server and client must be consistent.
The above figure shows the options of filling in local network segment and remote network segment
during VPN establishment, as shown in the following figure
Then click Finish to complete the wizard configuration
After completing the configuration wizard,you need to enter the configuration interface to modify
several places.Enter the autokey Ike option in the VPNs list

Enter edit
 Select the advance option, as shown in the following figure

The above figure needs to be modified: 1Check the proxy ID and fill in the following local IP / netmask
and remote IP / netmask respectively.2. Check VPN monitor and optimized, as shown in the figure below
In the policy configuration interface, you need to configure the following configurations

Create a new IPSec policy, as shown in the following figure:

Create a new Ike policy, as shown in the following figure:

Create a new IPSec client connection. The configuration is shown in the figure below:
5.2 How to use PPTP

5.2.1 B u i l d P P T P s e r v e r u n d e r W i n d o w s S e r v e r
2003

First, connect the Win2003 server to the network. If it is a server behind the firewall, you
need to map port 1723 to Win2003 on the router (firewall). The PPTP VPN server is built.
The basic configuration is as follows:
Click Start Menu = = management tools

Select liuhuanpc (local)

Right click to select properties

Click safe

Authentication provider = = = select windows authentication

Next, click authentication method

Next, click the IP tab

Click the PPP tab

Next, select the remote access policy

Right click Remote Access Policy = = create a new remote access policy, named Pap (optional) = =
next==Write the name PAP,then click next = = select VPN
Click next
 Click Next = = click Next again = = keep clicking next = = completed.After creation,
double-click the PAP policy to modify it as follows:

Click Edit Profile

Click the IP tab
Click the multiple connections tab

Click authentication to select a graphics card

Click the encryption tab

Click the Advanced tab

Add user name and password as follows:
Right click my computer = = management = = local users and groups = = create a new
user, name UU password 1 = = right click this user = = properties = = select dial in tab =
=select dial in.

Check "apply static routing", click "static routing" and fill in the LAN segment and mask of
the client in the list, such as "10.10.10.0 / 256.256.255.0"
In this case, we can dial up an ordinary PC.If we want the 3gcdma of uw-r400 router to dial
up.We need to add some other configurations to the default configuration of VPN server to
dial 3gcdma of our company.

Configure PPTP client for router

First log in to the router web configuration page, select the "VPN" option and open the "PPTP"
function. The configuration is as follows:
After configuring the PPTP dialing parameters, click the "OK" button and wait for 1 ~ 2 minutes to
observe whether the VPN light is always on. If the LED light is always on, it indicates that the router
has successfully connected to the VPN server.

5.2.2 B u i l d P P T P s e r v e r u n d e r W i n d o w s X P

The establishment of PPTP VPN server under Windows XP is not stable and is generally
only used during testing. The steps to build the server are as follows:
1. To where the network connection is established:
2. Open the guidance to establish new connection

3. next step
 4. Select “to set up advanced connection”, then “next”

5. Select accept incoming connections and click next

6. Nothing to select,next step

7. Select "allow virtual private connections" and click next

 8. Select Add to add users.The user account and password added here shall be filled in the PPTP VPN
of the router inside the client configuration.

9. The user name and password entered are all test (customizable), and "OK"

10. Next step

11. Select Internet Protocol (TCP / IP) and click properties
12. Press the above to enter the address assignment range (customizable) and "" to
confirm. When assigning by the above address,VPN The server will get200.200.200.1 ofIP。
rest200.200.200.2 Will be assigned toVPN client.This is virtualVPN PassageIP, the server
and each connected client have oneIP.

13. next step

14. "Done"
15. In the network connection, there is an "incoming connection" icon, indicating that the
establishment is successful!

Configure PPTP VPN for router

First log in to the router web configuration page, select the "VPN" option and open the "PPTP"
function. The configuration is as follows:
After configuring the PPTP dialing parameters, click the "OK" button and wait
for 1 ~ 2 minutes to observe whether the VPN light is always on. If it is always
on, it indicates that the router has successfully connected to the VPN server.

5.3 How to use L2TP

Build L2TP server under Windows 2003 server.The actual implementation

process is described below. First, by default, the windows VPN service opens
both L2TP and PPTP modes.
L2TP differs from PPTP in that:
1.The selection of, L2TP and PPTP depends on the options in
"properties" - Network "of VPN connection on the client.The default is PPTP.
2.In addition, the pure mode of L2TP (without IPSec encryption) needs to change
the server and client registry.

5.3.1 Set up routing and remote access

Open the server, administrative tools - routing and remote access

5.3.2 Server registry modification (L2TP only)

Open and modify the registry on the

server and disable IPSec as
follows:
How to disable automatic L2TP / IPSec policies
1. Start the registry editor (regedt32. Exe).
2. Locate and click the following registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman\
Param
eters
3. On the edit menu, click add value.
4. Type prohibitipsec in the value name box and click reg in the data type
box_DWORD and click OK.
5. In the data box, type 1, and then click OK.
6. Close the registry editor and restart the computer.

Restart your computer

5.3.3 Create a new account with dial in permission

To log in to the VPN server, you must know a user with dial in permission
of the server. In order to make it more clear, create a new user on the VPN
server and give the user dial in permission. The process is as follows: Figure
11 to figure 12 are to establish a user, and figure 13 is to give the user remote
login permission,Be sure to select "allow access" in "remote access permission",
or you will not be able to log in.
5.3.4 Client settings

After logging in to the router, select the "VPN" option to open the L2TP function. The
configuration is as follows:
After setting L2TP dialing parameters, click "OK".Wait 1 ~ 2 minutes and
observe the VPN light. If it is always on, it indicates that L2TP has
successfully connected to the server.
At this time, on the server side, you can see that there is an "interface" in
"routing and remote access".When the client dials, the "connected" status will
be displayed.

Although, the address obtained by the client is 169.254106.96 and server port address:
169.25441.86 is not in a network segment, but can be connected.Because the client VPN connection
is actually logically connected to the interface on the server.

5.4 How to use GRE

The following preparations must be made to use GRE:

Two uw-r400 routers must be able to Ping each other.Configure the external IP address of the opposite
end to each other as the remote web address.
Local LAN IP, peer LAN IP and GRE IP must be in different domains.The configuration of end A is as
follows:
B-end configuration is as follows:

Note: the WAN IP, GRE IP and local LAN IP at both ends must be filled in correctly.

When all parameters are configured, click "OK" and wait for 1 ~ 2 minutes to observe the
VPN light. If it is always on, it indicates that the GRE of the two routers has been
successfully connected.
 Chapter VI FAQ exception handling
6.1 Hardware problems

6.1.1 All indicators are off

Problem phenomenon
All indicators of 4G router are not on.
Cause analysis
Possible reasons are as follows:
The power supply does not meet the requirements
The power supply is not connected with the power port of the router.
Solution
If the power supply does not meet the requirements, please ensure that the power supply range of the
power supply is 9 ~ 30V.If the router power port is connected to the power supply, please insert the
power cord into the power port.

6.1.2 SIM card holder connection problem

Problem phenomenon
The SIM card holder cannot insert the SIM card normally.
Cause analysis
The SIM card holder is damaged.
The insertion direction of the SIM card is wrong
Resolvent
If the SIM card holder is damaged, please contact our technical support engineer for repair.
If the SIM card is inserted in the wrong direction, please make sure that the chip is facing up and the
corner is inserted into the card holder when the SIM card is inserted.

6.1.3 Network port connection problem

Problem phenomenon
The LAN port indicator is not on, and the router page cannot be accessed.
Cause analysis
The possible reasons are as follows: the network cable is not installed correctly
The network cable is damaged, and the network card on the PC side works abnormally
Resolvent
If the network cable is not installed correctly, reinstall the network cable.
If the network cable is damaged, replace the network cable.
If the network card on the PC side works abnormally, please replace the network card.
6.1.4 Antenna connection problem

Problem phenomenon
The antenna cannot be installed properly.
Cause analysis
The antenna does not meet the requirements of accessories.Incorrect antenna connection.
Resolvent
If the antenna does not meet the requirements, replace the antenna that meets the requirements.
If the antenna connection is incorrect, reconnect the antenna.

6.2 System problems

6.2.2 No signal display

Problem phenomenon
No signal is displayed on 4G router mobile network status page.
Cause analysis
The antenna connection is abnormal. The modem does not dial the number and the modem drops
Resolvent
If the modem is not dialed, see "wide area network".
If the modem drops, please confirm whether there is a process in the router&apos;s application that
causes the router to go offline.

6.2.3 Cannot find SIM / UIM card

Problem phenomenon
The 4G router mobile network status page shows that the SIM card cannot be found.
Cause analysis
Possible reasons are as follows: the SIM card is damaged
Loose SIM card, abnormal contact or incorrect installation
Resolvent
If the SIM card is damaged or invalid, please replace the SIM card.
If the SIM card is loose, improperly contacted or incorrectly installed, please reinstall it.

6.2.4 Weak communication signal

Problem phenomenon
The 4G router mobile network status page displays no signal or signal difference.
Cause analysis
Possible reasons are as follows:
Antenna not installed or damaged
The network coverage and signal strength in the area where the equipment is located are weak
Resolvent
If the antenna is not installed correctly, install the antenna correctly.If the antenna is damaged,
replace the antenna.
If the network coverage and signal strength in the area where the equipment is located are weak,
contact the network operator for reasonable solution.

6.3 Vdpn connection class problem

6.3.1 VPDN cannot connect

Problem phenomenon

The status page shows that VPDN cannot connect.

Cause analysis

Possible reasons are as follows:

The interface used for VPDN connection is not working properly

The VPDN configuration parameters are incorrect

VPDN peer server is not working properly

Resolvent

If the interface used for VPDN connection is not working properly, please reconfigure the interface
used correctly. If modem

The interface is not working properly, see "wide area network".

If the configuration parameters of VPDN are incorrect, please reconfirm the detailed parameters of
VPDN for correct configuration.

If the VPDN peer server is not working properly, check the configuration and working status of the
VPDN peer server.

6.3.2 VPN cannot communicate

Problem phenomenon
The VPN page shows connected but unable to communicate.
Cause analysis
Possible reasons are as follows:
The routing information configured in the routing table is incorrect, and the VPN peer server
configuration is incorrect
Resolvent
If the route is incorrect, add the correct route.
If the configuration of VPN peer server is incorrect, please change the configuration of VPN peer
server.

6.3.3 The route is communicable but the subnet is not communicable

Problem phenomenon
The route is communicable, but the subnet is not communicable.
Cause analysis
The VPN peer server is not configured correctly.
The local router does not do masq.
The local route is incorrect.
Resolvent
If the configuration of VPN peer server is incorrect, please modify the configuration of VPN peer
server correctly.
The local router does not do masq. Please manually add masq of VPN interface. Please refer to DMZ
for specific operation methods.
If the local route is incorrect, please change the route configuration manually. See static route
configuration for specific configuration methods.

6.4 Web configuration operation problems

6.4.1 Firmware upgrade failed

Problem phenomenon
Upgrading firmware found that the upgrade was not successful.
Cause analysis
Possible reasons are as follows:
When upgrading, the 4G router is restarted due to the influence of other functions (for example, the
router cannot dial the number and automatically restarts).
The power supply does not meet the requirements
The model and format of the upgraded firmware are incorrect. The router is powered off during the
upgrade process
Resolvent
If the upgrade fails due to restart affected by other functions during upgrade, please close other
functions and upgrade again.
If the power supply does not meet the requirements, please replace the power supply that meets the
requirements.
If the upgrade firmware model and format are incorrect, please replace the upgrade firmware with the
correct format and matching uw-r400.
If the router is powered off during the upgrade process, ensure that the router power supply is normal
during the upgrade process.

6.4.2 Failed to recover parameters

Problem phenomenon

Router recovery parameters failed.

Cause analysis

Possible reasons are as follows:

The parameter file format is incorrect

The router was not restarted after restoring parameters

Resolvent

If the parameter file format is wrong, please replace the parameter file with the correct format.

After restoring the parameters, the router must be restarted before the restoration parameters can
take effect.

6.4.3 Forget the router login password

Problem phenomenon

Forget your password when logging in to the router page.

Cause analysis

The user has changed the password on the user management page of system management

Terms of settlement

When the router starts, you need to press the reset key for 10 ~ 11 seconds and release it to
restore the system configuration to the factory

Status (user name: admin, password: iradm); the "set as default" configuration will be cleared and
restored to the original default configuration, but the patch will be retained.