PepwaveMAX Series: MAX 700 / HD2 /HD2 IP67 / BR1/ On-The-Go Pepwave MAX Firmware 6.1 March 2014 COPYRIGHT & TRADEMARKS Specifications are subject to change without notice. Copyright © 2014 Pepwave Ltd. All Rights Reserved. Pepwave and the Pepwave logo are trademarks of Pepwave Ltd. Other brands or products mentioned may be trademarks or registered trademarks of their respective owners.
Table of Contents 1 INTRODUCTION AND SCOPE ................................................................................................. 5 2 GLOSSARY ............................................................................................................................. 6 3 PRODUCT FEATURES ............................................................................................................. 7 3.1 3.2 SUPPORTED NETWORK FEATURES ...............................................................
13 PORT FORWARDING ........................................................................................................... 80 13.1 PORT FORWARDING SERVICE ............................................................................................................ 80 14 NAT MAPPINGS .................................................................................................................. 83 15 QOS 15.1 15.2 15.3 USER GROUPS ......................................................................
APPENDIX A. RESTORATION OF FACTORY DEFAULTS ........................................................ 138 APPENDIX B. DECLARATION .............................................................................................. 139 http://www.pepwave.
1 Introduction and Scope The Pepwave MAX Mobile Router provides link aggregation and load balancing acrossmultiple WAN connections, allowing a combination of technologies like 3G HSDPA, EVDO, 4G LTE, Wi-Fi, external WiMAX dongle, and Satellite to be utilized to connect to the Internet. This manual presents how to set up the Pepwave MAX Mobile Router and provides an introduction to thefeatures and usage of Pepwave MAX Mobile Router.
2 Glossary The following terms, acronyms, and abbreviations are frequently used in this manual: Term Definition 3G 3rd Generation standards for wireless communications (e.g. HSDPA) 4G 4th Generation standards for wireless communications (e.g.
3 Product Features PepwaveMAX enables all LAN users to share broadband Internet connections, and provide advanced features to enhance Internet access. The following is the list of supported features on Pepwave MAX Mobile Router: 3.1 Supported Network Features 3.1.
PPTP and IPsec passthrough 3.1.4 Firewall Outbound (LAN to WAN) firewall rules Inbound (WAN to LAN) firewall rules per WAN connection Intrusion detection and prevention Specification of NAT mappings Outbound firewall rules can be defined by destination domain name 3.1.5 Captive Portal Splash screen of open networks, login page for secure networks Customizable built-in captive portal Supports linking to outside page for captive portal 3.1.
Read-only user for Web Admin SharedIP drop-in mode (Available on the Pepwave MAX 700 and MAX HD2) Authentication and Accounting by RADIUS server for Web Admin Built-in WINS Servers Syslog SIP passthrough PPTP packet passthrough Event Log Active Sessions Client List WINS Client List UPnP / NAT-PMP Real-Time, Hourly, Daily and Monthly Bandwidth Usage reports and charts IPv6 support(Available on Pepwave MAX 700, HD2 and HD2 IP67) Support USB tethering on Android 2.
4 Pepwave MAX Mobile Router Overview 4.1 MAX 700 Status LED 4.1.1 Front Panel Appearance Ethernet WAN Port Wi-Fi LAN Connector USB Port Power LED Terminal Block Reset Button LAN Ports Wi-Fi WAN Connector Wi-Fi AP LED Wi-Fi WAN LED 4.1.2 Rear Panel Appearance Power Connector USB Ports Kensington Lock http://www.pepwave.
4.1.
4.2 MAX HD2 4.2.1 Front Panel Appearance Ethernet WAN Port Wi-Fi AP Connector USB Port Cellular WAN LED Terminal Block Reset Button Status LED LAN Ports Wi-Fi WAN LED Wi-Fi WAN Connector 4.2.2 Rear Panel Appearance Power Connector Cellular Antenna Connectors Cellular SIM Slots Kensington Lock http://www.pepwave.
4.2.
4.3 MAX HD2 IP67 4.3.1 Front Panel Appearance 4.3.2 TopPanelAppearance 2x Female N-Type Antenna Connectors for Cellular Connection Waterproof Air Vent http://www.pepwave.
4.3.3 Rear Panel Appearance 2x Female N-Type Antenna Connectors for Cellular Connection Ground Plate Waterproof Ethernet WAN and LAN Status LED Waterproof DC Power Connector The statuses indicated by the front panel LEDs are as follows: Status Indicators Status http://www.pepwave.
4.4 MAX BR1 4.4.1 Front Appearance 4.4.2 Top Panel Appearance (MAX-BR1 Version) SMA Cellular Antenna Connector RP-SMA Wi-Fi Antenna Connector Redundant Cellular SIM Slots SMA GPS Antenna Connector (MAX-BR1-LTE Version) Redundant Cellular SIM Slots SMA Cellular Antenna Connectors http://www.pepwave.
4.4.3 Rear Panel Appearance 10/100 Ethernet WAN 10 -30V DC Terminal Block Dual 10/100 Ethernet LAN http://www.pepwave.
4.4.
4.5 MAX On-The-Go 4.5.1 Top Panel Appearance USB WAN Ports 4.5.2 Rear Panel Appearance 10 -24V DC Terminal Block RP-SMA Wi-Fi Antenna Connector LAN Port Ethernet WAN http://www.pepwave.
4.5.3 LED Indicators The statuses indicated by the front panel LEDs are as follows: Cellular Indicators WAN OFF Modem is not attached to the port. Green Modem is attached to the port. Wi-Fi Indicators Wi-Fi OFF Disconnected to AP. Green Connected to AP.
5 Installation The following section details connecting the Pepwave MAX Mobile Router to your network: 5.1 Preparation Before installingyour Pepwave MAX Mobile Router, please prepare the following: At least one Internet/WAN access account and/or Wi-Fi access information. For each network connection, 5.
5.3 Configuring the Network Environment To ensure that the Pepwave MAX works properly in the LAN environment and can access the Internet via the WAN connections, please refer to the following setup procedures: LAN Configuration For basic configuration, refer to Section6,Connecting to Web Admin Interface. For advanced configuration, go to Section7, Configuration of LAN Interface(s). WAN Configuration For basic configuration, refer to Section6, Connecting to Web Admin Interface.
This authenticates your clients through a Radius Server. Upon selecting this option, you will see the following fields: Radius Server Fill in the necessary information to complete your connection to the server and enable authentication. This authenticates your clients through a LDAP Server. Upon selecting this option, you will see the following fields: LDAP Server Fill in the necessary information to complete your connection to the server and enable authentication.
Portal Customization Logo Image Message Terms & Conditions Custom Landing Page Click the Choose File button to select an logo to use for the built-in portal If you have any additional messages for your users, place it on this field. If you would like to use your own set of terms and conditions, please place it here. If left empty, the built-in portal will display the default terms and conditions. Fill in this field to redirect clients to an external URL. http://www.pepwave.
6 Configuration of WAN Interface(s) . 6.1 Mounting the Unit 6.1.1 Wall Mount The Pepwave MAX 700/HD2/On-The-Go can be mounted on the wall by screwing. After adding the screw on the wall, slide the MAX in the screw whole socket as indicated below.Recommeneded Screw Specification: M3.5 x 20mm, Head Diameter 6mm, Head Thickness 2.4mm The Pepwave MAX BR1 can be mountedby screwing the four holes on the device to the wall. 6.1.
(This is the default LAN IP address of the Pepwave MAX.) 3. Enter the following to access the Web Admin Interface. Username: admin Password: admin (This is the default Username and Password of the Pepwave MAX. The Admin and Read-only User Password can be changed at System > Admin Security of the Web Admin Interface.) http://www.pepwave.
4. After successful login, the Dashboardof the Web Admin Interface will be displayed: The Dashboard shows the current WAN, LAN, Wi-Fi AP settings and status. Here, youcan change priority of WAN connectionsand switch on / off Wi-Fi AP. For further information onhow-to set up these connections, please refer to Section 0 and 8.2. Device Information shows the details about the device, including Model name, Firmwareversion and Uptime. For further information, please refer to Section 21.
8 Configuration of LAN Interface(s) 8.1 Basic Settings The LAN Interface settings are located in Network> LAN>Basic Settings IP Settings IP Address Speed The IP address of the Pepwave MAX on LAN. This setting specifies the speed of the LAN Ethernet Port. By default, Auto is selected and the appropriate data speed is automatically detected by the Pepwave MAX. In the event of negotiation issues, the port speed can be manually specified to circumvent the issues.
Drop-in Mode Settings Enable Drop-in Mode eases the installation of the Peplink MAX on a live network between the existing firewall and router, such that no configuration changes are required on existing equipment. Check the box to enable the Drop-in Mode feature. Please refer to SectionError! Reference source not found., Error! Reference source not found.for details. WAN for Drop-In Mode Shared Drop-In ModeA Shared IP AddressA WAN Default Gateway Select the WAN port to be used for Drop-in Mode.
DHCP Server Settings DHCP Server When this setting is enabled, the DHCP server of thePepwave MAX automatically assigns an IP address to each computer that is connected via LAN and is configured to obtain an IP address via DHCP. The Pepwave MAX’s DHCP server can prevent IP address collision on the LAN. IP Range & Subnet Mask Thesesettings allocate a range of IP address that will be assigned to LAN computers by the DHCP server of thePepwave MAX.
values are in w.x.y.zformat. The local LAN subnet and subnets behind the LAN will be advertised to the VPN. Remote routes sent over the VPN will also be accepted. Any VPN member will be able to route to the local subnets. Press to create a new route. Press to remove a route. WINS Server Settings Enable Check the box to enable the WINS Server. A list of WINS clients will be displayed at Status > WINS Clients. DNS Proxy Settings A check box to enable to DNS Proxy feature.
Press to create a new record. Press to remove a record. Check the box to enable the WINS Server. A list of WINS clients will be displayed at Network > LAN > DNS Proxy Settings > DNS Resolvers. This field specifies which DNS resolvers will receive forwarded DNS requests. If no WAN/VPN/LAN DNS resolver is selected, all of the WAN’s DNS resolvers will be selected. LAN DNS TM Resolver Settings If a SpeedFusion peer is selected, you may enter the VPN peer’s DNS resolver IP address(es).
8.2 Captive Portal The Captive Portal serves as gateway that clients have to pass if they wish to access the internet using your router. To configure, navigate to Network >Captive Portal to see the following screen: Captive Portal Settings Clicking the edit button trigger a dialogue where you can choose which LAN / VLAN to apply your captive portal. Apply On Click all LAN / VLAN that you wish to apply the captive portal to. Access Mode Click Open Access to allow clients to freely access your router.
This authenticates your clients through a LDAP Server. Upon selecting this option, you will see the following fields: LDAP Server Fill in the necessary information to complete your connection to the server and enable authentication. Access Quota Set a time and data cap to each user’s Internet usage. Quota Reset Time This menu determines how your usage quota resets. Setting it to daily will reset it at a specified time every day.
Portal Customization Logo Image Message Terms & Conditions Custom Landing Page Click the Choose File button to select an logo to use for the built-in portal If you have any additional messages for your users, place it on this field. If you would like to use your own set of terms and conditions, please place it here. If left empty, the built-in portal will display the default terms and conditions. Fill in this field to redirect clients to an external URL. http://www.pepwave.
9 Configuration of WAN Interface(s) The WAN Interface settings are located at: Network > WAN To reorder different WANs’ priority, just drag on the appropriate WAN by holding the left mouse button, move it to the desired priority (the first one would be the highest priority, the second one would be lower priorityand so on) and drop it by releasing the mouse button.
9.1 Ethernet WAN FromNetwork > WAN, choose a WAN connection and click the button: WAN Port –1 WAN Connection Name This field is for defining a name to represent this WAN connection. There are three possible connection methods for Ethernet WAN: Connection Method DHCP Static IP PPPoE The connection method and details are determined by, and can be obtained from, the ISP. See the Sections9.1.1, 9.1.2, and 9.1.3 for details of each connection method. http://www.pepwave.
WAN Port – 2 This setting specifies the state of the WAN connection. The available options are Remain Standby State connected and Disconnect. The default state is Remain Connected. Upstream Bandwidth Downstream Bandwidth Health Check Method This setting specifies the data bandwidth in the outbound direction from the LAN through the WAN interface. This setting specifies the data bandwidth in the inbound direction from the WAN interface to the LAN.
WAN Port – 3 Bandwidth Allowance Monitor This option allows you to enable bandwidth usage monitoring on this WAN connection for each billing cycle. When this is not enabled, bandwidth usage of each month is still being tracked but no action will be taken. See Section 9.5 for configuration details. (Action, Start Day, Monthly Allowance) This setting specifies port speed and duplex configurations of the WAN Port.
WAN Port – 5 MSS This setting should be configured based on the maximum payload size that the local system can handle. The MSS (Maximum Segment Size) is computed from the MTU minus 40 bytes for TCP over IPv4. If MTU is set to Auto, the MSS will also be set automatically. By default, MSS is set to Auto. This setting allows you to configure the MAC address. Some service providers (e.g.
IPv6 IPv6 support can be enabled on one of the available Ethernet WAN ports. On this screen, you can choose which WAN will support IPv6. IPv6 To enable IPv6 support on a WAN, the WAN router must respond to Stateless Address Auto configuration advertisements and DHCPv6 requests. IPv6 clients on the LAN will acquire their IPv6, gateway, and DNS server addresses from it. The device will also acquire an IPv6 address for performing ping/traceroute checks and accepting web admin accesses.
9.1.1 DHCP Connection The DHCP connection method is suitable if the ISP provides an IP address automatically by DHCP (e.g. Satellite Modem, WiMAX Modem, Cable, Metro Ethernet, etc.). There are three possible connection methods: 1. 2. 3.
9.1.2 Static IPConnection This Static IP connection method is suitable if ISP provides a static IP address to connect directly. Static IP Settings Routing Mode IP Address / Subnet Mask / Default Gateway DNS Servers http://www.pepwave.com This is to substitute the real address in a packet with a mapped address that is routable on the destination network These settings allow you to specify the information required in order to communicate on the Internet via a fixed Internet IP address.
9.1.3 PPPoE Connection This connection method is suitable if ISP provides login ID/ password to connect via PPPoE. PPPoE Settings Routing Mode This is to substitute the real address in a packet with a mapped address that is routable on the destination network IP Address / Subnet Mask / Default Gateway This information is obtained from the ISP automatically. PPPoE User Name / Password Enter the required information in these fields in order to connect via PPPoE to the ISP.
9.2 Cellular WAN Network>WAN> Click on Detail (Available on the Pepwave BR1, MAX HD2, and HD2 IP67 only) Cellular Status IMSI This is the International Mobile Subscriber Identity which uniquely identifies the SIM card. This is applicable to 3G modems only. The Pepwave MAX supports both HSPA and EV-DO. MEID For Sprint or Verizon Wireless EV-DO users, a unique MEID identifier code (in hexadecimal format) is used by the carrier to associate the EV-DO device with the user.
WAN Connection Settings WAN Connection Name This field is for defining a name to represent this WAN connection. Network Mode Users have to specify the Network they are on accordingly. Routing Mode This option allows you to select the routing method to be used in routing IP frames via the WAN connection. The mode can be either NAT (Network Address Translation) or IP Forwarding. Click the button to enable IP Forwarding.
Password, and Dial Number settings manually. The correct values can be obtained from your carrier. The default and recommended Operator Settings is Auto. APN / Login / Password / SIM PIN When Auto is selected, the information in these fields will be filled automatically. Select the option Custom and you may customize these parameters. The parameters values are determined by and can be obtained from the ISP. General Settings Each ISP may provide a set of DNS servers for DNS lookups.
Health Check Settings This setting allows you to specify the health check method for the Cellular connection. The as available options are Disabled, Ping, DNS Lookup, HTTP, and SmartCheck Heath Check Method The default method is DNS Lookup.See Section 9.4 for configuration details. Timeout If a health check test cannot be completed within the specified amount of time, the test will be treated as failed. Health Check Interval This is the time interval between each health check test.
Bandwidth Allowance Settings Bandwidth Allowance Monitor This option allows you to enable bandwidth usage monitoring on this WAN connection for each billing cycle. When this is not enabled, bandwidth usage of each month is still being tracked but no action will be taken. See Section 9.5 for configuration details. This setting specifies the Maximum Transmission Unit. By default, MTU is set to Custom 1440. MTU You may adjust the MTU value by editing the text field.
Wi-Fi WAN Settings WAN Connection Name This field is for defining a name to represent this WAN connection. Standby State This setting specifies the state of the WAN connection while in standby. The available options are Remain Connected (hot standby) and Disconnect (cold standby). Health Check Method This setting allows you to specify the health check method for the WAN connection. The available options are Disabled, Ping, and DNS Lookup. The default method is Disabled. See Section 9.
Select Disabled to disable this feature.See Section 1.1 for configuration details. Bandwidth Allowance Monitor This option allows you to enable bandwidth usage monitoring on this WAN connection for each billing cycle. When this is not enabled, bandwidth usage of each month is still being tracked but no action will be taken. See Section 9.5 for configuration details. This setting specifies the Maximum Transmission Unit. By default, MTU is set to Custom 1440.
9.3.1 Create Wi-Fi Connection Profile You can manually create a profile to connect to a Wi-Fi connection. It is useful for creating a profile for connecting to hidden-SSID access points. Click on the link Create Profile… and the following window will be displayed. Network > WAN click on andthen click onCreate Profile…. This will open a window similar to the shown below Create Wi-Fi Connection Profile Settings Network Name (SSID) This field is for defining a name to represent this Wi-Fi connection.
9.4 WAN Health Check To ensure traffic is routed to healthy WAN connections only, the Pepwave MAX provides the functionality to periodically check the health of each WAN connection. The Health Check settings for each WAN connection can be independently configured via Network > WAN > Details: Health Check Settings Method This setting specifies the health check method for the WAN connection. The value of Method can be configured as Disabled, Ping or DNS Lookup. The default method is DNS Lookup.
negative. This field allows you to specify two DNS hosts’ IP address with which connectivity is to be tested via DNS Lookup. If Use first two DNS servers as Health Check DNS Serversis checked, the first two DNS servers will be the DNS lookup targets for checking a connection's health. If the box is not checked, field Host 1 must be filled and field Host 2 is optional.
Other Health Check Settings This setting specifies the timeout, in seconds, for ping/DNS lookup requests. Default Timeout is set to 5 second. Timeout Health Check Interval This setting specifies the time interval, in seconds, between ping or DNS lookup requests. Default Health Check Interval is 5 seconds. Health Check Retries This setting specifies the number of consecutive ping/DNS lookup timeouts after which the Pepwave MAX is to treat the corresponding WAN connection as down.
9.5 Bandwidth Allowance Monitor Bandwidth Allowance Monitor helpskeep track of your network usage. Click Enable to begin. Bandwidth Allowance Monitor Action Start Day Monthly Allowance http://www.pepwave.com If the feature Email Notification is enabled, you will be notified through email when usage hits 75% and 95% of the monthly allowance.
9.6 Dynamic DNS Settings The Pepwave MAXis capable of registering the domain name relationships to dynamic DNS service providers. Through registration with dynamic DNS service provider(s), the default public Internet IP address of each WAN connection can be associated with a host name. With Dynamic DNS service enabled for a WAN connection, you can connect to your WAN's IP address from the external even if its IP address is dynamic.
Important Note In order to use dynamic DNS services, appropriate host name registration(s) as well as a valid account with a supported dynamic DNS service provider are required. A dynamic DNS update is performed whenever a WAN’s IP address changes. E.g. IP is changed after a DHCP IP refresh, reconnection, etc. Due to dynamic DNS service providers’ policy; a dynamic DNS host will automatically expire if the host record has not been updated for a long time.
10 Advanced Wi-Fi Settings Wi-Fi settings can be configured at Advanced> Wi-Fi Settings. Please note that menus displayed will vary with model. Wi-Fi Radio Settings This drop-down menu specifies the national / regional regulations which the Wi-Fi Radio should follow. Operating Country If a North American region is selected, RF channels 1 to 11 will be available and the maximum transmission power will be 26 dBm (400 mW). If European region is selected, RF channels 1 to 13 will be available.
Wi-Fi AP Settings Protocol This option allows you to specify whether 802.11b and/or 802.11g client association requests will be accepted. Available options are 802.11b/g,802.11b Only, and 802.11g Only. By default, 802.11b/g is selected. Channel This option allows you to select which 802.11 RF channel will be utilized. Channel 1 (2.412 GHz) is selected by default. Channel Width Options Auto (20/40 MHz) and 20 MHz are available.
Wi-Fi AP Advanced Settings Beacon Rate Beacon Interval DTIM This option is for setting the transmit bit rate for sending a beacon. By default, 1Mbps is selected. This option is for setting the time interval between each beacon. By default, 100ms is selected. This field allows you to set the frequency for the beacon to include Delivery Traffic Indication Message. The interval is measured in millisecond. The default value is set to 1 ms.
11 Bandwidth Bonding SpeedFusionTM The Pepwave Bandwidth Bonding SpeedFusionTMfunctionality securely connectsyourMAX router to anotherPepwave MAX or Peplink device (only Peplink Balance 210/310/380/580/710/1350 are available for this function). The data, voice, or video communications between these locations are kept confidential across the public Internet. The Bandwidth Bonding SpeedFusionTM of the Pepwave MAX is specifically designed for multi-WAN environment.
to create a new VPN profile.Each profile is for making VPN connection with one remote Peplink Balance/Pepwave MAX. Once you click on New Profile button this will open a window: PepVPN Profile Active Check this box to enable VPN functionality. Encryption By default, VPN traffic is encrypted with 256-bit AES standard. If the option Off is selected on both sides of a VPN connection, no encryption will be applied.
X.509 To authenticate VPN connections using X.509 certificates, copy and paste certificate details into this field. To get more information on a listed X.509 certificate, click the Show Details link below the field. NAT Mode By selecting this option, the remote unit VPN will be assigned with an IP address from the local DHCP server. All the remote side traffic via this VPN will go through Network Address Translation (NAT) using the assigned IP address.
A Layer 2 Bridging is an advanced feature, click the icon next to PepVPN profile to activate it, then click the box next to Layer 2 Bridging to see all configuration options. Layer 2 Bridging Layer 2 Bridging A When this check box is unchecked, traffic between local and remote networks will be IP forwarded. To bridge the Ethernet network of an Ethernet port on a local and remote network, select this check box.
Send All Traffic To This feature allows you to redirect all traffic to a specified PepVPN connection. Click the connection and the following menu will appear: button to select your You could also specify a DNS server to resolve incoming DNS requests PepVPN Local ID The Local ID is a text string to identify this local unit when establishing a VPN connection. When creating a profile on a remote unit, this Local ID has to be inputted in the remote unit's "Remote ID" field.
Link Failure Detection TM The bonded SpeedFusion can detect routing failures on the path between two sites over each WAN connection. Failed WAN connections will not be used to route VPN traffic. Health check packets are sent to the remote unit to detect any failure. The more frequent checks it sends, the shorter detection time, but the higher bandwidth overhead will be consumed.
11.2 Pepwave MAX Behind NAT Router TM The Pepwave MAX supports establishing SpeedFusion over WAN connections which are behind a NAT (Network Address Translation) router. To be able for a WAN connection behind a NAT router to accept VPN connections, you can configure the NAT router in front of the WAN connection to forward TCP port 32015 to it.
11.3 SpeedFusionTM Status VPN Status is shown in the Status> SpeedFusionTM. The connection status of each connection profile is shown as below: By clicking the Details button at the top-right hand corner of SpeedFusionTMtable, you will be forwarded to TM Status >SpeedFusion . You can view the subnet and WAN connection information of each VPN peer. Please refer to Section21.5 for details.
12 IPsec VPN The Pepwave MAX’s IPsec VPN functionality securely connects one or more branch offices to your company's main headquarters or to other branches.The data, voice, or video communications between these locations are thus kept safe and confidential across the public Internet. The IPsec VPN of the Pepwave MAX is especially designed for a multi-WAN environment.
IPsec VPN Settings Name This field is for specifying a local name to represent this connection profile. Active When this box is checked, this IPsec VPN connection profile will be enabled. Otherwise, it will be disabled. Remote Gateway IP Address Local Networks Enter the remote peer’s public IP address.For Aggressive Mode, this is optional.. Enter the local LAN subnets here. If you have defined “static routes”, they will be shown here too.
connection. The connection will be up only if the pre-shared keys on each side match. Local ID Under Main Mode, this field can be left blank. Under Aggressive Mode, if Remote Gateway IP Address field is filled on this end and the peer end, this field can be left blank. Otherwise, this field is typically a U-FQDN. Remote ID Under Main Mode, this field can be left blank. Under Aggressive Mode, if Remote Gateway IP Address field is filled on this end and the peer end, this field can be left blank.