# Network

# Interface Configuration

After entering the web page, click on the left menu Network > Interfaces

Here you can see all the network interfaces in the order of the highest priority to the lowest

To configure interfaces, click the "Edit" button of the interface

Here you can check the status and configure each interface

Details of the interface are shown under Status

Choose a protocol for your interface and choose a device to build the interface on

Check the option Bring up on boot if you want the interface to start when rebooting

Click Save to save the configuration

Click on Save & Apply to apply the changes

# Cellular Configuration

After entering the web page, click on the left menu Network > Cellular.

Here you can check the current Network Provider, IP address, Signal Strength, etc. of the inserted SIM card

# General Settings

In the General Settings tab under Cellular Configuration,

Bring up to Boot option is checked by default, while Device Type is auto-detected

Enter the APN within the APN field if the user needs to connect to a private network

Note: For devices located in Hong Kong, set the Service Type as follows:

Then click "Save & Apply" at the bottom right corner

In cases when the SIM card cannot be detected, click the Re-detect SIM button to force the router to retry

# Advanced Settings

In the Advanced Settings tab,

Set the LTE Band, NR5G-SA Bandand NR5G-NSA Band accordingly for locking in the specific bandwidth

If Auto Forward Message is checked, the phone number field will appear

The router will check for unread messages for the inserted SIM card every 15 minutes and forward to phone numbers specified

Health Check option is unchecked by default

If checked, Keepalive URLs will become available to fill in

Keepalive URLs can be either URLs or IP addresses

The router will ping both Keepalive URLs regularly to check if the network is running well

In cases when a ping response cannot be received, the modem will restart to retry network connection.

# Dual WAN Failover Configuration

Insert two SIMs in both slots and check the status

Configure APN of SIM 1 and SIM 2 from the Interface wwan0 and wwan1 by clicking Network > Interface > Edit on the wwan0 and wwan1 interface.

Set the primary SIM (e.g. SIM1) ‘s metric as 10 by clicking Advanced Settings

Set the backup SIM (e.g. SIM 2)’s metric as 20

Verify the configuration by checking it on Network -> Load Balancing

If you cannot see wwan0 or wwan1 on this page, Type in the missing interface in the field below, and click Add

Check Enabled and type in an IP address for pinging purposes

Remember to click the + button to save the address

Scroll down and double-check if the metric is same as you have set previously

Click on Save & Apply to apply the changes.

After the configuration, click on Save to confirm the changes.

The ping behaviour should look as follows when SIM1 (wwan0) is down

# Firewall

# Firewall Configuration

Click on Network -> Firewall on the main menu on the left of the Web UI.

# General Settings

General settings define global firewall settings which do not belong to specific zones.

The input and output options set the default policies for traffic entering and leaving this zone,

while the forward option describes the policy for forwarded traffic between different networks within the zone.

Covered networks specifies which available networks are members of this zone.

# Inter-Zone forwarding

The options below control the input, output and forwarding policies between the zone on the left hand side to other zones.

The forwarding rule is unidirectional, e.g. a forward from LAN to WAN does not imply a permission to forward from WAN to LAN as well.

Masquerading means whether the packet should perform a SNAT after forwarding.

User can create a new Zone by clicking the Add button. For example, we can add a Zone VPN that is allowed to forward packets to the LAN Interface using the following configuration.

After the configuration, click on Save to confirm the changes.

After that, we can associate the Zone to a Specific Interface in Network -> Interface by clicking Edit-> Firewall Settings.

Then, the desired Zone can be selected under the Firewall Settings section.

After the configuration, click on Save to confirm the changes.

# Port Forwarding

Click on Network -> Firewall on the main menu at the left of the Web UI.

Click on the Port forwards Tab

Then click the Add button to create a new rule for port forwarding.

The Name (e.g. CAM1), Protocol (e.g. TCP+UDP), Source zone (e.g. WAN), External port(e.g. 51443), Destination Zone (e.g. LAN), Internal IP address (e.g. 192.168.2.163) and Internal Port (e.g. 443) are all the essential fields for the port forwarding.

The above example will forward a packet with protocol TCP or UDP from the WAN interface port 51443 to the Internal IP address 192.168.2.163 with port number 443.

After the configuration, click on Save to confirm the changes.

# Static Route

Static routing is a very fundamental feature of routing technology. It defines static prefix and gateway.

After logging in to the Web UI, click on the left menu Network > Static Routes

By pressing the Add button, we can configure a static route by providing details as follows

After the static route configuration, the route has been added to the route table as follows

# Bonding

# Create Bonding Interface

Go to ‘Network>Interface’,click’Add new interface···’ to create bonding interface.

Select Channel Bonding Protocol

After creating the bonding interface, configure the IP address and netmask, which must be on the same subnet as the bonding interface of the peer.

Click ‘Advanced Settings’ to configure other setting.

Specifies which slave interfaces should be attached to this bonding interface.

Specifies the mode to be used for this bonding interface.

# Mode Details

mode 0 (balance-rr)

Round-robin policy. Transmits packets in sequential order from the first available slave through the last. This mode provides load balancing and fault tolerance.

mode 1 (active-backup)

Active-backup policy. Establishes that only one slave in the bond is active. A different slave becomes active if, and only if, the active slave fails. The bond's MAC address is externally visible on only one port (network adapter) to avoid confusing the switch. This mode provides fault tolerance. The primary option affects the behavior of this mode.

mode 2 (balance-xor)

Transmits based on the selected transmit hash policy, which can be altered via the xmit_hash_policy option. This mode provides load balancing and fault tolerance.

mode 3 (broadcase)

Transmits everything on all slave interfaces. This mode provides fault tolerance.

mode 4 (802.3ad)

IEEE 802.3ad Dynamic link aggregation policy. Creates aggregation groups that share the same speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification.

mode 5 (balance-tlb)

Adaptive transmit load balancing. Establishes channel bonding that does not require any special switch support. The outgoing traffic is distributed according to the current load (computed relative to the speed) on each slave. Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed receiving slave.

mode 6 (balance-alb)

Adaptive load balancing. Includes balance-transmit load balancing plus receive-load balancing for IPv4 traffic, and does not require any special switch support. The receive-load balancing is achieved by ARP negotiation. The bonding driver intercepts the ARP replies sent by the local system on their way out and overwrites the source hardware address with the unique hardware address of one of the slaves in the bond. Thus, different peers use different hardware addresses for the server.

# Parallel Transmission

Click ‘Network>Parallel Transmission’ to configure Parallel Transmission.

Click 'Add···' on the page Configure interfaces for Parallel Transmission.

Click 'Save & Apply' for the configuration to take effec.

When the configuration is in effect, you will see the interface with the name '*-hsr' in 'Network>Interfaces>Devices’.

This interface is the parallel transmission data entry, the user needs to introduce data into this interface, and the data will be transmitted in parallel through the two interfaces that have been configured.

# Policy Based Routing

# Create Policy Based Routing

Go to Network > PBR,click Add… to add new Policy based routing.

Fill in the appropriate information as shown.

When Blackhole enables, even if the interface goes down, data will pass through this policy route to drop the packet.

# VLAN

You can find VLAN related configuration in Network > Interfaces on the left menu.

The following content is found under this page.

# Bridge VLAN

In the Devices page, you can configure the VLAN filtering of the interface bound by the Bridge device. This function can determine whether the interfaces under the bridge have a VLAN tag, and you can also choose not to participate in the VLAN filter.

As shown in picture, enable the VLAN filtering --> click "Add" --> add the VLAN that needs to be filtered.

You can choose whether the interface of this bridge is tagged with VLAN.

You can even customize a new bridge if needed!

Remember to add the necessary interfaces for the bridge.

Tips: The same interface can only belong to one bridge.

# 802.1Q VLAN

In the "Devices" page, you can click "Add device configuration" to add an 802.1Q protocol device.

The device is added based on a bridge device or a port, please be sure to choose a suitable base device.

# 802.1ad VLAN

The usage of this function is similar to the usage of 802.1Q VLAN. The difference is that it can add an 802.1ad VLAN tag to a device that has already been marked with an 802.1Q VLAN tag.