Comset CM950W, User Manual

Page 1: ...CM950W User Manual 1 www comset com au Industrial 5G Router CM950W User Manual Comset 37 125 Highbury Rd Burwood VIC 3125 Australia ...

Page 2: ...tware configuration 16 3 1 Overview 16 3 2 How to log into the Router 16 3 3 Router status 19 3 3 1 Status overview 19 3 3 2 Network status 20 3 3 3 Firewall Status 23 3 3 4 Routes 23 3 3 5 System log 24 3 3 6 Kernel log 25 3 3 7 Reboot log 25 3 3 8 Realtime graphs 26 3 3 9 VPN 27 3 4 System Configuration 28 3 4 1 Setup wizard 28 3 4 2 System 31 3 4 3 Password 33 3 4 4 NTP 34 3 4 5 Backup Restore ...

Page 3: ...SIM Switch 79 3 6 4 LAN settings 80 3 6 5 Wired WAN 85 3 6 6 WiFi Settings 86 3 6 6 1 WiFi General Configuration 87 3 6 6 2 WiFi Advanced Configuration 88 3 6 6 3 WiFi Interface Configuration 89 3 6 6 4 WiFi AP client 91 3 6 7 Interfaces Overview 93 3 6 8 Firewall 94 3 6 8 1 General Settings 94 3 6 8 2 Port Forwards 94 3 6 8 3 Traffic rules 95 3 6 8 4 DMZ 99 3 6 8 5 Security 100 3 6 9 Static Route...

Page 4: ...ered holders Specifications are subject to change without notice No part of this manual may be reproduced without the consent of Comset All rights reserved WARNING Keep at least a 20 cm distance between the user s body and the modem router device Address 37 125 Highbury Road Burwood VIC 3125 Australia Web http www comset com au Phone 61 3 9001 9720 Fax 61 3 9888 7100 ...

Page 5: ...and 4G LTE as well as a GPIO with four digital input output ports Other features include VPN IPSEC PPTP Server and Client L2TP and OpenVPN to establish a secure connection over the 3G 4G network The Comset CM950W is a Global Router supporting frequencies across all major carriers worldwide The innovative design easy integration and rich built in features make the CM950W the router of choice for a ...

Page 6: ...it Ethernet WAN LAN port Dual band WiFi 802 11 a b g n 2 4Ghz 5Ghz Dual SIM card slots USB3 0 port 8 x SMA standard detachable antennas included 4 x cellular antennas and 4 x WiFi antennas Optimised EMC design TR 069 Web management SMS control SSH Telnet Command SNMP Always on line On line detection and automatic redial Built in transient and reverse polarity voltage protection over current and ov...

Page 7: ...urate positioning Serial RS232 port 4 x Digital Input ports that can also be used as Digital Output ports User friendly set up wizard for easy configuration and setup Network traffic real time graphs Network Diagnostic Tools Ping Traceroute and NSLookup Advanced security VPN and stateful firewall to protect sensitive data Load balancing Robust Metal Case Desktop and Wall mount ...

Page 8: ...CM950W User Manual 8 www comset com au Chapter 2 2 Hardware Installation 1 Overall Dimensions 2 Accessories 3 Installation 2 1 Overall Dimensions ...

Page 9: ...CM950W User Manual 9 www comset com au ...

Page 10: ...om au 2 2 Ports FE1 FE2 LAN RJ45 10 100 Ethernet ports GE1 GE2 LAN RJ45 10 100 1000 Ethernet ports WAN WAN RJ45 10 100 1000 Ethernet port CONSOLE Console port RESET System reset button USB USB3 0 host port SIM1 SIM2 SIM1 and SIM2 trays ...

Page 11: ...comset com au VCC DC wire positive pole DC5 40V GND DC wire ground GND Serial ground RX Serial receive TX Serial transmit RST Reset DIO0 digital I O port 0 DIO1 digital I O port 1 DIO2 digital I O port 2 DIO3 digital I O port 3 ...

Page 12: ...i antenna x 2 GPS for GPS antenna 2 3 Powering up the CM950W Please ensure the SIM cards are inserted and the antennas are connected before powering up the router 2 4 SIM UIM cards 1 Insert a paper clip into the hole next to the SIM tray and gently pull the SIM tray 2 Place your SIM card into the tray It will only fit in one position because of the notch 3 Insert the tray in the router Make sure t...

Page 13: ...wer where Pin 2 is GND and PIN 1 is power input VCC DC5 40V I O Terminal on router Serial port RS232 Port 3 GND Pin 5 PIN Signal Description Note 1 VCC 5 40V DC Input Current 12V 1A 2 GND Ground 3 GND Serial Ground 4 RX Receive Data 5 TX Transmit Data 6 RST Reset To reset the router to factory default simply short the RST pin with the GND Pin and hold for 3 sec If you hold for 1 sec the router wil...

Page 14: ...er is supplied with a 12 VDC power adapter that is wired to VCC and GND on the terminal block PS The CM950W router can also be powered via POE Power over Ethernet A passive POE adapter 12VDC or 24VDC is required 2 8 LED Description Please refer to the following table for LED description LED Indication Light Description SYS On for 25 seconds On for 25 seconds after power up Blinks System normal ope...

Page 15: ...ting to establish an internet connection 2 4G 5G On WiFi Enabled Off WiFi Disabled WAN Blinks Ethernet data transmission Off No Ethernet connection On Ethernet is connected PWR On Power is on USB On External USB device is connected GPS On GPS is online S1 S2 S3 Off No signal or signal checking is not ready Blinks once every 2 seconds Signal bar is 1 Blinks once every second Signal bar is 2 Blinks ...

Page 16: ...re instructions on how to access the web interface and configure the router 3 2 How to log into the Router 3 2 1 Network Configuration The router s default parameters are Default IP 192 168 1 1 Subnet mask 255 255 255 0 There are two ways to configure the IP address of your PC 1 Manual settings Set the PC IP to 192 168 1 xxx xxx 2 254 subnet mask 255 255 255 0 default gateway 192 168 1 1 primary D...

Page 17: ...CM950W User Manual 17 www comset com au 2 DHCP settings Choose Obtain an IP address automatically and Obtain DNS server address automatically Then click the OK button ...

Page 18: ...192 168 1 1 into the address field then press Enter Type in the username and password Both username and password are admin Then click on the Login button To configure the router you can skip the following section Router status and go straight to System Setup wizard which is covered in section 3 4 1 ...

Page 19: ...CM950W User Manual 19 www comset com au 3 3 Router status 3 3 1 Status overview Click Status in the navigation bar and then click Overview ...

Page 20: ...CM950W User Manual 20 www comset com au 3 3 2 Network status The Network status page consists of three tabs detailing information about Mobile WAN and LAN interfaces status ...

Page 21: ...CM950W User Manual 21 www comset com au Mobile interface page ...

Page 22: ...CM950W User Manual 22 www comset com au WAN status page LAN status page ...

Page 23: ...atus The Firewall status page shows the IPv4 and IPv6 rules and counters Here you can reset the counters and restart the firewall functionality 3 3 4 Routes The Routes page shows rules which are currently active on the router An ARP table is displayed as well ...

Page 24: ...Manual 24 www comset com au 3 3 5 System log This page shows the system log from system boot up The system log resets when the router is restarted You can export the system log by clicking the button Export Syslog ...

Page 25: ...set com au 3 3 6 Kernel log This page shows the kernel log from system boot up This log is not saved when the router is restarted It can be exported by clicking the button Export Log 3 3 7 Reboot log This page shows the reboot log ...

Page 26: ...CM950W User Manual 26 www comset com au 3 3 8 Realtime graphs The Realtime Graphs page shows the system load and interfaces traffic in realtime ...

Page 27: ...CM950W User Manual 27 www comset com au 3 3 9 VPN This page shows the status of VPN IPSec IPSec log OpenVPN PPTP tunnel L2TP tunnel and Openconnect ...

Page 28: ... 28 www comset com au 3 4 System Configuration 3 4 1 Setup wizard When you login to the router for the first time you will need to configure the Setup Wizard page This page consists of 4 sections General Mobile LAN WiFi ...

Page 29: ...com au Fill in parameters as required then click Save Next Note Pressing Save Next will save the configuration and jump to the next page All configurations will be applied after you click the button Finish at the final step Step4 WiFi ...

Page 30: ...r the type of authentication Default is None Username Fill in the related value This can be obtained from your carrier or SIM Card Provider Note If your SIM card has no username please input the default value otherwise the router may not dialup If the Authentication method is None this option will not appear Password Fill in the related value This can be obtained from your carrier or SIM Card Prov...

Page 31: ...ext will save the configuration of the current page and jump to the next page All configurations will be applied when you click the button Finish on this last page WiFi 3 4 2 System General Settings Local Time This page shows the system time You can sync the time with the browser by clicking the button Sync with browser ...

Page 32: ...the set value then the oldest log lines will be dropped External system log server Here you enter the IP address of the external log server You can setup a Linux machine with syslogd run as a log server External system log server port This is the UDP port of the external log server Log output level This is the Log level The default is Debug with highest level Emergency is the lowest level Cron log...

Page 33: ... com au 3 4 3 Password Here you can change the administrator s password for accessing the device as well as changing SSH username and password and Guest s username and password Click the eye button to show the new password you entered ...

Page 34: ... www comset com au 3 4 4 NTP NTP is Network Timing Protocol Enable NTP client The default value is checked The router acts as an NTP client Provide NTP server The default value is unchecked The router acts as an NTP server ...

Page 35: ...list Multiple NTP servers are accepted You can click the button to delete an entry or click the button to add a new entry 3 4 5 Backup Restore To back up the configuration files click the button Download Then an archive file will be generated and downloaded to your PC automatically To restore the configuration files click the button Choose File and select an archived configuration file Click the b...

Page 36: ...reset to factory settings We recommend to un check Keep settings to prevent conflicting parameters after the firmware upgrade Click the button Browse and select a compatible firmware then click the button Upload image The router will run a basic check of the file If it is an incompatible file an error message will appear like this one below If the firmware file is ok a verification message will ap...

Page 37: ...m au 3 4 7 Reset This button resets all configurations to factory default After clicking the button Reset a message will appear prompting you to confirm By clicking OK the router will reset to factory default and the system will restart ...

Page 38: ... reboots the router after timer timeout Click the button Reboot Now the system will restart after a few seconds 3 5 Services configuration 3 5 1 ICMP check For a stable operation we suggest you enable ICMP check With this feature the router will periodically ping a hostname and automatically restart when a problem is detected ...

Page 39: ...eout then this ping has failed Max retries When the number of failed pings reaches the Max retries this will trigger the action configured in item Action when failed Interval between pings The time between two pings in minutes Reconnect Reconnect cell interface if ping failed Action when failed the options are Restart module and Restart router Restart module will restart the radio module Restart r...

Page 40: ...icking the button Priority The router with the highest priority in the same VRRP cluster will act as master Range 1 255 Advertisement interval VRRP send packet to a set of VRRP instances to advertise the device in the MASTER state Password The password for VRRP access Track interface Check if the local interface is up or down Track IP Host The Host or IP address to ping Track Interval The ping int...

Page 41: ...CM950W User Manual 41 www comset com au 3 5 3 Failover link backup ...

Page 42: ...ere are four options to choose from Wired WAN Wifi_client Cell_mobile and None Host1 to ping Host2 to ping The domain name or IP address for checking the network connection Ping timeout After a ping packet is sent if the response packet is not received before the timeout then this ping has failed Max retries When the number of failed pings reaches the Max retries this will confirm that the WAN int...

Page 43: ...a disconnect or radio off SMS Alarm This is if you need to send an SMS alarm every time the working interface switches over 3 5 4 DTU Notes 1 This feature is for the CM950W with DTU option only 2 This feature conflicts with the Connect Radio module and GPS send to serial features Please disable DTU when using either of the above two functions ...

Page 44: ...CM950W User Manual 44 www comset com au ...

Page 45: ...ata into different packages with terminate character This can be a string or hexadecimal which starts with 0x such as 0x0a0d Debug Debug level for log output Serial baudrate Supports 300 1200 2400 4800 9600 19200 38400 57600 115200bps Serial parity Can be none odd or even Serial databits Can be 7 bits or 8 bits Serial stopbit Can be 1 bit or 2 bits Protocol Both TCP and UDP are supported Service m...

Page 46: ...eded you can delete it by clicking the Delete button or set it to Disabled Notes The maximum number of DTU centres is 32 3 5 5 SNMP Enable SNMP Enable the SNMP feature Remote Access Allow SNMP remote access If it is unchecked only the LAN subnet can access SNMP Contact Set the contact information here Location Set the router s physical address Name Set the router s name in SNMP Port SNMP service p...

Page 47: ...0 0 0 User SNMPv3 username Security Mode Three options None Private and Authorised If it is set to None there is no password required If it is set to Authorised only Authentication method and password are required Authentication Authentication method with two options MD5 and SHA Encryption Encryption method DES and AES supported Authentication password SNMPv3 authentication password is at least 8 ...

Page 48: ...ckets being sent GPS Send to Choose between Serial and TCP IP The router will only receive the GPS signal and will not process it It will send this GPS signal to your GPS processor devices or servers If the GPS processor device is connected to the CM950W Router via a Serial Port please choose Serial If the GPS processor device is a remote server please choose Serial GPS to TCP UDP Settings Server ...

Page 49: ...CM950W User Manual 49 www comset com au Serial baudrate 9600 19200 38400 57600 115200bps Serial parity none odd even Serial databits 7 8 Serial stopbits 1 2 Serial flow control none hardware software ...

Page 50: ...CM950W User Manual 50 www comset com au 3 5 7 SMS SMS Command ...

Page 51: ... com au Enable Check it to enable the SMS command feature SMS ACK If checked the router will send the command feedback to the sender s mobile phone number Reboot Router Command Input the command for reboot operation default is reboot ...

Page 52: ...d Input the command for I O port 0 For SMS feature please keep the default parameters DIO_1 Set Command Input the command for I O port 1 For SMS feature please keep the default parameters DIO_1 Reset Command Input the command for I O port 1 For SMS feature please keep the default parameters DIO Status Command Input the command for I O port status For SMS feature please keep the default parameters ...

Page 53: ...alarm is generated and the success counter is greater or equal to the Success Times Threshold this will clear the signal alarm Phone Number Add Phone number Input a name and click the button Add to add a new Phone number Delete Phone number Click the button Delete SMS command Enable the SMS command feature on this phone number SMS alarm This phone number can receive SMS alarms ...

Page 54: ...CM950W User Manual 54 www comset com au SMS Log SMS Log SMS send and receive log DIO Mail ...

Page 55: ...cation Password Password for SMTP authentication TLS Enable or disable TLS also known as SSL for secured connections StartTLS Choose the TLS variant Start TLS from within the session default is on or tunnel the session through TLS off Check server certificate Activate server certificate verification using a list of trusted Certification Authorities CAs TLS trust file Activate server certificate ve...

Page 56: ...CM950W User Manual 56 www comset com au The default email title is DIOx changed and content is SN 8600000000 DIOx has changed from value0 to value1 Configure email title and content replace string in ...

Page 57: ...t to high 1 and as soon as the device is up this value will be set to high automatically DIO_1 default value DIO default value is low 0 If this value is set to high 1 and as soon as the device is up this value will be set to high automatically DIO_2 default value DIO default value is low 0 If this value is set to high 1 and as soon as the device is up this value will be set to high automatically D...

Page 58: ...gh to turn on functionality or set to low to turn it off If the value is None then no action is taken DIO_2 Function The DIO function can be set to None GPS WiFi1 WiFi2 or Cell The DIO value can be set to high to turn on functionality or set to low to turn it off If the value is None then no action is taken DIO_3 Function The DIO function can be set to None GPS WiFi1 WiFi2 or Cell The DIO value ca...

Page 59: ...ready configured IPSec instances and their state Click the Edit button to modify the instance or click the Delete button to delete it The default settings are policy based IPSec If you tick the Enable Route based IPSec button and click on Save Apply the settings will switch to router based IPSec ...

Page 60: ...evel This is for IPSec backup One instance is Main and another instance is Backup If the Main instance is down it will switch to the Backup instance Authentication method Client and Server Client is the machine which starts the IPSEC connection Remote VPN endpoint Domain name or IP address of the remote endpoint This needs to be accessed over the internet ...

Page 61: ...no further actions taken hold installs a trap policy which will catch matching traffic and tries to re negotiate the connection on demand restart will immediately trigger an attempt to re negotiate the connection The default is none which disables the active sending of DPD messages DPD delay This defines the period time interval with which R_U_THERE messages INFORMATIONAL exchanges are sent to the...

Page 62: ...CM950W User Manual 62 www comset com au Note All configurations in Phase 1 Proposal and Phase 2 Proposal must match with the remote endpoint to establish an IPSEC connection ...

Page 63: ... PPTP This page displays a list of already configured PPTP instances and their state Click the Edit button to modify the instance or click the Delete button to delete it PPTP NAT enable This is to enable PPTP interface NAT PPTP Client configuration ...

Page 64: ...CM950W User Manual 64 www comset com au ...

Page 65: ...advertised by peer If unchecked the advertised DNS server addresses are ignored MPPE Encryption Microsoft Point to Point Encryption Debug Adds verbose PPTP log in system log Restart module when PPTP connect fails In some networks PPTP cannot connect until the module is restarted PPTP Server Configuration PPTP Local IP Indicates the server s IP address PPTP Remote IP start The remote IP address lea...

Page 66: ...6 www comset com au 3 5 8 3 L2TP This page displays a list of already configured L2TP instances and their state Click the Edit button to modify the instance or click the Delete button to delete it L2TP Client configuration ...

Page 67: ...such as 255 255 255 0 MTU Maximum Transmission Unit Keep Alive Number of unanswered echo requests before considering the peer dead The interval between echo requests is 5 seconds Checkup Interval Number of seconds to pass before checking if the interface is not up since the last setup attempt and retry the connection otherwise Set it to a value sufficient for a successful L2TP connection for you I...

Page 68: ... Remote LAN netmask The mask of L2TP client IP The default value is 255 255 255 0 ARP Proxy This allows the remote L2TP client to access the local LAN subnet The remote IP range should be included in the LAN subnet such as local LAN subnet 192 168 1 0 24 Then configure Remote IP range to begin with 192 168 1 20 and Remote IP range to end with 192 168 1 30 and enable ARP Proxy Debug This adds L2TP ...

Page 69: ...button to modify the instance or click the Delete button to delete it Click the Start or Stop buttons to start or stop a specific instance Note For OpenVPN configuration help hover the cursor over the item to get more information If the item you need is not shown on the main page please check the Additional Field dropdown list at the bottom of the page ...

Page 70: ...CM950W User Manual 70 www comset com au ...

Page 71: ...sion Unit Peer IP address Remote WAN IP address Remote Network IP Remote LAN subnet address that can be accessed via GRE tunnel such as 192 168 10 0 Remote Netmask Remote LAN subnet mask such as 255 255 255 0 Local Tunnel IP Virtual IP address This cannot be in the same subnet as the LAN network Local Tunnel Mask Virtual IP mask ...

Page 72: ...will remain up If the value is receive only and if no GRE keepalive message has been received for peer device this will set the tunnel up If the value is send and receive this will send a keepalive message to the remote peer as well as receive a keepalive message from the peer 3 5 9 DDNS DDNS allows a router to be reached via a fixed domain name while having a dynamically changing IP address ...

Page 73: ...uitable provider Hostname Domain The Domain name to remotely access the router IP address source Defines the source of the systems IPv4 Address which will be sent to the DDNS provider We recommend the option Network Network Defines the network of the systems IPv4 Address DNS server OPTIONAL Use non default DNS Server to detect Registered IP IP ...

Page 74: ... to file Writes detailed messages to the log file File will be truncated automatically Check Interval The minimum check interval is 1 minute 60seconds Force interval The minimum check interval is 1 minute 60seconds Error Retry Counter On Error the script will stop execution after a given number of retries The default settings of 0 will retry indefinitely Read the log file of DDNS ...

Page 75: ...CM950W User Manual 75 www comset com au Note If you use the DDNS server no ip com please tick the box Use HTTP Secure and input 8 8 8 8 for the DNS Server ...

Page 76: ...DTU and GPS sent to serial functions Please make sure the other two features are disabled before enabling the Connect Radio Module Otherwise the following error will appear Connect Mode Serial only Modem to Serial Settings Serial baudrate 9600 19200 38400 57600 115200bps Serial parity none odd even Serial databits 7 bits 8 bits Serial stopbit 1 bit 2 bits Serial Flow Control none hardware software...

Page 77: ...wireless interface are bridged together and are treated as LAN ports AP Client The wireless apcli interface is treated as a WAN port and the wireless AP interface and the Ethernet ports are treated as LAN ports NAT Enabled Network Address Translation Default is Enabled Ethernet WAN port Wired WAN port acts as WAN Default is checked Wired WAN port acts as LAN Default is un checked If you check this...

Page 78: ...e default value 99 APN Fill in the related value The default value is telstra internet Authentication method There are three options to choose from None PAP CHAP The common value is None PAP and CHAP modes require a username and a password Dual APN support Here you can enter a second APN Network Type Options are Automatic NR5G 4G LTE only WCDMA only LTENR5G It is recommended to keep the default va...

Page 79: ...t schedule On ICMP check The switch will occur based on ICMP check On Signal strength The switch will occur if the signal strength drops below a set CSQ value Values can be between 1 and 30 On dial fail The switch will occur if the number of re dials exceeds the set value On data limit The switch will occur if the working SIM reaches a pre set data limit Switch to master The router will switch bac...

Page 80: ... address is supported for LAN Use custom DNS servers Multiple DNS servers are supported IPv6 assignment length Assign a part of given length of every public IPv6 prefix to LAN interface IPv6 assignment hint Assign prefix parts using this hexadecimal sub prefix ID for LAN interface ...

Page 81: ...boot up If unchecked the LAN interface will be down Don t uncheck it if not required Use built in IPv6 management The default is checked If IPv6 is not needed it can be unchecked Override MAC address Overrides LAN MAC address Override MTU Maximum Transmission Unit Use gateway metric The LAN subnet s metric to gateway ...

Page 82: ...CM950W User Manual 82 www comset com au Bridge interfaces LAN bridges wired LAN and WiFi in the same LAN subnet Enable STP Enable Spanning Tree Protocol on LAN The default value is unchecked ...

Page 83: ...s 2 minutes 2m 12h means 12 hours Dynamic DHCP Dynamically allocate DHCP addresses for clients If disabled only clients having static leases will be served Force Force DHCP on this network even if another server is detected IPv4 Netmask Override the netmask sent to clients Normally it is calculated from the subnet that is served DHCP Options Define additional DHCP options For example 6 192 168 2 1...

Page 84: ... Service Four options disabled server mode relay mode and hybrid mode DHCPv6 Service Same options as above NDP Proxy Three options disabled relay mode and hybrid mode Always announce default router Announce as default router even if no public prefix is available ...

Page 85: ...ient If you need to change it to a different protocol i e PPPoE select the protocol from the drop down menu then click the button Switch protocol Note the Advanced Settings is different for different protocols Move the mouse over the title to get help information We recommend you use Google Chrome ...

Page 86: ...f then on AP Client Scan all frequencies to get the WiFi network information Add Add a new wireless network Disable Disable a wireless network Edit Modify settings on the wireless network Remove Delete a wireless network Associated Stations This is a list of connected wireless stations ...

Page 87: ... com au 3 6 6 1 WiFi General Configuration Status Shows the WiFi signal strength mode SSID Operating frequency Mode Supports 802 11b g n Band 2 4GHz and 5GHz Channel Channel 1 11 Width 20MHz and 40MHz Transmit Power From 0dBm to 16dBm ...

Page 88: ... 88 www comset com au 3 6 6 2 WiFi Advanced Configuration Country Code Uses ISO IEC 3166 alpha2 country codes Distance Optimization Distance to furthest network device in meters Fragmentation Threshold RTS CTS Threshold ...

Page 89: ...options are Access Point Client Ad Hoc 802 11s Pseudo Ad Hoc Monitor Access Point WDS and Client WDS Network Choose the network s you want to attach to this wireless interface or fill out the create field to define a new network Hide Extended Service Set Identifier This allows you to hide the SSID so that WiFi cannot be scanned by others WMM Mode Enabled ...

Page 90: ... set to No Encryption no password is needed MAC Address Filter This is the MAC address access policy Disable Disables MAC address access functionality Allow list Only the MAC address in the list can forward Deny list All packets can forward except the MAC address in the list MAC List Here you can add or delete MAC addresses ...

Page 91: ...o join Step 3 Join Network Settings Replace wireless configuration An additional wireless network will be created if it is unchecked Otherwise it will replace the old configuration WPA passphrase Specify the secret encryption key here Name of the new network The default value is wwan Please change it if it conflicts with other interfaces Step 4 Click Submit if everything is configured The below is...

Page 92: ...CM950W User Manual 92 www comset com au ...

Page 93: ...nual 93 www comset com au Step 5 Click the button Save Apply to start the AP client 3 6 7 Interfaces Overview The Interfaces Overview page shows all Interfaces status including uptime MAC address RX TX and IP address ...

Page 94: ...CM950W User Manual 94 www comset com au 3 6 8 Firewall 3 6 8 1 General Settings 3 6 8 2 Port Forwards This page includes the Port Forwards list and how to add new Port Forwards rules ...

Page 95: ...al zone The recommended zone is lan Internal IP address Redirect matched incoming traffic to the specific host Internal port Redirect matched incoming traffic to the given port on the internal host 3 6 8 3 Traffic rules Traffic rules define policies for packets traveling between different zones for example to reject traffic between certain hosts or to open WAN ports on the router The traffic rules...

Page 96: ...CM950W User Manual 96 www comset com au Traffic rules list Open ports on router and create new forward rules ...

Page 97: ...l 97 www comset com au Source NAT list and create source NAT rule Traffic rule configuration page This page allows you to change advanced properties of the traffic rule entry such as matched source and destination hosts ...

Page 98: ...rce zone It is the zone that the traffic comes from Source MAC address Traffic rule check if the incoming packet s source MAC address is matched Source address Traffic rule check if the incoming packet s source IP address is matched Source port Traffic rule check if the incoming packet s TCP UDP port is matched Destination zone The zone that the traffic will go to Destination address Traffic rule ...

Page 99: ...on t track Extra argument Passes additional argument to the iptable 3 6 8 4 DMZ In computer networking DMZ is a firewall configuration for securing local area networks LANs IP Address Please Enter the IP address of the computer which you want to set as DMZ host Protocol All protocols TCP UDP TCP UDP Note When DMZ host is settled the computer is completely exposed to the external network the firewa...

Page 100: ...ng from remote side to the internal LAN subnet Enable telnet Default is disable for security HTTPS port Set HTTPS port The default is 443 HTTPS access from WAN Allow or deny access to the router web management page from the remote side Remote network Any IP Address Single IP address Subnet IP address Fill a remote IP address that can access the router s web management page ...

Page 101: ...k Any IP Address Single IP address Subnet IP address Fill a remote IP address that can access the router s web management page Netmask 24 means netmask 255 255 255 0 32 means 255 255 255 255 the value is from 1 to 32 RFC1918 filter Reject requests from RFC1918 IPs to public server IPs Enable lock account The web account will be locked after a number of unsuccessful login attempts Access Whitelist ...

Page 102: ...uter to make routing decisions MTU Maximum transmission unit Table The route table ID The default value is 254 Valid table ID 1 254 Note The Gateway and LAN IP of this router must belong to the same network segment If the destination IP address is that of a host then the Netmask must be 255 255 255 255 If the destination IP address is an IP network segment it must match with the Netmask For exampl...

Page 103: ...1 port 2 port 3 are LAN ports 2 Untagged means the Ethernet frame transmits from this port without VLAN tag 3 Tagged means the Ethernet frame transmits from this port with VLAN tag 4 Off means this port does not belong to VLAN For default settings port 0 belongs to VLAN1 but does not belong to VLAN 2 ...

Page 104: ...ever forwarded and are resolved from DHCP or hosts files only Local domain Local domain suffix appended to DHCP names and hosts file entries Log queries Write received DNS requests to syslog DNS forwardings List of DNS servers to forward requests to Rebind protection Discard upstream RFC1918 responses Allow localhost Allow upstream responses in the 127 0 0 0 8 range e g for RBL services Domain whi...

Page 105: ...entially Allocate IP addresses sequentially starting from the lowest available address Filter private Do not forward reverse lookups for local networks Filter useless Do not forward requests that cannot be answered by public name servers Localise queries Localise hostname depending on the requesting subnet if multiple IPs are available ...

Page 106: ...Maximum allowed size of EDNS 0 UDP packets Max concurrent queries Maximum allowed number of concurrent DNS queries 3 6 12 Diagnostics Ping It is a tool used to test the reachability of a host on an Internet Protocol IP network Traceroute It is a network diagnostic tool for displaying the route path and measuring transit delays of packets across an Internet Protocol IP network Nslookup It is a netw...

Page 107: ...t com au 3 6 13 Loopback Interface The default Loopback interface has IP address 127 0 0 1 You can change it if required 3 6 14 Dynamic Routing Dynamic Routing is implemented by quagga 0 99 22 4 Dynamic Routing services can be enabled ...

Page 108: ...CM950W User Manual 108 www comset com au ...

Page 109: ...net port number is 2606 RIP Routing Information Protocol Telnet port number is 2602 RIPng It is an IPv6 reincarnation of the RIP protocol Telnet port number is 2603 BGP Border Gateway Protocol Telnet port number is 2605 Example The router s LAN IP is 192 168 10 1 If we want to configure OSPF we need to set OSPF to Enable first then open putty in windows Input the password of OSPF Then press key fo...

Page 110: ...d Decrease upload and download ratio to prevent link saturation Download speed Download limit in kilobits second Upload speed Upload limit in kilobits second Each section defines one group of packets and which target i e bucket this group belongs to All the packets share the bucket specified Target The four defaults are priority express normal low Source host Packets matching this source host s si...

Page 111: ...CIDR notation belong to the bucket defined in target Protocol Matching packets belong to the bucket defined in target Ports Matching packets belong to the bucket defined in target If more than 1 port is required they must be separated by a comma Number of bytes Matching packets belong to the bucket defined in target ...