Grandstream Networks GWN70 Series User Manual
  1. Manuals
  2. Brands
  3. Grandstream Networks Manuals
  4. Network Router
  5. GWN70 Series
  6. User manual
Grandstream Networks GWN70 Series User Manual

Grandstream Networks GWN70 Series User Manual

Hide thumbs Also See for GWN70 Series:
Table of Contents

Advertisement

Quick Links

Download this manual
Grandstream Networks, Inc.
GWN70xx Series
GWN70xx – User Manual

Advertisement

Table of Contents
loading

Related Manuals for Grandstream Networks GWN70 Series

Summary of Contents for Grandstream Networks GWN70 Series

  • Page 1 Grandstream Networks, Inc. GWN70xx Series GWN70xx – User Manual...

  • Page 2: Product Overview

    WELCOME Grandstream GWN70xx offer secure routers ideal for small offices, home offices and remote workers, the GWN7052/GWN7052F are a dual-band Wi-Fi 5 (802.11ac) routers providing Wi-Fi speeds of up to 1.266 Gbps to a 100 wireless devices, while the GWN7062 is a dual-band Wi-Fi 6 (802.11ax) router with DL/UL OFDMA technology. It features a powerful 64-bit 1.2GHz quad-core processor to provide blazing fast Wi-Fi speeds up to 1.77 Gbps with 4 times increased data capacity to 256 wireless devices.
  • Page 3 *Not all frequency bands can be used in all regions ● 2.4G: 20 and 40 MHz Channel Bandwidth ● 5G: 20, 40 and 80 MHz Wi-Fi and System WPA/WPA2-PSK, WPA/WPA2 Enterprise (TKIP/AES); WPA3, anti-hacking secure boot and critical data/control Security lockdown via digital signatures, unique security certificate and random default password per device ●...
  • Page 4 Power & Green Energy Universal power adaptor included: Efficiency Input 100-240VAC 50-60Hz Output: 12VDC 1A (12W); Operation: 0°Cto 50°C Environmental Storage: -10°C to 60°C Humidity: 10% to 90% Non-condensing ● Unit Dimension without antennas: 205mm(L)x130mm(W)x35.5mm(H) Physical ● Unit Dimension with antennas of 90°: 235.5mm(L)x145mm(W)x192mm(H); Unit Weight: 375g ●...
  • Page 5 Up to 175 meters Coverage Range *coverage range can vary based on environment ● 5G: 26dBm Maximum TX ● 2.4G: 27dBm Power *Maximum power varies by country, frequency band and MCS rate 2.4G ● 802.11b: -96dBm@1Mbps, -88dBm@11Mbps; ● 802.11g: -93dBm @6Mbps, -75dBm@54Mbps; ●...

  • Page 6: Installation

    Energy Efficiency Input 100-240VAC 50-60Hz Output: 12VDC 1.5A (18W); Operation: 0°Cto 50°C Environmental Storage: -30°C to 60°C Humidity: 10% to 90% Non-condensing ● Unit Dimension: 95mm(L)x95mm(W)x193mm(H) ● Unit Weight: 690g Physical ● Entire Package Dimension: 286mm(L)x126.5mm(W)x105mm(H) ● Entire Package Weight: 960g ●...
  • Page 7 Figure 2: GWN7062 Package Contents GWN70xx Ports ○ GWN7052 Figure 3: GWN7052 Ports ○ GWN7052F Figure 4: GWN7052F Ports ○ GWN7062 Figure 5: GWN7062 Ports...
  • Page 8 Powering and Connecting GWN70xx ○ GWN7052/GWN7052F 1. Power the GWN7052/GWN7052F GWN7052/GWN7052F can be powered on using the right PSU (DC 12V, 1A). Figure 6: the back of GWN7052 2. Connect to the Internet Connect the WAN port to an optical fiber broadband modem (through SFP Module), ADSL broadband modem, or community broadband interface.
  • Page 9 Figure 8: GWN7052 default network ○ GWN7062 1. Power the GWN7062 GWN7062 can be powered on using the right PSU (DC 12V, 1.5A). Figure 9: the back of GWN7062 2. Connect to the Internet Connect the WAN port to an optical fiber broadband modem, ADSL broadband modem, or community broadband interface. Figure 10: GWN7062 connect...

  • Page 10: Getting Started

    3. Connect to GWN7062 Default Network Figure 11: GWN7062 default network SSID’s default password information is printed on the MAC tag at the bottom of the unit. Safety Compliances The GWN70xx Dual-Band Wi-Fi Router complies with FCC/CE and various safety standards. The GWN70xx power adapter is compliant with the UL standard.
  • Page 11 Blue Normal use Solid Blue Wi-Fi enabled Wi-Fi Wi-Fi disabled Flashing Blue Connected as a client to another network and data is transferring No network, cable is disconnected Flashing Blue Connected to the corresponding LAN port and data is transferring No network, cable is disconnected Solid Blue Connected to USB device...

  • Page 12: Web Gui Languages

    4. Enter the administrator’s login and password to access the Web Configuration Menu. The default administrator’s username is “admin” and the password is the default Wi-Fi SSID Password is printed on the MAC tag at the bottom of the unit. At first boot or after factory reset, users will be asked to change the default administrator and user passwords before accessing GWN70xx web interface.
  • Page 13 Figure 15: WEB GUI Configuration Search In case it’s hard to go through every single section, GWN70xx routers have search functionality to help the user find the right configuration, settings or parameters, etc… On the top of the page, there is a search icon, the user can click on it and then enter the keyword relevant to his search, then he will get all the possible locations of that keyword.
  • Page 14 Figure 17: Help Setup Wizard If the user missed the Setup Wizard at the first boot of GWN70xx. It’s accessible all the time at the bottom of the page and it contains the necessary settings that the user must configure in 3 steps, first country and time zone, Internet Settings, and finally SSID settings.

  • Page 15: Overview Page

    Figure 19: Feedback Overview Page Overview is the first page shown after successful login to the GWN70xx’s Web Interface. It provides an overall view of the GWN70xx’s information presented in a Dashboard style for easy monitoring as well as the System Info (Product Name, System Version, MAC Address …).

  • Page 16: Router Configuration

    Alerts Shows Alerts General, Important or Emergency with details and time. Shows the Top Access Devices list, assort the list by number of clients connected to each access device Top Access Devices including the GWN7052 or data usage combining upload and download. Click on the arrow to go to access Devices page for basic and advanced configuration options.

  • Page 17: Wan Settings

    Figure 22: System Info Router Configuration Connect to GWN70xx’s Web GUI from a computer connected to a LAN port or GWN70xx’s Wi-Fi SSID and go to the Web GUI → Network Settings → WAN page for WAN configuration. WAN Settings The WAN port can be connected to a DSL modem or a router.
  • Page 18 Figure 23: WAN Configuration Please refer to the following table for basic network configuration parameters on the WAN port with IPv4 for GWN70xx. ● Obtain IP automatically (DHCP): When selected, it will act as a DHCP client and acquire an IPv4 address automatically from the DHCP server.
  • Page 19 Multiple Public IP Please use with Port Forward function, so that you can access to router via public IP address. Address Table 5: WAN Settings ○ IPv6 Settings GWN70xx routers also support IPv6 configuration. Figure 24: WAN – IPv6 Settings Please refer to the following table for IPv6 settings: IPv6 Check "ON"...
  • Page 20 Figure 25: WAN port Settings To access the LAN configuration page, log in to the GWN70xx WebGUI and go to Network Settings → LAN. VLAN configuration such as adding VLANs or setting up a VLAN port can be found here on this page, as well as the ability to add Static IP Bindings.
  • Page 21 Figure 27: Add or Edit VLAN Enter a VLAN ID VLAN ID Note: VLAN ID range is from 3 to 4094. Name Enter the VLAN name Policy Routing Select a Policy Routing from the list or Add one. To fast configure the VLAN's single-way data communication with WANs, other VLANs and VPNs. Destination The option selected by default will be based on "Policy Routing"...

  • Page 22: Static Ip Binding

    Preferred DNS Server Enter the Preferred DNS Server Alternative DNS Server Enter the Alternative DNS Server Table 7: Add or Edit VLAN ○ VLAN Port Settings The user can use LAN ports to allow only specific VLANs on each LAN port and in case there are more than one VLAN then there is an option to choose one VLAN as the default VLAN ID (PVID or Port VLAN Identifier).
  • Page 23 Figure 29: Static IP Binding VLAN Select the VLAN or Default VLAN Binding Devices Select to input manually by entering the MAC Address and IP Address or select from the clients list. MAC Address Enter the MAC Address IP Address Enter the IP Address Table 9: Static IP Binding Network Acceleration...

  • Page 24: Policy Routing

    This section is about adding routes either Static Routing or Policy Routing that can be applied on an Interface WAN or LAN/VLAN where the user can specify the next Hop and Metric for the static routing or priority and weight for the policy routing.

  • Page 25: Static Routes

    Figure 32: Add VLAN Enter a VLAN ID VLAN ID Note: VLAN ID range is from 3 to 4094. Name Enter the VLAN name Policy Routing Select a Policy Routing from the list or Add one. VLAN Port IP Address Check IPv4 Address or IPv6 Address to specify the Address.

  • Page 26: Wan Load-Balancing

    Status enable or disable the Static Routing IP Address Specify the IP address Subnet Mask Enter the Subnet Mask Outgoing Interface Select the interface Next Hop Specify the next Hop When there are multiple routings in the network that can reach the same destination, the priority of routing rules Metric can be adjusted by setting metric, and the packets will be forwarded according to the path with the smallest metric.
  • Page 27 Figure 35: Add Policy Routing 3. Add a VLAN with Policy Routing To use the Routing Policy, add a VLAN and choose the Routing Policy previously created. Figure 36: VLAN with a Routing Policy 4. Apply VLAN to an SSID or LAN port Finally, apply the previously created VLAN to an SSID or a LAN port.

  • Page 28: Setting Up A Wireless Network

    Figure 37: Add SSID Similarly, the user can apply the VLAN to a LAN port to make the Routing Policy active on that LAN. Figure 38: VLAN applied to a LAN SETTING UP A WIRELESS NETWORK The GWN70xx Router provides the user with the capability to create a wireless network either directly from the GWN70xx or by adding multiple GWN76xx series access points, with connectivity over the most common wireless standards (802.11a/b/g/n/ac/ax) operating in both 2.4GHz and 5GHz range.

  • Page 29: Access Point Location

    Figure 39: Access Devices – Configuration page Access Point Location GWN70xx router has an interesting feature to help users to locate different access points using blinking LED, to do so go under the Access Devices → Status page then click on and the corresponding LED will start blinking its LEDs.
  • Page 30 Figure 42: Add SSID Tab Please refer to the below table for Wi-Fi Settings tab options. Field Description Wi-Fi Click on "ON" to enable the SSID Name Set or modify the SSID name. Associated VLAN Click on "ON" to enable VLAN, then specify the VLAN from the list or Create VLAN. Select the Wi-Fi band the GWN will use, three options are available: ●...
  • Page 31 ● AES/TKIP: use both Temporal Key Integrity Protocol and Advanced Encryption Standard for encryption, this provides the most reliable security. WPA Shared Key Set the access key for the clients, and the input range should be: 8-63 ASCII characters or 8-64 hex characters. RADIUS Server Configures RADIUS authentication server address.
  • Page 32 ● Radio Mode: Wireless clients can access to the internet services, GWN7xxx router and the access points GWN76XX but they cannot communicate with each other. The 802.11w standard is used to prevent certain types of WLAN DoS attacks. 802.11w extends strong cryptographic protection and provides data integrity and replay protection for broadcast/multicast Robust management frames.

  • Page 33: Mesh Network

    Enable 802.11v Check to enable 802.11v This option will enable the router to answer the ARP requests from its LAN for its connected WiFi clients. This ARP Proxy is mainly to reduce the airtime consumed by ARP Packets Enable U-APSD Configures whether to enable U-APSD (Unscheduled Automatic Power Save Delivery).

  • Page 34: Upgrading Access Points

    Figure 44: Mesh In a mesh network, access points are categorized into two types: ○ CAP (Central Access Point): this is an access point that has an uplink connection to the wired network. ○ RE (Range Extender): This is an access point that participates in the mesh network topology and has a wireless uplink connection to the central network.

  • Page 35: Clients Configuration

    Figure 45: Upgrading APs CLIENTS CONFIGURATION Clients Clients page keeps a list of all the devices and users connected currently or previously to different LAN subnets with details such as the MAC Address, the IP Address, the duration time, and the upload and download information. It’s helpful to know about the clients’...

  • Page 36: Openvpn® Server Configuration

    Overview VPN allows the GWN70xx routers to be connected to a remote VPN server using PPTP, IPSec, L2TP, and OpenVPN® protocols, or configure an OpenVPN® server and generate certificates and keys for clients, VPN page can be accessed from the GWN70xx Web GUI →...
  • Page 37 Figure 49: Add CA Certificate Enter the Certificate name for the CA. Cert. Name Note: It could be any name to identify this certificate. Example: “CATest”. Choose the key length for generating the CA certificate. The following values are available: ●...

  • Page 38: Generate Server/Client Certificates

    Organizational Unit This field is the name of the department or organization unit making the request. Example: “GS Sales”. Enter an email address. Email Example: “grandstream@gmail.com” Table 15: CA Certificate Click on button after completing all the fields for the CA certificate. Click on button to export the CA to the local computer.
  • Page 39 Figure 51: Certificate Server Enter the common name for the server certificate. Cert. Name Note: It could be any name to identify this certificate. Example: “ServerCertificate”. Select the CA certificate previously generated from the drop-down list. CA Certificate Example: “CATest”. Choose the certificate type from the drop-down list.

  • Page 40: Creating Client Certificate

    The server certificates (.crt and .key) will be used by the GWN70xx router when acting as a server. The server certificates (.crt and .key) can be exported and used on another OpenVPN® server Creating Client Certificate To create a client certificate, follow the below steps: 1.
  • Page 41 Enter client certificate information based on the below descriptions. Figure 53: Client Certificate Enter the common name for the server certificate. Cert. Name Note: It could be any name to identify this certificate. Example: “ClientCertificate”. Select the CA certificate previously generated from the drop-down list. CA Certificate Example: “CATest”.

  • Page 42: Create Openvpn® Server

    State / Province Enter a state name or province. Example: “Casablanca”. Enter a city name. City Example: “Casablanca”. Enter the organization’s name. Organization Example: “GS”. This field is the name of the department or organization unit making the request. Organizational Unit Example: “GS Sales”.
  • Page 43 Figure 54: Create OpenVPN® Server Click after completing all the fields. Refer to the table below: OpenVPN® Service Click on "ON" to enable the OpenVPN Server Name Enter a name for the OpenVPN® server. Choose the server mode the OpenVPN® server will operate with. 4 modes are available: ●...

  • Page 44: Openvpn® Client Configuration

    using same algorithm. Choose digest algorithm from the dropdown list, which will uniquely identify the data to provide data Digest Algorithm integrity and ensure that the receiver has an unmodified data from the one sent by the original host. This option uses a static Pre-Shared Key (PSK) that must be generated in advance and shared among all TLS Identicy peers.

  • Page 45: L2Tp Client Configuration

    Figure 55: OpenVPN® Client Click after completing all the fields. L2TP Configuration Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It does not provide any encryption or confidentiality by itself. Rather, it relies on an encryption protocol that it passes within the tunnel to provide privacy.

  • Page 46: Pptp Configuration

    Figure 56: L2TP Client Configuration Click after completing all the fields. Figure 57: L2TP Client PPTP Configuration A data-link layer protocol for wide area networks (WANs) based on the Point-to-Point Protocol (PPP) and developed by Microsoft enables network traffic to be encapsulated and routed over an unsecured public network such as the Internet. Point-to-Point Tunneling Protocol (PPTP) allows the creation of virtual private networks (VPNs), which tunnel TCP/IP traffic through the Internet.

  • Page 47: Ipsec Vpn Tunnel

    Figure 58: PPTP Client Configuration Click after completing all the fields. Figure 59: PPTP Client IPSec VPN Tunnel Overview Internet Security protocol- IPsec is mainly used to authenticate and encrypt packets of data sent over the network layer. To accomplish this, they use two security protocols – ESP (Encapsulation Security Payload) and AH (Authentication Header), the former provides both authentications as well as encryption whereas the latter provides only authentication for the data packets.
  • Page 48 IKE operates in three modes for exchanging keying information and establishing security associations – Main, Aggressive and Quick mode. • Main mode: is used to establish phase 1 during the key exchange. It uses three two-way exchanges between the initiator and the receiver.
  • Page 49 Figure 62: Add VPN Client – Phase 1 ○ Phase 2 Figure 63: Add VPN Client – Phase 2 After this is done, press “save” and do the same for the HQ Router. The two routers will build the tunnel and the necessary routing information to route traffic through the tunnel back and from the branch office to the HQ network.

  • Page 50: External Access

    Figure 64: Branch Office IPSec Configuration Press Save, then click in order to configure Remote Dial-in User: Figure 65: Remote Dial-in User FIREWALL AND EXTERNAL ACCESS GWN70xx router supports firewall features to control incoming and outgoing traffic by restricting or rejecting specific traffic, as well as preventing attacks on the GWN70xx networks for enhanced security.

  • Page 51: Port Forward

    Figure 66: DDNS Page Service Provider Select the DDNS provider from the list Username Enter the Username Password Enter the Password Domain Enter the Domain Interface Select the Interface Table 20: DDNS Port Forward Port forwarding allows redirecting a communication request from one address and port number combination to another. Navigate to GWN70xx WEB UI →...
  • Page 52 Protocol Type Select a protocol, users can select TCP, UDP or TCP/UDP. WAN port Select the WAN port Sets the IP address that external users access to this device. If not set, any IP address on the Source IP Address corresponding WAN port can be used Source Port Set a single or a range of Ports.

  • Page 53: Attack Defense

    GWN70xx supports UPnP that enables programs running on a host to configure automatically port forwarding. UPnP allows a program to make the GWN70xx open necessary ports, without any intervention from the user, without making any check. UPnP settings can be accessed from GWN70xx Web GUI → External Access → UPnP. Figure 69: UPnP Settings Click on "ON"...

  • Page 54: Traffic Rules

    Figure 70: Firewall Basic Settings Flush Connection Reload: When this option is enabled, and a firewall configuration change is made, existing connections that had been permitted by the previous firewall rules will be terminated. That way if the new firewall rules can’t permit a connection that had been previously established, it will be terminated and won’t be able to reconnect.

  • Page 55: Outbound Rules

    Figure 71: Traffic Rules – Inbound Rules The following example rejects incoming ICMP requests to the WAN port, this means that whenever the GWN70xx receives an incoming ICMP request on the WAN port the destination IP address will receive a message stating that the destination IP address is unreachable.
  • Page 56 Figure 72: Traffic Rules – Outbound Rules The following example will deny every outgoing ICMP request from GWN70xx to the default (VLAN), this means that whenever the GWN70xx receives an ICMP “echo-request” from another network group or from a WAN port sent to LAN1 will be rejected.

  • Page 57: Advanced Nat

    Figure 75: Traffic Rules – Forward Rules Advanced NAT The Firewall Advanced NAT page provides the ability to set up the configuration for Static and Dynamic NAT. SNAT Following actions are available for SNAT. Click on to add the Port Forward rule. Click on to edit a Port Forward rule.
  • Page 58 IP Family Select the IP version, two options are available: IPv4 or Any. Protocol Type Select one of the protocols from dropdown list or All, available options are: UDP/TCP, UDP, TCP and All. Source IP Address Set the Source IP address. Set the Rewrite IP.

  • Page 59: Captive Portal

    Protocol Type Select one of the protocols from dropdown list or All, available options are: UDP, TCP, TCP/UCP and All. Source Group Select a WAN interface or a LAN group for Source Group, or select All. Source IP Address Set the Source IP address. Source Port Set the Source Port.

  • Page 60: Splash Page

    Users can customize a portal policy on this page. Figure 79: Policy page Click on to add Port Forward rule. Click on to edit a Port Forward rule. Click on to delete a Port Forward rule. The policy configuration page allows for adding multiple captive portal policies which will be applied to SSIDs and contain options for different authentication types.

  • Page 61: Access Control

    Figure 80: Splash Page Guest This section lists the clients connected or trying to connect to Wi-Fi via the Captive Portal. Figure 81: Captive Portal – Guest Page ○ Click on delete button to cancel the authentication, the client must re-authenticate to use the network again. ○...

  • Page 62: Block List

    GWN70xx has features that can enable the user to block clients and sites as well and also limit the bandwidth per client or SSID. Blocklist The Blocklist is a feature in GWN70xx that enables the user to block wireless clients from the available ones or manually add the MAC Address.

  • Page 63: Maintenance And Troubleshooting

    Figure 85: Client bandwidth limit Per SSID Under “Web UI → Wi-Fi Settings → SSIDs“. Click on edit button, in the “Wi-Fi Settings Tab” and scroll down to “Advanced“. Then enter the maximum upload and download rate for this SSID. Figure 86: SSID bandwidth limit MAINTENANCE AND TROUBLESHOOTING GWN70xx offers multiple tools and options for maintenance and debugging to help further troubleshooting and monitoring...
  • Page 64 Figure 87: Basic Settings TR-069 Important Note: If enabled, GWN70xx router cannot be managed by GWN.Cloud, and cannot continue to manage GWN76xx access points. Figure 88: TR-069 page SNMP GWN70xx supports SNMP (Simple Network Management Protocol) which is widely used in network management for network monitoring for collecting information about monitored devices.

  • Page 65: Security Management

    Figure 89: SNMP configuration page Security Management Under “Web UI → System Settings → Security Management“ the user can change the login password and activate the web service for example web WAN port access for HTTPS port 443 as well as enabling SSH remote access. Figure 90: Security Management Debug Many debugging tools are available on GWN70xx’s Web GUI to check the status and troubleshoot GWN70xx’s services and...
  • Page 66 Ping and Traceroute are useful debugging tools to verify reachability with other clients across the network (WAN or LAN). The GWN70xx offers both Ping and Traceroute tools for IPv4 and IPv6 protocols. Figure 91: Ping/Traceroute Core File when a crash event happens on the unit, it will automatically generate a core dump file that can be used by the engineering team for debugging purposes.
  • Page 67 Figure 93: Capture External Syslog GWN70xx routers support dumping the Syslog information to a remote server under Web GUI → System Settings → System Diagnosis → External Syslog Tab Enter the Syslog server hostname or IP address and select the level for the Syslog information. Nine levels of Syslog are available: None, Emergency, Alert, Critical, Error, Warning, Notice, Information and Debug.
  • Page 68 Figure 95: E-mail Notification Events Schedule Users can use the schedule configuration menu to set specific schedules for GWN features while giving the flexibility to specify the date and time to turn ON/OFF the selected feature. The Schedule can be used for settings up a specific time for Wi-Fi where the service will be active or for LED schedule…etc. Figure 96: Schedule To configure a new schedule, follow the below steps: 1.

  • Page 69: File Sharing

    Figure 97: Created Schedule GWN70xx routers support also the LED schedule feature. This feature is used to set the timing when the LEDs are ON and when they will go OFF at the customer’s convenience. This can be useful for example when the LEDs become disturbing during some periods of the day, this way with the LED scheduler, you can set the timing so that the LEDs are off at night after specific hours and maintain the Wi-Fi service for other clients without shutting down the AP.

  • Page 70: Upgrading And Provisioning

    Figure 99: File Sharing UPGRADING AND PROVISIONING Upgrading Firmware Under System Settings → Upgrade. The administrator has the option to upgrade the GWN70xx via manual upload (a bin file) or via network either HTTP/HTTPS or TFTP or even schedule to upgrade in a specific time. Figure 100: Upgrade page Backup and Restore The GWN70xx configuration can be backed up to use later or restore the GWN70xx configuration from a previous backup.

  • Page 71: Reset And Reboot

    Figure 101: Backup and Restore Reset and Reboot Reboot Users could perform a reboot by clicking on at the top of the Web UI, and a confirmation message will pop Figure 102: Reboot Reset To reset the GWN70xx router to default settings, navigate to “System Settings → Backup & Restore” and click on .

This manual is also suitable for:

Gwn7052Gwn7052f

Table of Contents