Page 1 AirMax4GW 4G LTE Outdoor CPE with WiFi User’s Manual...
Page 2 This product requires professional installation. Please do not attempt to install the device without the necessary knowledge in regards to your country's wireless regulations. Functions and features in your product’s firmware might be different due to regulations in your country. AirLive AirMax4GW User’s Manual...
Page 3: Table Of Contents
1.5 Features .................... 3 1.6 Wireless Operation Modes ..............3 1.6.1 WDS Bridge Mode..................... 3 1.6.2 AP Router Mode ......................4 2. Installing the AirMax4GW ................ 5 2.1 Before You Start................. 5 2.2 Package Content ................6 2.3 Knowing your AirMax4GW ..............6 2.4 Hardware Installation .................
Page 4 4.4.1 System Related ....................... 138 4.4.2 Scheduling ......................143 4.4.3 Grouping ........................ 143 4.4.4 External Servers ..................... 147 4.4.5 MMI ........................149 5. Installing the AirMax4GW ..............150 5.1 Features ..................150 5.2 Specifications .................150 6. Wireless Network Glossary ..............153 AirLive AirMax4GW User’s Manual...
Page 5: Introduction
Introduction 1.1 Overview The AirMax4GW is a 4G LTE Outdoor Gateway with 2.4 G wireless. It can receive 3G/4G LTE signal and provide 802.11 b/g/n WiFi signal. When installed in upright position, it is rain and splash proof. It features an integrated 10dBi patch antenna and 802.3at POE to simplify the installation.
Page 6: Special Notice
The tech support FAQ are frequently updated with latest information. In addition, you might find new firmware that either increase software functions or provide bug fixes for AirMax4GW. You can reach our on-line support center at the following link: http://www.airlive.com/support/support_2.jsp...
Page 7: Features
802.3at PoE Powered 1.6 Wireless Operation Modes The AirMax4GW can perform as a multi-function wireless device. Users can easily select which wireless mode they wish the AirMax4GW to perform. The AirMax4GW can be configured to operate in the following wireless operation modes: 1.6.1 WDS Bridge Mode...
Page 8: Ap Router Mode
In AP Router Mode, the AirMax4GW behaves like a wireless router. Both the wireless and the PoE port of AirMax4GW becomes the LAN side and 3G/4G act as the WAN . User can manage the AirMax4GW through the wireless or PoE port. And if the remote management is opened, user can also get to manage AirMax4GW via the WAN side.
Page 9: Installing The Airmax4Gw
Installing the AirMax4GW This section describes the hardware features and the hardware installation procedure for the AirMax4GW. For software configuration, please go to chapter 3 for more details. 2.1 Before You Start It is important to read through this section before you install the AirMax4GW ...
Page 10: Package Content
The integrated antenna has forward coverage angle of 20 degree in vertical and 30 degree in horizontal direction.  The AirMax4GW is a 2.4GHz CPE device only; it cannot operate in 5GHz. 2.2 Package Content The AirMax4GW package contains the following items: ...
Page 11 Color Description Green AirMax4GW register on LTE Network. Cellular Amber AirMax4GW register on 3G Network. Status AirMax4GW does not register on cellular network. Wireless Radio ON. WLAN Wireless Radio Off. (Green) Flashing Data is transmitting or receiving on the wireless.
Page 12: Bottom View
2. Installing the AirMax4GW Back Bottom View AirLive AirMax4GW User’s Manual...
Page 13: Hardware Installation
Before inserting or changing the SIM card, please power off the AirMax4GW The SIM card slots are located at the bottom side of AirMax4GW. Please unscrew and remove the outer bottom over of AirMax 4GW and follow below instructions to insert SIM cards.
Page 14: Mount Airmax4Gw
2. Installing the AirMax4GW 2.4.3 Mount AirMax4GW AirMax4GW can be mounted on wall or pole. It has designed with wall-mount bracket for attaching to the wall or fixing on a pole by metal rings. AirLive AirMax4GW User’s Manual...
Page 15: Restore Settings To Default
2.5 Restore Settings to Default If you have forgotten your AirMax4GW’s IP address or password, you can restore your AirMax4GW to the default settings by pressing on the “reset button” for more than 10 seconds. The reset button is located on button of AirMax4GW.
Page 16: Configuring The Airmax4Gw
The default wireless mode is : AP Router Mode  After power on, please wait for 2 minutes for AirMax4GW to finish boot up 3.2 Prepare Your PC The AirMax4GW can be managed remotely by a PC through either the wired or wireless network.
Page 17: Easy Setup By Web Interface
The AirMax4GW can be configured using the web interfaces: Web Management (HTTP): You can manage your AirMax4GW by simply typing its IP address in the web browser. Most functions of AirMax4GW can be accessed by web management interface. We recommend using this interface for initial configurations.
Page 18: Wizard
3. Configuring the AirMax4GW 3.3.1 Wizard Select “Wizard” for basic network setting and VPN settings in a simple way. Or you can go to “Basic Network/ Advanced Network/ Applications / System” to setup the configuration by own selection. 3.3.1.1 Configure with the Network Setup Wizard...
Page 19 3. Configuring the AirMax4GW Step 3: Time Zone Time Zone configuration: It will detect your time zone automatically. If the result of auto detection is not correct, you can press “ Detect Again” button or select manually. Press “Next” to continue...
Page 20 3. Configuring the AirMax4GW button to save new settings. Then it will take 65 seconds to restart this gateway and take new settings effective. Step 8 Counting Down Configuration is completed. Press “Finish” button to close Setup Wizard and browser counts down for 65 seconds and provides you with “Click here”...
Page 21 3. Configuring the AirMax4GW If choosing PPTP Client, please input tunnel name, IP/FQDN of PPTP server, user name & password, choose default gateway/remote subnet, authentication protocol and MPPE encryption option. Please make sure these settings are accepted by remote PPTP server. Otherwise, PPTP server will reject the connection. Press “ Next”...
Page 22 3. Configuring the AirMax4GW Press “Next” to continue. If choosing L2TP Server, please choose options authentication protocol and key length of MPPE encryption. You also need to create a set of username and password L2TP clients. In this wizard, you...
Page 23: Network Status
3. Configuring the AirMax4GW 3.4 Network Status There are 6 kinds of system status to be shown at this window. They are Network Status, WiFi Status, LAN Client List, Firewall Status, VPN Status and System Management Status. 3.4.1 Networks Status...
Page 24 3. Configuring the AirMax4GW 2. Wired Client Icon: Indicates how many Ethernet clients are connected now. 3. WiFi Client Icon: Indicates how many WiFi clients are connected now. WAN Interface IPv4 Network Status Display WAN type, IPv4 information, MAC information, and connection status of multiple WAN interfaces in IPv4 networking.
Page 25: Wifi Status
3. Configuring the AirMax4GW Internet Traffic Statistics Display number of transmitted packets and received packets of each WAN interface. Device Time Display current time information of device. 3.4.2 WiFi Status WiFi Virtual AP List In order to view the basic information of WiFi virtual APs, it will display...
Page 26: Lan Client List
3. Configuring the AirMax4GW WiFi Traffic Statistics In order to view the traffic statistics of WiFi virtual APs, it will display operation band, virtual AP ID, the numbers of received packets and transmitted packets of all virtual APs on status page. Besides, there is an additional Reset command button for each virtual AP to clear the traffic statistics.
Page 27 3. Configuring the AirMax4GW Packet Filters This window displays all fired rules and detected contents of firing activated packet filter rules. Besides, the source IP address and firing time of these events are also shown there. One "Edit" button in the Packet Filters caption can let you change its settings.
Page 28: Vpn Status
3. Configuring the AirMax4GW Application Filters This window displays all filtered applications and their categories of firing activated application filter rules. Besides, the source IP address and firing time of these events are also shown there. One "Edit" button in the Application Filters caption can let you change its settings.
Page 29: System Management Status
3. Configuring the AirMax4GW PPTP Server Status Display the usage status of all activated accounts of PPTP server. PPTP Client Status Display the tunnel status of all activated PPTP clients. L2TP Server Status Display the usage status of all activated accounts of L2TP server.
Page 30 3. Configuring the AirMax4GW SNMP Trap Information Display information of SNMP traps. TR-069 Status Display link status of TR‐069. AirLive AirMax4GW User’s Manual...
Page 31: Web Management
4. Web Management Web Management In this chapter, we will explain about Airmax4GW settings in web management interface. Please be sure to read through Chapter 3 first. Whenever you want to configure your network or this device, you can access the Configuration Menu by opening the web browser and typing in the IP Address of the device.
Page 32 Network Connection Status below. You can also check status of WiFi at WiFi Status page, connected clients at LAN Client List page, and other advanced function status at Firewall Status page, VPN Status page and System Management Status page. AirLive AirMax4GW User’s Manual...
Page 33: Basic Network
Please MUST POWER OFF the gateway before you insert or remove SIM card. It will damage SIM card if you insert or remove SIM card during gateway is in operation. Caution • Please follow instructions at section 2.1.2. AirLive AirMax4GW User’s Manual...
Page 34 There is only 3G/4G physical WAN interface in the device that you can configure it to get proper Internet connection setup. It supports only one WAN type to connect to Internet, 3G/4G. For 3G/4G WAN type, the ISP is a mobile operator that can provide AirLive AirMax4GW User’s Manual...
Page 35 Only” or “SIM-B Only” for 3G/4G connection. There are two SIM card slots on this gateway and with four kinds of SIM card usage scenarios, including “SIM-A First”, “SIM-B First”, “SIM-A Only” and “SIM-B Only”. By AirLive AirMax4GW User’s Manual...
Page 36 SIM-A and SIM-B configuration. Furthermore, there is also a common configuration window for 3G/4G connection after "3G/4G WAN Type Configuration" window, "Connection with SIM-A Card" window and "Connection with SIM-B Card" window. AirLive AirMax4GW User’s Manual...
Page 37 Authentication: Choose “Auto”, “PAP”, or “CHAP” according to your ISP’s authentication approach. Just keep it with “Auto” if you can’t make sure. Primary/Secondary DNS: Enter IP address of Domain Name Server. You can keep them in blank, because most ISP will assign them automatically. AirLive AirMax4GW User’s Manual...
Page 38 Check Interval: Indicate how often to send keep-alive packet. Check Timeout: Set allowance of time period to receive response of keep-alive packet. If this gateway doesn’t receive response within this time period, this gateway will record this keep alive is failed. AirLive AirMax4GW User’s Manual...
Page 39: Lan And Vlan Setup
This device is equipped with one Gigabit PoE Ethernet LAN port as to connect your local devices via Ethernet cables. Besides, VLAN function is provided to organize your local networks. 4.1.2.1 Ethernet LAN Please follow the following instructions to do IPv4 Ethernet LAN Setup\ AirLive AirMax4GW User’s Manual...
Page 40 254 IP addresses are allowed in this subnet. However, one of them is occupied by LAN IP address of this gateway, so there are maximum 253 clients allowed in LAN network. Hereafter are the available options for subnet mask. AirLive AirMax4GW User’s Manual...
Page 41 NAT VLAN group to let group host member get its IP address. Thus, each host can surf Internet via the NAT mechanism of business access gateway. At bridge mode, Intranet packet flow was delivered out WAN trunk port with VLAN tag to upper link for different services. AirLive AirMax4GW User’s Manual...
Page 42 3 segments, Lobby & Restaurant, Lab & Meeting Rooms and Office. In a Security VPN Gateway, administrator can configure Lobby & Restaurant segment with VLAN ID 12. The VLAN group is equipped with DHCP-3 server to construct a 192.168.12.x subnet. He also configure Lab & AirLive AirMax4GW User’s Manual...
Page 43 A port-based VLAN is a group of ports on an Ethernet switch or router that form a logical Ethernet segment. It also can integrate some WiFi virtual APs into the group to own same access policies and bandwidth policies. But the device has only one AirLive AirMax4GW User’s Manual...
Page 44 5. WAN VID: The VLAN Tag ID that come from the ISP service. For NAT type VLAN, no WAN VLAN tag is allowed and the value is forced to “0”; For Bridge type VLAN, You have to specify the VLAN Tag value that is provided by your ISP. 6. VLAN Routing Group: AirLive AirMax4GW User’s Manual...
Page 45 This differs from a port-based VLAN, where the port VIDs assigned to the ports determine VLAN membership. When the device receives a frame with a VLAN tag, referred to as a tagged frame, the device forwards the frame only to those ports that share the same VID. AirLive AirMax4GW User’s Manual...
Page 46 4. DHCP Server: Specify a DHCP server for the configuring VLAN group. This device provides only one DHCP server to serve the DHCP requests from different VLANs. Afterwards, click on “Save” to store your settings or click “Undo” to give up the changes. AirLive AirMax4GW User’s Manual...
Page 47: Wifi Setup
WiFi devices such as your laptop PC, smart phone, tablet, wireless printer and some portable wireless devices. 4.1.3.1 WiFi Configuration This device is equipped with IEEE802.11b/g/n 2Tx2R wireless radio, you have to configure 2.4G Hz operation band’s wireless settings and then activate your WLAN. AirLive AirMax4GW User’s Manual...
Page 48 IP addresses from ISP. 1. Operation Band: Select the WiFi operation band that you want to configure. But the device supports only 2.4G single WiFi band. 2. WPS: Click on the button to setup WPS. AirLive AirMax4GW User’s Manual...
Page 49 10. WiFi System: This gateway supports 2.4GHz 802.11b/g/n modes, so you can choose adequate WiFi system from the option list of “802.11b Only”, “802.11g Only”, “802.11n Only”, “802.11b/g Mixed”, “802.11g/n Mixed” and “802.11b/g/n Mixed” according to your requirement. The factory default setting is “802.11b/g/n Mixed”. AirLive AirMax4GW User’s Manual...
Page 50 (0, 1, 2…8, 9, A, B…F) digits, or 8 to 63 ASCII characters as the pre-share key. The available encryption modes are “TKIP”, “AES”, or “TKIP/AES”. In this mode, you don’t need additional RADIUS server for user authentication. AirLive AirMax4GW User’s Manual...
Page 51 64 hexadecimal (0, 1, 2…8, 9, A, B…F) digits, or 8 to 63 ASCII characters as the shared key. The key value is shared by the RADIUS server and this router. This key value must be consistent with the key value AirLive AirMax4GW User’s Manual...
Page 52 However, not all the APs can be set to enable the Lazy mode simultaneously; at least there must be one AP with all the WDS peers’ MAC address filled. Green AP: Enable the Green AP function to reduce the power consumption when there are no wireless traffics. AirLive AirMax4GW User’s Manual...
Page 53 (0, 1, 2…8, 9, A, B…F) digits, or 8 to 63 ASCII characters as the pre-share key. The available encryption modes are “TKIP”, “AES”, or “TKIP/AES”. In this mode, you don’t need additional RADIUS server for user authentication. AirLive AirMax4GW User’s Manual...
Page 54 WDS (Wireless Distributed System) Hybrid function let this access point acts as a wireless LAN access point and a repeater at the same time. Users can use this feature to build up a large wireless network in a large space like airports, hotels and schools …etc. AirLive AirMax4GW User’s Manual...
Page 55 You can select VAP-1 ~ VAP-8 and configure each wireless network if it is required. Time Schedule: The wireless radio can be turn on according to the schedule rule you specified. By default, the wireless radio is always turned on when the AirLive AirMax4GW User’s Manual...
Page 56 "shared" key or passphrase. The shared key is manually set on both the client station and the AP/router. Three types of shared key authentication are available today for home or small office WLAN environments. AirLive AirMax4GW User’s Manual...
Page 57 Remote AP MAC 1 ~ Remote AP MAC 4: If you do not enable the Lazy mode, you have to enter the wireless MAC address for each WDS peer one by one. Afterwards, click on “Save” to store your settings or click “Undo” to give up the changes. AirLive AirMax4GW User’s Manual...
Page 58 “Enrollee”. In most cases, for an AP router or AP, it should be in “Registrar” mode, so that other wireless clients in “Enrollee” mode can connect to the discovered “Registrar”. Briefly speaking, “Enrollee” is the initiator of WPS connection. Registrar Mode AirLive AirMax4GW User’s Manual...
Page 59 In “Wireless Client List” page, the list of connected wireless clients will be shown consequently. You can choose to see “All” of connected wireless clients, or you can indicate which virtual AP (SSID) you want to browse. You can check wireless clients of VAP-1~VAP-8 individually. AirLive AirMax4GW User’s Manual...
Page 60 Operation Band: Select the WiFi operation band that you want to configure. But the device supports only 2.4G single WiFi band. Regulatory Domain: Indicate number of WiFi channel. It depends on regional government regulations. AirLive AirMax4GW User’s Manual...
Page 61 Besides, there is only one “Best” option if following “RF Bandwidth” parameter is set to “Auto”. When RF Bandwidth is HT40, you can set the WiFi TX Rate to be one of following option list by manual: AirLive AirMax4GW User’s Manual...
Page 62: Ipv6 Setup
Internet connectivity providers. This gateway supports two types of IPv6 connection (6to4 / 6in4). Please ask your ISP of what type of IPv6 is supported before you proceed with IPv6 setup. AirLive AirMax4GW User’s Manual...
Page 63 VLAN. This list is constructed by snooping IPv6 multicast control packets. If necessary in your environment, please enable this feature. AirLive AirMax4GW User’s Manual...
Page 64 (unsolicited) advertisements. 4.1.4.2 6 in 4 When “6 in 4” is selected for the WAN Connection Type, you need to do the following settings: AirLive AirMax4GW User’s Manual...
Page 65 Auto-configuration Type: You may set stateless or stateful (Dynamic IPv6). Router Advertisement Lifetime: You can set the time for the period that the router send (broadcast) its router advertisement. Each router periodically multicasts a Router Advertisement from each of its multicast interfaces, AirLive AirMax4GW User’s Manual...
Page 66: Nat/Bridging
This is useful when you run a server inside your network. For example, if you set a mail server at LAN side, your local devices can access this mail server through gateway’s WAN IP address. You don’t need to AirLive AirMax4GW User’s Manual...
Page 67 8080 and Private port 80) at 10.0.75.3, and a VPN server at 10.0.75.6, then you need to specify the following virtual server mapping table Public Port Server IP Private Port Protocol Rule 10.0.75.1 Enable 10.0.75.2 Enable 8080 10.0.75.3 Enable 1723 10.0.75.6 Both Enable AirLive AirMax4GW User’s Manual...
Page 68 NAT router. The Special Applications feature allows some of these applications to work with this product. If the mechanism of Special Applications fails to make an application work, try setting your computer as the DMZ host instead. AirLive AirMax4GW User’s Manual...
Page 69 LAN computer as a DMZ host to solve this problem. IP Address of DMZ Host: Enter IP address of Server or Host. DHCP Relay: DHCP Relay Agent component relays DHCP messages between DHCP clients and DHCP servers on different IP networks. Because AirLive AirMax4GW User’s Manual...
Page 70: Routing Setup
You can enter the destination IP address, Subnet Mask, Gateway, and Metric for each routing rule, and then enable or disable the rule by checking or un-checking the Enable checkbox. Please click Add or Edit button to configure a static routing rule: AirLive AirMax4GW User’s Manual...
Page 71 The feature of dynamic routing will be very useful when there are lots of subnets in your network. Generally speaking, RIP is suitable for small network. OSPF is more suitable for medium network. BGP is more used for big network infrastructure AirLive AirMax4GW User’s Manual...
Page 72 The topology determines the routing table presented to the Internet Layer which makes routing decisions based solely on the destination IP address found in IP packets. AirLive AirMax4GW User’s Manual...
Page 73 You can enable the BGP routing function by click on the “Setting” button and fill in the corresponding setting for your BGP routing configuration. When you finished setting, click on “Save” to store your settings or click “Undo” to give up the changes. Above settings are just for examples. AirLive AirMax4GW User’s Manual...
Page 74: Client/Server/Proxy
3-party DDNS service provider, including TZO.com, No-IP.com, DynDNS.org(Dynamic), DynDNS.org(Custom), and DHS.org. Before you enable Dynamic DNS, you need to register an account on one of these Dynamic DNS servers that we list in Provider field. AirLive AirMax4GW User’s Manual...
Page 75 .200 as shown at following DHCP Server List. You can add or edit one DHCP server configuration by clicking on the “Add” button behind “DHCP Server List” or the “Edit” button at the end of DHCP server information. AirLive AirMax4GW User’s Manual...
Page 76 However, one of them is occupied by LAN IP address of this gateway, so there are maximum 253 clients allowed in LAN network. Hereafter are the available options for subnet mask. AirLive AirMax4GW User’s Manual...
Page 77 IP address for designated local device (MAC address) by manual, so that the DHCP Server will reserve the special IPs for designated devices. For internal servers, you can use this feature to ensure each of them receives same IP AirLive AirMax4GW User’s Manual...
Page 78: Advanced Network
& Bandwidth Management, VPN Security, Redundancy, System Management and Certificate. You can finish those configurations in this section. 4.2.1 Firewall The firewall functions include Packet Filters, URL Blocking, Web Content Filters, MAC Control, Application Filters, IPS and some firewall options. AirLive AirMax4GW User’s Manual...
Page 79 The first one is to define the black list. System will block the packets that match the active filter rules. However, the second one is the white list. System will allow the packets to pass the gateway, which match the active filter rules. AirLive AirMax4GW User’s Manual...
Page 80 It supports the adding of one new rule or the editing of one existed rule. There are some parameters need to be specified in one packet filter rule. They are Rule Name, From Interface, To Interface, Source IP, Destination IP, Destination Port, Protocol, Time Schedule and finally, the rule enable. AirLive AirMax4GW User’s Manual...
Page 81 (1000-1999). A “0” implies all ports are used. You also can choose one well-known service instead so that the chosen service will provide its destination port and protocol number for the rule. The supported well-known services include: AirLive AirMax4GW User’s Manual...
Page 82 Afterwards, click on “Save” to store your settings or click “Undo” to give up the changes. 4.2.1.3 URL Blocking URL Blocking will block the webs containing pre-defined key words. This feature can filter both domain input suffix (like .com or .org, etc) and a keyword “bct” or “mpe”. AirLive AirMax4GW User’s Manual...
Page 83 It supports the adding of one new rule or the editing of one existed rule. There are some parameters need to be specified in one URL blocking rule. They are Rule Name, URL / Domain Name / Keyword, Destination Port, Time Schedule and finally, the rule enable. AirLive AirMax4GW User’s Manual...
Page 84 Web Content Filters can block HTML requests with the specific extension file name, like ".exe", ".bat" (applications), "mpeg” (video), and block HTML requests with some script types, like Java Applet, Java Scripts, cookies and Active X. AirLive AirMax4GW User’s Manual...
Page 85 It supports the adding of one new rule or the editing of one existed rule. There are some parameters need to be specified in one Web Content Filter rule. They are Rule Name, User-defined File Extension List, Time Schedule and finally, the rule enable. AirLive AirMax4GW User’s Manual...
Page 86 Afterwards, click on “Save” to store your settings or click “Undo” to give up the changes. 4.2.1.5 MAC Control MAC Control allows you to assign different access right for different users based on device’s MAC address. 4.2.1.5.1 Configuration AirLive AirMax4GW User’s Manual...
Page 87 It supports the adding of one new rule or the editing of one existed rule. There are some parameters need to be specified in one MAC Control rule. They are Rule Name, MAC Address, Time Schedule and finally, the rule enable. Rule Name: The name of Web Content Filter rule. AirLive AirMax4GW User’s Manual...
Page 88 This device supports the application filters for various Internet chat software, P2P download, Proxy, and A/V streaming. You can select the applications to be blocked after the function is enabled, and specify the schedule rule for such Application Filters function. AirLive AirMax4GW User’s Manual...
Page 89 You can enable the IPS function and check the listed intrusion activities if necessary. There are some intrusion prevention items need a further Threshold parameter to work properly for intrusion detection. Beside, you can enable the log alerting so that system will record intrusion events when corresponding intrusions are detected. AirLive AirMax4GW User’s Manual...
Page 90 “ping” to this gateway. “Ping” is a useful command that we use to detect if a certain host is alive or not. But it also let hacker know about this. Therefore, many Internet servers will be set to ignore IGMP request. AirLive AirMax4GW User’s Manual...
Page 91: Qos & Bwm
It is indeed required that an access gateway satisfies the requirements of latency-critical applications, minimum access right guarantee, fair bandwidth usage for same subscribed condition and flexible bandwidth management. AirLive Security Gateway provides a Rule-based QoS to carry out the requirements. AirLive AirMax4GW User’s Manual...
Page 92 Flexible Bandwidth Management on the interface can also be specified here. Bandwidth of Upstream: The maximum bandwidth of uplink in Mbps. Bandwidth of Downstream: The maximum bandwidth of downlink in Mbps. Total Connection Sessions: Input the maximum number of connection sessions for the WAN interface. AirLive AirMax4GW User’s Manual...
Page 93 For bandwidth resource, control functions include guaranteeing bandwidth and limiting bandwidth. For priority queue resource, control function is setting priority. For DSCP resource, control function is DSCP marking. The last resource is Connection Sessions; the related control function is limiting connection sessions. AirLive AirMax4GW User’s Manual...
Page 94 “Add” button to create a new QoS rule. Delete: After you selected some QoS rules by checking the “Select” box for each rule, you can click on the “Delete” button to remove those rules from the list. AirLive AirMax4GW User’s Manual...
Page 95 When “DSCP” is selected, another “DiffServ CodePoint” value must be specified. DSCP means DiffServ Code Point, as known as advanced TOS. You can choose this option if your local service gateway supports DSCP tags. The DSCP categories that this gateway can detect are as below. AirLive AirMax4GW User’s Manual...
Page 96 Both. Finally, when “Well-known Service” is selected, you can choose the well-known from a list like: Resource: There are 4 resources can be chosen to control in the QoS rule. They are “Bandwidth”, “Connection Sessions”, “Priority Queues” and “DiffServ Code Points”. AirLive AirMax4GW User’s Manual...
Page 97 [System]-[Scheduling] menu. Enable: Check the box if you want to enable the rule. Each rule can be enabled or disabled individually. Afterwards, click on “Save” to store your settings or click “Undo” to give up the changes. AirLive AirMax4GW User’s Manual...
Page 98 4(CS4)” value will be modified by “DSCP Marking” control function with “AF Class 2(High Drop)” value at any time. Example #2 for adding a “Connection Sessions” type QoS rule Interface: Select “WAN-1”. Group: Select “IP” and enter IP range: 10.0.75.16/28. Service: Select “ALL”. Resource: Select “Connection Sessions”. AirLive AirMax4GW User’s Manual...
Page 99: Vpn Setup
Tunnel Load Balance, NetBIOS over IPSec, NAT Traversal and Dynamic VPN. 4.2.3.1 Configuration To enable the VPN function, you should go to Configuration before any setting. 4.2.3.2 IPSec Internet Protocol Security (IPSec) is a protocol suite for securing Internet Protocol (IP) AirLive AirMax4GW User’s Manual...
Page 100 It must be noted that the remote peer has to initiate the tunnel establishing process first in this application scenario. There is one more advanced IPSec VPN application: AirLive AirMax4GW User’s Manual...
Page 101 Max. Tunnels: The device supports up to 32 IPSec tunnels, but you can specify it with the number of maximum current activated IPSec tunnels that is smaller or equal to 32. You can add new, edit or delete some IPSec tunnels in Tunnel List & Status as follows. AirLive AirMax4GW User’s Manual...
Page 102 30 seconds. Now, the device will start to ping remote host when there is no traffic within the VPN tunnel. If the device can't get ICMP response from remote host anymore, it will terminate the VPN tunnel automatically. AirLive AirMax4GW User’s Manual...
Page 103 Remote Netmask: The remote netmask and associated remote subnet can define a subnet domain for the remote devices connected via the VPN tunnel. There are 5 entries for Remote Netmask. Remote Gateway: Enter the IP address or FQDN of remote Business Security Gateway. 4.2.3.2.6 Authentication AirLive AirMax4GW User’s Manual...
Page 104 (or Business Security Gateway). The VPN server would reject the connect request from VPN clients because of invalid user information, even though the pre-shared key is correct. This function is suitable for remote mobile VPN AirLive AirMax4GW User’s Manual...
Page 105 SHA1, SHA2-256 and SHA2-512. DH Group: There are nine groups can be selected: None, Group 1 (MODP768), Group 2 (MODP1024), Group 5 (MODP1536) and Group14 ~ Enable: Check this box to enable the IKE Proposal during tunnel establishing. AirLive AirMax4GW User’s Manual...
Page 106 Enable: Check this box to enable the IKE Proposal during tunnel establishing. 4.2.3.2.11 Manual Proposal When “Manually” key management is used, there are 4 further parameters need to be specified by you and used in IPSec tunnel establishing. AirLive AirMax4GW User’s Manual...
Page 107 Microsoft Windows product families implements various levels of authentication and encryption natively as standard features of the Windows PPTP stack. The intended use of this protocol is to provide security levels and remote access levels comparable with typical VPN products. AirLive AirMax4GW User’s Manual...
Page 108 PPTP: Check the “Enable” box to activate PPTP client and server functions. Client/Server: Choose Server or Client to configure corresponding role of PPTP VPN tunnels for the Business Security Gateway beneath the choosing screen AirLive AirMax4GW User’s Manual...
Page 109 MPPE encryption, 40 bits, 56 bits or 128 bits. 4.2.3.3.3 PPTP Server Status The user name and connection information for each connected PPTP client to the PPTP server of the Business Security Gateway will be shown in this table. AirLive AirMax4GW User’s Manual...
Page 110 The Business Security Gateway also can behave as a PPTP client except PPTP server, and PPTP client tries to establish a PPTP tunnel to remote PPTP server. All client hosts in the Intranet of Business Security Gateway can access LAN servers behind the PPTP server. AirLive AirMax4GW User’s Manual...
Page 111 “Delete” button. Tunnel: Check the “Enable” box to activate the tunnel. Edit: You can edit one PPTP client tunnel configuration by clicking on the “Edit” button at the end of each tunnel list. 4.2.3.3.8 PPTP Client Configuration AirLive AirMax4GW User’s Manual...
Page 112 LCP echo fails. You also can choose “User-defined” option to define the time interval and the retry times by yourself. The last option is “Disable”. Tunnel: Check the “Enable” box to activate the tunnel. AirLive AirMax4GW User’s Manual...
Page 113 L2TP over IPSec tunnels. Server Virtual IP: It is the virtual IP address of L2TP server used in L2TP tunneling. This IP address should be different from the gateway one and members of LAN subnet of Business Security Gateway. AirLive AirMax4GW User’s Manual...
Page 114 “Delete” button. Account: Check the “Enable” box to validate the user account. Edit: You can edit one user account configuration by clicking on the “Edit” button at the end of each user account list. AirLive AirMax4GW User’s Manual...
Page 115 “Delete” button. Tunnel: Check the “Enable” box to activate the tunnel. Edit: You can edit oneL2TPTP client tunnel configuration by clicking on the “Edit” button at the end of each tunnel list. AirLive AirMax4GW User’s Manual...
Page 116 L2TP tunnel will be established automatically. Connection Control: There are three connection control options for users to choose when the L2TP tunnel is established. You can choose “Connect-on-Demand”, “Auto Reconnect (always-on)”, or “Manually”. By default, it is “Auto Reconnect (always-on)”. AirLive AirMax4GW User’s Manual...
Page 117 4.2.3.5.2 GRE Configuration There is one common GRE VPN connection scenario as follows: • GRE Server / Client Application The Business Security Gateway acts as GRE Server or Client role in SMB Headquarters or Branch Office. AirLive AirMax4GW User’s Manual...
Page 118 “Peer Subnet” is chosen, peer subnet parameter needs to be filled and it should be the LAN subnet of remote GRE server. If an Intranet packet wants to go to this peer subnet, the GRE tunnel will be established automatically. AirLive AirMax4GW User’s Manual...
Page 119: Redundancy
Virtual Server ID: Means Group ID. Specify the ID number of the virtual server. Its value ranges from 1 to 255. Priority of Virtual Server: Specify the priority to use in VRRP negotiations. Valid values are from 1 to 254, and a larger value has higher priority. AirLive AirMax4GW User’s Manual...
Page 120: System Management
CPE WAN Management Protocol (CWMP). It defines an application layer protocol for remote management of end-user devices, like this gateway device. As a bidirectional SOAP/HTTP-based protocol, provides communication between customer-premises equipment (CPE) and Auto Configuration Servers (ACS). The Security Gateway is such CPE. AirLive AirMax4GW User’s Manual...
Page 121 The device supports several public MIBs and one private MIB for the SNMP agent. The supported MIBs are as follow: • Supported MIBs • MIB-II (RFC 1213, Include IPv6) • IF-MIB, IP-MIB, TCP-MIB, UDP-MIB • SMIv1 and SMIv2 • SNMPv2-TM and SNMPv2-MIB • AMIB (AirLive Private MIB) AirLive AirMax4GW User’s Manual...
Page 122 WAN Access IP Address: The IP address of remote control site to manage the device by using SNMP protocol. A User Privacy table is used for only SNMP v3. It defines the user list and their privacy and authority settings. AirLive AirMax4GW User’s Manual...
Page 123 UPnP Internet Gateway Device (IGD) Standardized Device Control Protocol is a NAT port mapping protocol and is supported by some NAT routers. It is a common communication protocol of automatically configuring port forwarding. Applications using peer-to-peer networks, multiplayer gaming, and remote assistance programs AirLive AirMax4GW User’s Manual...
Page 124: Certificate
SSL), where they prevent an attacker from impersonating a secure website or other server. They are also used in other important applications, such as email encryption and code signing. Here, it can be used in IPSec tunneling for user authentication. AirLive AirMax4GW User’s Manual...
Page 125 4.2.6.1.1 Root CA The device can serves as the Root CA. Root CA can sign local certificate when generate by selected self-signed or the Certificate Signing Request (CSR). You can generate it by clicking on the "Generate" button. AirLive AirMax4GW User’s Manual...
Page 126 You can download the local certificate file by clicking on the "Download" button. 4.2.6.1.2 Local Certificate List This feature can show the list of all certificates which contain information identifying the applicant. Each certificate involves field of the certificate name, subject, issuer and valid to. AirLive AirMax4GW User’s Manual...
Page 127 You also can import one certificate from your backup ones by clicking on the "Import" button. There are two approaches to import it. One is from a file and another is copy-paste the PEM codes in Web UI, and then click on the "Apply" button. AirLive AirMax4GW User’s Manual...
Page 128 The device can let you import the certificate of trusted external CA by clicking on the "Import" button. There are two approaches to import it. One is from a file and another is copy-paste the PEM codes in Web UI, and then click on the "Apply" button. AirLive AirMax4GW User’s Manual...
Page 129 After successful importing the trusted external CA, you also can delete it by checking the Select box and clicking on the "Delete" button. You can view its PEM codes by checking the "View" button. You can download the trusted CA file by clicking on the "Download" button. AirLive AirMax4GW User’s Manual...
Page 130 PEM codes in Web UI, and then click on the "Apply" button. You also can delete one trusted client certificate by checking corresponding Select box and clicking on the "Delete" button. You can view its PEM codes by checking the "View" button. AirLive AirMax4GW User’s Manual...
Page 131 After signing, the Issuer information can be show which is Root ca subject. You also can view its PEM codes by checking the "View" button and download the issued certificate file by clicking on the "Download" button. AirLive AirMax4GW User’s Manual...
Page 132: Application
Internet, the device will redirect the Internet surfing request to an external captive portal Web server for user authentication. If the authentication is successful, the requested client host will be allowed to access Internet by the device. 4.3.1 Mobile Application 4.3.1.1 AirLive AirMax4GW User’s Manual...
Page 133 2. SMS: Indicate which SIM card is used for SMS feature. 3. SMS Storage: Select storage for SMS message. This gateway only supports “SIM Card Only” for SMS storage. This gateway can forward received SMS message automatically. Press “Add” to add new rule. AirLive AirMax4GW User’s Manual...
Page 134 You can create a new SMS message on this page. After finishing the content of message, and filling with phone number of receiver(s), you can press the “Send” button to send this message out. You can see “Send OK” if the new message has been sent successfully. AirLive AirMax4GW User’s Manual...
Page 135 1. Physical Interface: Indicate which 3G/LTE modem is used for USSD feature. And SIM Status indicates which SIM card is used for USSD feature. AirLive AirMax4GW User’s Manual...
Page 136 You can select USSD command from existed profile or type command manually. Then press “Send” button to send out USSD command. 4.3.1.3 Network Scan This part is for 3G/LTE cellular network scan. Usually, this part would be done automatically. Manual scan is used for problem diagnosis. AirLive AirMax4GW User’s Manual...
Page 137 Message Service). Users can send certain SMS to this gateway to activate some actions, such as connect/disconnect/reconnect WAN connection or reboot the system. Besides, gateway can also send SMS to users to alert some events automatically. AirLive AirMax4GW User’s Manual...
Page 138 If this field is empty, users just need to type command without adding any key information. Note. If security key is empty, access control needs to be activated. The security key can be empty if access control is activated. AirLive AirMax4GW User’s Manual...
Page 139 1. WAN Link Down: Enable it, and this gateway will send a message to users if primary WAN connection is dropped. 2. WAN Link Up: Enable it, and this gateway will send a message to users if WAN connection is established. This message will also include WAN IP address. AirLive AirMax4GW User’s Manual...
Page 140: Captive Portal
Captive Portal Configuration The gateway supports the Captive Portal function, including external captive portal. For external captive portable, you must specify external RADIUS (Remote Authentication Dial In User Service) server and external UAM (Universal Access Method) server. AirLive AirMax4GW User’s Manual...
Page 141: System
Syslog Server objects, RADIUS Server objects, Active Directory Server objects, LDAP Server objects and UAM Server objects. About MMI (Man-Machine Interface), it means the Web-based GUI. User can set the administrator timeout of Web UI surfing during configuring the device by the administrator. AirLive AirMax4GW User’s Manual...
Page 142: System Related
Change Password You can change the System Password here. We strongly recommend you to change the system password for security reason. Click on “Save” to store your settings or click “Undo” to give up the changes. AirLive AirMax4GW User’s Manual...
Page 143 ADSL modem and 3G/LTE modem. 4.4.1.3 System Status You can view the System Logs in Web UI. You also can send the logs to specific email accounts periodically or instantly by clicking on the “Email Now” command button AirLive AirMax4GW User’s Manual...
Page 144 1. System Time: There are three approaches to setup the system time. Before the process, some basic information must be filled by clicking on the “Configure” command button. Basic information includes following items: AirLive AirMax4GW User’s Manual...
Page 145 “Ping” button. A test result window will appear beneath it. There is a “Close” command button there can let the test result windows disappear. AirLive AirMax4GW User’s Manual...
Page 146 “Backup” button and save it as a bin file. Once you want to restore these settings, please click Firmware Upgrade button and use the bin file you saved. Afterwards, click on “Save” to store your settings or click “Undo” to give up the changes. AirLive AirMax4GW User’s Manual...
Page 147: Scheduling
This device supports three types of objects to be grouped. They are host objects, file extension objects and L7 Application objects. One “Enable” checkbox provides user to activate the grouping function for all types of objects. AirLive AirMax4GW User’s Manual...
Page 148 2. Delete: Click on the button to delete the host groups that are specified in advance by checking on the “Select” box of those groups. 3. Edit: Click on the button to edit the host group. 4. Select: Select the host group to delete. AirLive AirMax4GW User’s Manual...
Page 149 “Select” box of those groups. 3. Edit: Click on the button to edit the file extension group. 4. Select: Select the file extension group to delete. 4.4.3.3.2 File Extension Group Configuration AirLive AirMax4GW User’s Manual...
Page 150 “Select” box of those groups. 3. Edit: Click on the button to edit the L7 application group. 4. Select: Select the file extension group to delete. 4.4.3.4.2 L7 Application Group Configuration AirLive AirMax4GW User’s Manual...
Page 151: External Servers
[Applications]-[Captive Portable], SMS forwarding to email server or syslog server in [Applications]-[Mobile Applications]-[SMS], Management alerting system [Applications]-[AP Management], Management alerting handler [Applications]-[IO Management]. Above usage examples depend on the provided functions of different product models. AirLive AirMax4GW User’s Manual...
Page 152 “Workgroup”. When “UAM” Server, following parameters must be provided: “Login URL”, “Shared Secret”, “NAS/Gateway ID”, “Location ID” and “Location Name”. Among them, Location Name is optional. 5. Server: Check the “Enable” box to activate the external server object. AirLive AirMax4GW User’s Manual...
Page 153: Mmi
4. Web Management 4.4.5 MMI 4.4.5.1 Web UI You can set UI administration time-out duration in this page. If the value is “0”, means the time-out is unlimited. AirLive AirMax4GW User’s Manual...
Page 154: Installing The Airmax4Gw
5. Installing the AirMax4GW Installing the AirMax4GW The specification of AirMax4GW is subject to change without notice. Please use the information with caution. 5.1 Features  Cellular Gateway for outdoor LTE-Fi Hotspot applications.  1x embedded LTE module with dual-SIM failover ...
Page 155 5. Installing the AirMax4GW Wireless Security WPA-PSK WPA2-PSK WPA-Radius 802.1x/EAP Software Dual SIM Failover IPv6 : 6-in-4 , 6-to-4 Multi-SSID VLAN NAT: ALG, Special AP,DMZ Host, Virtual Server, PPTP/L2TP/IPSec Passthrough DDNS Pacaket Filters URL Blocking Web Content Filter MAC Address Control...
Page 156 5. Installing the AirMax4GW Storage: -40 ~ 85℃ Humidity Operating: 10~90% (Non-Condensing) Storage: max. 95% (Non-Condensing) Certification Dimension 130 x 302 x 51 (mm) Product Weight 1120 (g) AirLive AirMax4GW User’s Manual...
Page 157: Wireless Network Glossary
Spanning Tree Protocol. It is an algorithm to prevent network from forming. The STP protocol allows network to provide a redundant link in the event of a link failure. It is advice to turn on this option for multi-link bridge network. AirLive AirMax4GW User’s Manual...
Page 158 VLAN ID(called Tag) as it traveled across the network. Therefore, the VLAN configuration can be configured across multiple switches. In 802.1Q spec, possible 4096 VLAN ID can be created. Although for some devices, they can only view in frames of 256 ID at a time. AirLive AirMax4GW User’s Manual...
Page 159 This is especially true for 802.11a and 802.11g networks. Setting the correct ACK timeout value need to consider 3 factors: distance, AP response time, and interference. The AirMax4GW provide ACK adjustment capability in form of either distance or direct input. When you enter the distance parameter, the AirMax4GW will automatically calculate the correct ACK timeout value.
Page 160 IP or Application. It can also guarantee the speed of certain special application or privileged IP address - a crucial feature of QoS (Quality of Service) function. The AirMax4GW’s features both “Per-user Bandwidth Control” and “Total Bandwidth Control”. “Per-user Bandwidth Control” allow administrator to define the maximum bandwidth of each user by IP, IP Group, or MAC address.
Page 161 In www.airlive.com, the "airlive.com" is the doman name. DoS Attack Denial of Service. A type of network attack that floods the network with useless traffic. Many DoS attacks, such as the Ping of Death and Teardrop attacks, exploit limitations in the TCP/IP protocols. AirLive AirMax4GW User’s Manual...
Page 162 The default size is 2346. You can try 1500, 1000, or 500 when there are interference around your network. Full Duplex The ability of a networking device to receive and transmit data simultaneously. In wireless environment, this is usually done with 2 or more radios doing load balancing. AirLive AirMax4GW User’s Manual...
Page 163 Internet. An IP address has two parts: an identifier of a particular network on the Internet and an identifier of the particular device (which can be a server or a workstation) within that network. The new IPv6 specification supports 128-bit IP address format. AirLive AirMax4GW User’s Manual...
Page 164 Multi In Multi Out. A Smart Antenna technology designed to increase the coverage and performance of a WLAN network. In a MIMO device, 2 or more antennas are used to increase the receiver sensitivity and to focus available power at intended Rx. AirLive AirMax4GW User’s Manual...
Page 165  The hardware connection point on a computer or networking device used for plugging in a cable or an adapter.  The virtual connection point through which a computer uses a specific application on a server. AirLive AirMax4GW User’s Manual...
Page 166 The unit for Receiver Sensitivity is in dB; the lower the absolute value is, the higher the signal strength. For example, -50dB is higher than -80dB. AirLive AirMax4GW User’s Manual...
Page 167 SNMP agents. SNMP agents are programs that reside SNMP capable device's firmware to provide SNMP configuration service. The NMS typically is a PC based software such as HP Openview that can view and manage SNMP network device remotely. AirLive AirMax4GW User’s Manual...
Page 168 It adds Bursting and Compression to increase the speed. If you live in countries that prohibit the channel binding technology (i.e. Europe), you should choose “Super-A without Turbo) if you need more speed than 11a mode AirLive AirMax4GW User’s Manual...
Page 169 Upgrade To replace existing software or firmware with a newer version. Upload To send a file to the Internet or network device. Uniform Resource Locator. The address of a file located on the Internet. AirLive AirMax4GW User’s Manual...
Page 170 40 and 70 Mbps/s and add support for MIMO antennas, QoS, and multiple polling technologies. 802.16e adds mobility features, narrower bandwidth (a max of 5 mhz), slower speed and smaller antennas. Mobility is allowed up to 40 mph. AirLive AirMax4GW User’s Manual...
Page 171 The WPA-PSK utilizes pre-share key for encryption/authentication. WPA2 Wi-Fi Protected Access 2. WPA2 is also known as 802.11i. It improves on the WPA security with CCMP and AES encryption. The WPA2 is backward compatible with WPA. WPA2-PSK utilizes pre-share key for encryption/authentication. AirLive AirMax4GW User’s Manual...

Air Live AirMax4GW User Manual

1 Introduction

2 Installing the Airmax4Gw

3 Configuring the Airmax4Gw

4 Web Management

5 Installing the Airmax4Gw

6 Wireless Network Glossary

Quick Links

Need help?

Questions and answers

Related Manuals for Air Live AirMax4GW

Summary of Contents for Air Live AirMax4GW

Table of Contents