5G Outdoor CPE Online Help

5G Outdoor CPE N5368X
V100R002C00
Online Help
Issue Draft B
Date 2019-11-30
HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2019. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or
representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website: https://www.huawei.com
Email: support@huawei.com
Issue Draft B (2019-11-30) Copyright © Huawei Technologies Co., Ltd. i

Online Help Contents
Contents
1 About This Document.................................................................................................................. 1

1.1 Overview........................................................................................................................................................................ 1
1.2 Product Version...............................................................................................................................................................1
1.3 Intended Audience.......................................................................................................................................................... 1
1.4 Change Description........................................................................................................................................................ 2
2 Introduction.................................................................................................................................... 3
2.1 User Account Description.............................................................................................................................................. 3
2.2 Safety Precautions.......................................................................................................................................................... 4
2.3 Computer Configuration Requirements..........................................................................................................................5
3 HOME.............................................................................................................................................. 6
3.1 Overview........................................................................................................................................................................ 6
3.2 Update.............................................................................................................................................................................6
3.2.1 Local Upgrade............................................................................................................................................................. 7
3.2.2 HOTA-based Upgrade................................................................................................................................................. 7
3.3 Device............................................................................................................................................................................. 8
4 SECURITY.................................................................................................................................... 10
4.1 IP Filtering.................................................................................................................................................................... 10
4.1.1 Adding an IP Address Filtering Rule.........................................................................................................................11
4.1.2 Modifying an IP Address Filtering Rule....................................................................................................................11
4.1.3 Deleting an IP Address Filtering Rule.......................................................................................................................11
4.2 MAC Filtering.............................................................................................................................................................. 12
4.2.1 Adding a MAC Address Filtering Rule..................................................................................................................... 12
4.2.2 Modifying a MAC Address Filtering Rule................................................................................................................12
4.2.3 Deleting a MAC Address Filtering Rule................................................................................................................... 12
4.3 URL Filtering............................................................................................................................................................... 13
4.3.1 Adding a URL Filtering Rule.................................................................................................................................... 13
4.3.2 Modifying a URL Filtering Rule............................................................................................................................... 13
4.3.3 Deleting a URL Filtering Rule.................................................................................................................................. 13
4.4 Port Forwarding............................................................................................................................................................ 13
4.4.1 Adding a Port Forwarding Rule.................................................................................................................................14
4.4.2 Modifying a Port Forwarding Rule........................................................................................................................... 14
4.4.3 Deleting a Port Forwarding Rule...............................................................................................................................15
Issue Draft B (2019-11-30) Copyright © Huawei Technologies Co., Ltd. ii

4.5 ACL.............................................................................................................................................................................. 15
4.5.1 Modifying an ACL Rule............................................................................................................................................15
4.5.2 Resetting an ACL Rule..............................................................................................................................................15
4.6 DMZ............................................................................................................................................................................. 16
4.7 ALG.............................................................................................................................................................................. 16
4.8 UPnP............................................................................................................................................................................. 16
5 INTERNET....................................................................................................................................18
5.1 APN/DNN.................................................................................................................................................................... 18
5.1.1 Adding an APN/DNN Profile....................................................................................................................................18
5.1.2 Modifying an APN/DNN Profile...............................................................................................................................19
5.1.3 Deleting an APN/DNN Profile.................................................................................................................................. 19
5.2 Network........................................................................................................................................................................ 20
5.3 PIN................................................................................................................................................................................21
5.3.1 Enabling PIN Verification......................................................................................................................................... 21
5.3.2 Disabling PIN Verification........................................................................................................................................ 21
5.3.3 Changing the PIN Code............................................................................................................................................. 22
5.3.4 Verifying the PIN Code............................................................................................................................................. 22
5.3.5 Verifying the PUK Code............................................................................................................................................23
5.4 Internet MTU................................................................................................................................................................ 23
6 LAN................................................................................................................................................ 25
6.1 Static Route...................................................................................................................................................................25
6.1.1 Adding a Static Route Rule....................................................................................................................................... 25
6.1.2 Modifying a Static Route Rule.................................................................................................................................. 25
6.1.3 Deleting a Static Route Rule..................................................................................................................................... 26
6.2 Dynamic Route............................................................................................................................................................. 26
6.3 DHCP............................................................................................................................................................................26
6.4 Static Arp...................................................................................................................................................................... 27
6.4.1 Adding a Static ARP Entry........................................................................................................................................27
6.4.2 Modifying a Static ARP Entry...................................................................................................................................27
6.4.3 Deleting a Static ARP Entry...................................................................................................................................... 28
7 WLAN............................................................................................................................................ 29
7.1 WLAN Settings............................................................................................................................................................ 29
7.2 SSID List...................................................................................................................................................................... 31
7.3 Advanced Settings........................................................................................................................................................ 31
7.3.1 Configuring the Working Frequency Band................................................................................................................31
7.3.2 Configuring Transmit Power..................................................................................................................................... 32
8 SYSTEM........................................................................................................................................ 33
8.1 Maintenance..................................................................................................................................................................33
8.1.1 Restart........................................................................................................................................................................ 33
8.1.2 Reset.......................................................................................................................................................................... 33
8.1.3 Reconnect Network................................................................................................................................................... 34
Issue Draft B (2019-11-30) Copyright © Huawei Technologies Co., Ltd. iii

8.1.4 Led Status.................................................................................................................................................................. 34

8.1.5 Lock Frequency......................................................................................................................................................... 34
8.1.6 APN/DNN For Initial Access.................................................................................................................................... 35
8.1.7 Enable APN/DNN TR069 parameter restore............................................................................................................ 36
8.2 Logs.............................................................................................................................................................................. 36
8.3 Change Password..........................................................................................................................................................37
8.4 TR-069..........................................................................................................................................................................38
8.5 Antenna.........................................................................................................................................................................42
8.6 Diagnose....................................................................................................................................................................... 44
8.6.1 Ping............................................................................................................................................................................ 44
8.6.2 Traceroute.................................................................................................................................................................. 44
8.7 Time.............................................................................................................................................................................. 44
8.7.1 Adding an NTP Server.............................................................................................................................................. 45
8.7.2 Modifying an NTP Server......................................................................................................................................... 45
8.7.3 Deleting an NTP Server.............................................................................................................................................46
9 FAQs...............................................................................................................................................47
10 Acronyms and Abbreviations................................................................................................. 48
Issue Draft B (2019-11-30) Copyright © Huawei Technologies Co., Ltd. iv

Online Help 1 About This Document
1 About This Document
1.1 Overview
1.2 Product Version
1.3 Intended Audience
1.4 Change Description
1.1 Overview
This document describes how to manage and maintain the 5G CPE on web pages, including
such operations as querying the operating status, setting parameters, performing an upgrade,
restoring factory settings, restarting the device, configuring TR-069 parameters, implementing
maintenance and test, and exporting logs.
1.2 Product Version

Product Name Product Version
5G Outdoor CPE V200R001C00
1.3 Intended Audience

This document is intended for:
l System engineers
l Onsite engineers
l Network shift engineers
l Network operators
l End users
Issue Draft B (2019-11-30) Copyright © Huawei Technologies Co., Ltd. 1

Online Help 1 About This Document
1.4 Change Description

This topic describes the changes between document versions.
Draft B (2019-11-30)
This is a draft.
Compared with Draft A (2019-09-15), this issue includes the following new topics:
l 4.3 URL Filtering
l 4.8 UPnP
l 6.2 Dynamic Route
l 7 WLAN
Compared with Draft A (2019-09-15), this issue does not include any changes.
No information in Draft A (2019-09-15) is deleted from this issue.
Draft A (2019-09-15)
This is a draft.

Online Help 2 Introduction
2 Introduction
2.1 User Account Description

2.2 Safety Precautions
2.3 Computer Configuration Requirements
2.1 User Account Description

Only a single account can be used to manage the CPE. Access the web page over HTTP or
HTTPS, and use this account to log in to the CPE. Then, you can view and manage the CPE
by performing operations such as querying the operating status, setting parameters,
performing an upgrade, restoring factory settings, restarting the device, configuring TR-069
parameters, implementing maintenance and test, and exporting logs.
The user name and password of this unique account are both admin. Change the password
upon the first login in accordance with the following rules:
l The password must be 10 to 15 ASCII characters and contain at least three types of the
following characters: letters (A to Z or a to z), digits (0 to 9), and special characters,
including exclamation mark (!), double quote ("), number sign (#), dollar sign ($),
percent (%), ampersand (&), single quote ('), left parenthesis ((), right parenthesis ()),
asterisk (*), plus sign (+), comma (,), hypen (-), period (.), slash (/), colon (:), semicolon
(;), less than (<), equal sign (=), greater than (>), question mark (?), at sign (@), left
bracket ([), backslash (\), right bracket (]), caret (^), underscore (_), grave accent (`), left
brace ({), vertical bar (|), right brace (}), tilde (~).
l The password must not be the same as the user name or the user name in reverse order.
l The password must not contain three or more consecutive identical characters, for
example, 111.

l The system forcibly enables you to change the password upon the first login. Keep the new
password secure and it is strongly recommended that you change the password periodically.
l If you enter incorrect passwords for three consecutive times during login or password change,
the login page will be locked for 3 minutes.
l If you forget your password, press the Reset button for 2–10 seconds to restore the factory
settings in which the default user name and password are both admin.
l If you do not perform any operation within 5 consecutive minutes after a successful login to
the Web UI, you are forcibly logged out of the current session.
l Before the admin user logs in to the Web UI, the operation log records the anonymous user by
default.
2.2 Safety Precautions

To improve system security, pay attention to the following points:
l The CPE can be accessed over HTTP or HTTPS. HTTPS is recommended. If you cannot
access the CPE Web UI over HTTPS, check the TLS configuration of the browser you
use.
l If you use Internet Explorer, version 11.0 or later is preferred.

l On Internet Explorer browsers earlier than version 11, choose Internet Options > Advanced
> Settings > Security to enable TLS1.1 or later (TLS1.2 is preferred).
l When you access the CPE Web UI over HTTPS, the browser may display a message
indicating that the certificate has security risks. To solve this problem, perform the
following steps:
l Click Download on the login page to download the self-issued certificate of the CPE.
l Use the Certificate Import Wizard on the browser or click Install Certificate on the
certificate file page to install the CPE self-issued certificate to Trusted Root Certification
Authorities.
l The certificate installation may vary with browsers.
l Different browsers and different versions of the same browser have different mechanisms for
identifying risks in self-issued certificates. The risks may still be considered to exist after the
certificate installation. You are advised to use the Google Chrome browser to access the CPE
over HTTPS.
l The CPE self-issued certificate cannot be updated manually or by connecting to an online
server. If the CPE system verifies that the self-issued certificate has expired, it automatically
updates the certificate.
l During certificate installation, ensure that the SN in the CN field of the issuer for the CPE self-
issued certificate is the same as the SN of the board to minimize security risks.
l The IMEI, IMSI, SN, WAN IP address, LAN IP address, and MAC information can be
queried on the Web UI. The IMEI, IMSI, SN, WAN IP address, and LAN IP address can
be queried using TR-069. For details, see 5G Outdoor CPE N5368X Personal Data
Description.xlsx.
l The APN password is provided by the operator. The CPE uses the AES-256-CBC
algorithm to encrypt and store the APN password. You must keep the password secure. If
the password is lost, contact the operator as soon as possible.

l The initial value of the PIN/PUK is provided by the operator during USIM registration.
Keep the PIN/PUK to yourself. If the PIN/PUK is locked due to improper operations,
contact the operator.
l The CPE uses the in-band management mode. The management control information and
service information of the network are transmitted through the same physical channel,
and the control information and service information are distributed through different
virtual channels (virtual network adapter devices).
l Anti-DoS attack measures for the CPE include ICMP flood attack defense and SYN
flood attack defense.
l The Web UI supports only local login and is used to configure a proper access control
list for the CPE to ensure security. Preferentially disable Internet ICMP in the ACL.
l The CPE supports HTTP- or HTTPS-based interaction over TR-069. The actual running
mechanism depends on the operator's configuration. If the operator's TR-069 server
supports HTTPS, it is recommended that HTTPS be used for interaction.
2.3 Computer Configuration Requirements

The PC configuration must meet the requirements of the CPE to ensure the operation
performance. The following table provides the configuration requirements.
Item Requirement
CPU Pentium 500 MHz or above
Memory 128 MB RAM or above
Hard disk Available space of at least 200 MB
Operating Microsoft: Windows 7 or later

system
Display 1024 x 768 pixels or higher

resolution
Web Internet Explorer 11 or later, Chrome 73.0.368 or later

browser

Online Help 3 HOME
3 HOME
3.1 Overview
3.2 Update
3.3 Device
3.1 Overview
On the Overview page, you can view the CPE information, such as the device information,
software and hardware versions, network traffic statistics, and network status.
Step 1 Choose HOME > Overview to enter the Overview page. Device information includes
Device name, Model, IMEI, IMSI, and SN. Software and hardware versions include
Software Version and Hardware Version. Network traffic information includes Total
traffic, Uplink traffic, Downlink traffic, Average uplink traffic, and Average downlink
traffic. Time information includes Boot up time, Online time, and System time.
Step 2 Click Detail next to Network and Internet Info to view the network status and network
connection information. Network Info includes Network Type, Signal Intensity, Signal
Quality, RSSI, PLMN, Cell ID, 5G MCS, 5G BLER, 5G CQI, and 5G RANK. If you
specify Wan Id in the Internet Info area, the corresponding Status, WAN IP Address,
Subnet Mask, Gateway, Primary DNS, and Secondary DNS are displayed. Status indicates
whether the IP passthrough mode is enabled. If the IP passthrough mode is disabled, the
routing mode is used. The LAN information includes IP Address, MAC Address, DHCP
Server, Lan0 Status, Lan0 UpRate, Lan0 DownRate, Lan1 Status, Lan1 UpRate, and
Lan1 DownRate.
----End
3.2 Update
On the Update page, you can upgrade the software running on the CPE to a new version to
enhance system stability. The upgrade can be performed locally or over HOTA.

Online Help 3 HOME
3.2.1 Local Upgrade

Before an upgrade, store the target software version file on the PC. The upgrade steps are as
follows:
Step 1 Choose HOME > Update to enter the Update page.
Step 2 In the Update area, click Choose File. In the displayed dialog box, select the software version
file stored on the local PC.
Step 3 Click Open. The dialog box is closed, and the version file name is displayed to the right of
the Choose File button.
Step 4 Click Update. The CPE software upgrade starts. After the upgrade is complete, the CPE
automatically restarts and runs the target software version.
NOTICE
l Do not perform any operations on the CPE during an upgrade. Especially, do not power off
the CPE.
l To roll back the CPE to the source version after a power-off, press the Reset button, power
on the CPE, and hold the button for over 25 seconds.
l The integrity check of the upgrade package uses the SHA256-based digital signature.
----End
3.2.2 HOTA-based Upgrade

The new version can be detected automatically or manually. When a new version is detected,
the version upgrade can be triggered automatically or manually.
To configure HOTA-based upgrade parameters, perform the following steps:
Step 1 Specify Auto-update. Value ENABLE indicates automatic upgrade. Value DISABLE
indicates upgrade following user confirmation.
Step 2 When Auto-update is ENABLE, set Update time to the time period for the CPE to
automatically download and upgrade to the new version. Specifically, if a new version is
detected, the CPE downloads and upgrades to the new version within the specified period.
Step 3 When Auto-update is DISABLE, a dialog box is displayed to prompt you to upgrade the
CPE if a new version is detected when you log in to the CPE through the Web UI.
Step 4 To manually check for a new version, click Check for update.
Step 5 When a new version is detected or an upgrade is confirmed manually, click Update in the
Check Update column to download and upgrade to the new version.
----End

Online Help 3 HOME
NOTICE
l The CPE must access the network successfully.

l The CPE automatically checks for new version within 2 hours after it is powered on and
connected to the network. The automatic new version detection period is seven days.
l When Auto-update is DISABLE, automatic new version detection still works.
l If version detection fails, check whether the CPE is successfully connected to the network.
If the CPE has successfully accessed the network but detection still fails, the network may
be congested or the server may be faulty. Try again later.
l During the version package download, HTTP is tried first. If the HTTP-based download
fails, HTTPS is then tried. After the download completes over HTTP or HTTPS, the
installation process starts.
l HOTA-based upgrades consume user traffic, the volume of which varies with version
packages and is generally within 100 MB. Each version detection consumes traffic of less
than 2 KB.
l When Critical-update is ENABLE and a new version is detected manually or
automatically: If the new version is a critical version, the device automatically downloads
and upgrades to the new version immediately; If the new version is not a critical version,
you need to manually confirm the upgrade or enable Auto-update so that an automatical
upgrade is started at the specified time.
l When Critical-update is DISABLE and a new version is detected manually or
automatically: Regardless of whether the new version is a critical version, you need to
manually confirm the upgrade or enable Auto-update so that an automatical upgrade is
started at the specified time.
3.3 Device
To view the access device list in routing mode, perform the following steps:
Step 1 Choose HOME > Device to enter the Device page.
Step 2 Check the device list.
----End
NOTICE
The connected device list is displayed only in routing mode. To enable the routing mode, set
IP Passthrough to DISABLE.
The following table describes the fields in the device list.
Parameter Description
Hostname Host name of a connected device
MacAddr MAC address of a connected device

Online Help 3 HOME
IpAddr IP address of a connected device
Lease Time Remaining lease time, in units of seconds
IsWirelessU Whether the device is connected over Wi-Fi

sr

Online Help 4 SECURITY
4 SECURITY
Set the security function in routing mode.
NOTICE
l The security function can be configured only when the routing mode applies. When the
CPE is set to non-routing mode, the SECURITY tab is not displayed on the WebUI.
l Method of setting the routing mode: Under Network on the Internet page, set IP
Passthrough to DISABLE.
4.1 IP Filtering
4.2 MAC Filtering
4.3 URL Filtering
4.4 Port Forwarding
4.5 ACL
4.6 DMZ
4.7 ALG
4.8 UPnP
4.1 IP Filtering
Set IP address filtering rules.
NOTICE
l Only IP address blacklists can be set.

l If you select the IP Filter check box on the IP Filtering page, the IP address filtering rule
takes effect immediately. In other cases, the IP address filtering rule does not take effect.

4.1.1 Adding an IP Address Filtering Rule

To add an IP address filtering rule, perform the following steps:
Step 1 Choose SECURITY > IP Filtering. The IP Filtering page is displayed.
Step 2 Click Add.
Step 3 Specify Profile name, and the corresponding default destination port number is automatically
filled in Destination Port Range.
Step 4 Specify Protocol. The options include ALL, TCP, UDP, and ICMP. All indicates all IPv4
packets.
Step 5 Set Source IP Address Range to the range of source IP addresses.
Step 6 Set Source Port Range to the range of source ports. The valid range is [1, 65535]. The start
port number must be smaller than or equal to the end port number. When Protocol is set to
ALL or ICMP, you do not need to specify Source Port Range.
Step 7 Set Destination IP Address Range to the range of destination IP addresses.
Step 8 Set Destination Port Range to the range of destination ports. The valid range is [1, 65535].
The start port number must be smaller than or equal to the end port number. When Protocol is
set to ALL or ICMP, you do not need to specify Destination Port Range.
Step 9 Click Apply to generate the IP address filtering rule.
----End
4.1.2 Modifying an IP Address Filtering Rule

To modify an IP address filtering rule, perform the following steps:
Step 2 Click edit in the Operation column for an IP address filtering rule.
Step 3 Modify parameters for the IP address filtering rule. For details about how to set the
parameters, see section 4.1.1 Adding an IP Address Filtering Rule.
Step 4 Click Apply for the modified IP address filtering rule to take effect.
----End
4.1.3 Deleting an IP Address Filtering Rule

To delete an IP address filtering rule, perform the following steps:
Step 2 Click delete in the Operation column for an IP address filtering rule.
Step 3 In the displayed Confirm dialog box, click OK to confirm the deletion.
----End

4.2 MAC Filtering

Set MAC address filtering rules.
NOTICE
l Only MAC address blacklists can be set.

l If you select the MAC Filter check box on the MAC Filtering page, the MAC address
filtering rule takes effect immediately. In other cases, the MAC address filtering rule does
not take effect.
l MAC address filtering rules take precedence over IP address filtering rules.
4.2.1 Adding a MAC Address Filtering Rule

To add a MAC address filtering rule, perform the following steps:
Step 1 Choose SECURITY > MAC Filtering. The MAC Filtering page is displayed.
Step 2 Click Add.
Step 3 Set MAC to the MAC address.
Step 4 Click Apply to generate the MAC address filtering rule.
----End
4.2.2 Modifying a MAC Address Filtering Rule

To modify a MAC address filtering rule, perform the following steps:
Step 2 Click edit in the Operation column for a MAC address filtering rule.
Step 3 Set MAC to the new MAC address.
Step 4 Click Apply for the modified MAC address filtering rule to take effect.
----End
4.2.3 Deleting a MAC Address Filtering Rule

To delete a MAC address filtering rule, perform the following steps:
Step 2 Click delete in the Operation column for a MAC address filtering rule.
----End

4.3 URL Filtering

Set URL filtering criteria.
NOTICE
l Only URL blacklists can be set.

l If you select the URL Filter check box on the URL Filtering page, the URL filtering rule
takes effect immediately. In other cases, the URL filtering rule does not take effect.
4.3.1 Adding a URL Filtering Rule

To add a URL filtering rule, perform the following steps:
Step 1 Choose SECURITY > URL Filtering. The URL Filtering page is displayed.
Step 2 Click Add.
Step 3 Specify URL.
Step 4 Click Apply to generate the URL filtering rule.
----End
4.3.2 Modifying a URL Filtering Rule

To modify a URL filtering rule, perform the following steps:
Step 2 Click edit in the Operation column for a URL filtering rule.
Step 3 Reconfigure URL.
Step 4 Click Apply to make the modified URL filtering rule take effect.
----End
4.3.3 Deleting a URL Filtering Rule

To delete a URL filtering rule, perform the following steps:
Step 2 Click delete in the Operation column for a URL filtering rule.
----End
4.4 Port Forwarding

Set the port forwarding function. The CPE uses network address translation (NAT), and only
the WAN-side IP address is visible externally. If an external network needs to access a

computer on the LAN side (for example, the computer functions as an FTP server), you need
to configure port forwarding rules so that access requests from the external network port can
be forwarded to the port of the server on the LAN side.
NOTICE
If you select the Port Forward check box on the Port Forwarding page, the port forwarding
rule takes effect immediately. Otherwise, the port forwarding rule does not take effect.
4.4.1 Adding a Port Forwarding Rule

To add a port forwarding rule, perform the following steps:
Step 1 Choose SECURITY > Port Forwarding. The Port Forwarding page is displayed.
Step 2 Click Add.
Step 3 Specify Type and the corresponding default port number is automatically filled in Remote
port range and Local port range.
Step 4 Set Protocol to UDP or TCP.
Step 5 Set Remote host to the remote IP address. This operation is optional.
Step 6 Set Remote port range to the remote port range. The value range is [1, 65535].
Step 7 Set Local host to the local IP address.
Step 8 Set Local port range to the local port range. The value range is [1, 65535].
Step 9 Click Apply to generate the port forwarding rule.
NOTICE
l Remote host specifying the remote IP address is optional.

l The local IP address specified by Local host cannot be the gateway IP address, but must
be in the same network segment as the value of IP Address in LAN > DHCP.
----End
4.4.2 Modifying a Port Forwarding Rule

To modify a port forwarding rule, perform the following steps:
Step 2 Click edit in the Operation column for a port forwarding rule.
Step 3 Modify the port forwarding rule. For details about how to set the parameters, see 4.4.1
Adding a Port Forwarding Rule.
Step 4 Click Apply for the modified port forwarding rule to take effect.
----End

4.4.3 Deleting a Port Forwarding Rule

To delete a port forwarding rule, perform the following steps:
Step 2 Click delete in the Operation column for a port forwarding rule.
----End
4.5 ACL
Set ACL rules to control the service list provided by the CPE. Reducing external access
improves CPE security and ensures its performance.
NOTICE
l If you select the ACL check box on the ACL page, the ACL rule takes effect immediately.
Otherwise, the ACL rule does not take effect.
l It is recommended that only necessary services on the LAN side be allowed.
l Configure an appropriate ACL to ensure CPE security. Preferentially disable Internet
ICMP in the ACL.
4.5.1 Modifying an ACL Rule

To modify an ACL rule, perform the following steps:
Step 1 Choose SECURITY > ACL. The ACL page is displayed.
Step 2 Click edit in the Operation column for an ACL rule to be modified.
Step 3 Set IP address range to the IP address range.
Step 4 Set Status to Enabled or Disabled.
Step 5 Click Apply for the modified ACL rule to take effect.
NOTICE
If Access Source in the ACL rule is set to LAN, the IP address in IP address range must be
in the same network segment as the value of IP Address in LAN > DHCP. If Access Source
in the ACL rule is set to another value, the IP address in IP address range must be in a
different network segment from the value of IP Address in LAN > DHCP.
----End
4.5.2 Resetting an ACL Rule

To reset an ACL rule, perform the following steps:

Step 1 Choose SECURITY > ACL. The ACL page is displayed.

Step 2 Click reset in the Operation column for an ACL rule to be deleted.
Step 3 In the displayed Confirm dialog box, click OK to confirm the reset.
----End
4.6 DMZ
Configure the DMZ function If DMZ is enabled, data packets destined for the WAN port are
directly forwarded to the specified address on the LAN, regardless of any default firewall
rules.
To enable DMZ, perform the following steps:
Step 1 Choose SECURITY > DMZ. The DMZ page is displayed.

Step 2 Set DMZ Enabled Wan to ENABLE if DMZ is required or DISABLE if DMZ is not
required.
Step 3 Set Host address to the IP address.
NOTICE
The value of Host address must be different from the value of IP Address in LAN > DHCP
but in the same network segment.
----End
4.7 ALG
When devices on the LAN connect to the Internet over SIP, you need to configure the SIP
service proxy function. A typical application scenario is SIP-based voice conference.
To configure the SIP proxy function, perform the following steps:
Step 1 Choose SECURITY > ALG. The ALG page is displayed.

Step 2 Set Enable SIP ALG to ENABLE if SIP service proxy is required or DISABLE if SIP
service proxy is not required. The default value is ENABLE.
Step 3 If Enable SIP ALG is set to ENABLE, specify SIP port. The default port number is 5060.
Step 4 Click Apply.
----End
4.8 UPnP
On the UPnP page, you can enable UPnP and then query port forwarding rules for UPnP
services. You can add a maximum of eight port mapping rules. It is recommended that you
disable the UPnP function when it is not in use. If UPnP is enabled, it may be exploited to
bypass the firewall, resulting in security risks.

To configure UPnP, perform the following steps:
Step 1 Choose SECURITY > UPnP. The UPnP page is displayed.
Step 2 Set UPnP Settings to ENABLE if UPnP is required or DISABLE if UPnP is not required.
Step 3 Click Apply.
----End

Online Help 5 INTERNET
5 INTERNET
5.1 APN/DNN
5.2 Network
5.3 PIN
5.4 Internet MTU
5.1 APN/DNN
On this page, you can add, modify, and delete APN/DNN profile information. The detailed
APN/DNN information can be obtained from the operator.
5.1.1 Adding an APN/DNN Profile

To add an APN/DNN profile, perform the following steps:
Step 1 Choose INTERNET > APN/DNN to enter the APN/DNN page.
Step 2 Click Add APN/DNN.
Step 3 Specify Profile name, which is case-sensitive and cannot be left empty or the same as an
existing name.
Step 4 Specify APN/DNN, which cannot be duplicate.
Step 5 Specify User name. When APN/DNN is left blank, this parameter must be left blank.
Step 6 Specify Password. When APN/DNN is left blank, this parameter must be left blank.
Step 7 Specify AUTH. The option PAP, CHAP, or NONE can be selected.
Step 8 Click Apply.

l PDP Type can only be set to IPV4.

l A maximum of eight APN/DNNs can be defined, including the default APN.
l The values of Profile name, User name, and Password cannot contain the following special
characters: slash (/), single quote ('), backslash (\), equal sign (=), double quote ("), ampersand (&),
percent (%), left parenthesis ((), right parenthesis ()), semicolon (;), less than (<), greater than (>),
vertical bar (|).
l The value of APN/DNN can contain only digits, English characters, and special characters period
(.), hypen (-), and underscore (_). It can be left blank. It cannot start with the following character
string: rac, lac, sgsn, rnc, and AUTO. It cannot end with .gprs (case insensitive).
l The value of Profile name can contain a maximum of 32 ASCII characters. The values of APN/
DNN, User name, and Password can contain a maximum of 99 ASCII characters.
----End
5.1.2 Modifying an APN/DNN Profile

To modify an APN/DNN profile, perform the following steps:
Step 2 Click Edit for the APN/DNN profile to be modified.
The APN/DNN profile whose name is auto cannot be modified.
Step 3 Reconfigure APN/DNN, which cannot be duplicate.
Step 4 Reconfigure User name. When APN/DNN is left blank, this parameter must be left blank.
Step 5 Reconfigure Password after selecting the Change Password check box. When APN/DNN is
left blank, this parameter must be left blank.
Step 6 Specify AUTH. The option PAP, CHAP, or NONE can be selected.
Step 7 Click Apply.
l The values of Profile name, User name, and Password cannot contain the following special
characters: slash (/), single quote ('), backslash (\), equal sign (=), double quote ("), ampersand (&),
percent (%), left parenthesis ((), right parenthesis ()), semicolon (;), less than (<), greater than (>),
vertical bar (|).
l The value of APN/DNN can contain only digits, English characters, and special characters period
(.), hypen (-), and underscore (_). It can be left blank. It cannot start with the following character
string: rac, lac, sgsn, rnc, and AUTO. It cannot end with .gprs (case insensitive).
l The value of Profile name can contain a maximum of 32 ASCII characters. The values of APN/
DNN, User name, and Password can contain a maximum of 99 ASCII characters.
----End
5.1.3 Deleting an APN/DNN Profile

To delete an APN/DNN profile, perform the following steps:

Step 2 Click Delete for the APN/DNN profile to be deleted.
l The APN/DNN profile in use cannot be deleted.

l The APN/DNN profile whose name is auto cannot be deleted.
----End
5.2 Network
To set the dial-up network connection, perform the following steps:
Step 1 Choose INTERNET > Network.
Step 2 Specify Network Mode. The options can be AUTO, NSA, and SA.
Step 3 Specify Roaming. Value ENABLE indicates that roaming is enabled. Value DISABLE
indicates that roaming is disabled.
Step 4 Specify IP Passthrough. Value ENABLE indicates that the IP passthrough mode is used.
Value DISABLE indicates that the routing mode is used. In IP passthrough mode, the
Power/LAN port only can be used.
l In IP passthrough mode, the IP addresses assigned on the network side are used for devices attached
to the ODU, and the ODU only transparently transmits service data. The VLAN information must be
correctly configured on the ODU and the devices connected to the ODU so that the connected
devices can obtain an appropriate IP address for services. Otherwise, E2E services on the connected
devices work improperly.
l In routing mode, the IP address assigned on the network side is used for the ODU. The ODU assigns
private IP addresses and translates network addresses for the connected devices. In this case, the
VLAN does not take effect. Therefore, if the bridge mode is switched to the routing mode, the
VLAN information becomes invalid.
Step 5 Set parameters in the Connection area, as described in the following table.
WanId Specifies the internal ID.
Enable Specifies whether to enable the dial-up function. Value ENABLE indicates
that the dial-up function is enabled. Value DISABLE indicates that the
dial-up function is disabled.
Service Specifies the service type. You can select multiple service types.
DATA: common data services of connected devices
DM: maintenance services of the CPE
DM FOR X: maintenance services of connected devices
VOIP: voice services
APN/DNN Specify APN/DNN.

Name

Step 6 Click Apply.
NOTICE
l Changing the roaming status will result in a power-off and power-on. Dial-up will be re-
initiated after the power-on.
l Enabling the roaming function may incur additional data fees.
l In Connection, different APNs/DNNs cannot be configured with the same Service value.
----End
5.3 PIN
On the PIN page, you can manage the PIN codes of USIM cards, for example, enable or
disable PIN verification and change the PIN codes.
5.3.1 Enabling PIN Verification

To enable PIN verification, perform the following steps:
Step 1 Choose INTERNET > PIN to enter the PIN page.
Step 2 Switch Lock PIN to the ENABLE state.
Step 3 Enter the correct PIN code in the PIN code text box. The PIN code should be a string of 4 to
8 digits.
Step 4 Click Apply.
NOTICE
l With the PIN verification function enabled, after the CPE is powered on and starts, the
correct PIN code must be entered for verification before the CPE dials up to access the
network.
l If you incorrectly specify PIN code for three consecutive times, PIN code is locked. To
unlock the PIN code, you need to verify the PIN unlocking key (PUK) code and change
the PIN code.
----End
5.3.2 Disabling PIN Verification

To disable PIN verification, perform the following steps:
Step 2 Switch Lock PIN to the DISABLE state.
8 digits.

Step 4 Click Apply.
NOTICE
If you incorrectly specify PIN code for three consecutive times, PIN code is locked. To
unlock the PIN code, you need to verify the PUK code and change the PIN code.
----End
5.3.3 Changing the PIN Code

Change the PIN code only after the PIN code is verified. Perform the following steps:
Step 2 Switch Lock PIN to the ENABLE state.
Step 3 Click Modify to display the PIN Management page.
Step 4 Enter the current PIN code in the PIN code text box. The PIN code should be a string of 4 to
8 digits.
Step 5 Enter a new PIN code in the New PIN text box. The PIN code should be a string of 4 to 8
digits. The new PIN code must differ from the old one.
Step 6 In the Confirm PIN text box, enter the new PIN code again.
Step 7 Click Apply.
NOTICE
----End
5.3.4 Verifying the PIN Code

If the PIN verification function is enabled, perform the verification to ensure that related
functions can be normally used. To verify the PIN code, perform the following steps:
8 digits.
Step 3 Click Apply.

NOTICE
----End
5.3.5 Verifying the PUK Code

When a user incorrectly enters the PIN code for over three times during PIN verification, the
PIN code is locked. To unlock the PIN code, you need to verify the PUK code and change the
PIN code.
To verify the PUK code, perform the following steps:
Step 2 Enter the correct PUK code in the PUK code text box. The PUK code should be a string of 8
digits.
Step 3 In the New PIN text box, enter the new PIN code.
Step 4 In the Confirm PIN text box, enter the new PIN code again.
Step 5 Click Apply.
NOTICE
If you are not sure about the correct PUK code, contact the operator. If an incorrect PUK code
is entered for 10 consecutive times, the USIM card is locked permanently. That is, the USIM
card is scrapped.
----End
5.4 Internet MTU

You can set the maximum number of bytes in data packets that can be transmitted on the
network.
NOTICE
l An inappropriate max transmission unit (MTU) may cause network connection failures.
Therefore, you are advised to retain the default MTU (1500 bytes).
l If you change the MTU, the new MTU value must be greater than or equal to the MTU
configured separately on the downstream device and the core network.
To set the MTU, perform the following steps:
Step 1 Choose INTERNET > Internet MTU to enter the Internet MTU page.

Step 2 In the MTU size text box, enter the desired MTU.
Step 3 Click Apply.
----End

Online Help 6 LAN
6 LAN
6.1 Static Route

6.2 Dynamic Route
6.3 DHCP
6.4 Static Arp
6.1 Static Route

In an Intranet, routers are cascaded. Either static or dynamic routes can be used:
l If the IP address of a cascaded router is fixed, a static route can be configured.

l When the IP address of a cascaded router is not fixed, a dynamic route is recommended.
6.1.1 Adding a Static Route Rule

Step 1 Choose LAN > Static Route to enter the Static Route page.
Step 2 Click Add on the Static Route page to add a static route.
Step 3 Set Destination Network Address to the destination network segment.
Step 4 Set Subnet mask to the destination network mask.
Step 5 Set Default Gateway to the IP address that the router obtains from the CPE. Used for
transmitting data to cascaded devices, this IP address must be reachable.
Step 6 Click Apply.
A maximum of 16 static routes can be configured.
----End
6.1.2 Modifying a Static Route Rule


Online Help 6 LAN
Step 2 Select the item to be modified in the list and edit the data.
Step 3 Click Apply.
----End
6.1.3 Deleting a Static Route Rule

Step 2 Select the item to be deleted, and click the delete icon under Options.
Step 3 Click Apply.
----End
6.2 Dynamic Route

The dynamic route function takes effect on an internal network where cascaded routers are
used and the routers support the RIP protocol. You can configure whether to enable RIP and
specify the RIP protocol version and operation mode.
To configure the dynamic route function, perform the following steps:
Step 1 Choose LAN > Dynamic Route to enter the Dynamic Route page.
Step 2 Specify RIP. You can select Enable to enable the dynamic route function.
Step 3 Specify Operation to configure the working mode. The options are Active and Passive.
Active indicates that the CPE actively notifies the surrounding routers of route changes.
Passive indicates that the surrounding routers notify the CPE of changes.
Step 4 Specify Version to configure the routing protocol. The options are RIP v1, RIP v2, and RIP
v1/RIP v2.
Step 5 Click Apply.
----End
6.3 DHCP
NOTICE
Modifying related configuration will cause the CPE to restart.
To configure DHCP, perform the following steps:
Step 1 Choose LAN > DHCP to enter the DHCP page.
Step 2 Specify IP address to configure the CPE gateway address. Ensure that the address is unique
on the network.
Step 3 In routing mode, specify DHCP Server to enable or disable the DHCP server.

Online Help 6 LAN
Step 4 In routing mode, when the DHCP server is enabled, specify DHCP IP range to configure the
range of IP addresses that can be allocated by the DHCP server.
Step 5 In routing mode, when the DHCP server is enabled, specify DHCP lease time to configure
the DHCP lease time in units of seconds.
Step 6 In routing mode, you can assign a fixed IP address to a device with a specified MAC address
in IP and MAC Address Association.
Step 7 Click Apply.
----End
6.4 Static Arp
NOTICE
l This page is available only in transparent transmission mode.

l When the IP address on the network side changes or the connected device is replaced,
change the IP address and MAC address promptly. Otherwise, the related device cannot
access the Internet.
6.4.1 Adding a Static ARP Entry

Step 1 Choose LAN > Static Arp to enter the Static Arp page.
Step 2 Click Add.
Step 3 Specify IP Address.
Step 4 Specify MAC Address.
Step 5 Click Apply.
----End
6.4.2 Modifying a Static ARP Entry

Step 2 Click edit in the Operation column for the displayed static ARP entry list.
Step 3 Reconfigure IP Address.
Step 4 Reconfigure MAC Address.
Step 5 Click Apply.
----End

Online Help 6 LAN
6.4.3 Deleting a Static ARP Entry

Step 2 Click delete in the Operation column for the displayed static ARP entry list.
----End

Online Help 7 WLAN
7 WLAN
7.1 WLAN Settings

7.2 SSID List
7.3 Advanced Settings
7.1 WLAN Settings
NOTICE
After related configuration is modified, the WLAN module will restart and the WLAN service
will be interrupted for about 30s.
To configure the WLAN, perform the following steps:
Step 1 Choose WLAN > WLAN Settings. The WLAN Settings page is displayed.
Step 2 Specify Frequency Band to configure the WLAN working frequency band. The options are
2.4G and 5G.
Step 3 Specify WLAN to determine whether to enable the WLAN module.
Step 4 Specify Mode by referring to the following table.
Setting of Setting of Description

Frequency Mode
Band
2.4G 802.11 b A WLAN client can connect to the CPE by using

802.11b.
802.11 g A WLAN client can connect to the CPE by using

802.11g.
802.11 b/g A WLAN client can connect to the CPE by using

802.11b, 802.11g, or 802.11b/g.

Online Help 7 WLAN

Frequency Mode
Band
802.11 b/g/n A WLAN client can connect to the CPE by using

802.11b, 802.11g, 802.11b/g, 802.11n, or 802.11b/g/n.
5G 802.11 ac A WLAN client can connect to the CPE by using

802.11ac.
802.11 a/n/ac A WLAN client can connect to the CPE by using

802.11a, 802.11n, 802.11ac, or 802.11a/n/ac.
Step 5 Specify SSID. The SSID contains 1 to 32 ASCII characters and cannot contain special
characters "/\' =\"\\&%();<>|". The SSID cannot start or end with a space.
l The default SSID is provided by the operator.

l You are advised to configure SSIDs that meet complexity requirements and update the SSIDs
periodically. A recommended SSID is a combination of letters, digits (0 to 9), and special characters
(excluding /\' =\"\\&%();<>|).
Step 6 Specify Maximum number of devices to configure the maximum number of devices that can
be supported. The value range is [1, 32].
Step 7 Specify Hide SSID broadcast. If this parameter is set to ENABLE, user clients cannot detect
this CPE over the WLAN.
Step 8 Specify AP isolation to determine whether to enable AP isolation.
Step 9 Specify STA isolation to determine whether to enable STA isolation.
Step 10 Specify Security to configure the WLAN encryption mode. The options are None, WPA2-
PSK, and WPA-PSK&WPA2-PSK. When selecting None, confirm whether to use this
insecure encryption mode. If it is confirmed, proceed to step 14. If you select
WPAPSK&WPA2-PSK, proceed to step 12.
l If you select None (not recommended), WLAN clients directly connect to the CPE, which is
insecure. Therefore, you need to manually confirm the configuration.
l WPA2-PSK indicates that WLAN clients can access the CPE only in WPA2-PSK authentication
mode. This option is recommended due to high security.
l WPA-PSK&WPA2-PSK indicates that WLAN clients can access the CPE in WPA-PSK or WPA2-
PSK authentication mode.
Step 11 If Protect Management Frame is selected, determine whether to enable or disable the
protected management frame. DISABLE indicates that the protected management frame is
disabled. ENABLE indicates that the protected management frame is enabled.
MANDATORY indicates that the protected management frame is required.
Step 12 Specify Display password to determine whether to display the password.
Step 13 Specify Password. The password contains 8 to 64 ASCII characters.

Online Help 7 WLAN
l The default WLAN password is provided by the operator. You are advised to change the password.
l The CPE uses the AES-256-CBC algorithm to encrypt and store the WLAN password.
l It is recommended that operators configure and periodically update passwords with required
complexity in line with the following rules:
– The password contains the combination of letters, digits (0 to 9), and special characters (! " # $
% & ' ( ) * + , - . / : ;< = > ? @ [ \ ] ^ _ ` { | } ~).
– The password is different from the SSID or the reverse of the SSID.
– The password does not contain three or more consecutive identical characters, for example,
111.
Step 14 Click Apply to make the WLAN configuration take effect.
----End
7.2 SSID List

The multiple-SSID function allows the network to provide a maximum of four SSIDs. Among
the listed SSIDs, the first two SSIDs work on the 2.4 GHz band, and the other two work on
the 5 GHz band.
To change an SSID, perform the following steps:
Step 1 Choose WLAN > SSID List. The SSID page is displayed.
Step 2 Click edit in the Operation column for the displayed SSID list.
Step 3 Specify Status to determine whether to enable the SSID. For details about how to set other
parameters, see 7.1 WLAN Settings.
l Among the four listed SSIDs, the first and third SSIDs are the primary SSIDs. Status cannot be
reconfigured on the current page, but is controlled by the WLAN setting on the WLAN Settings
page. The second and fourth data SSIDs are respectively the secondary SSIDs for the first and third
SSIDs and can be enabled only when their primary channels are enabled.
l The default encryption mode of the primary SSIDs is WPA2-PSK, and that of the secondary SSIDs
is None.
l If Security is set to None(not recommended) for a primary SSID, WLAN clients can directly
connect to the CPE through the primary SSID, which poses security risks.
Step 4 Click OK.
Step 5 In the displayed Info dialog box, click OK to confirm that the modification takes effect.
----End
7.3 Advanced Settings
7.3.1 Configuring the Working Frequency Band

To configure the working frequency band, perform the following steps:

Online Help 7 WLAN
Step 1 Choose WLAN > Advanced Settings. The Advanced Settings page is displayed.
Step 2 Specify Frequency band to configure the working frequency band. The options are 2.4G and
5G.
Step 3 Specify BandWidth to set the bandwidth for the working frequency band. The options
depend on the working frequency band and the working mode specified on WLAN settings
page. Refer to the following table.
Frequency Bandwidth
band
2.4G 20 MHz 802.11n supports the 20 MHz bandwidth only.
20/40 MHz 802.11n supports the following bandwidths: 20 MHz,

40 MHz, or 20/40 MHz bandwidth adaption.
5G 20/40/80 MHz 802.11ac supports the following bandwidths: 20 MHz,

40 MHz, 80 MHz, or 20/40/80 MHz bandwidth
adaption.
Step 4 Specify Channel to configure the channels for the corresponding working frequency band.
The options depend on the selected working frequency band. When Auto is selected, the
channel with the best signal quality for the moment is selected.
Step 5 Click Apply to make the working frequency band configuration take effect.
----End
7.3.2 Configuring Transmit Power

To configure transmit power, perform the following steps:
Step 1 Choose WLAN > Advanced Settings. The Advanced Settings page is displayed.
Step 2 Specify transmit power to configure the transmit power. The options are Impale, Normal,
and Sleep.
Step 3 Click Apply to make the transmit power configuration take effect.
----End

Online Help 8 SYSTEM
8 SYSTEM
8.1 Maintenance
8.2 Logs
8.3 Change Password
8.4 TR-069
8.5 Antenna
8.6 Diagnose
8.7 Time
8.1 Maintenance
8.1.1 Restart
With the Restart function, you can restart the CPE without powering it off. After the restart,
parameters configured for the CPE are not lost.
To restart the CPE, perform the following steps:
Step 1 Choose SYSTEM > Maintenance to enter the Maintenance page.
Step 2 Click Restart. A dialog box is displayed for you to confirm the restart.
Step 3 Click OK. The CPE restarts automatically.
----End
8.1.2 Reset
With the Reset function, you can restore the CPE to factory settings. With factory settings, the
parameter settings on the CPE are replaced by the default values.

NOTICE
If the Reset button is pressed for 2-10 seconds, the factory settings are restored.
To restore the CPE to factory settings, perform the following steps:
Step 2 Enter the correct user login password in the Input the password to restore device to its
factory settings text box. If incorrect passwords are entered for three consecutive times, the
login page is displayed and is locked for three minutes.
Step 3 Click Reset. The CPE immediately restarts with default settings.
----End
8.1.3 Reconnect Network

To reconnect the network, perform the following steps:
Step 2 Click Reconnect Network.
Step 3 In the Confirm dialog box, click OK to confirm reconnection to the network. After the
reconnection is successful, Reconnect network success! is displayed.
----End
8.1.4 Led Status

To configure the LED status, perform the following steps:
Step 2 Sets the Led Status switch. Value ENABLE indicates that the CPE indicator is turned on,
and value DISABLE indicates that the CPE indicator is turned off.
----End
NOTICE
l If you click DISABLE, the indicator will be turned off 5 minutes after the CPE
successfully accessed the network. If the network access fails, the indicator will not be
turned off.
l The indicator status is saved after a restart. The indicator will be off 5 minutes after the
CPE accesses the network.
8.1.5 Lock Frequency

1. To configure 4G frequency locking, perform the following steps:

Step 2 Click Lock 4G.
Step 3 Select the Lock Frequency option to enable frequency locking or deselect this option to
disable frequency locking.
Step 4 Specify Band to select the frequency band to be locked. After you select a frequency band to
be locked, the system displays the frequency range corresponding to the frequency band.
Step 5 Specify Frequency. The value must be within the frequency range corresponding to the
locked frequency band.
Step 6 Select the Lock PCI option to enable PCI locking or deselect this option to disable PCI
locking.
Step 7 Specify PCI. The value range is [0, 503].
Step 8 Click Apply. In the displayed Confirm dialog box, confirm the restart.
NOTICE
Enabling or disabling frequency locking requires restarting the CPE.
----End
2. To configure 5G frequency locking, perform the following steps:
Step 2 Click Lock 5G.
Step 3 Select the Lock Arfcn option to enable frequency locking or deselect this option to disable
frequency locking.
Step 4 Specify Band to select the frequency band to be locked. After you select a frequency band to
be locked, the system displays the frequency number range corresponding to the frequency
band.
Step 5 Specify Arfcn to configure the frequency number. The value must be within the frequency
number range corresponding to the locked frequency band.
Step 6 Select the Lock PCI option to enable PCI locking or deselect this option to disable PCI
locking.
Step 7 Specify PCI. The value range is [0, 1007].
Step 8 Click Apply. In the displayed Confirm dialog box, confirm the restart.
----End
8.1.6 APN/DNN For Initial Access

To configure the APN/DNN for initial access, perform the following steps:
Step 2 Select an APN/DNN for initial access.
Step 3 Click Apply.

NOTICE
l The default value is default. If the default value is used, the APN/DNN for initial access is
in the following descending order of priority: null APN/DNN, DATA APN/DNN, TR-069
APN/DNN, and the first enabled APN/DNN.
l The available APN/DNN is the APN/DNN configured on the enabled WAN port.
l Configuring initial access causes network re-access.
l When the selected APN/DNN is invalid, the default APN/DNN is used for initial access.
----End
8.1.7 Enable APN/DNN TR069 parameter restore

To configure the APN/DNN and TR-069 parameter write-back function, perform the
following steps:
Step 2 Select Enable to activate the parameter write-back function or deselect Enable to deactivate
this function. If Enable is selected, the APN/DNN, TR-069, and multi-WAN configurations
are not cleared after factory settings are restored.
Step 3 Click Apply.
----End
8.2 Logs
On the Logs page, you can export user logs, including operation logs, run logs, and exception
logs for fault locating. To export logs, perform the following steps:
Step 1 Choose SYSTEM > Logs to enter the Logs page.
Step 2 Click Export. The user data information dialog box is displayed.
Step 3 After confirming the risk of using log data, click OK.
Step 4 Wait until the CPE log data export is complete.
Step 5 After the logs are exported, a dialog box is displayed, indicating that the log export is
successful. Click OK.
File Name Description
operate_log Operation log
trace_log System log
keyevent_log Key event log
system_diaglog.txt System diagnosis log
network_diaglog.txt Network configuration diagnosis log
recoverylog Recovery system log during the upgrade

File Name Description
hisi_logs HiSilicon log
modem_log_A Log of RRC messages exchanged over the

air interface
modem_log_B Log of RRC messages exchanged over the

air interface
dhcp_log Logs about IP address acquisition by the

devices attached to the CPE
wlan WLAN module logs
dnsmasq_dns.log DNS parse Logs
cpu_memory_log CPU and memory overload log
appcoredump Core dump logs of the upper-layer software

log
udhcpd_br*.log IP address allocation log. * indicates a digit

between [0, 4] and indicates the bridge
number.
version Software version information of the CPE
NOTICE
The logs do not contain sensitive information. For details about personal data description, see
5G Outdoor CPE N5368X Personal Data Description.xlsx.
----End
8.3 Change Password

On the Change Password page, you can change the login password of the admin account.
After the change takes effect, you need to log in again.
Step 1 Choose SYSTEM > Change Password to enter the Change Password page.
Step 2 Specify Current password. Set New password and Confirm password to the same values.

The password must meet the following requirements:

l The password must be 10 to 15 ASCII characters and contain at least three types of the following
characters: letters (A to Z or a to z), digits (0 to 9), and special characters, including exclamation
mark (!), double quote ("), number sign (#), dollar sign ($), percent (%), ampersand (&), single
quote ('), left parenthesis ((), right parenthesis ()), asterisk (*), plus sign (+), comma (,), minus sign
(-), period (.), slash (/), colon (:), semicolon (;), less than (<), equal sign (=), greater than (>),
question mark (?), at sign (@), left bracket ([), backslash (\), right bracket (]), caret (^), underscore
(_), grave accent (`), left brace ({), vertical bar (|), right brace (}), tilde (~).
l The password must not be the same as the user name or the user name in reverse order.
l The password must not contain three or more consecutive identical characters, for example, 111.
Step 3 Set Password Period to 30Days, 60Days, 90Days, 180Days, or Forever. You are advised
not to set this parameter to Forever.
After the new password expires, you need to change the password.
Step 4 Click Apply.
----End
8.4 TR-069
TR-069 provides a common framework protocol for the 5G CPE configuration management.
TR-069 uses the auto-configuration server (ACS) to perform remote CPE configuration
management, including reading and setting some CPE parameters and implementing some
maintenance functions, such as restart, factory faults restoration, log upload, configuration file
upload/download, and version upgrade. The functions are described as follows:
l TR-069 allows network operators to modify authentication account information.

l TR-069 allows network operators to manage configuration for some parameters.
l TR-069 allows network operators to obtain system configuration files. This operation is
not controlled by end users. The exported configuration files are encrypted using the
AES-256-CBC algorithm, and are integrity protected using the SHA-256 algorithm.
When the ACS is used for importing configuration files, only the configuration files
exported by the CPE can be imported because each CPE uses different keys.
l TR-069 allows network operators to control CPE upgrades. This operation is not
controlled by end users.
Precautions
l During a remote upgrade of the CPE through the ACS server, the CPE cannot provide
services.
l The CPE supports certificate-based bidirectional authentication. The actual
authentication mode depends on the operator's configuration. The user name and
password for interconnection authentication are configured and managed by the operator.
The CPE does not check the password complexity.
l If one-way or two-way authentication is used, the certificate and related private key are
provided by the operator. The operator ensures the security of the certificate.

l The certificate for the product can be updated only in software package preconfiguration
mode. If the certificate is invalid, the operator needs to provide a new certificate to
update the board software.
l The operator customizes the processing mode after the certificate expires or is revoked
and is responsible for the consequences.
NOTICE
l If certificate-based authentication is used, the ACS of the operator needs to integrate

the certificate for CPE authentication. The CPE can be preconfigured with the
operator-provided certificate for ACS authentication.
l If the operator uses two-way certificate authentication, a certificate and a private key
must be provided for CPE integration to ensure link security.
l Only the operator-based single account management is supported.

l Exporting operator's logs and configuration data involves personal data.
l It is recommended that operators configure and periodically update passwords with
required complexity in line with the following rules:
– The password contains at least 10 ASCII characters, with the combination of the
following characters: letters (A to Z or a to z), digits (0 to 9), and special characters,
including exclamation mark (!), double quote ("), number sign (#), dollar sign ($),
percent (%), ampersand (&), single quote ('), left parenthesis ((), right parenthesis
()), asterisk (*), plus sign (+), comma (,), hypen (-), period (.), slash (/), colon (:),
semicolon (;), less than (<), equal sign (=), greater than (>), question mark (?), at
sign (@), left bracket ([), backslash (\), right bracket (]), caret (^), underscore (_),
grave accent (`), left brace ({), vertical bar (|), right brace (}), tilde (~).
– The password is different from the user name or the user name in reverse order.
– The password does not contain three or more consecutive identical characters, for
example, 111.
l The CPE supports HTTP- or HTTPS-based interaction over TR-069. The actual running
mechanism depends on the operator's configuration. If the operator's TR-069 server
supports HTTPS, it is recommended that HTTPS be used for interaction.
NOTICE
When the HTTPS protocol is used, the ACS must be configured to support the TLS1.2
protocol.
l The CPE uses the AES-256-CBC algorithm to encrypt the CPE configuration files
downloaded by the network operator. For details about personal data, see 5G Outdoor
CPE N5368X Personal Data Description.xlsx.
l The CPE does not encrypt the CPE log file downloaded by the operator. The logs do not
contain sensitive information. For details about personal data description, see 5G
Outdoor CPE N5368X Personal Data Description.xlsx.
l The HTTP/HTTPS/FTP/FTPS protocol can be used for file transfer. HTTPS is
recommended. The FTP server works on the TR-069 server end of the operator. The
password of the FTP server is sent by the ACS to the CPE.

l The CPE parameter management can be performed on the ACS or Web UI. The latest
configuration success result prevails for the same parameter.
l After roaming is enabled, if the product accesses the network in roaming environment
and the TR-069 server is deployed in an independent network environment, there are
risks of disconnection from the TR-069 server.
l After the TR-069 function is enabled, the CPE consumes traffic as follows:
– Consumes KB-level traffic when reporting the online status after each network
entry.
– Consumes KB-level traffic because of operator-controlled presetting or
configuration of the period for sending heartbeat messages.
– Consumes KB-level traffic due to operator-controlled import or export of the
configuration file.
– Consumes less than 150 MB traffic (depending on the log size) due to operator-
controlled export of logs.
– Consumes less than 200 MB traffic (depending on the upgrade package size) due to
operator-controlled upgrades.
– Consumes KB-level traffic from message interaction of each group in configuration
management scenarios.
l When the TR-069-based network management function is enabled and the CPE fails to
actively establish a session with the ACS, the session is reestablished by using the
following mechanism:
Configuring TR-069
Step 1 Choose SYSTEM > TR-069.
Step 2 Specify ACS URL.
NOTICE
To avoid IP address adjustment during the evolution of operator networks, it is highly

recommended that the operator-provided ACS URL be in the domain name format.
Step 3 Specify ACS username.
Step 4 Specify ACS password.

l The ACS user name and password are provided by the operator. You are advised to change the
default password.
– The password contains at least 10 ASCII characters, with the combination of the following
characters: letters (A to Z or a to z), digits (0 to 9), and special characters, including
exclamation mark (!), double quote ("), number sign (#), dollar sign ($), percent (%),
ampersand (&), single quote ('), left parenthesis ((), right parenthesis ()), asterisk (*), plus sign
(+), comma (,), hypen (-), period (.), slash (/), colon (:), semicolon (;), less than (<), equal sign
(=), greater than (>), question mark (?), at sign (@), left bracket ([), backslash (\), right bracket
(]), caret (^), underscore (_), grave accent (`), left brace ({), vertical bar (|), right brace (}),
tilde (~).
– The password is different from the user name or the user name in reverse order.
– The password does not contain three or more consecutive identical characters, for example,
111.
Step 5 (Optional) Select the Enable check box for Periodic inform to enable the CPE to
periodically send packets over TR-069.
Step 6 (Optional) If the Enable check box is selected for Periodic inform, specify Periodic inform
interval.
Step 7 Specify Connection request port.
Step 8 Specify Connection request username.
Step 9 Specify Connection request password.
l Connection request username and Connection request password are provided by the operator.
You are advised to change the default password.
– The password contains at least 10 ASCII characters, with the combination of the following
characters: letters (A to Z or a to z), digits (0 to 9), and special characters, including
exclamation mark (!), double quote ("), number sign (#), dollar sign ($), percent (%),
ampersand (&), single quote ('), left parenthesis ((), right parenthesis ()), asterisk (*), plus sign
(+), comma (,), hypen (-), period (.), slash (/), colon (:), semicolon (;), less than (<), equal sign
(=), greater than (>), question mark (?), at sign (@), left bracket ([), backslash (\), right bracket
(]), caret (^), underscore (_), grave accent (`), left brace ({), vertical bar (|), right brace (}),
tilde (~).
– It is recommended that the password be different from the user name or the user name in
reverse order.
– It is recommended that the password do not contain three or more consecutive identical
characters, for example, 111.
Step 10 Specify SSLVerify.

Value

verify CA After time synchronization with the SNTP server succeeds, strict
strictly certificate verification is performed and the CPE cannot connect to the
server if the verification fails.
NOTICE
Select this option with caution because such setting requires a certificate to be
uploaded and will cause the CPE to be disconnected in the event of certificate
invalidity.
Verify The server certificate verification is performed. If the verification fails,

CA,ignore error the CPE continues to connect the server and logs the failure.
NOTE
This option is selected by default unless otherwise modified by users.
Step 11 Specify File transferVerify. The parameter values and definitions are the same as those for
SSLVerify.
Step 12 Specify CRLVerify to configure the certificate revocation list (CRL) verification mode. The
options are verify CRL disable, verify CRL, ignore error, and verify CRL strictly.
Step 13 (Optional) If SSLVerify is set to verify CA strictly, upload the ACS certificate file.
Step 14 (Optional) If File transferVerify is set to verify CA strictly, upload the certificate file of the
file server.
Step 15 Click Apply.
----End
Uploading the ACS Certificate File

Step 2 Click Choose File next to SSL Certificate. Select a certificate file, which must be in PEM or
CER format.
Step 3 Click Upload.
----End
Uploading the Certificate File of the File Server

Step 2 Click Choose File next to File Certificate. Select a certificate file, which must be in PEM or
CER format.
Step 3 Click Upload.
----End
8.5 Antenna
On the Antenna page, you can set antenna optimization parameters so that the CPE can
obtain better signal quality. The fixed antenna mode and automatic optimization mode are
supported.

NOTICE
If the automatic optimization mode is configured and immediate optimization is started, the
network connection may be interrupted. In normal cases, the network access is automatically
restored within 5 seconds.
Step 1 Choose SYSTEM > Antenna.
Step 2 Set Select Mode to the antenna mode. Auto indicates the automatic optimization mode, and
Fixed indicates the fixed antenna mode.
Step 3 When Select Mode is set to Auto, you can specify Immediate AntSel. This parameter is
invalid in the fixed antenna mode. No Action indicates that no immediate optimization is
performed, Start indicates that immediate optimization is started, and Stop indicates that
immediate optimization is stopped. If this parameter is set to Start, the network connection
may be interrupted.
Step 4 When Select Mode is set to Auto, specify Select Cycle to configure the optimization period.
The value range is 1–720 hours. This parameter is invalid in the fixed antenna mode.
Step 5 When Select Mode is set to Fixed, specify Antenna Combine Index to configure the
antenna combination. This parameter is invalid in automatic optimization mode.
Step 6 Click Apply.
l After the antenna optimization parameters are modified and submitted or after the page is refreshed,
TX Antenna displays the transmit antennas in use.
l The CPE supports 10 antenna combinations. Antenna Combine Index indicates each combination,
and each combination uses four antennas. The indexes of antennas used in groups 1 to 10 are shown
in red in the following figure.
----End

8.6 Diagnose
The diagnosis function is used to check the network connection status. The ping and route
trace functions are supported.
8.6.1 Ping
To configure the ping function, perform the following steps:
Step 1 Choose SYSTEM > Diagnose. The Diagnose page is displayed.

Step 2 In Target IP or domain, set the destination IP address or domain name.
Step 3 In Packet size, set the packet size. The value range is [1, 9000].
Step 4 In Timeout, set the timeout period. The value range is [1, 10], in units of seconds.
Step 5 Select or deselect Do not fragment to specify whether to segment the data.
Step 6 Click Apply.
----End
8.6.2 Traceroute
To configure the route trace function, perform the following steps:
Step 1 Choose SYSTEM > Diagnose. The Diagnose page is displayed.

Step 2 In Target IP or domain, set the destination IP address or domain name.
Step 3 In Maximum hops, set the maximum number of hops. The value range is [1, 100].
Step 4 In Timeout, set the timeout period. The value range is [1, 10], in units of seconds.
Step 5 Click Apply.
----End
8.7 Time
You configure the NTP server so that the CPE can synchronize time from the network.
NOTICE
l The CPE can synchronize time from the network only after the CPE has accessed the
network successfully.
l After the CPE successfully synchronizes time from the network, it re-synchronizes the
time from the network every 24 hours.
l The time synchronization with the network consumes less than 1 KB traffic per day on the
CPE.
l The time zone can be manually selected.

8.7.1 Adding an NTP Server

Step 1 Choose SYSTEM > Time. The Time page is displayed.
Step 2 Click Add Server on the Time page. The Settings dialog box is displayed.
Step 3 In the Server area of the Settings dialog box, set the IP address or domain name of the NTP
server.
Step 4 Specify Algorithm in the Settings dialog box to set the server authentication algorithm. If
this parameter is set to NONE, no authentication is required.
Step 5 If Algorithm in the Settings dialog box is set to MD5 or HMAC-SHA256, specify Key ID
and Key in the Settings dialog box. The values of Key ID and Key must be the same as those
of the NTP server. Otherwise, authentication fails. If the Key value of the NTP server does
not comply with the password strength recommended by the CPE, the CPE displays a
message indicating that the password strength is weak, which does not affect the setting of the
Key parameter.
Step 6 Click Apply.
l The preset NTP servers include clock.fmt.he.net, clock.nyc.he.net, and pool.ntp.org.

l You are advised to set the authentication algorithm to SHA256-MAC.
l If the authentication algorithm is set to NONE or MD5, security risks exist and you need to
manually confirm the configuration.
l It is recommended that the password contain at least six ASCII characters.
l It is recommended that the password be updated every six months. The configuration at the server
end must be updated together.
l It is recommended that the password contain at least two types of the following characters:
– At least one lower-case letter
– At least one upper-case letter
– At least one digit
– At least one of the following special characters: ! " # $ % & ' ( ) * + , - . / : ;< = > ? @ [ \ ] ^ _ `
{|}~
----End
8.7.2 Modifying an NTP Server

Step 2 In the NTP server list on the Time page, locate the NTP server to be modified, and click the
modifying button in the Options column of the server to display the Settings dialog box.
Step 3 Specify Algorithm in the Settings dialog box to set the server authentication algorithm. If
this parameter is set to NONE, no authentication is required.
Step 4 If Algorithm in the Settings dialog box is set to MD5 or HMAC-SHA256, specify Key ID
and Key in the Settings dialog box. The values of Key ID and Key must be the same as those
of the NTP server. Otherwise, authentication fails. If the Key value of the NTP server does
not comply with the password strength recommended by the CPE, the CPE displays a
message indicating that the password strength is weak, which does not affect the setting of the
Key parameter.

Step 5 Click Apply.
l The preset NTP servers clock.fmt.he.net, clock.nyc.he.net, and pool.ntp.org cannot be modified.
l You are advised to set the authentication algorithm to SHA256-MAC.
l If the authentication algorithm is set to NONE or MD5, security risks exist and you need to
manually confirm the configuration.
l It is recommended that the password contain at least six ASCII characters.
l It is recommended that the password be updated every six months. The configuration at the server
end must be updated together.
l It is recommended that the password contain at least two types of the following characters:
– At least one lower-case letter
– At least one upper-case letter
– At least one digit
– At least one of the following special characters: ! " # $ % & ' ( ) * + , - . / : ;< = > ? @ [ \ ] ^ _ `
{|}~
----End
8.7.3 Deleting an NTP Server

Step 2 In the NTP server list on the Time page, locate the NTP server to be deleted, and click the
delete button in the Options column of the server.
The preset NTP servers clock.fmt.he.net, clock.nyc.he.net, and pool.ntp.org cannot be deleted.
----End

Online Help 9 FAQs
9 FAQs
How Do I Handle the Failure to Log In to the WebUI?

Step 1 Check that the CPE is started.
Step 2 Check that the Ethernet cable connecting the CPE is functional.
Step 3 Check that the IP address for connecting the PC is correctly configured.
Step 4 If the problem persists, contact the local service provider.
----End
How Do I Troubleshoot If the Power Adapter Overheats?

Step 1 Check whether the CPE has been running for a long time. The CPE working temperature is –
40°C to +50°C and overheat occurs after a long running period. It is good practice to power
off the CPE when it is not in use.
Step 2 Check whether the CPE is placed in a well-ventilated place.
----End
What Should I Do If Factory Settings Are Restored?

Step 1 Check whether the CPE is powered off during parameter configuration. Power-off may cause
restoration of factory settings.
----End

Online Help 10 Acronyms and Abbreviations
10 Acronyms and Abbreviations
ACL Access Control List
ACS Auto-Configuration Server
AES Advanced Encryption Standard
ALG Application Level Gateway
BLER Block Error Rate
CPE Customer-Premises Equipment
CQI Channel Quality Information
DHCP Dynamic Host Configuration Protocol
DMZ Demilitarized Zone
DNS Domain Name System
HOTA Huawei Over The Air
HTTP Hypertext Transfer Protocol
HTTPS Hypertext Transfer Protocol Secure
ICMP Internet Control Message Protocol
IMEI International Mobile Equipment Identity
IMSI International Mobile Subscriber Identity
IP Internet Protocol
LAN Local Area Network
MAC Media Access Control
MCS Modulation and Coding Set
MTU Maximum Transmission Unit
NAT Network Address Translation

Online Help 10 Acronyms and Abbreviations
NTP Network Time Protocol
ODU Outdoor Unit
PIN Personal Identification Number
PUK PIN Unblocking Key
RRC Radio Resource Control
SIP Session Initiation Protocol
SN Serial Number
TCP Transmission Control Protocol
TR-069 Technical Report 069
UDP User Datagram Protocol
USIM Universal Subscriber Identity Module
WAN Wide Area Network

5G Outdoor CPE Online Help

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

5G Outdoor CPE Online Help

Uploaded by

Copyright:

Available Formats

5G Outdoor CPE N5368X

HUAWEI TECHNOLOGIES CO., LTD.

Trademarks and Permissions

Huawei Technologies Co., Ltd.

Issue Draft B (2019-11-30) Copyright © Huawei Technologies Co., Ltd. i

1 About This Document.................................................................................................................. 1

Issue Draft B (2019-11-30) Copyright © Huawei Technologies Co., Ltd. ii

Issue Draft B (2019-11-30) Copyright © Huawei Technologies Co., Ltd. iii

8.1.4 Led Status.................................................................................................................................................................. 34

Issue Draft B (2019-11-30) Copyright © Huawei Technologies Co., Ltd. iv

1 About This Document

1.2 Product Version

5G Outdoor CPE V200R001C00

1.3 Intended Audience

Issue Draft B (2019-11-30) Copyright © Huawei Technologies Co., Ltd. 1

1.4 Change Description

Issue Draft B (2019-11-30) Copyright © Huawei Technologies Co., Ltd. 2

2.1 User Account Description

2.1 User Account Description

Issue Draft B (2019-11-30) Copyright © Huawei Technologies Co., Ltd. 3

2.2 Safety Precautions

l If you use Internet Explorer, version 11.0 or later is preferred.

Issue Draft B (2019-11-30) Copyright © Huawei Technologies Co., Ltd. 4

2.3 Computer Configuration Requirements

CPU Pentium 500 MHz or above

Memory 128 MB RAM or above

Hard disk Available space of at least 200 MB

Operating Microsoft: Windows 7 or later

Display 1024 x 768 pixels or higher

Web Internet Explorer 11 or later, Chrome 73.0.368 or later

Issue Draft B (2019-11-30) Copyright © Huawei Technologies Co., Ltd. 5

Issue Draft B (2019-11-30) Copyright © Huawei Technologies Co., Ltd. 6

3.2.1 Local Upgrade

Step 1 Choose HOME > Update to enter the Update page.

3.2.2 HOTA-based Upgrade

To configure HOTA-based upgrade parameters, perform the following steps:

Issue Draft B (2019-11-30) Copyright © Huawei Technologies Co., Ltd. 7

l The CPE must access the network successfully.

Step 1 Choose HOME > Device to enter the Device page.

Step 2 Check the device list.

The following table describes the fields in the device list.

Hostname Host name of a connected device

MacAddr MAC address of a connected device

Issue Draft B (2019-11-30) Copyright © Huawei Technologies Co., Ltd. 8

IpAddr IP address of a connected device

Lease Time Remaining lease time, in units of seconds

IsWirelessU Whether the device is connected over Wi-Fi

Issue Draft B (2019-11-30) Copyright © Huawei Technologies Co., Ltd. 9

Set the security function in routing mode.

l Only IP address blacklists can be set.

Issue Draft B (2019-11-30) Copyright © Huawei Technologies Co., Ltd. 10

4.1.1 Adding an IP Address Filtering Rule

Step 1 Choose SECURITY > IP Filtering. The IP Filtering page is displayed.

Step 2 Click Add.

Step 5 Set Source IP Address Range to the range of source IP addresses.

Step 7 Set Destination IP Address Range to the range of destination IP addresses.

Step 9 Click Apply to generate the IP address filtering rule.

4.1.2 Modifying an IP Address Filtering Rule

Step 1 Choose SECURITY > IP Filtering. The IP Filtering page is displayed.

4.1.3 Deleting an IP Address Filtering Rule

Step 1 Choose SECURITY > IP Filtering. The IP Filtering page is displayed.

Issue Draft B (2019-11-30) Copyright © Huawei Technologies Co., Ltd. 11

4.2 MAC Filtering

l Only MAC address blacklists can be set.