Professional Documents
Culture Documents
V100R002C00
Online Help
Issue Draft B
Date 2019-11-30
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or
representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Website: https://www.huawei.com
Email: support@huawei.com
Contents
2 Introduction.................................................................................................................................... 3
2.1 User Account Description.............................................................................................................................................. 3
2.2 Safety Precautions.......................................................................................................................................................... 4
2.3 Computer Configuration Requirements..........................................................................................................................5
3 HOME.............................................................................................................................................. 6
3.1 Overview........................................................................................................................................................................ 6
3.2 Update.............................................................................................................................................................................6
3.2.1 Local Upgrade............................................................................................................................................................. 7
3.2.2 HOTA-based Upgrade................................................................................................................................................. 7
3.3 Device............................................................................................................................................................................. 8
4 SECURITY.................................................................................................................................... 10
4.1 IP Filtering.................................................................................................................................................................... 10
4.1.1 Adding an IP Address Filtering Rule.........................................................................................................................11
4.1.2 Modifying an IP Address Filtering Rule....................................................................................................................11
4.1.3 Deleting an IP Address Filtering Rule.......................................................................................................................11
4.2 MAC Filtering.............................................................................................................................................................. 12
4.2.1 Adding a MAC Address Filtering Rule..................................................................................................................... 12
4.2.2 Modifying a MAC Address Filtering Rule................................................................................................................12
4.2.3 Deleting a MAC Address Filtering Rule................................................................................................................... 12
4.3 URL Filtering............................................................................................................................................................... 13
4.3.1 Adding a URL Filtering Rule.................................................................................................................................... 13
4.3.2 Modifying a URL Filtering Rule............................................................................................................................... 13
4.3.3 Deleting a URL Filtering Rule.................................................................................................................................. 13
4.4 Port Forwarding............................................................................................................................................................ 13
4.4.1 Adding a Port Forwarding Rule.................................................................................................................................14
4.4.2 Modifying a Port Forwarding Rule........................................................................................................................... 14
4.4.3 Deleting a Port Forwarding Rule...............................................................................................................................15
4.5 ACL.............................................................................................................................................................................. 15
4.5.1 Modifying an ACL Rule............................................................................................................................................15
4.5.2 Resetting an ACL Rule..............................................................................................................................................15
4.6 DMZ............................................................................................................................................................................. 16
4.7 ALG.............................................................................................................................................................................. 16
4.8 UPnP............................................................................................................................................................................. 16
5 INTERNET....................................................................................................................................18
5.1 APN/DNN.................................................................................................................................................................... 18
5.1.1 Adding an APN/DNN Profile....................................................................................................................................18
5.1.2 Modifying an APN/DNN Profile...............................................................................................................................19
5.1.3 Deleting an APN/DNN Profile.................................................................................................................................. 19
5.2 Network........................................................................................................................................................................ 20
5.3 PIN................................................................................................................................................................................21
5.3.1 Enabling PIN Verification......................................................................................................................................... 21
5.3.2 Disabling PIN Verification........................................................................................................................................ 21
5.3.3 Changing the PIN Code............................................................................................................................................. 22
5.3.4 Verifying the PIN Code............................................................................................................................................. 22
5.3.5 Verifying the PUK Code............................................................................................................................................23
5.4 Internet MTU................................................................................................................................................................ 23
6 LAN................................................................................................................................................ 25
6.1 Static Route...................................................................................................................................................................25
6.1.1 Adding a Static Route Rule....................................................................................................................................... 25
6.1.2 Modifying a Static Route Rule.................................................................................................................................. 25
6.1.3 Deleting a Static Route Rule..................................................................................................................................... 26
6.2 Dynamic Route............................................................................................................................................................. 26
6.3 DHCP............................................................................................................................................................................26
6.4 Static Arp...................................................................................................................................................................... 27
6.4.1 Adding a Static ARP Entry........................................................................................................................................27
6.4.2 Modifying a Static ARP Entry...................................................................................................................................27
6.4.3 Deleting a Static ARP Entry...................................................................................................................................... 28
7 WLAN............................................................................................................................................ 29
7.1 WLAN Settings............................................................................................................................................................ 29
7.2 SSID List...................................................................................................................................................................... 31
7.3 Advanced Settings........................................................................................................................................................ 31
7.3.1 Configuring the Working Frequency Band................................................................................................................31
7.3.2 Configuring Transmit Power..................................................................................................................................... 32
8 SYSTEM........................................................................................................................................ 33
8.1 Maintenance..................................................................................................................................................................33
8.1.1 Restart........................................................................................................................................................................ 33
8.1.2 Reset.......................................................................................................................................................................... 33
8.1.3 Reconnect Network................................................................................................................................................... 34
9 FAQs...............................................................................................................................................47
10 Acronyms and Abbreviations................................................................................................. 48
1.1 Overview
1.2 Product Version
1.3 Intended Audience
1.4 Change Description
1.1 Overview
This document describes how to manage and maintain the 5G CPE on web pages, including
such operations as querying the operating status, setting parameters, performing an upgrade,
restoring factory settings, restarting the device, configuring TR-069 parameters, implementing
maintenance and test, and exporting logs.
Draft B (2019-11-30)
This is a draft.
Compared with Draft A (2019-09-15), this issue includes the following new topics:
l 4.3 URL Filtering
l 4.8 UPnP
l 6.2 Dynamic Route
l 7 WLAN
Compared with Draft A (2019-09-15), this issue does not include any changes.
No information in Draft A (2019-09-15) is deleted from this issue.
Draft A (2019-09-15)
This is a draft.
2 Introduction
l The system forcibly enables you to change the password upon the first login. Keep the new
password secure and it is strongly recommended that you change the password periodically.
l If you enter incorrect passwords for three consecutive times during login or password change,
the login page will be locked for 3 minutes.
l If you forget your password, press the Reset button for 2–10 seconds to restore the factory
settings in which the default user name and password are both admin.
l If you do not perform any operation within 5 consecutive minutes after a successful login to
the Web UI, you are forcibly logged out of the current session.
l Before the admin user logs in to the Web UI, the operation log records the anonymous user by
default.
l The CPE can be accessed over HTTP or HTTPS. HTTPS is recommended. If you cannot
access the CPE Web UI over HTTPS, check the TLS configuration of the browser you
use.
l Click Download on the login page to download the self-issued certificate of the CPE.
l Use the Certificate Import Wizard on the browser or click Install Certificate on the
certificate file page to install the CPE self-issued certificate to Trusted Root Certification
Authorities.
l The certificate installation may vary with browsers.
l Different browsers and different versions of the same browser have different mechanisms for
identifying risks in self-issued certificates. The risks may still be considered to exist after the
certificate installation. You are advised to use the Google Chrome browser to access the CPE
over HTTPS.
l The CPE self-issued certificate cannot be updated manually or by connecting to an online
server. If the CPE system verifies that the self-issued certificate has expired, it automatically
updates the certificate.
l During certificate installation, ensure that the SN in the CN field of the issuer for the CPE self-
issued certificate is the same as the SN of the board to minimize security risks.
l The IMEI, IMSI, SN, WAN IP address, LAN IP address, and MAC information can be
queried on the Web UI. The IMEI, IMSI, SN, WAN IP address, and LAN IP address can
be queried using TR-069. For details, see 5G Outdoor CPE N5368X Personal Data
Description.xlsx.
l The APN password is provided by the operator. The CPE uses the AES-256-CBC
algorithm to encrypt and store the APN password. You must keep the password secure. If
the password is lost, contact the operator as soon as possible.
l The initial value of the PIN/PUK is provided by the operator during USIM registration.
Keep the PIN/PUK to yourself. If the PIN/PUK is locked due to improper operations,
contact the operator.
l The CPE uses the in-band management mode. The management control information and
service information of the network are transmitted through the same physical channel,
and the control information and service information are distributed through different
virtual channels (virtual network adapter devices).
l Anti-DoS attack measures for the CPE include ICMP flood attack defense and SYN
flood attack defense.
l The Web UI supports only local login and is used to configure a proper access control
list for the CPE to ensure security. Preferentially disable Internet ICMP in the ACL.
l The CPE supports HTTP- or HTTPS-based interaction over TR-069. The actual running
mechanism depends on the operator's configuration. If the operator's TR-069 server
supports HTTPS, it is recommended that HTTPS be used for interaction.
Item Requirement
3 HOME
3.1 Overview
3.2 Update
3.3 Device
3.1 Overview
On the Overview page, you can view the CPE information, such as the device information,
software and hardware versions, network traffic statistics, and network status.
Step 1 Choose HOME > Overview to enter the Overview page. Device information includes
Device name, Model, IMEI, IMSI, and SN. Software and hardware versions include
Software Version and Hardware Version. Network traffic information includes Total
traffic, Uplink traffic, Downlink traffic, Average uplink traffic, and Average downlink
traffic. Time information includes Boot up time, Online time, and System time.
Step 2 Click Detail next to Network and Internet Info to view the network status and network
connection information. Network Info includes Network Type, Signal Intensity, Signal
Quality, RSSI, PLMN, Cell ID, 5G MCS, 5G BLER, 5G CQI, and 5G RANK. If you
specify Wan Id in the Internet Info area, the corresponding Status, WAN IP Address,
Subnet Mask, Gateway, Primary DNS, and Secondary DNS are displayed. Status indicates
whether the IP passthrough mode is enabled. If the IP passthrough mode is disabled, the
routing mode is used. The LAN information includes IP Address, MAC Address, DHCP
Server, Lan0 Status, Lan0 UpRate, Lan0 DownRate, Lan1 Status, Lan1 UpRate, and
Lan1 DownRate.
----End
3.2 Update
On the Update page, you can upgrade the software running on the CPE to a new version to
enhance system stability. The upgrade can be performed locally or over HOTA.
Step 2 In the Update area, click Choose File. In the displayed dialog box, select the software version
file stored on the local PC.
Step 3 Click Open. The dialog box is closed, and the version file name is displayed to the right of
the Choose File button.
Step 4 Click Update. The CPE software upgrade starts. After the upgrade is complete, the CPE
automatically restarts and runs the target software version.
NOTICE
l Do not perform any operations on the CPE during an upgrade. Especially, do not power off
the CPE.
l To roll back the CPE to the source version after a power-off, press the Reset button, power
on the CPE, and hold the button for over 25 seconds.
l The integrity check of the upgrade package uses the SHA256-based digital signature.
----End
Step 1 Specify Auto-update. Value ENABLE indicates automatic upgrade. Value DISABLE
indicates upgrade following user confirmation.
Step 2 When Auto-update is ENABLE, set Update time to the time period for the CPE to
automatically download and upgrade to the new version. Specifically, if a new version is
detected, the CPE downloads and upgrades to the new version within the specified period.
Step 3 When Auto-update is DISABLE, a dialog box is displayed to prompt you to upgrade the
CPE if a new version is detected when you log in to the CPE through the Web UI.
Step 4 To manually check for a new version, click Check for update.
Step 5 When a new version is detected or an upgrade is confirmed manually, click Update in the
Check Update column to download and upgrade to the new version.
----End
NOTICE
3.3 Device
To view the access device list in routing mode, perform the following steps:
----End
NOTICE
The connected device list is displayed only in routing mode. To enable the routing mode, set
IP Passthrough to DISABLE.
Parameter Description
Parameter Description
4 SECURITY
NOTICE
l The security function can be configured only when the routing mode applies. When the
CPE is set to non-routing mode, the SECURITY tab is not displayed on the WebUI.
l Method of setting the routing mode: Under Network on the Internet page, set IP
Passthrough to DISABLE.
4.1 IP Filtering
4.2 MAC Filtering
4.3 URL Filtering
4.4 Port Forwarding
4.5 ACL
4.6 DMZ
4.7 ALG
4.8 UPnP
4.1 IP Filtering
Set IP address filtering rules.
NOTICE
Step 3 Specify Profile name, and the corresponding default destination port number is automatically
filled in Destination Port Range.
Step 4 Specify Protocol. The options include ALL, TCP, UDP, and ICMP. All indicates all IPv4
packets.
Step 6 Set Source Port Range to the range of source ports. The valid range is [1, 65535]. The start
port number must be smaller than or equal to the end port number. When Protocol is set to
ALL or ICMP, you do not need to specify Source Port Range.
Step 8 Set Destination Port Range to the range of destination ports. The valid range is [1, 65535].
The start port number must be smaller than or equal to the end port number. When Protocol is
set to ALL or ICMP, you do not need to specify Destination Port Range.
----End
Step 2 Click edit in the Operation column for an IP address filtering rule.
Step 3 Modify parameters for the IP address filtering rule. For details about how to set the
parameters, see section 4.1.1 Adding an IP Address Filtering Rule.
Step 4 Click Apply for the modified IP address filtering rule to take effect.
----End
Step 2 Click delete in the Operation column for an IP address filtering rule.
Step 3 In the displayed Confirm dialog box, click OK to confirm the deletion.
----End
NOTICE
Step 1 Choose SECURITY > MAC Filtering. The MAC Filtering page is displayed.
----End
Step 1 Choose SECURITY > MAC Filtering. The MAC Filtering page is displayed.
Step 2 Click edit in the Operation column for a MAC address filtering rule.
Step 4 Click Apply for the modified MAC address filtering rule to take effect.
----End
Step 1 Choose SECURITY > MAC Filtering. The MAC Filtering page is displayed.
Step 2 Click delete in the Operation column for a MAC address filtering rule.
Step 3 In the displayed Confirm dialog box, click OK to confirm the deletion.
----End
NOTICE
----End
----End
----End
computer on the LAN side (for example, the computer functions as an FTP server), you need
to configure port forwarding rules so that access requests from the external network port can
be forwarded to the port of the server on the LAN side.
NOTICE
If you select the Port Forward check box on the Port Forwarding page, the port forwarding
rule takes effect immediately. Otherwise, the port forwarding rule does not take effect.
Step 1 Choose SECURITY > Port Forwarding. The Port Forwarding page is displayed.
Step 3 Specify Type and the corresponding default port number is automatically filled in Remote
port range and Local port range.
Step 4 Set Protocol to UDP or TCP.
Step 5 Set Remote host to the remote IP address. This operation is optional.
Step 6 Set Remote port range to the remote port range. The value range is [1, 65535].
Step 8 Set Local port range to the local port range. The value range is [1, 65535].
NOTICE
----End
Step 1 Choose SECURITY > Port Forwarding. The Port Forwarding page is displayed.
Step 2 Click edit in the Operation column for a port forwarding rule.
Step 3 Modify the port forwarding rule. For details about how to set the parameters, see 4.4.1
Adding a Port Forwarding Rule.
Step 4 Click Apply for the modified port forwarding rule to take effect.
----End
Step 1 Choose SECURITY > Port Forwarding. The Port Forwarding page is displayed.
Step 2 Click delete in the Operation column for a port forwarding rule.
Step 3 In the displayed Confirm dialog box, click OK to confirm the deletion.
----End
4.5 ACL
Set ACL rules to control the service list provided by the CPE. Reducing external access
improves CPE security and ensures its performance.
NOTICE
l If you select the ACL check box on the ACL page, the ACL rule takes effect immediately.
Otherwise, the ACL rule does not take effect.
l It is recommended that only necessary services on the LAN side be allowed.
l Configure an appropriate ACL to ensure CPE security. Preferentially disable Internet
ICMP in the ACL.
Step 2 Click edit in the Operation column for an ACL rule to be modified.
Step 5 Click Apply for the modified ACL rule to take effect.
NOTICE
If Access Source in the ACL rule is set to LAN, the IP address in IP address range must be
in the same network segment as the value of IP Address in LAN > DHCP. If Access Source
in the ACL rule is set to another value, the IP address in IP address range must be in a
different network segment from the value of IP Address in LAN > DHCP.
----End
----End
4.6 DMZ
Configure the DMZ function If DMZ is enabled, data packets destined for the WAN port are
directly forwarded to the specified address on the LAN, regardless of any default firewall
rules.
To enable DMZ, perform the following steps:
NOTICE
The value of Host address must be different from the value of IP Address in LAN > DHCP
but in the same network segment.
----End
4.7 ALG
When devices on the LAN connect to the Internet over SIP, you need to configure the SIP
service proxy function. A typical application scenario is SIP-based voice conference.
To configure the SIP proxy function, perform the following steps:
----End
4.8 UPnP
On the UPnP page, you can enable UPnP and then query port forwarding rules for UPnP
services. You can add a maximum of eight port mapping rules. It is recommended that you
disable the UPnP function when it is not in use. If UPnP is enabled, it may be exploited to
bypass the firewall, resulting in security risks.
Step 2 Set UPnP Settings to ENABLE if UPnP is required or DISABLE if UPnP is not required.
----End
5 INTERNET
5.1 APN/DNN
5.2 Network
5.3 PIN
5.4 Internet MTU
5.1 APN/DNN
On this page, you can add, modify, and delete APN/DNN profile information. The detailed
APN/DNN information can be obtained from the operator.
Step 3 Specify Profile name, which is case-sensitive and cannot be left empty or the same as an
existing name.
Step 4 Specify APN/DNN, which cannot be duplicate.
Step 5 Specify User name. When APN/DNN is left blank, this parameter must be left blank.
Step 6 Specify Password. When APN/DNN is left blank, this parameter must be left blank.
Step 7 Specify AUTH. The option PAP, CHAP, or NONE can be selected.
----End
Step 4 Reconfigure User name. When APN/DNN is left blank, this parameter must be left blank.
Step 5 Reconfigure Password after selecting the Change Password check box. When APN/DNN is
left blank, this parameter must be left blank.
Step 6 Specify AUTH. The option PAP, CHAP, or NONE can be selected.
l The values of Profile name, User name, and Password cannot contain the following special
characters: slash (/), single quote ('), backslash (\), equal sign (=), double quote ("), ampersand (&),
percent (%), left parenthesis ((), right parenthesis ()), semicolon (;), less than (<), greater than (>),
vertical bar (|).
l The value of APN/DNN can contain only digits, English characters, and special characters period
(.), hypen (-), and underscore (_). It can be left blank. It cannot start with the following character
string: rac, lac, sgsn, rnc, and AUTO. It cannot end with .gprs (case insensitive).
l The value of Profile name can contain a maximum of 32 ASCII characters. The values of APN/
DNN, User name, and Password can contain a maximum of 99 ASCII characters.
----End
----End
5.2 Network
To set the dial-up network connection, perform the following steps:
Step 2 Specify Network Mode. The options can be AUTO, NSA, and SA.
Step 3 Specify Roaming. Value ENABLE indicates that roaming is enabled. Value DISABLE
indicates that roaming is disabled.
Step 4 Specify IP Passthrough. Value ENABLE indicates that the IP passthrough mode is used.
Value DISABLE indicates that the routing mode is used. In IP passthrough mode, the
Power/LAN port only can be used.
l In IP passthrough mode, the IP addresses assigned on the network side are used for devices attached
to the ODU, and the ODU only transparently transmits service data. The VLAN information must be
correctly configured on the ODU and the devices connected to the ODU so that the connected
devices can obtain an appropriate IP address for services. Otherwise, E2E services on the connected
devices work improperly.
l In routing mode, the IP address assigned on the network side is used for the ODU. The ODU assigns
private IP addresses and translates network addresses for the connected devices. In this case, the
VLAN does not take effect. Therefore, if the bridge mode is switched to the routing mode, the
VLAN information becomes invalid.
Step 5 Set parameters in the Connection area, as described in the following table.
Parameter Description
Enable Specifies whether to enable the dial-up function. Value ENABLE indicates
that the dial-up function is enabled. Value DISABLE indicates that the
dial-up function is disabled.
Service Specifies the service type. You can select multiple service types.
DATA: common data services of connected devices
DM: maintenance services of the CPE
DM FOR X: maintenance services of connected devices
VOIP: voice services
NOTICE
l Changing the roaming status will result in a power-off and power-on. Dial-up will be re-
initiated after the power-on.
l Enabling the roaming function may incur additional data fees.
l In Connection, different APNs/DNNs cannot be configured with the same Service value.
----End
5.3 PIN
On the PIN page, you can manage the PIN codes of USIM cards, for example, enable or
disable PIN verification and change the PIN codes.
Step 3 Enter the correct PIN code in the PIN code text box. The PIN code should be a string of 4 to
8 digits.
Step 4 Click Apply.
NOTICE
l With the PIN verification function enabled, after the CPE is powered on and starts, the
correct PIN code must be entered for verification before the CPE dials up to access the
network.
l If you incorrectly specify PIN code for three consecutive times, PIN code is locked. To
unlock the PIN code, you need to verify the PIN unlocking key (PUK) code and change
the PIN code.
----End
Step 3 Enter the correct PIN code in the PIN code text box. The PIN code should be a string of 4 to
8 digits.
NOTICE
If you incorrectly specify PIN code for three consecutive times, PIN code is locked. To
unlock the PIN code, you need to verify the PUK code and change the PIN code.
----End
Step 4 Enter the current PIN code in the PIN code text box. The PIN code should be a string of 4 to
8 digits.
Step 5 Enter a new PIN code in the New PIN text box. The PIN code should be a string of 4 to 8
digits. The new PIN code must differ from the old one.
Step 6 In the Confirm PIN text box, enter the new PIN code again.
NOTICE
If you incorrectly specify PIN code for three consecutive times, PIN code is locked. To
unlock the PIN code, you need to verify the PUK code and change the PIN code.
----End
Step 2 Enter the correct PIN code in the PIN code text box. The PIN code should be a string of 4 to
8 digits.
NOTICE
If you incorrectly specify PIN code for three consecutive times, PIN code is locked. To
unlock the PIN code, you need to verify the PUK code and change the PIN code.
----End
Step 2 Enter the correct PUK code in the PUK code text box. The PUK code should be a string of 8
digits.
Step 3 In the New PIN text box, enter the new PIN code.
Step 4 In the Confirm PIN text box, enter the new PIN code again.
NOTICE
If you are not sure about the correct PUK code, contact the operator. If an incorrect PUK code
is entered for 10 consecutive times, the USIM card is locked permanently. That is, the USIM
card is scrapped.
----End
NOTICE
l An inappropriate max transmission unit (MTU) may cause network connection failures.
Therefore, you are advised to retain the default MTU (1500 bytes).
l If you change the MTU, the new MTU value must be greater than or equal to the MTU
configured separately on the downstream device and the core network.
Step 1 Choose INTERNET > Internet MTU to enter the Internet MTU page.
Step 2 In the MTU size text box, enter the desired MTU.
----End
6 LAN
Step 2 Click Add on the Static Route page to add a static route.
Step 5 Set Default Gateway to the IP address that the router obtains from the CPE. Used for
transmitting data to cascaded devices, this IP address must be reachable.
----End
Step 2 Select the item to be modified in the list and edit the data.
----End
Step 2 Select the item to be deleted, and click the delete icon under Options.
----End
Step 1 Choose LAN > Dynamic Route to enter the Dynamic Route page.
Step 2 Specify RIP. You can select Enable to enable the dynamic route function.
Step 3 Specify Operation to configure the working mode. The options are Active and Passive.
Active indicates that the CPE actively notifies the surrounding routers of route changes.
Passive indicates that the surrounding routers notify the CPE of changes.
Step 4 Specify Version to configure the routing protocol. The options are RIP v1, RIP v2, and RIP
v1/RIP v2.
----End
6.3 DHCP
NOTICE
Step 2 Specify IP address to configure the CPE gateway address. Ensure that the address is unique
on the network.
Step 3 In routing mode, specify DHCP Server to enable or disable the DHCP server.
Step 4 In routing mode, when the DHCP server is enabled, specify DHCP IP range to configure the
range of IP addresses that can be allocated by the DHCP server.
Step 5 In routing mode, when the DHCP server is enabled, specify DHCP lease time to configure
the DHCP lease time in units of seconds.
Step 6 In routing mode, you can assign a fixed IP address to a device with a specified MAC address
in IP and MAC Address Association.
----End
NOTICE
----End
Step 2 Click edit in the Operation column for the displayed static ARP entry list.
----End
Step 2 Click delete in the Operation column for the displayed static ARP entry list.
Step 3 In the displayed Confirm dialog box, click OK to confirm the deletion.
----End
7 WLAN
NOTICE
After related configuration is modified, the WLAN module will restart and the WLAN service
will be interrupted for about 30s.
Step 1 Choose WLAN > WLAN Settings. The WLAN Settings page is displayed.
Step 2 Specify Frequency Band to configure the WLAN working frequency band. The options are
2.4G and 5G.
Step 5 Specify SSID. The SSID contains 1 to 32 ASCII characters and cannot contain special
characters "/\' =\"\\&%();<>|". The SSID cannot start or end with a space.
Step 6 Specify Maximum number of devices to configure the maximum number of devices that can
be supported. The value range is [1, 32].
Step 7 Specify Hide SSID broadcast. If this parameter is set to ENABLE, user clients cannot detect
this CPE over the WLAN.
Step 10 Specify Security to configure the WLAN encryption mode. The options are None, WPA2-
PSK, and WPA-PSK&WPA2-PSK. When selecting None, confirm whether to use this
insecure encryption mode. If it is confirmed, proceed to step 14. If you select
WPAPSK&WPA2-PSK, proceed to step 12.
l If you select None (not recommended), WLAN clients directly connect to the CPE, which is
insecure. Therefore, you need to manually confirm the configuration.
l WPA2-PSK indicates that WLAN clients can access the CPE only in WPA2-PSK authentication
mode. This option is recommended due to high security.
l WPA-PSK&WPA2-PSK indicates that WLAN clients can access the CPE in WPA-PSK or WPA2-
PSK authentication mode.
Step 11 If Protect Management Frame is selected, determine whether to enable or disable the
protected management frame. DISABLE indicates that the protected management frame is
disabled. ENABLE indicates that the protected management frame is enabled.
MANDATORY indicates that the protected management frame is required.
l The default WLAN password is provided by the operator. You are advised to change the password.
l The CPE uses the AES-256-CBC algorithm to encrypt and store the WLAN password.
l It is recommended that operators configure and periodically update passwords with required
complexity in line with the following rules:
– The password contains the combination of letters, digits (0 to 9), and special characters (! " # $
% & ' ( ) * + , - . / : ;< = > ? @ [ \ ] ^ _ ` { | } ~).
– The password is different from the SSID or the reverse of the SSID.
– The password does not contain three or more consecutive identical characters, for example,
111.
----End
Step 1 Choose WLAN > SSID List. The SSID page is displayed.
Step 2 Click edit in the Operation column for the displayed SSID list.
Step 3 Specify Status to determine whether to enable the SSID. For details about how to set other
parameters, see 7.1 WLAN Settings.
l Among the four listed SSIDs, the first and third SSIDs are the primary SSIDs. Status cannot be
reconfigured on the current page, but is controlled by the WLAN setting on the WLAN Settings
page. The second and fourth data SSIDs are respectively the secondary SSIDs for the first and third
SSIDs and can be enabled only when their primary channels are enabled.
l The default encryption mode of the primary SSIDs is WPA2-PSK, and that of the secondary SSIDs
is None.
l If Security is set to None(not recommended) for a primary SSID, WLAN clients can directly
connect to the CPE through the primary SSID, which poses security risks.
Step 5 In the displayed Info dialog box, click OK to confirm that the modification takes effect.
----End
Step 1 Choose WLAN > Advanced Settings. The Advanced Settings page is displayed.
Step 2 Specify Frequency band to configure the working frequency band. The options are 2.4G and
5G.
Step 3 Specify BandWidth to set the bandwidth for the working frequency band. The options
depend on the working frequency band and the working mode specified on WLAN settings
page. Refer to the following table.
Setting of Setting of Description
Frequency Bandwidth
band
Step 4 Specify Channel to configure the channels for the corresponding working frequency band.
The options depend on the selected working frequency band. When Auto is selected, the
channel with the best signal quality for the moment is selected.
Step 5 Click Apply to make the working frequency band configuration take effect.
----End
Step 1 Choose WLAN > Advanced Settings. The Advanced Settings page is displayed.
Step 2 Specify transmit power to configure the transmit power. The options are Impale, Normal,
and Sleep.
Step 3 Click Apply to make the transmit power configuration take effect.
----End
8 SYSTEM
8.1 Maintenance
8.2 Logs
8.3 Change Password
8.4 TR-069
8.5 Antenna
8.6 Diagnose
8.7 Time
8.1 Maintenance
8.1.1 Restart
With the Restart function, you can restart the CPE without powering it off. After the restart,
parameters configured for the CPE are not lost.
To restart the CPE, perform the following steps:
Step 2 Click Restart. A dialog box is displayed for you to confirm the restart.
----End
8.1.2 Reset
With the Reset function, you can restore the CPE to factory settings. With factory settings, the
parameter settings on the CPE are replaced by the default values.
NOTICE
If the Reset button is pressed for 2-10 seconds, the factory settings are restored.
Step 2 Enter the correct user login password in the Input the password to restore device to its
factory settings text box. If incorrect passwords are entered for three consecutive times, the
login page is displayed and is locked for three minutes.
Step 3 Click Reset. The CPE immediately restarts with default settings.
----End
Step 3 In the Confirm dialog box, click OK to confirm reconnection to the network. After the
reconnection is successful, Reconnect network success! is displayed.
----End
Step 2 Sets the Led Status switch. Value ENABLE indicates that the CPE indicator is turned on,
and value DISABLE indicates that the CPE indicator is turned off.
----End
NOTICE
l If you click DISABLE, the indicator will be turned off 5 minutes after the CPE
successfully accessed the network. If the network access fails, the indicator will not be
turned off.
l The indicator status is saved after a restart. The indicator will be off 5 minutes after the
CPE accesses the network.
Step 3 Select the Lock Frequency option to enable frequency locking or deselect this option to
disable frequency locking.
Step 4 Specify Band to select the frequency band to be locked. After you select a frequency band to
be locked, the system displays the frequency range corresponding to the frequency band.
Step 5 Specify Frequency. The value must be within the frequency range corresponding to the
locked frequency band.
Step 6 Select the Lock PCI option to enable PCI locking or deselect this option to disable PCI
locking.
Step 7 Specify PCI. The value range is [0, 503].
Step 8 Click Apply. In the displayed Confirm dialog box, confirm the restart.
NOTICE
----End
2. To configure 5G frequency locking, perform the following steps:
Step 3 Select the Lock Arfcn option to enable frequency locking or deselect this option to disable
frequency locking.
Step 4 Specify Band to select the frequency band to be locked. After you select a frequency band to
be locked, the system displays the frequency number range corresponding to the frequency
band.
Step 5 Specify Arfcn to configure the frequency number. The value must be within the frequency
number range corresponding to the locked frequency band.
Step 6 Select the Lock PCI option to enable PCI locking or deselect this option to disable PCI
locking.
Step 7 Specify PCI. The value range is [0, 1007].
Step 8 Click Apply. In the displayed Confirm dialog box, confirm the restart.
----End
NOTICE
l The default value is default. If the default value is used, the APN/DNN for initial access is
in the following descending order of priority: null APN/DNN, DATA APN/DNN, TR-069
APN/DNN, and the first enabled APN/DNN.
l The available APN/DNN is the APN/DNN configured on the enabled WAN port.
l Configuring initial access causes network re-access.
l When the selected APN/DNN is invalid, the default APN/DNN is used for initial access.
----End
Step 2 Select Enable to activate the parameter write-back function or deselect Enable to deactivate
this function. If Enable is selected, the APN/DNN, TR-069, and multi-WAN configurations
are not cleared after factory settings are restored.
Step 3 Click Apply.
----End
8.2 Logs
On the Logs page, you can export user logs, including operation logs, run logs, and exception
logs for fault locating. To export logs, perform the following steps:
Step 2 Click Export. The user data information dialog box is displayed.
Step 3 After confirming the risk of using log data, click OK.
Step 5 After the logs are exported, a dialog box is displayed, indicating that the log export is
successful. Click OK.
File Name Description
NOTICE
The logs do not contain sensitive information. For details about personal data description, see
5G Outdoor CPE N5368X Personal Data Description.xlsx.
----End
Step 1 Choose SYSTEM > Change Password to enter the Change Password page.
Step 2 Specify Current password. Set New password and Confirm password to the same values.
Step 3 Set Password Period to 30Days, 60Days, 90Days, 180Days, or Forever. You are advised
not to set this parameter to Forever.
After the new password expires, you need to change the password.
----End
8.4 TR-069
TR-069 provides a common framework protocol for the 5G CPE configuration management.
TR-069 uses the auto-configuration server (ACS) to perform remote CPE configuration
management, including reading and setting some CPE parameters and implementing some
maintenance functions, such as restart, factory faults restoration, log upload, configuration file
upload/download, and version upgrade. The functions are described as follows:
Precautions
l During a remote upgrade of the CPE through the ACS server, the CPE cannot provide
services.
l The CPE supports certificate-based bidirectional authentication. The actual
authentication mode depends on the operator's configuration. The user name and
password for interconnection authentication are configured and managed by the operator.
The CPE does not check the password complexity.
l If one-way or two-way authentication is used, the certificate and related private key are
provided by the operator. The operator ensures the security of the certificate.
l The certificate for the product can be updated only in software package preconfiguration
mode. If the certificate is invalid, the operator needs to provide a new certificate to
update the board software.
l The operator customizes the processing mode after the certificate expires or is revoked
and is responsible for the consequences.
NOTICE
NOTICE
When the HTTPS protocol is used, the ACS must be configured to support the TLS1.2
protocol.
l The CPE uses the AES-256-CBC algorithm to encrypt the CPE configuration files
downloaded by the network operator. For details about personal data, see 5G Outdoor
CPE N5368X Personal Data Description.xlsx.
l The CPE does not encrypt the CPE log file downloaded by the operator. The logs do not
contain sensitive information. For details about personal data description, see 5G
Outdoor CPE N5368X Personal Data Description.xlsx.
l The HTTP/HTTPS/FTP/FTPS protocol can be used for file transfer. HTTPS is
recommended. The FTP server works on the TR-069 server end of the operator. The
password of the FTP server is sent by the ACS to the CPE.
l The CPE parameter management can be performed on the ACS or Web UI. The latest
configuration success result prevails for the same parameter.
l After roaming is enabled, if the product accesses the network in roaming environment
and the TR-069 server is deployed in an independent network environment, there are
risks of disconnection from the TR-069 server.
l After the TR-069 function is enabled, the CPE consumes traffic as follows:
– Consumes KB-level traffic when reporting the online status after each network
entry.
– Consumes KB-level traffic because of operator-controlled presetting or
configuration of the period for sending heartbeat messages.
– Consumes KB-level traffic due to operator-controlled import or export of the
configuration file.
– Consumes less than 150 MB traffic (depending on the log size) due to operator-
controlled export of logs.
– Consumes less than 200 MB traffic (depending on the upgrade package size) due to
operator-controlled upgrades.
– Consumes KB-level traffic from message interaction of each group in configuration
management scenarios.
l When the TR-069-based network management function is enabled and the CPE fails to
actively establish a session with the ACS, the session is reestablished by using the
following mechanism:
Configuring TR-069
Step 1 Choose SYSTEM > TR-069.
NOTICE
l The ACS user name and password are provided by the operator. You are advised to change the
default password.
l It is recommended that operators configure and periodically update passwords with required
complexity in line with the following rules:
– The password contains at least 10 ASCII characters, with the combination of the following
characters: letters (A to Z or a to z), digits (0 to 9), and special characters, including
exclamation mark (!), double quote ("), number sign (#), dollar sign ($), percent (%),
ampersand (&), single quote ('), left parenthesis ((), right parenthesis ()), asterisk (*), plus sign
(+), comma (,), hypen (-), period (.), slash (/), colon (:), semicolon (;), less than (<), equal sign
(=), greater than (>), question mark (?), at sign (@), left bracket ([), backslash (\), right bracket
(]), caret (^), underscore (_), grave accent (`), left brace ({), vertical bar (|), right brace (}),
tilde (~).
– The password is different from the user name or the user name in reverse order.
– The password does not contain three or more consecutive identical characters, for example,
111.
Step 5 (Optional) Select the Enable check box for Periodic inform to enable the CPE to
periodically send packets over TR-069.
Step 6 (Optional) If the Enable check box is selected for Periodic inform, specify Periodic inform
interval.
Step 7 Specify Connection request port.
l Connection request username and Connection request password are provided by the operator.
You are advised to change the default password.
l It is recommended that operators configure and periodically update passwords with required
complexity in line with the following rules:
– The password contains at least 10 ASCII characters, with the combination of the following
characters: letters (A to Z or a to z), digits (0 to 9), and special characters, including
exclamation mark (!), double quote ("), number sign (#), dollar sign ($), percent (%),
ampersand (&), single quote ('), left parenthesis ((), right parenthesis ()), asterisk (*), plus sign
(+), comma (,), hypen (-), period (.), slash (/), colon (:), semicolon (;), less than (<), equal sign
(=), greater than (>), question mark (?), at sign (@), left bracket ([), backslash (\), right bracket
(]), caret (^), underscore (_), grave accent (`), left brace ({), vertical bar (|), right brace (}),
tilde (~).
– It is recommended that the password be different from the user name or the user name in
reverse order.
– It is recommended that the password do not contain three or more consecutive identical
characters, for example, 111.
verify CA After time synchronization with the SNTP server succeeds, strict
strictly certificate verification is performed and the CPE cannot connect to the
server if the verification fails.
NOTICE
Select this option with caution because such setting requires a certificate to be
uploaded and will cause the CPE to be disconnected in the event of certificate
invalidity.
Step 11 Specify File transferVerify. The parameter values and definitions are the same as those for
SSLVerify.
Step 12 Specify CRLVerify to configure the certificate revocation list (CRL) verification mode. The
options are verify CRL disable, verify CRL, ignore error, and verify CRL strictly.
Step 13 (Optional) If SSLVerify is set to verify CA strictly, upload the ACS certificate file.
Step 14 (Optional) If File transferVerify is set to verify CA strictly, upload the certificate file of the
file server.
Step 15 Click Apply.
----End
----End
----End
8.5 Antenna
On the Antenna page, you can set antenna optimization parameters so that the CPE can
obtain better signal quality. The fixed antenna mode and automatic optimization mode are
supported.
NOTICE
If the automatic optimization mode is configured and immediate optimization is started, the
network connection may be interrupted. In normal cases, the network access is automatically
restored within 5 seconds.
Step 2 Set Select Mode to the antenna mode. Auto indicates the automatic optimization mode, and
Fixed indicates the fixed antenna mode.
Step 3 When Select Mode is set to Auto, you can specify Immediate AntSel. This parameter is
invalid in the fixed antenna mode. No Action indicates that no immediate optimization is
performed, Start indicates that immediate optimization is started, and Stop indicates that
immediate optimization is stopped. If this parameter is set to Start, the network connection
may be interrupted.
Step 4 When Select Mode is set to Auto, specify Select Cycle to configure the optimization period.
The value range is 1–720 hours. This parameter is invalid in the fixed antenna mode.
Step 5 When Select Mode is set to Fixed, specify Antenna Combine Index to configure the
antenna combination. This parameter is invalid in automatic optimization mode.
l After the antenna optimization parameters are modified and submitted or after the page is refreshed,
TX Antenna displays the transmit antennas in use.
l The CPE supports 10 antenna combinations. Antenna Combine Index indicates each combination,
and each combination uses four antennas. The indexes of antennas used in groups 1 to 10 are shown
in red in the following figure.
----End
8.6 Diagnose
The diagnosis function is used to check the network connection status. The ping and route
trace functions are supported.
8.6.1 Ping
To configure the ping function, perform the following steps:
----End
8.6.2 Traceroute
To configure the route trace function, perform the following steps:
----End
8.7 Time
You configure the NTP server so that the CPE can synchronize time from the network.
NOTICE
l The CPE can synchronize time from the network only after the CPE has accessed the
network successfully.
l After the CPE successfully synchronizes time from the network, it re-synchronizes the
time from the network every 24 hours.
l The time synchronization with the network consumes less than 1 KB traffic per day on the
CPE.
l The time zone can be manually selected.
Step 2 Click Add Server on the Time page. The Settings dialog box is displayed.
Step 3 In the Server area of the Settings dialog box, set the IP address or domain name of the NTP
server.
Step 4 Specify Algorithm in the Settings dialog box to set the server authentication algorithm. If
this parameter is set to NONE, no authentication is required.
Step 5 If Algorithm in the Settings dialog box is set to MD5 or HMAC-SHA256, specify Key ID
and Key in the Settings dialog box. The values of Key ID and Key must be the same as those
of the NTP server. Otherwise, authentication fails. If the Key value of the NTP server does
not comply with the password strength recommended by the CPE, the CPE displays a
message indicating that the password strength is weak, which does not affect the setting of the
Key parameter.
----End
Step 2 In the NTP server list on the Time page, locate the NTP server to be modified, and click the
modifying button in the Options column of the server to display the Settings dialog box.
Step 3 Specify Algorithm in the Settings dialog box to set the server authentication algorithm. If
this parameter is set to NONE, no authentication is required.
Step 4 If Algorithm in the Settings dialog box is set to MD5 or HMAC-SHA256, specify Key ID
and Key in the Settings dialog box. The values of Key ID and Key must be the same as those
of the NTP server. Otherwise, authentication fails. If the Key value of the NTP server does
not comply with the password strength recommended by the CPE, the CPE displays a
message indicating that the password strength is weak, which does not affect the setting of the
Key parameter.
l The preset NTP servers clock.fmt.he.net, clock.nyc.he.net, and pool.ntp.org cannot be modified.
l You are advised to set the authentication algorithm to SHA256-MAC.
l If the authentication algorithm is set to NONE or MD5, security risks exist and you need to
manually confirm the configuration.
l It is recommended that the password contain at least six ASCII characters.
l It is recommended that the password be updated every six months. The configuration at the server
end must be updated together.
l It is recommended that the password contain at least two types of the following characters:
– At least one lower-case letter
– At least one upper-case letter
– At least one digit
– At least one of the following special characters: ! " # $ % & ' ( ) * + , - . / : ;< = > ? @ [ \ ] ^ _ `
{|}~
----End
Step 2 In the NTP server list on the Time page, locate the NTP server to be deleted, and click the
delete button in the Options column of the server.
The preset NTP servers clock.fmt.he.net, clock.nyc.he.net, and pool.ntp.org cannot be deleted.
----End
9 FAQs
Step 2 Check that the Ethernet cable connecting the CPE is functional.
Step 3 Check that the IP address for connecting the PC is correctly configured.
----End
----End
----End
IP Internet Protocol
SN Serial Number