Provision, Monitor, and Manage, All from a Single pane of glass.
InControl is Peplink’s cloud-based device management, monitoring, and reporting platform.
The application gives complete control of your Peplink routers, switches and access points from any web browser.
Some of the benefits of using InControl are:
Remote Web admin
Access the web interface of Peplink devices in remote public or private networks.
Bulk Outbound Policy Provisioning
Manage your outbound policies and apply them to a selection of Peplink devices.
Bulk Firewall Policy Provisioning
Manage your firewall rules apply these rules to a selection of Peplink routers
Centralized Firmware Management
Schedule automated firmware updates for groups of devices.
Group-Wide SSID Settings
Configure SSIDs across all devices or assign it to specific devices using tags. Set bandwidth limits, VLAN settings, and MAC Filters.
Customizable Captive Portal
Customize Appearance, Social Wi-Fi login, bandwidth quotas, control every aspect of your captive portal and apply it to any SSID or VLAN.
Centralized SpeedFusion Management
Create SpeedFusion profiles and apply them to selected devices in a group. InControl then automatically configures SpeedFusion VPN settings on the devices, giving you a centrally managed SpeedFusion deployment in minutes.
Prerequisites#
InControl can be accessed from any recent web browser.
Peplink routers, access points and switches that to be managed from InControl need to be within warranty or covered by an InControl Subscription.
The device’s warranty status and InControl subscription status will still be shown, even if the device’s warranty and/or subscription has expired.
When expired, InControl subscriptions and extended warranty can be purchased from a Peplink Certified Partner.
To allow InControl to communicate with your Peplink devices the application uses the following ports:
Port number
Used for
Service
UDP 5246
Data flow
InControl
TCP 443
HTTPS service
InControl
TCP 5246
Optional, used when TCP 443 is not responding
InControl
If you have an InControl subscription, but the device is showing offline, try performing a ping test from your device to ac1.peplink.com.
If you succeed, and the device does not appear online on InControl, you can reach out to your Peplink Certified partner, the Peplink forum, or Peplink support
InControl Subscription Terms and Conditions#
The InControl subscription is a standalone service that enables selected Peplink devices to connect to InControl.
While InControl is included as a part of warranty and PrimeCare, the InControl subscription enables you to connect devices to InControl without any additional subscription services.
Any Peplink device will function on InControl as long as it is subscribed to InControl subscription, Warranty, or PrimeCare. Customers can change between InControl subscription and warranty without any interruption in InControl service.
However, PrimeCare devices are unable to use InControl Subscriptions.
Please refer to the PrimeCare Terms and Conditions for full details.
If a device is no longer subscribed to any service, they will no longer be able to be accessed from InControl.
However, all records from the device’s time under subscription will be retained and will remain accessible on InControl.
If the device re-enters warranty or InControl subscription, it will once again become visible and manageable on InControl. InControl subscriptions are non-transferable, each subscription is specific to the device that it is assigned to.
Click the Signup link, in the lower right corner to start creating an InControl account.
You’ll need a working email address to sign up.
Consider using or creating a Google account to associate this with your InControl user account, it makes the sign in process easier.
Complete the required fields to create your user account and click submit.
You’ll receive a confirmation e-mail that you have successfully created an InControl Account.
Click the Activation link to activate the account.
Return to the InControl webpage to log in with your account.
The first time you log in using your InControl account you’ll be prompted to create your first Organization.
Enter an organization name of choice, country, speed unit and address information.
Click Submit to create your organization.
Next, you’ll need to create at least one group.
On the Create Group page, displayed after clicking the submit button, enter a group name of choice.
Change the address details if required.
Click Create Group to finish.
On the next page Add Devices into Groups, enter one or more serial numbers of your Peplink unit
and click the Next button.
InControl will now start monitoring your Peplink unit and can be managed from InControl.
Device organization#
InControl has several ways to allow you to organize, configure and grant granular access to your Peplink devices.
Each Peplink Device belongs to a Group AND an Organization.
Each Group belong to an organization. Tags can be added to one or more devices in a group for configuration or administrative purposes.
As explained in the User Roles section, some user roles only have access to one or more groups in InControl, others to the whole organization.
Before creating organizations and groups decide if you need to give restricted access to certain devices. InControl has several user roles that allow you to grant specific access to one or more groups in an organization.
Depending on your organization groups can represent locations, companies or another logical selection of devices.
If you have an InControl subscription, but the device is showing offline, try performing a ping test from your device to ac1.peplink.com. If you succeed, and the device does not appear online on InControl, you can reach out to your Peplink Certified partner, the Peplink forum, or Peplink support.
InControl User roles#
InControl has several built-in user roles to provide granular access to organizations and groups depending on the organizational structure of your business.
Below is a description of each of the different types of administrative roles, how to configure them, and the specific levels of access that each role receives:
Organization level
Super Organization Administrator
Organization administrators have full access to your organization. They can view all dashboards, reports, social user data, settings, and device details for all groups. In addition, they can also make configuration changes.
Organization Administrator
Organization administrators have the same access rights as Super Organization Administrators except for social user data access permissions.
Organization Viewer
Organization viewers can view the dashboards, reports, device details, and some settings for all groups. However, they have no editing permissions.
Organization Dashboard Viewer
Dashboard viewers can only see the organization dashboard and the dashboards for any groups. They cannot see reports, settings, or device details, and they have no editing capability.
Group Level
Group Administrator
Group administrators have full access to the group. They can view the dashboard for this group, reports, settings, and device details. In addition, they can also make configuration changes. However, they cannot access other groups in your organization or social user data.
Group Viewer
Group viewers can view the dashboard, reports, settings, and device details for this group. However, they have no editing ability, and they cannot access other groups in your organization.
Group Dashboard Viewer
Dashboard viewers can only see the dashboard for this group. They cannot see reports, settings, or device details. They have no editing capability, and they cannot access other groups in your organization.
Captive Portal Administrator
Captive Portal Administrators have access to the Captive Portal section in this group only. They also have read and deletion rights on social user data.
Captive Portal Report Viewer
Captive Portal Report Viewers have access to the Captive Portal Reports in this group only. They also have read access right son social user data.
Fleet Manager
Fleet Managers have access to the map on this group’s dashboard page only.
Creating a new user#
To create a new user on Organizational Level log in to InControl and select Organization Settings > Organization Settings in the menu.
To create a new user on Group Level, select the required Group and select Settings > Group settings in the menu.
Add the First Name, Last Name and Email address for the new user in the required field.
Select the user role from the drop-down menu, select the + button and save the changes.
Tags#
A TAG is a keyword or term assigned to one or more Peplink units; once assigned, the TAG can be used for several purposes
Tracking
Configuration (apply settings to devices, including SSID, Schedules, Outbound policies, firewall rules, Speedfusion profiles and firmware)
Reporting
Adding a Tag
To configure a Tag, navigate too the Device Level for the applicable unit, select edit and scroll to TAG.
Once there, simply assign the Keyword(s).
A device can have any number of TAGS assigned to it and a TAG can be assigned to any number of Devices in the Group
Bulk Tagging
Tags can be assigned to a group of devices concurrently from the Group Level Dashboard.
Select the “Device Management” option and select the applicable units.
Then select TAG and assign the Keyword(s) to the applicable unit(s).
Settings#
Several settings can be created at the Organization or, more granular, at the Group or Device level that are then applied to your units within that group and organization, or the device itself.
These settings are available from the main menu at the Organization, Group or Device level. Device settings will override group settings, and Group settings override Organization settings when settings are configured on different levels.
General Organization and Group Settings#
The InControl Organization and Group settings sections allow you to configure the Organization’s and Group’s Name, Address, Security Settings and Logo.
These settings can be accessed from Organization settings > Organization Settings at Organization level or Settings > Group Settings at Group Level in the main menu.
At Organization Level
At Group Level
The following settings can be configured
Name
Edit the organization or group Name in the Name field.
Administration
Configure user accounts to allow access to your InControl organization and /or group(s).
Read the User Roles section for more details.
Security (organization level only)
The security options are only available at organization level and configurable from this section:
Idle Time out
Sign out password-authenticated users after
The configured number of minutes in this field
minutes of inactivity. Default is 240 minutes.
Note: Users authenticated with Google ID will not be signed out automatically
Two-factor authentication
Force users to set up and use two-factor authentication
Authenticated with Password
Do not allow users to authenticate with Google ID but username and password
Block Peplink Support
Prevent Peplink support from viewing this organization
Advanced Settings
Auto apply configuration patches to devices
At certain occasions InControl makes configuration patches available for devices. When such patches are available for a device, if this option is enabled, the patch will be sent to the device automatically. If the option is not enabled, InControl will stop all configurations to the device. Administrators will be asked to confirm to apply such patch before the patch and any configuration could be applied to the device.
Show Warranty and Subscription Expiry Dates and Notices to non-Organization Administrators
These options are used to keep certain details hidden from non-Organization Administrators that have access to the InControl organization.
Send Warranty and Subscription Renewal Reminder to non-Organization Administrators
Display Internet & Device Availability on Group Dashboard
Logo & Favicon (organization level only)
To upload another organization logo and favicon to replace the default ones, use the upload option in this section.
Address
Change the Organization Address details by selecting the correct details in the map or assigning the correct longitude and latitude coordinates.
Map (Organization Only)
Choose the map integration for the organization; OpenMapTiles or OpenStreetMap details.
Unit (organization only)
Choose the unit displayed in the Organizations maps and reports, imperial, metric or nautical.
FlightAware API (organization only)
Integration with the FlighAware website can be configured on Organization Level.
When the username and API keys are defined, and a FlightAware Ident is defined on a device’s details page, the devices’ location will be updated from FlightAware every five minutes.
Organization Removal (Organization only)
The organization will be automatically removed after 28 days when all devices have been removed from the organization.
Time (Group only)
The Time zone can be configured at Group level.
Group Management#
The group Management page allows for the creation, deletion, moving and renaming of groups.
Open this page by selecting Organization Settings > Group Management
This will show an overview of groups and the number of devices in each group.
The following options are available in this section:
Select the pencil icon to rename a group.
After selecting the pencil icon, the group name is editable and can be saved or cancelled.
Select these tick boxes to delete or move several groups.
The Create Group page opens when selecting the Create button.
Delete a selection of groups using the Delete button.
Move a selection of groups using the Move to a new organization button.
After selecting the option to move devices the following window will be visible.
Name the organization and select Proceed to confirm to move the devices.
Creating Groups#
To add groups in the Organization, select Organization Settings > create Group from the menu.
Enter the group name and description on the new page; these settings can be changed at a later stage.
Optionally, you can clone settings from another group by selecting the settings and the original group.
If devices need to be rebooted on a regular basis, enable the Scheduled Reboot option.
Select a Country from the drop-down list
Select a location by selecting a point on the map or by adding the location’s latitude and longitude details.
You can use online resources to find the exact latitude and Longitude coordinates. This website for example.
Select the desired Time Zone and choose if devices in this group should follow this time setting.
Adding Devices#
Devices can be added at the Organization or Group level.
Since devices belong to a Group and Organization there is only 1 extra step involved when adding the device at Organization level, which is selecting the group.
The following steps show how to add a device at Organization Level.
Select Organization Settings > Add Devices
Select a group form the drop-down list,
select an existing tag or add a new tag,
And add the serial number(s).
When adding multiple devices, the serial numbers should be comma, space or return separated.
Click Next.
Change the device name and location (if required) in the next section.
Click on confirm to finalize this action, a Message will appear that the device is added successfully.
Device Management#
The Device Management section shows an overview of information about all the devices in a group or organization.
Several changes can be made to multiple devices at the same time after selecting these devices.
This section is available in Organization Settings>Device Management and Group Settings>Device Management.
Device Management at Organizational Level allows you to view the details of all your devices in your organization; at Group Level the details of devices in the group are shown.
The following options are available:
Configure the columns showing details of your devices
Click to Add devices
Status
Device Name
Serial Number
Group
Tags
Product
Uptime
Online Status
Wan
2.4 GHz Channel
5 GHz Channel
Usage
Clients
Firmware
Last Config Applied
InControl Detected IP
The Column order can be changed by keeping a column selected with your mouse and by dragging it to the desired position.
Select the required options and click OK to save the settings or Reset the Default Order.
The order of the devices in view can be changed by selecting the required column.
The device names of Selected Devices are shown in the top bar in the overview of the device management section. Tags can be added to the selected devices or an action can be applied to the selected devices.
The InControl Detected IP in the equally named column is not always the WAN IP address of your Peplink Router. It could be the NAT-ted WAN IP address of the broadband connection depending on your network configuration.
Add or remove Tags and icons to or from the selected devices by selecting the Tags button.
Icons can be used as tags as well and be added to one or more units.
Several actions are available by selecting the actions drop down bar.
Options that are not available for the selected devices (because they apply to different Peplink devices not in the group) are Greyed Out.
The following options can be configured from this view:
Action
Description
Move to
Move devices to a different group
Remove
Remove devices from the organization
Firmware
Apply a firmware policy
Find My Peplink
Configure the Peplink DDNS service
Wi-Fi AP State
View the Wi-Fi status of Access Points
AP Routing Mode
View Access Point routing mode status
Enable DPI
Enable Deep Packet inspection
DHCP Snooping
Configure DHCP snooping for Peplink switches
STP Bridge priority
Configure STP Bridge priority for Peplink switches
Enable collecting Wi-Fi analytics data
Enable collecting Wi-Fi analytics data
Lock cellular WANs to currently active SIM Cards
Lock cellular WANs to currently active SIM Cards
Remove GPS Data
Remove GPS Data
Data Roaming
Configure Data Roaming
Update cellular module firmware
Update cellular module firmware
Firmware management#
Firmware policies can be created on organization, group or device level and assigned on a per device basis.
Firmware can be upgraded automatically for all Peplink and Pepwave models at a scheduled time.
To assign a firmware policy select organization settings > firmware or group settings > firmware policy.
The image below shows the firmware policy on organization level, which is similar to the group level.
A table shows each device model within the organization or group, the hardware revision, details about the group or organization policy assigned and a dropdown list to assign a policy.
Assign the desired firmware version from the drop-down list, upload a custom firmware or disable firmware management.
Update Schedule
Underneath the product table is a section to create an update schedule.
Creating a schedule with a time interval of approximately 15 minutes will prevent devices to upgrade and restart at the same time.
On the bottom of the page is a section showing the pending firmware update schedules.
The options on device level are similar but the layout of the page is adapted to the device specific information.
Updating Firmware by Group or Organization
To assign a firmware policy select organization settings > firmware or group settings > firmware policy.
Here you can select which firmware to update on which device models. These configurations will appear in all devices within the group. Firmware update schedules can be configured for the organization or group.
Click Save Changes to complete the process.
Updating firmware on Individual Devices
On the individual device page, navigate to Settings > Firmware Management
Select the desired firmware from the device list.
Press Save Changes to apply your changes.
Operational Log#
The operational log, available in Organization > Organization Settings > Operation Log, keeps track of significant events and activities in the InControl organisation.
Activities can be searched by asset, activity, time or user account.
This allows for auditing user access to groups and devices within the organisation.
The recorded details are:
Time
UTC
Admin
User Account Name
Group
Group Account Name
Device
Device Account Name
Page
Menu Option Accessed
Label
Change or “Action Taken”
Old Value
Setting before Change
New Value
Setting after Change
Data in the operational log is stored for the lifetime of the organisation.
Results can be filtered by using the Search field.
To filter out information regarding a single event use a mac address, group name, administrator name or any other word matching a word in one of the fields in the operational log.
Notifications#
Email notification profiles are created InControl to send email alerts about system events to the administrators or other email addresses.
Several Notification Profiles can be created with different information for different devices.
The section can be accessed from the Group Level menu in Settings > Notifications.
General Options
The following General settings can be configured:
Enabled
Enable or Disable the Notification Profile
Devices Notify for…
Select the devices to collect the notifications from using ‘Tags’
Silence Period
Configure a silence period for weekdays and weekends to stop any notifications during that period.
E-mail Notification Subscriptions
Event notifications can be sent to different people; this is a configurable option for each e-mail notification subscription. This could be all organization and group admins, all group admins, an organization or group admin, or another email address.
Some events have different notification levels.
Up to three notification levels can be configured to send an email after x number of minutes.
Device Online / Offline
Bandwidth Usage
SIM Card Insertion / Removal
HA Transitions
AirProbe Alarms
SIM Card Switch Over
Wan Up / Down
ContentHub Storage Alarms
Web Admin Logins
PepVPN / SpeedFusion Up / Down
Configuration Changes Applied
LAN Port Up / Down (not supported on all models)
Smart Reader Attachment / Detachment
HTTPS Notifications
A HTTP/S POST call will be made to the specified URL for the enabled events. The POST data is an array of events in JSON format:
For any errors (e.g. an HTTP response code greater than or equal to 300 received, network timeout, etc.), it will retry at most five times every one minute.
You will receive notifications if you have installed the InControl app and signed-in as with your InControl user account. You can choose what notifications to receive within the app.
To download the app follow this link.
InControl Options#
The InControl Options in Group Settings are used to configure how the devices in the group are managed by InControl. This affects the data usage of the devices. The section is available from Group Settings > InControl Options.
Estimated Base Data Usage
After clicking for more options, a Base Data Usage Calculator pops up to enable the user to calculate the estimated InControl usage when several options are enabled or disabled.
The estimation is calculated with the following assumptions:
No clients, events, remote web admin, remote assistance, or feature add-on activation
3 SSIDs defined on Wi-Fi AP
Device goes offline and online no more than once per day
Network time synchronizations always succeeds
An estimated data usage for the group will be visible to show an estimated amount of data that will be used by the devices in the group to communicate with InControl.
InControl options
The following options can be configured:
Disable Device Configuration
InControl can solely be used for monitoring purposes when Device Configuration is disabled.
Auto roll back device configuration
If devices cannot reach InControl after receiving a configuration from InControl, the configuration will be rolled back. If the device fails to connect to InControl after 10 minutes, it will automatically roll-back to the previous configuration.
Auto apply configuration patches to devices
In order to fix errors, sometimes InControl needs to send some configuration patches to devices. When such patches are available for a device, if this option is enabled, the patch will be sent to the device automatically. If the option is not enabled, InControl will stop all configurations to the device. Administrators will be asked to confirm to apply such patch before the patch and any configuration could be applied to the device. Alternatively, the group can follow the organization setting.
Disable Firmware Management
InControl firmware upgrade configuration cane be disabled by ticking the checkbox.
Low Data Usage Mode
When low data usage is enabled, the minimum amount of data is sent to the device. Devices’ WAN health checks will be forcefully disabled. You will have to manually enable health checks on the web admin when you disable this mode.
Disable Device Reporting
Devices send reporting data to InControl regularly which incurs data usage. Disabling device reporting could save devices’ data usage.
Captive portals will fail to operate when this option is checked.
Disable Live Status Queries
Live status queries incur data usage and are blocked when this option is checked.
Captive portals will fail to operate when this option is checked.
GPS Location Collection
By default, 30 GPS location points are retrieved from a device every minute. To change data usage and location accuracy, this setting can be changed to 60 location points every minute, 1 location point every 30 minutes, 1 location point every hour the service can be disabled.
Minimum Communication Interval
Configure the communication interval (Default: 28 seconds. Minimum: 28 seconds. Maximum: 60 minutes). When a device has sent no data to InControl for more than this amount of time (T), it will send a heartbeat to InControl to maintain a two-way communication channel. A device will be treated as offline if InControl has received no data from it for more than 3 mins and T×2+2 secs when T<=30 and T>30 secs respectively.
Real-time communication with devices may be delayed and InControl managed captive portals may not work for any interval longer than 30 seconds if a NAT router is present in the communication path.
Save the changes to apply the new settings.
Device System Management#
The Device System Management section allows you to configure the local device web admin management, reboot schedules and external InControl Appliance settings for devices in a group. Navigate to Groups Settings > Device System Management to view and configure these settings.
Device Web Admin Management
Device Web Admin management can be enabled by selecting the tick box.
General
The admin and read-only User username on the devices in the group can be changed.
A password can be assigned to these user accounts for all devices. Alternatively, a random password can be assigned to each device.
The Read-only Username can be Disabled.
Web Session Timeout
The Web Session Time-Out indicates the time before a web login session gets logged out automatically if it has been idle longer that the Web Session Timeout. 0 hours 0 minutes signifies an unlimited session time. This setting should be used only in special situations as it will lower the system security level if users do not logout before closing the browser.
Default: 4 hours 0 minutes
Web Admin passwords can be downloaded within this section by selecting the ‘Download admin passwords’ link.
Authentication using RADIUS
When this option is enabled, the web admin will authenticate using an external RADIUS server. Authenticated users are treated as “admin” users with full read-write permission. Local “admin” and “user” accounts will be disabled. However, when the device fails to communicate with the RADIUS server, local accounts are enabled to allow emergency access.
Web Admin Access
Select an option from the drop-down list to allow Web Admin access from LAN, WAN or both. Access to the Web Admin can also be restricted to specific source IP subnet(s). This is applicable only when LAN / WAN is selected in the Web Admin Access field above.
If Any is selected, web admin access is allowed from anywhere without any IP address restriction.
Each IP subnet must be specified in IDR Subnet Mask Notation
Separate each IP subnet on a single line to define multiple subnets. For example: 192.168.0.0/24 10.8.0.0/16
To further enhance security the Web Admin Access port can be changed from the default 80 for HTTP or 443 for HTTPS.
Scheduled Reboot
The
Daily or Weekly Reboot schedules are configured in this section and applied to all or some devices using tags. Select the required settings from the dropdown lists. If several reboot schedules are applied to the same device, only the first matched rule will be applied.
External InControl Appliance Settings
When an External InControl Appliance is used, public InControl can still be used as a failover. The external InControl appliance details need to be configured in the correct fields. Failover to public InControl is optional.
If you use a private InControl appliance, add ALL serial numbers to both the “private ICVA” AND a Group on Public IC2. Then configure “By Redirection”. This means, if a device is factory reset, it will automatically re-direct to the Private ICVA. It also means that no-one else can register that device in their Public InControl organisation.
Device IP Settings#
Device IP settings for LANs can be automatically configured using the Network settings > VLAN settings section, but these settings can also be imported into InControl using a template in .csv format containing the serial numbers and IP details of one or more devices in a particular group.
Navigate to Group Settings >Device IP settings The available configurable options are displayed within this section, complete with a description of the configurable options and examples of the value of the format.
Download the Peplink Balance/ Pepwave Max template or Pepwave AP template to your computer and open the file with a spreadsheet program (Google sheets, Microsoft Excel or OpenOffice Calc). Add the Serial numbers and IP settings in the matching fields, save the file and drop the csv file into the Import IP settings field in InControl.
A confirmation message will be shown, and the imported data will be visible in the same section.
Select the Import button to start pushing these settings to the device in the group.
Check your devices and event log to make sure the new settings have been applied.
Device Schedule#
Device time schedules are managed from Group Settings > Device Schedule
Outbound policies, firewall rules, Wi-Fi radios, SSIDs and Switch PoE ports can be enabled or disabled during certain time periods. This can be achieved by assigning a schedule to the configuration of that specific service.
Device Schedule Management can be enabled by using the checkbox.
Start creating a new schedule by selecting the ‘Add’ button.
Each individual schedule can be enabled or disabled. Enter an appropriate name for the schedule. Choose a scheduled template form the drop-down list. Choose between Always on, Always off, 8am to 5pm weekdays only, weekdays only or a custom. Custom time schedules can be created by keeping the mouse button clicked while dragging the mouse over the schedule map.
The schedule details and which services the schedule is applied to will be visible in the overview. Schedules can be deleted from the overview using the bin icon in the Action column.
Geo-Fencing#
Geofencing allows the use of GPS to create a virtual geographic boundary, enabling InControl to trigger a response when a mobile device enters or leaves a geo-fenced area. Geofencing is supported for devices with built-in GPS.
The Geofencing section is available within the group settings.
After selecting “Geo-Fencing” you can add a new Geo-fence option. The window below will show up, in which you can add a “Ring” or “Path” to create a “zone”. Multiple zones can be added to the same Geofence. This “fence” can then be applied to all or some devices (using “tags”).
When the GPS-enabled Peplink router leaves the geo-fenced area, the following actions can be triggered:
Email-notification
HTTP /HTTPS notification
Enable / Disable Wi-Fi AP (access point)
Device Tagging
Sample use cases
Geo-based SSID – to enable an SSID A when a device is in zone A, and to enable an SSID B (and disable SSID A) when the device moved to zone B.
PepVPN / Speedfusion tunnel selection based on the geographic location
When a Geo-fence is created or modified, or newly applied on a device, by default, no action will be performed until the device(s) enters/leaves the Geo-fenced area. The specified actions will be performed as soon as InControl receives the devices’ next location points. E-mail notifications will be sent out for each of the devices (if enabled).
If a device is selected by more than one fence, only the topmost fence will apply.
Bulk Configurator#
Changing Bulk configuration options can be applied to other units with the same product model by using an existing config file from a Peplink or Pepwave device. This option is accessible from Group Settings > Bulk Configurator.
The Bulk Configurator will push the configuration file(s) onto the corresponding applicable devices. In addition, it will also individualize the following settings if applicable:
Wi-Fi AP SSID and Radio *
PepVPN / SpeedFusion *
VLAN Networks
Outbound Policy *
Firewall Rules *
Web Admin Settings *
Device name
Time zone *
Wi-Fi AP on/off state, Remote Assistance state, WANs’ Dynamic DNS settings and PPPoE credentials in the configuration file(s) are discarded and not applied.
* When its management option on InControl is disabled, its setting in the configuration file(s) will be applied.
When more than one configuration is assigned to a device, the topmost one will be applied.
Config file management
After configuring a Peplink or Pepwave with the required settings, download the configuration file from the local web admin or InControl device details.
A new window will appear after selecting the ‘Upload New Config file’ button.
The new window will show details of the product model. Optionally PepVPN settings can be preserved, but InControl PepVPN management will have priority over these bulk-configuration settings.
The Configuration time and Device selection need to be configured to decide which units receive the new settings at what time.
Warranty and Licenses#
The Warranty & License section can be accessed from Organization Settings > Warranty & License, which shows an overview and tools to help manage warranty and licenses for all the physical devices in the organization AND the licenses for Fusionhub virtual appliances.
Service Status
The service status table shows all devices, the product details, the group, service status and Service expiration date. The table is sortable by each individual column header, this is changed by clicking on the table headers. A filter can be applied too.
FusionHub Licenses
FusionHub is the virtual SpeedFusion appliance from Peplink. With FusionHub, you can establish SpeedFusion connections between cloud servers and physical Peplink devices. FusionHub licenses can be imported, released and acquired in this section.
FusionHub Solo is a free virtual appliance that can be acquired by following the instructions.The FusionHub Solo allows a SpeedFusion VPN configuration to the cloud to be able to bond all available Wan connections into one reliable, fast connection.
Network Settings#
The network settings in InControl allows you to configure your VLAN networks and properties, outbound policies and firewall rules, captive portals for VLANs, access control lists and grouped networks which can be used as a source or destination in outbound policies and firewall rules.
Outbound Policies Rule Sets#
The Outbound Policy section allows you to manage how your LAN-to-Internet traffic is routed according to the rule/algorithm options. Before configuring Outbound Policies take note of the following:
• Only devices running firmware 8.0 or above support Outbound Policy rule sets created in InControl. • Make sure the up and download bandwidth values for the network WAN connection(s) are configured for the outbound policies to work properly.
A rule set refers to the entire set of rules as defined in the device’s outbound policy page (Network > Outbound Policy). Within the rule set, each rule applies to a name-specific WAN connection (e.g. WAN 1). When applying imported rule sets to selected devices, only WAN connections with matching names (e.g. WAN 1) will be imported. If the rule has no matching WAN connections, then the rule will not be applied to the selected device.
For example, to apply a rule that enforces traffic to “WAN 1”, each selected device also needs a WAN called “WAN 1”. For devices without a “WAN 1”, the rule will be excluded.
The same logic applies to PepVPN profiles available in Priority and Enforced algorithms: the name of the rule’s PepVPN profile needs to match with the name of a PepVPN profile on the selected devices in order for the rule to be applied.
Select the tick box to manage Outbound policies on devices in the group.
Several rulesets containing one or more outbound policies can be created and applied to one or more devices in the group using tags. Existing Outbound policy rule sets can be imported using a Peplink configuration file or can be newly configured.
Importing Outbound Policy rules
Outbound policies can be created on the local device and imported using the Pepllink configuration file. To start Click the “Import Rule Set from Configuration File” button.
A window will pop up showing all the Outbound policies available in that configuration file. This will create a new Outbound Policies Rule Set when saved. Before saving select the options to enable or disable individual outbound policies. Select if the rule set should be applied to All Balance and Max devices or a selection of your devices using ‘tags’.
After being saved the rule set will be available from the main Outbound Policy section in InControl.
Creating a new Outbound Policy rule set
Start creating a new rule set by selecting the “Create rule set” button.
Each new rule set contains a “HTTPS_Persistence” rule which makes sure HTTPS sessions are not interrupted when the originating IP address changes mid-session. Create new rules by using the “Add rule” button.
Configure the following options to create a rule:
Name
Name
Source
Choose between Any (all traffic), IP address, IP Network, MAC Address or Grouped Network as the traffic source.
Destination
Choose between Any, IP Address, IP Network, Domain Name, PepVPN Network, Grouped Network, SaaS or Region.
Protocol
Choose between Any, TCP, UDP or IP address to define the traffic kind. Port numbers for certain traffic can be configured using the port number or select the protocol from the drop-down list (for example FTP, Citrix, SMTP).
Algorithm
Choose the algorithms “weighted Balance”, “Persistence”, “Enforced”, “Priority”, “Overflow”, “Least Used”, “Lowest Latency” and “Fastest Response Time”
Load Distribution Weight
Add the Wan connections and Weight to distribute the traffic proportionally over several WAN connections.
When no Connections are available
This option allows you to configure which action to take when a rule set applied to a WAN that is disconnected or down. Choose between “Drop the traffic”, “Use any available connections or “fall-through to the next rule”
Outbound policies configured on the local device are overwritten or preserved (default) depending on the configuration.
using the SaaS (Software as a Service) option as a destination in the Outbound Policy allows for controlling the way “G Suite” or “Microsoft Office 365” traffic is routed. Using the region option as a destination allows for controlling traffic to servers in a specific country.
Outbound Policies - Weighted Balance#
Weighted Balance rules enable configuring the proportion of outgoing data traffic to be handled by each WAN link by setting a weight via the slider bar for each connection and outgoing traffic will be proportionally distributed according to the specified ratio. (e.g. 1:3:2)
Common use case
Assign more traffic to a faster/ cheap WAN connection or less traffic to a WAN connection with a bandwidth cap.
Outbound Policies - Persistence#
Persistence rules make specified types of traffic (eg: HTTPS) to always be routed through a particular WAN link based on source or destination IP address(es). Traffic will keep routing on the same connection until the session ends.
Common use case
Eliminate session termination issue for HTTPS, E-banking, and other secure websites
Outbound Policies - Enforced#
Enforced rules result in the routing of specified type(s) of traffic through a particular WAN connection or VPN connection, regardless of its up/down status.
Common use case
For scenarios like accessing a server that only allows users from a specific IP.
Outbound Policies - Priority#
Route traffic to your preferred link when available. Priority rules specify the connection priority order of the available WAN links (or VPN connections) in which traffic is to be routed. A priority value is configured for each WAN link; the highest-priority available WAN link will be utilized; lower-priority WAN links will be utilized in the priority sequence in the event of WAN link unavailability.
Common use case
For scenarios that you have a main WAN connection to use and leave secondary (more expensive) WAN connections as a backup.
Outbound Policies - Overflow#
Traffic will be routed through the healthy WAN connection that has the highest priority and is not in full load of downlink bandwidth. When this connection gets saturated (95% of defined download bandwidth), new sessions will be routed to the next healthy WAN connection that is not in full load.
The overflow outbound policy is not available to cellular WAN connections. Because available speeds can fluctuate extensively it is not possible to calculate when a cellular WAN is nearing full capacity.
Common use case
Prevent traffic flow from slowing down when the connection runs out of available bandwidth.
Outbound Policies - Least Used#
The traffic matching this rule will be routed through the healthy WAN connection with the most available down link bandwidth.
Common use case
To ensure the connection with the most available bandwidth is used.
Outbound Policies - Lowest Latency#
Periodic latency checking packets are sent to the WAN connection. Latency will then be determined by the response time of the second and third hops. The traffic matching this rule will be routed through the healthy WAN connection with the lowest latency. On current firmware, the default “Auto” rule uses the lowest latency algorithm.
Common use case
Useful for time-sensitive applications such as online gaming. useful when using multiple cellular WAN connections.
Outbound Policies - Fastest Response Time#
Use the fastest connection based on session response. Fastest Response Time evolved from the Lowest Latency algorithm.
At the start of each session, traffic is duplicated and sent to all healthy connections. When the first response is received from a remote server, any further traffic for this session will be routed over that WAN connection for the fastest possible response time. If any slower responses are received on other connections afterwards, they will be discarded.
Common use case
Useful for time-sensitive applications such as online gaming.
What is the difference between the “lowest Latency” and “fastest Response” Outbound policy?
While the Lowest Latency algorithm gets the response from the second or third hop, the Fastest Response algorithm gets the response from the destination. Another important difference is that the Lowest Latency Algorithm performs the check at a fixed interval, while the Fastest Response algorithm performs the check at the start of each session.
In most situations, the “Fastest Response Time” algorithm will provide the most accurate measurement. However, there are two situations where you may still want to use “Lowest Latency”
For sending traffic that does not require a response (i.e. single direction UDP Stream)
For situations where bandwidth is limited, and duplication of packets is not allowed.
Firewall Rules#
A firewall is a mechanism that selectively filters data traffic between the WAN side (the Internet) and the LAN side of the network. It can protect the local network from potential hacker attacks, access to offensive websites, and/or other inappropriate uses.
The firewall functionality of Pepwave routers supports the selective filtering of data traffic in both directions:
Outbound (LAN to WAN)
Inbound (WAN to LAN)
Between Internal Networks (VLAN to VLAN)
The firewall also supports Intrusion detection and DDoS attack prevention.
Select the tick box to manage Firewall Rules on devices in the group.
Before configuring firewall rules, take note of the following:
A rule set refers to the entire set of rules as defined in the device’s firewall page (Network > Firewall > Access Rules). When an inbound firewall rule in a rule set specifies a particular WAN only, only devices that have a WAN name identical to the WAN name specified in the rule will receive the rule. Devices without the specified WAN name will not receive the rule.
For example, to apply an inbound firewall rule that allows traffic to “WAN 1”, the rule will be applied to devices that have a WAN named “WAN 1”. The rule won’t be applied to devices without a WAN named “WAN 1”.
Importing Firewall rules
Firewall Rules can be created on the local device and imported using the Peplink configuration file. To start Click the “Import Rule Set from Configuration File” button.
A window will pop up showing all the Firewall Rules available in that configuration file. This will create a new Firewall Rule Set when saved. Before saving select the options to enable or disable individual firewall rules. Select if the rule set should be applied to All Balance and Max devices or a selection of your devices using ‘tags’.
After being saved the rule set will be available from the main Firewall section in InControl.
Creating new fire wall rule sets
Start creating a new rule set by selecting the “Create rule set” button.
A firewall rule set consist of one or more Outbound, Inbound and Internal Network Firewall Rules.
The following options are available in the firewall rule settings:
Firewall Rules configured on the local device are overwritten or preserved (default) depending on the configuration.
Using the SaaS (Software as a Service) option as a source or destination in the Firewall Rule allows for controlling traffic matching the application. Using the region option as a destination allows for controlling traffic to servers in a specific country.
Outbound Firewall Rules#
The Outbound Firewall rules have a priority order that determines the order in which the rules are applied to network traffic. The rules are applied from top to bottom. The first rule that matches the traffic will be applied and overrides all the other rules below.
Configurable options for a Outbound firewall rule are:
Name
Outbound Firewall Rule name
Enable
Define if the rule is disable, enabled or following a configured schedule.
Protocol
Choose between Any, TCP, UDP, ICMP and IP and select a particular protocol from the dropdown list of services.
Source
Configure the source of the traffic based on IP address, IP Network, Mac Address, Grouped Network or Access Control List. A Single Port number or Port Range can also be defined.
Destination
Configure the destination of the traffic based on IP address, IP Network, Mac Address, Grouped Network, SaaS, Region or Access Control List. A Single Port number or Port Range can also be defined.
Action
Define if traffic matching this rule is Allowed or Denied of leaving the network
Event logging
Enable Event logging if required.
Inbound Firewall Rules#
The Inbound Firewall rules have a priority order that determines the order in which the rules are applied to network traffic. The rules are applied from top to bottom. The first rule that matches the traffic will be applied and overrides all the other rules below.
Configurable options for a Inbound firewall rule are:
Name
Outbound Firewall Rule name
Enable
Define if the rule is disable, enabled or following a configured schedule.
WAN Connection
Specify the WAN connection to allow or deny certain traffic
Protocol
Choose between Any, TCP, UDP, ICMP and IP and select a particular protocol from the dropdown list of services.
Source
Configure the source of the traffic based on IP address, IP Network, Mac Address, Grouped Network or Access Control List. A Single Port number or Port Range can also be defined.
Destination
Configure the destination of the traffic based on IP address, IP Network, Mac Address, Grouped Network, SaaS, Region or Access Control List. A Single Port number or Port Range can also be defined.
Action
Define if traffic matching this rule is Allowed or Denied of leaving the network
Event logging
Enable Event logging if required.
Internal network Firewall Rules#
Internal Network Firewall Rules options are similar to inbound and outbound firewall rules but defines if traffic between VLANs is allowed or blocked.
The Internal Network Firewall rules have a priority order that determines the order in which the rules are applied to network traffic. The rules are applied from top to bottom. The first rule that matches the traffic will be applied and overrides all the other rules below.
Configurable options for a Internal Network firewall rule are:
Name
Firewall Rule name
Enable
Define if the rule is disable, enabled or following a configured schedule.
Protocol
Choose between Any, TCP, UDP, ICMP and IP and select a particular protocol from the dropdown list of services.
Source
Configure the source of the traffic based on IP address, IP Network, Mac Address, Grouped Network or Access Control List. A Single Port number or Port Range can also be defined.
Destination
Configure the destination of the traffic based on IP address, IP Network, Mac Address, Grouped Network, SaaS, Region or Access Control List. A Single Port number or Port Range can also be defined.
Action
Define if traffic matching this rule is Allowed or Denied of leaving the network
Event logging
Enable Event logging if required.
Intrusion Detection and DoS prevention#
Intrusion Detection and DoS prevention can be enabled within the rule set. InControl can apply settings to detect and prevent intrusions and denial-of-service (DoS) attacks from the Internet. To turn on this feature tick the Enable check box. When this feature is enabled, the Pepwave router will detect and prevent the following kinds of intrusions and denial-of-service attacks.
Port scan
NMAP FIN/URG/PSH
Xmas tree
Another Xmas tree
Null scan
SYN/RST
SYN/FIN
SYN flood prevention
Ping flood attack prevention
Grouped Networks#
The Grouped Networks option allows users to define their own grouping of IP addresses, which can be used for creating firewall rules and outbound policy rules. Instead of creating many individual policies based on a single IP address, a single policy can be created that is assigned to a particular Grouped Network.
To create a Grouped Network select Add Network Group.
A new window opens:
Add the group name and IP ranges and click Save.
The new Grouped Network can now be selected from the Group Policy and Firewall Rules “source” and “destination” options.
Access Control Lists#
Access Control Lists (or ACL’s) are lists of Mac Addresses from network devices which can be used to allow or deny access to SSIDs, Firewall, and Captive Portal profiles within the group. The option can be found in the menu following group settings > network settings > access control lists and is available to groups that contain Balance, MAX, and AP One devices.
To create a new ACL select Add Access Control List, name the ACL, add the MAC addresses for client devices and save the List.
VLAN Networks#
A VLAN or Virtual LAN is a custom network created from one or more existing LANs. It enables groups of devices from multiple networks (both wired and wireless) to be combined into a single logical network. The result is a virtual LAN that can be administered like a physical LAN.
Because VLANs can be configured on the local device AND InControl take note of the following:
VLANs defined on a device but not on InControl are “device managed”. InControl will not manage them.
VLANs defined on both a device and InControl are “InControl managed”, which means that:
InControl will control their Name, Inter-VLAN Routing option, and Captive Portal settings.
Their IP settingswill be kept intact.
When a VLAN is removed from InControl, it will be removed from the device as well.
If a VLAN gets defined on InControl but not yet on the device, it will be defined on the device as well. Its
IP address will follow the Default IP Address setting.
Default VLAN
The Default VLAN is the VLAN which all Access Ports are assigned to until they are explicitly placed in another VLAN. … Typically, this VLAN is only relevant on an Access (untagged) ports port, which is a port that sends and expects to receive traffic without a VLAN tag.
If you want untagged frames to be forwarded between trunk ports only and do not want them to leave from any access port, you could create an extra VLAN and set it as the default VLAN.
If you do not want to accept any untagged frames, change all trunk ports’ Accept Frame Type option to “VLAN tagged only”.
Add a VLAN#
Click on the Add VLAN Network Button.
Fill in the different sections to configure the new VLAN and save the settings.
NOTE: There is a different section for Peplink Switches and Routers. Since firmware 1.2, to configure an SD Switch’s IP address, please select the switch’s device level “VLAN Network IP Settings” item under the Settings menu.
General
Name
VLAN ID
Applied devices (by tag or type)
Settings for Peplink SD Switch
IP settings
Host Name
DNS servers
Settings for Peplink Routers
Default IP Address
Subnet Mask
Inter-VLAN Routing
Captive Portal
DHCP Settings
DHCP Server
DHCP Server Logging
Exclude IP Addresses
Lease Time
DNS Servers
Captive Portals#
The Captive Portal is a webpage that automatically pops up when customers and guests connect to your Wi-Fi or LAN. Clients can connect using multiple authentication methods, including email, Social media accounts, tokens or even SMS text messages. A Captive Portal can be configured within InControl to require clients accessing your network to enter a valid logon mode. The Captive Portal is GDPR compliant and the portal page can be customized. Captive Portal can be assigned to a VLAN using the VLAN configuration or a SSID (for Pepwave Access Points’s only) using the SSID configuration settings.
Configuration
Open the Captive Portal section from the menu following Group Settings > Network Settings > Captive Portals.
To create a Captive Portal, select the New Captive Portal button and configure the options in the new window.
Click on the information button next to the New Captive Portal button to redirect clients to an external Captive portal.
Enable
Tick box to enable or disable the Captive Portal.
Name
Name of the Captive Portal (identification purposes only)
Company Name
Company Name
Access mode
Enable one or more access modes as the authentication method. There are several access modes to choose from.
Access modes
The following access modes are available to choose from for the Captive Portal Authentication.
Social
Allows clients to log on user their Social Media credentials.Supported applications are Facebook, Google ID, Twitter, Instagram, LinkedIn and Sina Weibo. Tick the appropriate box to enable these logon methods. A Social Media ID is optional, a customised background image ad logo will be used when a Social Media ID is configured.
Open Access
Open Access allows unrestricted access to the SSID without authentication; however, access can be controlled using a filter or ACL, and a daily quota can be configured to limit usage.
Email
When email authentication is enabled an email is sent to the client’s email address. The client gains access after confirming the details in the received email within the configured time allowed for e-mail checking.
Token
Access Tokens can be configured to grant clients internet access using the Captive Portal.
After clicking the Generate button you can choose the amount of tokens to generate, the token format (amount of characters and have a choice between numbers, lowercase letters, mixed case letters and letters & numbers) and the amount of time tokens should be valid.
SMS
To enable authentication using SMS you first must configure the SMS service settings for Captive portal in the InControl group settings.
After selecting manage the SMS Settings for Captive Portal you can add the service name and provider details. Peplink only supports Twilio as a service Provider This is in fact the phone number that will send SMS messages to your Wi-Fi users. Once you have added and saved these settings, return to the Captive Portal SMS access mode settings.
The “SMS” options are similar to the “Token” options. You have an option to set the length of the tokens and the amount of time for SMS checking in minutes. Your Wi-Fi users will be asked to fill in their phone number and will receive a token to access the SSID in a SMS (text) message as shown in the image below.
Daily Quota
A Daily Time and/or usage-based bandwidth quota is configurable to limit client access to internet.
Reset Quota
Quota can be reset at a configurable time or after a configurable period.
Guests required to sign in…
The amount of time after guests are required to sign back into the Captive Portal.
The options are once only, every dayorafter a quota reset (which is the default setting) or every time they connect to the SSID.
Allowed Networks and Clients
Access to the Captive Portal can be restricted by only allowing devices with a certain domain name / IP address, IP subnet or MAC address or selecting a ACL (Access Control List) from the drop down list.
Landing Page
A landing page is the URL that is opened after clients connect to the SSID
This feature is not compatible with Android devices. Clients can be redirected to a URL of choice or shows a start-browsing button instead.
Preview and customization
The Captive Portal can be previewed and customized within InControl The Splash Screen and Signed-In Screen Text, Language, Colour, Logo and Background Image can be edited by following the Preview and Customization link.
PepVPN / SpeedFusion#
Peplink’s patented PepVPN/SpeedFusion technology is a point-to-point VPN technology which can bond the bandwidth of several WAN connections into one single encrypted connection between several Peplink units.
InControl can be used to configure and monitor the PepVPN Speedfusion configuration. PepVPN/Speedfusion can be configured at the organization or group level. The PepVPN/Speedfusion section is accessible from the main menu on each level. At the Organization/Group Level, choose PepVPN/Speedfusion> Configuration.
PepVPN/Speedfusion VPN tunnels can be created between 2 or more Peplink /Pepwave devices even when they are not in the same organization.
Configuring PepVPN/SpeedFusion profiles#
The options to create a new profile depend on the chosen topology. In the example below is described how to create a profile choosing the star topology. Steps to create profiles using other technologies are almost identical to each topology; options that are not compatible with a topology are not displayed or configurable. Choose between the following topologies when creating a new Speedfusion profile.
Star Topology
In a star topology, every host is connected to one central hub. This is also known as a hub and spoke topology.
Fully Meshed Topology
A PepVPN/ SpeedFusion connection will be created between all devices selected using this topology.
Point-To-Point Topology
A PepVPN/ SpeedFusion connection will be created between the two devices selected using this topology.
To start creating the profile select Add Profile.
Choose the topology of choice; Star, Fully Meshed or Point-to-Point
First select the device acting as the hub from the group and device drop down lists.
The Hub device IP addresses and host names will be automatically filled with the IP addresses known by InControl, but these can be changed manually if needed.
It is possible to enable disaster recovery for a Speedfusion profile. This a second, lower priority set of PepVPN tunnels between each endpoint and the secondary hub which will be used when the primary link is unavailable. Each endpoint used in this configuration needs to support 2 PepVPN licenses.
Next, elect the End Point Devices.
Several profile options need to be configured in the next step:
SpeedFusion profile Name
Name of the Speedfusion profile
Dynamic Links
When ticked this option allows individual links in this profile to be dynamically enabled whenever both the hub and endpoint devices have a preselected ‘trigger’ tag applied to them.
This is commonly used with the geofencing options to allow hubs to service specific geographic areas.
Encryption
Enable 256-bit AES encryption or turn encryption off.
Nat Mode
Note: NAT Mode and Layer 2 Bridging options cannot both be active at the same time.
Data Port
This is the outgoing UDP port number for transporting VPN data. By default, UDP port 4500 is used.
Send all traffic to remote Hub
By default, only traffic that is destined for the remote hub will use the PepVPN /SpeedFusion tunnel. Other traffic, like internet browsing, will be routed directly to the internet, not via the remote hub. When this option is selected, all traffic will be sent through the PepVPN / SpeedFusion tunnel.
Link Failure Detection Time
Sets the maximum time a link can remain idle before a health check packet is sent to ensure connectivity. This is 15 seconds by default.
Setting shorter detection times will increase the frequency of health checks and incur a higher maximum bandwidth overhead.
Path Cost
Base OSPF cost used to determine the best route through the network. The higher the cost the less preferable the route (i.e. traffic will prefer the path with the lowest cost.)
Maximum allowable difference in round trip time (in milliseconds) between the highest and lowest latency connections.
Cost metrics for individual links can be adjusted through the Advanced Link Settings
Max Latency Diff
Connections exceeding this limit will be temporarily unused for data transfer until latency conditions improve.
Limits for individual links can be adjusted through the Advanced Link Settings
Note
Field to add notes.
Select the next button to show a summary of the new PepVPN/SpeedFusion profile. Check the profile settings before saving the profile by selecting the Finish button. You Speedfusion VPN profile has now been configured and will be pushed to the devices the next time they are online.
Advanced Speedfusion profile settings#
When creating the PepVPN /SpeedFusion profiles an option can be selected to show advanced settings for each configuration. These advanced settings can be used to manipulate the data traffic in the SpeedFusion profile and overcome common problems.
The following advanced settings are configurable from inControl:
Suppress Endpoint IPs
Removes endpoint IP’s from the hub site configuration. This will prevent unnecessary configuration updates (and link disconnections) on the hub site whenever one of the endpoint IP addresses change.
Unless your network requires that PepVPN connections must be initiated from the hub site, enabling this option is recommended.
If hub-initiated connections are required, configuration update frequency can be reduced by enabling dynamic DNS addressing on the associated endpoints.
Changing this option will cause all existing connections in this profile to disconnect and reconnect once.
L2 Bridging VLANs
NAT Mode and Layer 2 Bridging options cannot both be active at the same time.
These settings are common to all PepVPN Layer 2 bridges on each device, and will cause issues if set differently in multiple profiles
The configuration precedence is as follows
Remote Network Isolation
Enabled
Disabled
Spanning Tree Protocol
Enabled
Disabled
Site IP Address
Do Not Override
By DHCP
As None
Site IP Address settings are unavailable for FusionHub devices, and will always be treated as “Do Not Override”
This setting is currently unable to be used when multiple tunnels are configured between a single pair of devices.
Link Settings
Settings for individual links within the PepVPN SpeedFusion tunnel can be configured in the Advanced Link Settings. A new window will open after selecting this option.
Link Name
Rename the default link name.
Tunnel Name
Rename the Tunnel Name.
Data Port
Set a custom data port (Default UDP 4500) to be used for this link including an option to use TCP.
WAN Smoothing
WAN Smoothing can prevent packet loss without incurring any latency penalty, at the cost of a substantial bandwidth overhead. This is suitable for streaming applications where the average bitrate requirement is much lower than the WAN’s available bandwidth.
The expected overhead of Normal is up to 100%
The expected overhead of Medium is up to 200%
The expected overhead of High is up to 300%
The expected overhead of Maximum depends on the number connected, active tunnels
Smoothing Cap
In cases where there the number of active WAN-to-WAN connections is lower than the WAN Smoothing setting, smoothing data can be sent multiple times across the same connection.
Default
Each connection will be limited to the primary smoothing stream.
Normal
Each connection will allow a single redundant stream.
Medium
Each connection will allow up to two redundant streams.
High
Each connection will allow up to three redundant streams.
This option is only available on devices running firmware 7.1.1 or above.
FEC
Forward Error Correction (FEC) can help to recover packet loss by using extra bandwidth to send redundant data packets. Higher FEC level will recover packets on a higher loss rate link.
The expected overhead of Low is 13.3% and High is 26.7%.
This option will only be active on links where both peers are using PepVPN version 8.0.0 or above.
Path Cost
Base OSPF cost for the individual link used to determine the best route through the network.
The higher the cost the less preferable the route (i.e. traffic will prefer the path with the lowest cost.)
Receive Buffer
Receive Buffer can help to reduce out-of-order packets and jitter but will introduce extra latency to the tunnel. By default, the buffer is disabled, with a maximum buffer size of 2000 ms.
This option is only available on devices running firmware 7.1.0 or above.
IP ToS
If enabled, the ToS value of the data packets will be copied to the PepVPN header during encapsulation.
Max Latency Diff
Maximum allowable difference in round trip time (in milliseconds) between the highest and lowest latency connections.
Connections exceeding this limit will be temporarily unused for data transfer until latency conditions improve.
Upload Cap
Maximum upload bandwidth for this link.
This value will be reduced to a value no higher than the peer’s maximum download bandwidth for this link.
Advanced WAN Settings
The WAN priority can be modified within this section.
Only the WAN connection(s) with the highest priority will be utilized, with the connection failing over in order of priority. Speedfusion-capable devices may set multiple WAN connections to the same priority.
PepVPN SpeedFusion monitoring#
SpeedFusion can be viewed and monitored using different views.
PepVPN / SpeedFusion Live Status – Map View
PepVPN / SpeedFusion Live Status – Map View and Logical View
PepVPN / SpeedFusion Live Status – Tabular View
Wi-Fi Access Point Controller#
InControl can be configured to be the Access Point controller for all (or a selection of) Peplink devices at the Group or Device Level.
Group Wide SSID and Radio settings are configured from the similarly named menu options. Enable Wi-Fi management for the group by selecting the tick box in the SSID or Radio section of the menu.
This section looks similar on device Level, with the added option to follow the Group settings if required.
SSID settings#
SSID or Service Set IDentifier is the name for a wireless network. SSID’s can be assigned to one or more devices in your InControl organizayion.
Start configuring a new SSID by clicking the Add New SSID button.
The following options are configurable:
SSID name
Enter an appropriate name for the SSID, if #### is used in the name the sequence will be replaced with the last 4 digits of the device’s serial number
SSID Availability
Select the devices that need to have this SSID assigned using “Tags”
Security Settings
Configure the security and encryption settings of the SSID. The available options are WPA/WPA2 Personal and Enterprise.
transition can be enabled and is applied to devices running AP firmware 3.6.1 or Balance/MAX firmware 8.0.1 or above.
Fast transition activates 802.11r, also called fast roaming, allows fast and secure handoffs from one Access Point to another managed in a seamless manner.
Layer 2 Isolation, which blocks communication between Wi-Fi clients within the same SSID, can be enabled from this section.
SSID Visibility
Choose to show or hide the SSID; this option only hides the name, not the network itself.
Guest Protect (Pepwave AP only)
The “Guest protect” feature is often compared to “Layer 2” isolation.
While Layer 2 isolation blocks communication between Wi-Fi clients within the same SSID, the “guest protect” feature will block communication between a Wi-Fi client and wired clients within the same VLAN and clients from other VLANs.
This feature can be enabled for devices on a custom subnet. The custom subnet field accepts IP subnets in CIDR format separated by a carriage return. E.g.:
192.168.30.0/24 10.8.0.0/16 169.254.169.254/32
Bandwidth Management (Pepwave AP only)
A Bandwidth limit can be configured for the whole SSID or for individual clients connected to this SSID. QoS or network priority can be assigned to the SSID traffic using 3 categories (gold, silver and bronze). With Gold being the highest priority and bronze the lowest.
VLAN Settings
The option to assign a VLAN to this SSID and tag the traffic can be enabled within the SSID VLAN settings. In order to implement VLANs, the routers and switches within the network must support VLANs.
MAC Filter
To restrict access to the SSID enter the MAC addresses you wish to block or allow access to a specific SSID.
Multicast Settings
Multicast is a form of communication that allows multiple transmissions of multimedia and streaming data to specific recipients at the same time. When Multicast Filter is enabled any multicast traffic to the wireless SSID will be discarded.
The multicast rate is the minimum speed that a wireless device must be able to communicate at in order to connect to the router. The Multicast Rate can be selected from the drop-down list.
When enabled, IGMP Snooping monitors IGMP communications among devices and optimizes wireless multicast traffic.
Radio Selection
Select if the SSID is broadcasting on 2.4 GHz, 5 GHz or both.
Maximum Number of Clients
Configure the maximum number of clients on each frequency (2.4 GHz / 5 GHz).
Schedule
Select a time schedule for the SSID to be broadcasted
Captive Portal Settings
Select a Captive Portal to be assigned to the SSID.
The captive portal will be applied to the SSID on Pepwave AP only.
To have the captive portal be effective on Peplink Balance and Pepwave MAX, please apply it to this SSID’s VLAN on the VLAN Networks page.
Radio Settings#
Manage and configure the radio settings for the Wi-Fi enabled devices on group or device level from this section.
Operating country, Default band for Dual-band Radio and Preferred Protocol settings can be configured at the group level.
The operating Country defaults to the the address / location set for the Group.
The operating country setting is important to make sure the radio follows country technology regulations regarding Wi-Fi transmission power and available frequency bands.
The following options can be configured by selecting one or more of the devices in the group:
Band
Select between 2.4GHz and 5 GHZ
Channel
Select a broadcast channel
Channel Width
Select between 20/40 MHz or Auto
Output Power
This Custom option is available for AP firmware 3.6.1 or above, and Balance/MAX firmware 8.0.0 or above. If a power value larger than a radio can support is inputted, the radio’s max power will be applied.
Boost
Boost the power to the maximum device capability (may exceed regulatory limits)
Max. Clients
No more connections to the SSID will be accepted when the number of connected clients reaches this amount.
Minimal Client Signal Strength
Clients with signal strength lower than this value will not be allowed to connect. Default: Unlimited
Advanced Settings
Check the box to enable network discovery. Note that setting Channel to Auto will activate this feature automatically.
The scanning interval and time can be configured in this section.
The checkbox next to WMM enables Wi-Fi Multimedia (WMM) on your access points.
Wi-Fi Multimedia (WMM), previously known as Wireless Multimedia Extensions (WME), is a subset of the 802.11e wireless LAN (WLAN) specification that enhances quality of service (QoS) on a network by prioritizing data packets according to four categories.
WMM defines four access categories (voice, video, best effort, and background) that are used to prioritize traffic to provide enhanced multimedia support.
AP Availability Schedule
A configured schedule can be applied to one or more device to turn AP radios on and off according to that schedule.
This section only becomes available after a schedule has been configured in the device schedule section .
Clients#
The client list is available on Group and Device level from the main menu and shows details about all clients attached to the LAN.
Group Level
The available information is:
Type
Connection type: wireless, Ethernet or Routed
Name
Device Name or Mac Address
IP Address
Device IP address
Device
Name of Peplink device the client is connected to
VLAN ID
ID of connected VLAN (only shown when multiple VLANs are available)
SSID
Wireless Network Name
Band
Connect Band (frequency)
Signal
Signal Strength in dBm
Traffic
Current up- and download rate
Access Mode
Captive Portal access mode
Action
Option to sign clients out of the captive portal
Routed clients are clients which are routed from another network to a router. Their MAC addresses are not known. Ethernet clients are clients that directly attached to the network via Ethernet. Routed and Ethernet clients are usually on different subnets.
Device Level
When troubleshooting Captive Portal issues, clients can be logged out of the Captive Portal using the displayed action button. Allocated Quota won’t be reset for the client.
Reports#
InControl provides access to reports on device, group and organisational levels.
The reports functionality allows you to access detailed information about your devices, bandwidth usage and performance. Reports can be exported in CSV format.
Parts of the reports are interactive; hovering over certain fields or graphs reveals more information.
Some reports are only available depending on the assets in and the configuration of the features in the organization.
For example
Cellular reports are only available when cellular routers have been added to a group.
Captive Portal reports are only available after a captive portal has been configured.
SIM Card Reports#
The Organisation Level SIM Card Reports section gives access to a detailed overview of all SIM Cards in usage in a specific organisation. The Group Level SIM Card Reports section shows the same information as the Organisation Level SIM Card Reports, but on a Group level.
Custom pools of SIM cards can be created to report on data usage for each SIM Pool. Reports on data usage are also available per cellular provider and per individual SIM.
SIM Pool Data Usage
A SIM pool profile monitors the total data usage of a collection of SIM cards in billing cycles. SIM cards are specified by their IMSI identifier, which could be specified in more than one SIM pool. Carrier Pools are system-generated pools for every carrier and for all carriers. Their IMSI’s are automatically maintained. Custom Pools are user-defined and maintained.
To create a new SIM Pool, select the “New SIM Pool” button.
A window pops up allowing the administrator to set the details of each SIM Pool. Features included are Monthly Bandwidth Usage, Initial SIM Pool Usage, start day of each month for bandwidth calculation, and configurable email notification when bandwidth usage reaches a certain level.
Click on the report icon to show a Monthly Bandwidth Usage Report for a SIM pool
The usage report is interactive, click on the “hamburger” menu to download the chart, select points in the charts to see more details.
Per-SIM Daily Data Usage
Per-SIM Daily Data Usage can be downloaded in csv format in this section. Add one or multiple IMSIs to the matching filed and select a date range. The result is a report showing usage in KB per day.
Devices and SIM Cards
A detailed, searchable overview of Devices with SIM cards within an Organisation is available in the Devices and SIM cards section of the Organisational Sim Card Reports. The complete report can be downloaded as csv file for further editing in other applications.
Wi-Fi Reports#
This Wi-Fi reports section is identical to the group’s device reports and is available on the group level and device level. This report shows information about clients connected to Wi-Fi only. The SSID usage table is helpful for checking which of the access points has the highest usage
Usage Reports#
The Group Usage Report shows hourly, daily, and monthly usage statistics for the devices in a group. The report can show the statistics for Hover your mouse over datapoints in the chart to display the data used in the selected time periods. Click on the categories underneath the chart area to hide or show the selected category (Download, Upload or Total)
The same data is displayed in a table underneath the chart.
Captive Portal Reports#
The Captive Portal Reports section shows detailed information about clients and sessions that have been connected to a Captive Portal during the selected period. The report is divided in several sections. The report is available on Group level and Device level.
Tables in the reports can be sorted by different priorities by clicking the Title and arrows in the table header.
By default, a time period of the last 7 days is selected, this can be changed in the top of the page to Today Yesterday, Last 31 Days or a custom period.
Summary
The summary shows the amount of guest clients, sessions, data usage, average session time and average session usage for the selected time period.
Portal Access
The different charts can be downloaded by selecting the menu in the top right corner of the chart.
This option allows for printing the chart or saving the the chart as a PNG, JPEG or SVG vector image.
The information shown in the chart can be changed by selecting a different option in the dropdown list in the chart.
Options available are:
Guest Clients (default)
Sign-in Page views
Guest Clients
Successful Sign-in’s
Failed Sign-in’s
Total Data usage
Total Session Time
Average Session Time
Overview
As the title implies this section shows an overview of the Captive Portal usage. The following details are displayed in the table.
Date
Manufacturer name based on MAC address
Sessions
New session count: sign-in’s into existing sessions are not counted
Sign-In Page Views
Number of sign-in page views
Guest Clients
Number of unique clients that visited the sign-in page
Successful Sign-in’s
Number of redirections to the landing page
Failed Sign-in’s
Number of times the sign-in failed page is displayed*
Total Data Usage
Total data usage of sessions, including temporary sessions for the sign-in process.
Total Session Time
Total session time, including time usage on temporary sessions used for the sign-in process.
Avg. Session Time
Average session time
* Typical examples of sign-in failures are an invalid email address entered in email access mode, and invalid token code, attempt to sign in after a quota has exceeded.
Visits in Each Access Mode
This section shows sign-in statistics for each configured Captive Portal and each configured Sign- In Type. Other data shown here includes:
Sessions
Sign-In Page Views
Guest Clients
Successful Sign-In’s
Total Data Usage
Total Session Time
Avg. Session Time
Guest User Information Download
The Guest User- User Information report can be download in CSV format. After agreeing to the InControl Data Sharing Policy the following user information can be collected and viewed, depending on the configured Access Mode.
Access Mode
Social Network ID
E-Mail Address
Mobile Number
Name
Gender
Country
Visit Count
First Login time
Last Login Time
Market Opt-In
E-mail Reports
Captive Portal reports can be e-mailed automatically on a daily, weekly or monthly basis by enabling this option. After choosing a schedule, select the recipients in the drop-down list. Add the email addresses of the recipients when using “other email addresses” and save the changes to activate the e-mail reports.
Device Reports - Group level#
The Group Level Device Reports section gives access to an overview of all devices and connected clients in a specific group. The report is divided in several sections.
Tables in the reports can be sorted by different priorities by clicking the Title and arrows in the table header.
By default, a time period of the last 7 days is selected, this can be changed in the top of the page to a daily, monthly or custom time period.
Summary
The summary shows the sum and average amount of daily clients that used bandwidth. It also shows the total usage of all clients for the selected time period and the average daily per client data usage.
Usage
The next section shows a chart showing the total Bandwidth Usage of all devices in that group for the selected time period. Hover your mouse over datapoints to see the detailed usage, which can also be downloaded as CSV using the link under the chart.
Top devices
A table of devices in the group showing the following information
Name
Device host name
Model
Device model
Usage
The amount of data consumed by all clients per devices in the selected period
Clients
The number of unique clients with bandwidth usage in the selected period
Internet Availability
Internet availability per device in the selected period
Device Availability
Device availability per device in the selected period
Top Clients by usage
Table showing the client’s bandwidth usage figures on all devices within the selected period.
Name
Device name*
Upload
Upload bandwidth usage
Download
Download bandwidth usage
Total
Total bandwidth usage
% Usage
%usage calculated by total bandwidth used in a group
* The clients name by default is the client’s Mac address with the assigned IP address in brackets. Client names can be edited in the device’s web admin GUI.
The Clients Name links to a page with detailed information about that individual client.
Top Client Device Manufacturers
Manufacturer
Manufacturer name based on MAC address
# Clients
Number of clients of the same manufacturer
% Clients
Percentage of clients of the same manufacturer
Usage
Total bandwidth usage per manufacturer
% Usage
% usage per manufacturer
Remember that data can be downloaded as CSV and table results can be sorted in a different order by selecting the column title sand clicking on the arrows in the column header.
Clients
“Clients with usage” represents the number of unique clients who have accessed devices and consumed data on each indicated date. “Connected Wi-Fi Clients” represents the number of connected Wi-Fi clients only. Ethernet clients are excluded. Clicking on the bars for any date will open a chart displaying the connected client count figures for each hour. If a client was connected for multiple hours, the client will be counted once each hour. However, the client will be counted only once for the daily count.
Device Reports - Device level#
The Device Level Device Reports section gives access to a detailed overview of client devices that have connected to the router. The report is divided in several sections.
Tables in the reports can be sorted by different priorities by clicking the Title and arrows in the table header.
By default, a time period of the last 7 days is selected, this can be changed in the top of the page to a daily, monthly or custom time period.
Summary
The summary shows the sum and average amount of daily clients that used bandwidth. It also shows the total usage of all clients for the selected time period and the average daily per client data usage.
The image below shows a chart showing Internet and Device Availability in the selected time period.
Internet availability Total amount of InControl online time of the device in the day / Total uptime of the device for a specific day Device availability Total uptime of the device in a specific day / 24 hours
Top Clients by usage
Table showing the client’s bandwidth usage within the selected period.
Name
Device name*
Upload
Upload bandwidth usage
Download
Download bandwidth usage
Total
Total bandwidth usage
% Usage
%usage calculated by total bandwidth used in a group
* The clients name is the client’s Mac address by default with the assigned IP address in brackets.
The Clients Name links to a page with detailed information about that individual client.
Top Client Device Manufacturers
Manufacturer
Manufacturer name based on MAC address
# Clients
Number of clients of the same manufacturer
% Clients
Percentage of clients of the same manufacturer
Usage
Total bandwidth usage per manufacturer
% Usage
% usage per manufacturer
Clients
This section contains a chart showing the connected clients with usage and connected Wi-Fi clients
Clients with usage represents the number of unique clients who have accessed the device and consumed data on each indicated date. Connected Wi-Fi Clients represents the number of connected Wi-Fi clients only. Ethernet clients are excluded.
Clicking on the bars for any date will open a chart displaying the connected client count figures for each hour. If a client was connected for multiple hours, the client will be counted once each hour. However, the client will be counted only once for the daily count. Clients are identified primarily by MAC address, and then by IP address.
DPI report#
Deep packet inspection (DPI) is a type of data processing that inspects in detail the data that is being sent from the router. Deep Packet Inspection reports are only available on InControl, on supported devices.
DPI needs to be enabled in the Device Details before the data is collected. Select “edit” and scroll down to the “Enable DPI” section and switch the button to “ON”. The DPI report will become available after the changes have been saved.
Using the Deep Packet Inspection reports, you have insight in the type of traffic that passes through your router, how big a percentage of the bandwidth they occupy and during what time.
For example, in the above pie chart, you can identify that “HTML5 video” accounts for 20.8% of the total bandwidth used.
WAN Quality reports#
The WAN Quality report is a helpful tool when investigating WAN connectivity issues. The chart contains the following information depending on the chosen WAN connection.
Data
Description
WAN Type
3G -RSSI
3G – Signal Strength
cellular
LTE – RSRP
LTE – Signal Strength
cellular
3G- Ec /Io
3G – Signal Quality
cellular
LTE – SINR
LTE – Signal Throughput
cellular
LTE – RSRQ
LTE – Signal Quality
cellular
Latency
Latency
Cellular / Wired
A specific date can be chosen using the date selector. The time period can be selected in the chart.
When hovering over data points in the chart additional information is shown. When using cellular WAN datapoints, this contains information about the carrier, band /frequency, mobile country and network code (MCC /MNC).
Bandwidth and Usage Reports#
View detailed information about bandwidth and usage of your router in this section. To see more information, select different checkboxes, options from drop-down lists and points in the available charts.
Choose to see a chart with Real-Time or Per-Minute Bandwidth usage, or view a chart showing the hourly, daily or monthly bandwidth usage.
From the drop-down list select all WANs or an individual WAN.
Click on a specific day to view top client usage and PepVPN bandwidth usage. The client name in the Top Client Usage table links to a report on an individual client device.
Event Log#
The Event Log, available in Group- and Device Level, keeps track any kind of system events. By default, System, Speedfusion and Admin events are visiable, but other options can be included by selecting the checkbox for that category.
There is a search function to search for specific events, which is particularly useful when searching for events involving specific mac addresses, IP addresses or tags.
Firewall Log#
Connection Up/Down history#
This report shows the up and down history for each available WAN and PepVPN profile. Choose the WAN connection form the drop-down list to view the details.
Airprobe Report - AirMonitor#
Available from Firmware 8.1.1. The Airprobe report – airmonitor is available for models with an access point when this feature is turned on in the support.cgi page of the Peplink router.
The support.cgi page can be accessed from the local web admin interface If you are accessing your device via IC2 from the Remote Web Admin feature, you’ll see this:
.ic.peplink.com/ra/remote//cgi-bin/MANGA/index.cgi Change the index.cgi to support.cgi
Any supported Wi-Fi / AP features will cease to function when Wi-Fi Air Monitoring is turned on!
Once enabled the WiFi Air Monitoring report will be available in InControl from the Device Level > Reports menu
Report Details
The AirMonitor report shows the Wi-Fi utilization, channel utilization, packet distribution, and signal strength for each Wi-Fi device. The report shows which devices are connected to which hotspots at a glance. By drilling down in several parts of the report (nodes, or channels), detailed information about access points, connected devices, SSIDs and signal strength is shown in clear charts that can be printed or downloaded separately by clicking on the menu icon in the top right corner of each individual chart.
Select a report date, time and channel and click retrieve
A Nodes and Utilization chart will show the utilization of WiFi channels on the report.
Utilization Chart
When hovering the mouse pointer over a channel in the Utilization chart, details of the Utilization is shown. Click on a column to view the channel’s details and the following chart becomes visible.
This shows the data type and rate being used on that channel. The Type chart shows the percentage of Data, Control and Management traffic which in its turn shows the percentage of what kind of packets are being transmitted in that Channel.
The Rate chart shows the Data rate (or throughput) of data within that channel, which is used to indicate the speed of a wireless connection.
The Nodes Chart
The Nodes chart shows columns of each channel with the amount of Access Points, Stations and Station probes transmitting on these channels. Choose to show nodes from neighbouring channels by toggling the box in the top left corner. Clicking on a column shows a table with all connected devices on that channel. Details of each device shown are Mode, Channel, Mac Address, SSID, Encryption, Utilization, Retries and Max. RSSI. Selecting the device will show connected clients to that device as shown in the chart below.
AP Distribution
The AP Distribution chart shows which access points are transmitting on which channels with the received signal strength.
Device Level Management#
The Device Level has some specific tools to manage individual devices.
Device Details#
The device details page shows a dashboard with all relevant information about a device. The Show All link behind the Device Name shows additional information.
The available information available depends on the device model; only supported features are shown on the dashboard.
Detailed WAN information is available when clicking the Details link next to each WAN connection. The information available includes:
Device Name
Serial Number
LAN MAC Address
Model
Product Code
Hardware Revision
Cellular Module
Tag
Find My Peplink Address
Web Admin Authentication
Uptime
Online
First Appeared
Last Config Applied
PepVPN / SpeedFusion Peer Connections
History (link to Event Log)
Firmware version
Last Config Updated by
Configuration Backups
Warranty and InControl Subscription Status
Feature Activation
LAN and VLAN IP address information
WAN Priority information
Cellular Network
WAN Type
WAN IP Address
IP Subnet
Routing Mode
MTU
SIM Card IMSI
SIM Card ICCID
SIM Card MTN
MEID HEX
IMEI
Carrier
Carrier Settings
APN
Username
Password
Cell ID
Network (LTE, LTEA)
Network Band
Signal Strength (RSRP: -x dBm RSSI: -x dBm)
Signal Quality (RSRQ: -x dB)
Health Check Method
WAN status
Connection Method
Routing Mode
Current Usage
Number of Clients
CPU Load
Location details and map
WAN and LAN port details
Power Consumption
Fan Speed
Temperature
Management VLAN IP
Connected GE ports
Connected SFP/SFP+ ports
Editing device details#
The Device Name, Tags, Location, Time Zone, Notes and Map Marker can be changed after selecting the edit link.
Map Markers#
The Map Marker used for your Peplink can be changed to reflect the installation of the device. The selected marker will only be displayed on the Device Details map.
Configuration Backups#
If you have enabled InControl management for your device, InControl will automatically backup your configuration changes. On the device management page, click the Download link next to configuration backups to download a configuration file. These files can be uploaded to a device using the Peplink local Web Admin interface to restore a previous configuration.
Cellular Wan Details#
The Cellular WAN details are extremely useful when troubleshooting. Not only signal strength and quality are shown, but other about the SIM can be found here if an issue needs to be reported including:
ICCID
(Integrated Circuit Card Identifier) identifies each SIM internationally; it is the SIM cards unique identifier.
IMSI
The unique International Mobile subscriber Identity. It is stored inside the SIM.
MNC
Mobile network code
MCC
Mobile country code
IMEI
(International Mobile Equipment Identity) number of a mobile phone is a 15-digit number unique to a mobile handset.
The first 3 digits of the IMSI is the Mobile Country Code (MCC) and the following 3 digits is the Mobile Network Code (MNC); together this information uniquely identifies the mobile phone network the phone is currently connected to.
Find My Peplink Address#
Using the “Find My Peplink” feature, you can look up your device and find the IP addresses of all its healthy public WAN connections using a DNS hostname.
Find My Peplink is disabled by default. To activate it, follow the instructions below:
On your device’s IC2 management page, click the edit button next to the device name (near the top left corner). Scroll down and click the on/off button next to Find My Peplink Service. Click the On Button and change your Find My Peplink Address if desired. Please note that each address needs to be unique, and are given on a first come, first served basis.
Port List#
The Wan and LAN port information is shown for supported models. It shows the available WAN and LAN ports and their status.
The port list shows the port status, name, speed, port type, VLAN and RSTP.
Port status glossary:
Ports can be edited from this section by selecting an individual port. Ports can be enabled or disabled, if PoE can be enabled or disabled separately. The port speeds, type and VLAN access can be configured here too.
Device Level – Settings#
The device levels settings page contains several other tools besides firmware management that can be used for diagnostics, configuration or troubleshooting the device.
Remote Web Admin#
The Remote Web Admin tool in Peplink’s InControl allows for single click access to the admin web interfaces of your remote Peplink devices without the need for a static IP address. Select Remote Web admin within the device settings, which will open a new tab redirected to an authenticated router admin page.
Select one of the following device tools from the command drop down list.
Ping
The Ping tool can help to verify if a certain online device is reachable from one of the WAN connections, through the VPN connection or from the LAN. Select the Ping command Select the desired connection. Type in the destination IP address Select the packet size and number of ping times Click Start
The results will be shown in the log.
Traceroute
Traceroute is a network tool used to show the route taken by packets across an IP network.
The Traceroute tool will show you each hop sequentially, and total hops required.
Seeing the traceroute information can help you determine why your connections to a given server might be poor and can help you identify problems. It also shows you how systems are connected to each other, letting you see how your ISP connects to the Internet as well as how the target system is connected.
Remote Assistance
Remote Assistance is a tool used to allow Peplink support staff to connect remotely to your router to diagnose reported problems.
This option should only be enabled when asked by a member of the Peplink support team.
If you have a firewall in front of the device, you will need to make sure that it allows access to ra.peplink.com through TCP port 443
Reboot
This option allows you to reboot your remote Peplink device using InControl.
Reset to Factory details
When applied this option will reset the device to factory defaults.
News, Feedback & resources#
News
InControl Release notes can be found by selecting the “alarm” icon in the top right corner. The release notes will be shown in a popup window showing the new features introduced in each version of InControl. It also shows the release dates for the different InControl environments.
Feedback
Select the Feedback button on the right side of the screen if you run into an issue with InControl or would like to provide Feedback. The information is sent directly to the InControl development team. One of the InControl Team engineers will respond to your enquiry; they’ll reply to the email address registered with InControl.
Resources
To gain a more complete understanding of the technologies used in Peplink, Pepwave and Pepxim products and InControl, please refer to the provided information on the official Peplink websites.