InRouter900 Series User`s Manual
Contents
1. enter the page IPsec Phase 1 configuration is shown below 112 InHand Networks www _inhandnetworks com Connecting Devices Enabling Services VPN gt gt IPSec IPSec Status IPSec Phase 1 See Gace Keyring Name IP Address Netmask e holakey 203 86 63 236 255 255 255 255 Policy ID Authentication Encryption Hash Diffie Hellman Group Lifetime Shared Key aesi25 sha Group 2 86400 Z a ma ISAKMP Profile Negotiation Local ID Remote ID 2 z l l DPD Name Mod Type Local ID Type Remote ID Policy Keyring DPD Interval er holai Wain Mode IP Address IF Address 1 holakey 60 180 pain te IP Ade YIP Adee A 1 vfholakey i ney amp Save Navigate to VPN gt gt IPsec enter the page IPsec Phase 2 configuration is shown below VPN gt gt IPSec IPSec Status IPSec Phase 1 IPSec Phase 2 IPSec Setting Transform set Name Authentication IPSec Mode transet md5 Transport Mode S ea je gt ney amp Save Navigate to VPN gt gt IPsec enter the page IPsec Setting configuration is shown below 113 InHand Networks www _inhandnetworks com VPN gt gt IPSec IPSec Status IPSec Phase 1 IPSec Phase 2 IPSec Setting IPSec Profile Name ISAKMP Profile Transform set PFS Lifetime Rekey Rekey Binding SIM Margin sec Fuzz holat transeti None 3600 540 100 None test A a None E E Nene alt2. x sic z Link Backup E F icmp igmp tcp udp gre L FL 2 J esp ah ospf wrerp 12t Routing b P P P P 3s M W Firewall Add QoS gt Stop o Policy PH gt gt Name Classifier Guaranteed Bandwidth Kbps Max Bandwidth Kbps Priority b b Wizards ada pply QoS Interface Ingress Max Bandwidth Kbps Egress Max Bandwidth Kbps Ingress Policy Egress Policy fastethernet 0 1 3000 download cellular 1 v ada Apply amp Save Cancel 3 8VPN VPN is a new technology that rapidly developed in recent years with the extensive application of Internet It is for building a private dedicated network on a public network Virtuality mainly refers to that the network is a logical network Two Basic Features of VPN Private the resources of VPN are unavailable to unauthorized VPN users on the internet VPN can ensure and protect its internal information from external intrusion 98 InHand Networks p www inhandnetworks com O o Connecting Devices Enabling Services Virtual the communication among VPN users is realized via public network which meanwhile can be used by unauthorized VPN users so that what VPN users obtained is only a logistic private network This public network is regarded as VPN Backbone Fundamental Principle of VPN The fundamental principle of VPN indicates to enclose VPN message into tunnel with tunneling technology and
3. 7 A Attention NAT rule is to apply ACL into address pool and only address matched with ACL can be translated Click lt Add gt enter new configuration interface and add new NAT rules as shown in the following figure CN Firewall gt gt HAT and lh car le Admini stration AL arn T Layer Switch po Ae SNAT_ ae 7 Source Network Inside T Total Translation Type IF to IP T Alarms Link Backup j E ok ee Match Conditions Routing k IP Address a Translated Address m 3s IP Address fF stop T F YEN Description S O Industrial i Tools Tools Apply amp Save Wizards j Page information is shown below 93 InHand Networks a www_inhandnetworks com O a Connecting Devices Enabling Services Parameter Name Description Default Value SNAT Source address translation to translate the source address of IP data package to another address Action DNAT Destination address translation to map a group of _SNAT local home address to a group of legal global address 1 1NAT 1 to 1 translation of IP address Inside home address Source Network Inside Outside foreign address Translation Type Select the translation type of NAT IP to IP YA Instruction Private network IP address refers to the IP address of home network or mainframe and IP address of public network refers to the only global IP address on the internet RFC 1918 re
4. L2TP Layer 2 Tunnel Protocol encapsulates private data from user network at the head of L2 PPP No encryption mechanism is available thus PSes is required to ensure safety Main Purpose branches in other places and employees on a business trip could access to the network of enterprise headquarter through a virtual tunnel by public network remotely VPN L2TP gt L2TP Client From navigation panel select VPN gt gt L2TP then enter L2TP Client page as shown below 116 InHand Networks wa www_inhandnetworks com O o Connecting Devices Enabling Services VPN gt gt L2TP ta eee L2TP Class Name Authentication Hostname Challenge Secret Po Pseudowire Class Name L2TP Class Source Interface cellular 1 L2TP Tunnel Pzeudowire Authencation Local IP Remote IP Ena ID L2TF S Username F word Ble tis Class Type a aa Address Address Mw i Aute Apply amp Save uusGancelus Page description is shown below Parameters Description Default 7 L2TP Class L2TP class name None Host Name Local host name None Challenge Secret Set challenge secret None Pseudowire Class Name User define Pseudowire Class name None Source Interface Select source interface name cellular 1 L2TP Tunnel Click to enable a Enable L2TP Server Set L2TP Server address None Pseudowire Class Pseudowire Class name None Authentication Ty
5. DHCP Relay DHCP Client Interface MAC Address IP Address t Host Lease Fastethernet0 2 04 7D 7B8 08 6D BB 192 168 2 32 Manual Refresh v 3 3 5 2 DHCP Server The duty of DHCP Server is to distribute IP address when Workstation logs on and ensure each workstation is supplied with different IP address DHCP Server has simplified some network management tasks requiring manual operations before to the largest extent From navigation panel select Network gt gt DHCP then enter DHCP Server page as shown below 54 InHand Networks p www inhandnetworks com Connecting Devices Enabling Services O a Connecting Devices Enabling Services Network gt gt DHCP DHCP Server Enable Interface y fastethernet 0 2 fastethernet 0 1 DNS Server Windows Name Server WINS Static IP Settings MAC Address 0000 0000 0000 Apply amp Save asGancels Page description 1s shown below Starting Address 192 166 2 2 Ending Address 192 168 2 100 Edit IP Address Parameters Description Default Lease Minutes 1440 1440 Set up a static specified DHCP s MAC Enable On Off Off FastethernetO land FastethernetO 2 Interface Fastethernet0O 1 _ available E Dynamical distribution of starting IP Starting Address N A address Dynamical distribution of ending IP Ending Address N A address Lease Dynamical distribution of IP va
6. InHand Networks ai www inhandnetworks com O a Connecting Devices Enabling Services 3 9 2 IO Relay output is off by default and it can be turned on off manually The disconnect time can be set manually and after reaching the set parameters relay output is automatically turned off From navigation panel select Industrial gt gt IO then enter Status page as shown below S sialon Tiira Industrial gt gt I0 mene Administration Digital Input Layer Switch Network Digital Input 1 LOW 0 Link Backu ae eS Relay Output Routing Firewall 7 Relay Output 1 ON Qos Action OFF VPN ON Industrial d OFF gt ON OFF Time 1000 ms Tools Wizards d Page description is shown below Parameters Description Default _ Digital Input 1 Vlotage under 10Vcorrespond to LOW 0 Digital Input 1 LOW 0 Vlotage above 10Vcorrespond to High 1 Relay Output Off by default Can be turned on manually otherwise it is Relay Output 1 Off remains off Off Click to turn on On Click to turn on Off time Action Off gt On user define off time after off time it turns on 1000ms automatically 3 10 Tools 3 10 1PING From navigation panel select Tools gt gt Ping then enter Ping page as shown below 129 InHand Networks www inhandnetworks com O a Connecting Devices Enabling Services Tools gt gt Ping 5 a Ping Count 4 Packet Size 42 Byte
7. New Password New password None o Confirm New Password Confirm the new password None E User Summary List all the users of current system None 3 2 3 2 Modify a User From the left navigation panel select Administration lt lt Admin Access then enter Modify a User page as shown below Press the user that needs to modify in User Summary after the background turns blue enter new information in Modify a User 24 InHand Networks www inhandnetworks com O a Connecting Devices Enabling Services Modify user information Administration gt gt Admin Access User Summary adm Modify a user Username adm New Password Confirm New Password Apply amp Save yusCanceluss Page description is shown below Parameters Description Default User Summary List all the users of current system adm Username The username needs to modify None New Password New password None Confirm New Password Confirm the new password None 3 2 3 3 Remove Users From the left navigation panel select Administration lt lt Admin Access then enter Remove Users page as shown below Press the user that needs to remove in User Summary After the background turns blue press lt Delete gt to remove the user i Instucton The super user adm can neither be modified nor deleted But super user s password can be modified 25 InHa
8. He twork b a a i 5 Timeout Timer 180 z arms aes Perm Alarm Summary i r Garbage Collection Timer 120 2s Routing Version Default Firewall j ae 3s Qos k Show Advanced Options Stop FH a Industrial 2 Tools b Wizards k 192 165 1 0 200 255 255 0 192 165 2 rales EE AaS i Apply amp Save Cancel gt Second Configure IR900b and refer to the following figure for parameter configuration 81 InHand Networks i www inhandnetworks com Connecting Devices Enabling Services cand CN Routing gt Dynamic Routing r Admini stration j n Enable at Layer Switch Update Timer 30 z He twork 5 he J R k Timeout Timer 4807 j abii Link Backup Alarm Summary s Garbage Collection Timer 120 z Routing omnes Version Default T p QoS E 3s Show Advanced Options LJ Stop VEH j Industrial Tools z He twork Wizards j Add Apply amp Save Cancel gt Third PC1 and PC 2 can be intercommunicated and adding dynamic routing is successful 2 OSPF Configuration procedures of router are as follows First Configure IR900a and refer to the following figure for parameter configuration gt NS gt Routing gt gt Dynamic Routing sr Admini stration Enable Layer Switch Router ID 1 0 0 1 Hetwork j Total l o i Route Advanced Options LI Alarms Link Backup Sa Routing t Interface
9. Page description 1s shown below Parameters Default IPSec Profile Name User define IPSecProfile name N A l ISAKMP Profile names defined in the first stage of parameters of N A ISAKMP Profile IPSec ae Transform Set Transform Set defined in the first stage of parameters of IPSec N A Perfect Forward Security Means the reveal of one cipher code will not endanger information eee PFS protected by other cipher codes Lifetime Lifetime of IPSecProfile N A 102 InHand Networks www_inhandnetworks com O a Connecting Devices Enabling Services Rekey Margin S E Reconnection time for the second stage N A Rekey Fuzz Deviation percentage of the reconnection time for the second stage N A a With this function activated successful dialing of the card with SIM Card Binding Forbidden which IPSec is bonded is a precondition for the use of IPSec r CTYPE Map Name User define name of crypto map N A D User define ID of crypto map N A Peer Address Peer IP Address N A ACLID ID of ACL defined in ACL of firewall N A g Pp ISAKMP Profile names defined in the first stage of parameters of N A ISAKMP Profile IPSec ooo Transform Set Transform Set defined in the first stage of parameters of IPSec N A Perfect Forward Security i Means the reveal of one cipher code will not enda
10. When the network structure is comparatively simple the network can work normally only with Static While in complex network environment Static Routing can improve the performance of network and Static Routing can be used in VPN examples mainly for the management of VPN route From navigation panel select Routing gt gt Static Routing then enter Route Table page as shown below 72 InHand Networks WWW _inhandnetworks com O a Connecting Devices Enabling Services Routing gt gt Static Routing Netoask Gateway Interface Distance Metric Tige 255 0 0 0 loopback 1 0 0 255 255 265 0 fastethernet 0 1 0 0 255 265 255 0 fastethernet 0 2 0 0 3 5 1 2 Static Routing From navigation panel select Routing gt gt Static Routing then enter Static Routing page as shown below Add delete additional Router static routing Normally users don not need to configure this item Routing gt gt Static Routing Destination Netmask Interface Gateway Distance Track id 0 0 0 0 0 0 0 0 cellular 1 Page description 1s shown below Destination Enter the destination IP address need to be reached 0 0 0 0 address Subnet Mask o Enter the subnet mask of destination address need to be reached 0 0 0 0 Interface E The interface through which the data reaches the destination address Cellular1 Gateway IP address of the next router to be passed by before the input data reac
11. state Click lt Confirm All Alarms gt to set all the alarm to cconfirm state Click lt Reload gt to reload all the alarms Administration gt gt Alarm pe een Alarm State All Y ID Status Level date System Tine Content Clear All Alarms Confirm All Alarms Page description 1s shown below ID Alarm index None Status Current alarm status ALL Level l Current alarm level None Date Date of alarm occurs None System Time The time from system startup to alarm produce s None o Content Alarm description a None 3 2 7 2 Alarm Input Here user could select alarm types including system alarm and port alarm One or more than one types could be selected From the left navigation panel select Administration gt gt Alarm then enter Alarm Input page as shown below 38 InHand Networks O www inhandnetworks com O o Connecting Devices Enabling Services Administration gt gt Alarm i ea Warm Start Cold Start Memory Low FEO 1 Link Down FEQ 1 Link Up FEO 2 Link Down FEO 2 Link Up Cellular Up Down ADSL Dialup PPPoE Up Down Ethernet Up Down FOHORARBAAAAAAAGAa senty Save Jimena Page description 1s shown below Default Warm Start On Off Warm Start alarm Off Cold Start On Off Cold Start alarm Off Memory Low On Off Memory Low alarm Off Fastethernet LINK UP On Off LINK UP alarm Off Fastether
12. Connecting Devices Enabling Services e g FTP and Telnet the extended ACL can be used to achieve the objective The standard ACL can not be controlled so precisely ID User define Permit Action Permit Deny Permit Protocol Access Control Protocol ip Source IP Address IP Address of Source None Destination IP IP Address of Destination None 3 6 1 1 ACL Click navigation panel Firewall gt gt A CL menu enter ACL interface as shown in the following figure AS f 2s Firewall gt gt ACL 7 unhand acr Admini stration j Access Control List Layer Switch j H b In Action Protocol Source Destination Mi Total etwork i 0 100 permit ip any any Alarms F Le i 179 permit ip arny any Alarm Summary Routing d Firewall d o QoS t Interface List 3s _ 7 Stop Interface In ACL Oot AL Admin ACL Industrial cellular 1 none none none m F Tools Add Wizards b Save Configuration Copyright 2001 2013 TrHend Watwnarle Cn T d Apply amp Save Click lt Add gt enter the new configuration interface and add new ACL list as shown in the following figure Ka N Firewall gt gt ACL Admini stration j ri T Layer Switch Type extended ID He twor k j o 0 arms Action permit T Link Backup ie ae 3 Match Conditions Routing Protocol ip Y Firewall 7 QoS 3s Source Wildcard Cd z PH op Industrial j Tools j Fragment
13. Firewall k 3 Interface Hello Interval Dead Interval Retransmit 3 nm E e 0B VFH Stop Industrial vols F Melts Interface Advanced Options fizerds b He twork TF Address Hetmask Area ID 132 165 2 0 255 255 295 0 x ie 166 1 0 Eaa ier a ate Second Configure IR900b and refer to the following figure for parameter configuration 82 InHand Networks m www inhandnetworks com Connecting Devices Enabling Services iy CN Routing gt gt Dynamic Routing unhand i Pint rate fer Sree tnt Admini stration Enable w Layer Switch Router ID 1 0 0 2 He twork b ii E Total l e l Route Advanced Options LJ Alarms Link Backop Alam Summary Routing Interf ace Firewall z Interface Hetwork Hello Interval Dead Interval Retransmit Bs vin Broadcast 5 a ven Stop Industrial L Tools Interface Advanced Options T Wizards j Save Configuration Network IF Address Hetmask Area ID Third PC1 and PC2 can be intercommunicated and adding dynamic routing is successful 3 5 3 Multicast Routing Multicast routing sets up an acyclic data transmission route from data source end to multiple receiving ends which refers to the establishment of a multicast distribution tree The multicast routing protocol is used for establishing and maintaining the multicast routing and forrelaying multicast data packet correctly and efficiently 3 5 3 1 Basic The basic is mainly to define
14. It defines a series of messages methods and Protocol syntax used to achieve access to and management of managed devices by the management device TCP Transfer Transfer Control Protocol is a connection oriented and reliable transport Control layer protocol Protocol TCP IP Transmission Transmission Control Protocol Internet Protocol is the cluster of basic Control communication protocols for network communication TCP IP defines a set Protocol Internet of protocols including not only TCP and IP Protocol A character based interactive program used to access a remote host Telnet Telnet allows the user to remotely login and manage the device User Datagram User Datagram Protocol is a non connected based transport layer protocol paa oenar aaan ner Wide Area Wide Area Network is a data communication network covering a relatively wide geographical scope e g Internet Local Area Local Area Network generally refers to the internal network e g home Network network internal network of small and medium sized enterprises etc 146 InHand Networks O www inhandnetworks com O a Connecting Devices Enabling Services Appendix 4 Description of LEDs Status Description POWER STATUS WARN ERROR Description Red Green Yellow Red rr n a tere te oF ee oe og Signal Status Description Green LED Green LED Green LED Description r OF ON On O Of Signal strength 1 A signal weak please check antenn Si
15. User defined None Subnet Mask User defined None Prefix List Prefix Name User defined None List Serial Number A prefix name list can be matched with multiple rules one rule None is matched with one serial number Action Permit and deny Permit Any Address Any address after clicking no matching IP address and subnet None mask again IP Address User defined None 80 InHand Networks www inhandnetworks com O a Connecting Devices Enabling Services Subnet Mask User defined None Grand Equal Filling in network marking length of subnet mask and restricting None oren Veni the minimum IP address in IP section Less Equal Filling in network marking length of subnet mask and restricting None Prefix Length the maximum IP address in IP section 3 5 2 5 Dynamic Routing Application Example Example Establish dynamic routing between two LANs for intercommunication refer to the following figure for the topological graph 192 168 2 1 192 168 1 2 en wiz lt 192 168 1 1 192 168 3 1 PC1 192 168 2 22 PC2 192 168 3 33 1 RIP Configuration procedures of router are as follows First Configure IR900a refer to the following figure for the parameter configuration NS Routing gt gt Dynamic Routing l dm Sse cess Balko gout pim Admini stration j Enable Layer Switch Update Timer Total
16. if the user thinks this alarm is not great importance or the exception has been solved he can directly set it to clear state if the user is temporarily unable to resolve this anomaly he can set it to confirm state when the exceptions had been eliminated it was set to clear Alarm level can be divided EMERG Device occurs some faults it could lead to the system restart CRIT Device occurs some faults which are unrecoverable WARN Device occurs some faults which could affect system function NOTICE Device occurs some faults which could affect system properties INFO Device occurs some normal events On the Alarm Status page you can view all the alarms since system was power on On the Alarm Input page you can define alarm types which you concern 37 InHand Networks j www inhandnetworks com O a Connecting Devices Enabling Services On the Alarm Output page you can set the way of alarm notice including relay and Email log record is a default output way On the Alarm Map page you can map the alarm type which you concern to one or more alarm notice way 3 2 7 1 Alarm Status From the left navigation panel select Administration gt gt Alarm then enter Alarm State page as shown below Through this page you can check all the alrms since the router is powered Click lt Clear All Alarms gt to set all the alarm to clear
17. module of detection results via Track module so as to carry out timely change of the status of Track item Successful detection corresponding track item is Positive Failed detection corresponding track item is Negative Track Module and Application Module Linkage Through configuration the linkage relationship between Track module and application module is established In case of any changes in track item a notification requiring correspondent treatment will be sent to application module Currently application modules which could achieve linkage with track module include VRRP static routing strategy based routing and interface backup Under certain circumstances once any changes in Track item are founded if a timely notification is sent to application module then communication may be interrupted due to routing s failure in timely restoration and other reasons For example Master router in VRRP backup group could monitor the status of upstream interface through Track In case of any fault in upstream interface Master router will be notified to reduce priority so that Backup router may ascend to the new Master to be responsible for relay of message Once upstream interface is recovered so long as Track immediately sends a message to original Master router to recover priority then the router will take over the task of message relay At that time message relay failure may occur since the router has not rest
18. 2 Layer Switch I k n Netmask 255 266 255 0 Tota Alarms 0 Network d MTU 1500 Alarm ink B Summ sales Speed Duplex Auto Negotiation y lesta Badle TrackL2 State Firewall t Description a oos VPN Multi IP Settings Industrial k Secondary IP Netmask Tools mH _______ 2 Configure router B First Configure FO 1 Click navigation panel Link Backup gt gt VRRP enter VRRP interface configure VRRP as shown in the following figure Advertisement Preemption Interval Mode Sh Enable Virtual Route ID Interface Virtual IP Priority al 1 fastethemet 0 1 192 168 27 10 100 1 y 1 e E SSS Click navigation panel Link Backup gt gt VRRP enter VRRP interface examine VRRP as shown in the following figure irtual Route ID Interface FERF Status Priority Track Status 1 fastethernet 0 1 Backup 100 67 InHand Networks www _inhandnetworks com O a Connecting Devices Enabling Services Second Configure F0 2 Click navigation panel Internet gt gt Ethernet Interface enter Ethernet Interface 0 2 configure Ethernet interface 0 2 as shown in Fig 3 4 3 7 Primary IP 10 100 10 3 Netmask 255 255 255 0 MTU 1500 Speed Duplex Auto Negotiation Track L2 State Description Multi IF Settings secondary IF He tmask Add Apply amp Save Cancel Default gateway of mainframe A is 192 168 2 254 Router A functions as the gateway
19. 3 8 SMS SMS permits message based reboot and manual dialing From navigation panel select Network gt gt SMS then enter Basic page as shown below Configure Permit action to Phone Number and click lt Apply amp Save gt After that you can send 60 InHand Networks www _inhandnetworks com O o O Connecting Devices Enabling Services reboot command to restart the device or cellular 1 ppp up down to redial or disconnect the device Network gt gt SMS Enable Mode TEXT Poll Interval 120 s Q disable 5M5 Access Control ID Action Phone Number 1 permit Page description is shown below Default Enable On Off o 7 Off Mode TEXT and PDU TEXT Poll Interval User define Poll Interval 120 SMS Access Control ID User define ID 1 Action Permit and refuseare available Permit Phone Number Trusting phone number N A 3 4 Link Backup 3 4 1 SLA 1 Basic Concepts and Principles Under normal circumstances the edge router can detect if the link linked to the ISP 1s in fault If the network linking to one ISP is in fault another ISP will be used to transmit all the data streams However if the link of an ISP is normal and the infrastructure fails the edge router will continue to use this route Then the data is no longer reachable One feasible solution is to using static routing or policy based routing to first test the reachability of important destination If it is
20. Access Control List Al arn Layer2 Switch gt E gt ID Action Protocol Source Destination More Conditi ons Description Total Alarms 0 R 100 permit ip ar ar Alarm Summary Lizk Backup 101 deny ip 192 168 2 0 0 0 0 255 any Routing gt 3 permit ip any any A Firerell gt Add Delete 3s X QoS gt Stop VPH Imterface List Industrial gt Interface In ACL Out ACL Admin ACL Add Apply amp Save Cancel Step 3 Select cellular1 in Port Name of Network Port List select 101 in Out Rules click lt add gt and store as shown in the following figure i NS Firewall gt gt ACL and ki au a Admini stration d Access Control List Al arn Layer2 Switch one gt ID Action Protocol Source Destination More Conditions Description Total Alarms 0 i 100 permit ip any any Alarm Summary a 101 deny ip 192 168 2 0 0 0 0 255 any Routing gt 179 permit ip any any Firewall gt Add ETATE EE a QoS Stop VPH p Interface List Industrial Interface In AL Out ACL Admin ACL Tools x fastethernet 0 1 none none none 7 Add Apply amp Save Cancel 90 Connecting Devices Enabling Services WWW _inhandnetworks com O o Connecting Devices Enabling Services 3 6 2 NAT NAT can achieve Internet access by multiple hosts within the LAN through one or more public network IP addresses It means that few public
21. E A E E E E EN 37 Ja Dynamic Domain NaM eh sceg aecssucirnes asthe eaaa a S E 58 BOM ee E AE E A E ance aberasteno ee aacens 60 4 InHand Networks wa www_ inhandnetworks com O a Connecting Devices Enabling Services ATLE BICE U e E T 61 ESEA E te nese ee neste ac welsh tes Spl wet E E Wa tata nen E E 61 e EAC E NOG UNG ees coueosesicddnteceasea spore caessuautestesessceecs esses seuuseoues uveaurcsacdesecsspoussenecenssaeutenaseysabevcsssenueeeiiaess 62 DAI RARE a eon E E E E A E 64 IAA aCe BA KUD EA T E TE E A A E AE ENTA 68 KIRONE siaaa T T E TA 72 Fe ESIC TSO UES EEE A EE I AAIE N N E AE E A EE AEE T E T AE 12 D n e e O enter eee E E E E ee ee ee ee 74 DF NST RO a asus easiantenarecssesopeadesseesarenusanascoeropetetsndouterteasuncnustenienevocusesepenutcane 83 oT ewa a ERT E E E E E EO RI E E T 86 OA S a E E E E E E S 86 KO NAT E E E E E E A E E 91 Bi MOS LEIA EA A ENO E E A EA AE E AE E E E AAA 95 TO E E E E O E E E E E N S 96 3 h2 QOS Apphcalon FE CaM scorse a a o a aid 98 LOVEN r A E E AE E E A A A 98 CRE Se EEE EEEE I EE T AOE A E E A AEE E E T E A EE AE 99 O RE E E E E E E E tau naaoueersenoneannes 106 DMY a A E E nausea tenavenmsenorseetee 108 SE EA N ATTE T AE T E T teh E TAE E E AAE A ATE T 116 98 OPENN P N ar E E E E E T E EE E E OE EE E EE EA OE 117 90 0 Cori eat Mian aCe Ie MU areari nerea E aE E E E TEE 121 PIT a E 122 TDTU a E E A E E E E E eee neceeeeposesbec 122 A O EEE EE E E EE A E E E A A E E E E E E E T 1
22. Easy to Establish Versatile Wireless Network 9 InHand Networks O www inhandnetworks com O a Connecting Devices Enabling Services Support 802 11 b g n standard fulfill the need to connect WLAN devices up to 150Mbps throughput Easily establish wireless LAN support WEP WPA WPA2 for network security WIFI can be the backup WAN link for 3G 4G InHand Networks o www inhandnetworks com 2 Login Router Connecting Devices Enabling Services This chapter mainly contains the following contents Establish Network Connection Confirm that the connection between supervisory PC and router Cancel the Proxy Server 2 1 Establish Network Connection 2 1 1 Automatic acquisition of IP address recommended Please set the supervisory computer to automatic acquisition of IP address and automatic acquisition of DNS server address default configuration of computer system to let the router automatically assign IP address for supervisory computer 1 Open Control Panel double click Network and Internet icon enter Network and Sharing Centers Sax GQ us t Control Panel Network and Internet Network and Sharing Center E A Search Con D A File Edit View Tools Help Control Panel Home Manage wireless networks Change adapter settings Change adwanced sharing settings See also HomeGroup Internet Options Windows Firewall View your
23. Local Have user s information stored on NAS Advantages rapidness cost reduction Disadvantages storage capacity limited by hardware Remote Have user s information stored on authentication server Radius Tacacs and LDAP supported for remote authentication 31 InHand Networks el www inhandnetworks com O a Connecting Devices Enabling Services AAA supports following authorization ways None authorization rejected Local authorization based on relevant attributions configured by NAS for local user s account Tacacs authorization done by Tacacs Server Radius Authentication Based authentication bonded with authorization authorization only by Radius not allowed LDAP Authorization From the left navigation panel select Administration lt lt AAA then enter AAA Setting page as shown below Administration gt AAA a seine Authentication Authorization Service 1 2 3 1 z 3 console none none v none none none v none telnet none none none mone none none ssh none v none none none none none web none none v none none none none Apply amp Save Page description is shown below
24. Network Type lt Select GRE network type AO AR Local Virtual Set Local Virtual IP Address None Peer Virtual IP Set Peer Virtual IP Address None Source Type Select source type and set the according IP address or interface IP Local IP Set Local IP Address None Peer IP Set Peer IP Address None Key Set the key of tunnel None Description Add description None 3 8 3 DMVPN 3 8 3 1DMVPN Introduction VPN is a combination of MGRE NHRP and IPSec shortened as DMVPN It could provide a low cast safe interconnection plan based on Internet for enterprises and companies with a large number of branches in many cities Its backbone network adopts Hub and Spoke Dynamic tunneling is allowed to be established between different branches for data transmission When two branches are in the same city but the center is in another data could be directly transmitted between the two branches to reduce delay and consumption of central router being much more economical adding of branches will not change the configuration of the center and other branches 108 InHand Networks a www _inhandnetworks com O o Connecting Devices Enabling Services while maintenance work is reduced exponentially branch node could use dynamic IP address for saving IP address resource in public network dynamic tunnel is featured by a large network scale Those advantages make it extremely suitable for the safe interconnection of enterprises and companies with a large numb
25. Port Key 1812 Page description is shown below Server Address Server address domain name IP _ None Port Consistent with the server port lt 1812 Key Consistent with the server authentication key None 3 2 4 2 Tacacs Tacacs or Terminal Access Controller Access Control System similar to Radius adopts Client Server mode to achieve the communication between NAS and Tacacs Server But Tacacs adopts TCP while Radius adopts UDP Tacacs ismainly used for authentication authorization and charging of access users and terminal users adopting PPP and VPDN Its typical application is authentication authorization and charging for terminal users requiring logging on the device to carry out operation As the Client the device will have username and password sent to Tacacs Server for verification So long as user verification passed and authorization obtained logging and operation on the device are allowed From the left navigation panel select Administration lt lt AAA then enter Tacacs page as shown below Administration gt 77 AAA one Server List Server Address Port Key 49 Apply amp Save uuGancels Page description is shown below 30 InHand Networks www_ inhandnetworks com O a Connecting Devices Enabling Services Server Address Server address domain name IP _ None Port _ Consistent with the server port 49 Key Consistent with the server auth
26. Save Configuration Interface fastethernet 0 1 fastethernet 0 1 loopback 1 bridge 1 fastethernet 0 1 fastethernet 0 1 Distance Metric Time 1 0 0 0 0 0 00 0 0 0 0 jam Total Alarms Alarm Summary Stop Manual Refresh Refresh Step 7 Pull up cable to make malfunction of wired internet then router can have access to internet via dial up through cellular cable internet can be applied once again when cable is set again 3 5 Routing 3 5 1 Static Route Static routing is a special routing that requires your manual setting After setting static routing the package for the specified destination will be forwarded according to the path designated by you In the network with relatively simple networking structure it is required to set static routing to achieve network interworking Proper setting and use static routing can improve the performance of network and can guarantee bandwidth for important network applications Disadvantages of static routing It cannot automatically adapt to the changes in the network topology The network failure or changes in topology may cause the route unreachable and network interrupted Then you are required to manually modify the setting of static routing Static Routing performs different purposes in different network environments Routing ensure bandwidth for important application 3 5 1 1 Static Routing Status
27. VCE e eee ccecuebaceceusduceseseuadecedsi ceeesebaceceus ceseseueneceneueeeseees 16 I WEB CONFIGURA TTON seisoin aaaea e a e E eaaa E SEE Raipe 19 3 1 L gin the Wep Setting Pace of Router sescsccsccscscccscsecssescsccccecesccssecesccetcsccecesseusecetasesacasecesecucesssecasasusecetasesecasaseneccseseus 19 AV PIMA CMG INN A E A E E E A E E E A E E A A A 20 SEE Se a E A E A E A E A A TE EA A E E E A A A A T 20 ey E E 21 SASSA Ee TEE e T E E T AE A T 24 PETANAN E E ET E E ET E E E A E T T 28 323 Cone urinon Manase meN eiserne E E E O E a 32 PA E E E E A A E A E AE A AT E A A E E A A E A E E E A E T 33 S E E E E ondencina each snaacaes asedaaehbencoanesdnaceaoaserenaandies 37 e VS Ue ON a gorscivncetusteue aun he E TE E E E EE O AAE EN E A A 41 Oy E a Eoen T A A A E A A E E A A E A AE E A A A E A 42 TOR DOO a E edvsensceecceesesoseqnseonee teen urasacceeecsspoussenececssseutensaseusabevced nesseuiaee 43 32L Device MAA SOIC a ccxssccnsscssanssandiaesacanandbabssnsasdeneaneaatfesactaanscod sibeaderGasdinneeaedenuesacnsandsdebsaseaannsangoabasecetearseniaabeaans 43 BOWING EWN OE A EA E N E N E AAN TE NAA EAA E E EA EEA A E E E EA A 45 SFE BF Ol ea a iR 45 e AB CIA a E A EEE T AAEE E TE AE A EE T AEI E TEE AEE 48 PPPOE a a A E E E E A 52 DD OOD A Ee E 53 S TO BCC at soar canertnnecatp none sandonnd oak aiomeoenaensubtt nao sa saniaeninahanenccanmsoesbioaiese santinndestbnonet sogsesupdheiascaambeondoahinonssenneesuateaasee 53 Dc DOIN SSE WICC a E T A N T E E
28. With InRouter 900 your business is always online E Support Large Scale Deployment In your M2M application there are thousands of remote machines or tens of thousands of VPN connection which turns out to be a big challenge for network management InRouter 900 make large scale deployment much easier with following features Multiple configuration tools including Web and CLI enable administrator to rapidly InHand Networks O www inhandnetworks com o a Connecting Devices Enabling Services configure thousands of InRouter Remote Network Management InRouter 900 works with network management platforms installed in application center or headquarter To remotely batch configure download and upload configuration file upgrade firmware monitor status of connection and VPN tunnel all these become essential for operating a M2M system especially when a large number of devices scatter widely with limited field staff or even totally unattended InRouter 900 supports industrial standard SNMP and 3 SNMP software platform so as to integrate into enterprise level IT management system InRouter 900 also collaborates with InHand Device Manager to handle cellular specialty of network management InHand Device Manager can be cloud based or installed within enterprise s intranet InHand Device Manager improves for cellular circumstance to monitor cellular data flow signal strength on site location of the device Even better there s no
29. be set to 16 It defines the time from the time when the RoutingCost of a routing becomes 16 to the time when it is deleted from the routing table In the time of Garbage Collection RIP uses 16 as the RoutingCost for Clear Timer 120 sending updates of the routing In case of timeout of Garbage Collection and the routing still has not been updated the routing will be completely removed from the routing table Version Version number of RIP V2 77 InHand Networks www_ inhandnetworks com O o Connecting Devices Enabling Services Network The first IP addressand subnet mask of the segment None Advanced Options Filter In Only send RIP packets do not receive RIP packets Disable Filter Out RIP packets sent to the default routing interface Disable Default Information B Default information will be released Disable Originate Default Metric The default overhead of the router reach to destination 1 Distance Set the RIP routing administrative distance 120 T Introduce the directly connected static OSPF protocols l Redistribute router Disable into the RIP protocol _ Interfaceonly receivesRIP packetsdo notsend RIP Passivie Default None packets For neighboring routers after configuring neighbors rip Neighbor None package will only be sent to neighboring routers 3 5 2 3 OSPF Open Shortest Path First OSPF is a link status based interior gateway protocol developed by IETF Router ID If
30. inhandnetworks com O a Connecting Devices Enabling Services configuration page is shown below Administration gt gt SNMP ia C Enable SNMP Version v3 O Contact Information Beijing Inhand Netvor Location Information Beijing China User Group Management v3 Groupname Security Level Read only View Read write View Inform View NoAuth NoPriv defaultView defaultView defaultView it E authentication i encryption Username Groupname authentication aaueeurd encryption Usm Management v3 password Sessoms a u None None Page description 1s shown below Groupname User define length 1 32 charaters None Security Laal Includes NoAuth NoPriv Auth NoPriv Auth priv NoAuth NoPriv eve Read only l Only support defaultView at present defaultView _ View Read write Only support defaultView at present default View View Inform View Only support defaultView at present default View 3 2 6 2 SnmpTrap Setting SNMP trap A certain port where devices under the management of SNMP will notify SNMP manager rather than waiting for polling from SNMP manager In NMS Agents in managed devices could have all errors reported to NMW at any time instead of waiting for polling from NMW after its reception of such errors which as a matter of fact are the well known SNMP traps From the left navigation panel select Administration lt lt SNMP then enter SnmpTrap page as sho
31. network IP addresses represent more private network IP addresses thus saving public network IP addresses From navigation panel select Firewall gt gt NAT then enter NAT page as shown below Firewall gt gt NAT Network Address Translation NAT Rules Action Source Network Match Conditions Tranglated Address SNAT Inside ACL 100 cellular 1 ee ee Inside Network Interfaces ID Interface 1l fastethernet 0 1 fastethernet 0 2 r Outside Network Interfaces ID Interface i cellular 1 na Apply amp Save iicancenms Click lt Add gt to add new NAT rules as shown below 91 InHand Networks p www inhandnetworks com O a Connecting Devices Enabling Services Firewall gt gt NAT Action SNAT Source Network Inside IP to IP B IP to INTERFACE IP Address IP PORT to IP PORT Translated Address NETWORK to NETWORK ACL to INTERFACE IP Address Apply amp Save josGaneed Back Page description 1s shown below Default Translation Type Match Conditions SNAT Source NAT Translate IP packet s source address into another address Action DNAT Destination NAT Map a set of local internal SNAT addresses to a set of legal global addresses 1 1NAT Transfer IP address one to one Inside Inside address Source Network Inside Outside Outside address Translation Type Select the Translation
32. object None Description User define None 3 12 Network Mode 3 12 1 Cellular The default network mode is via cellular Connect the antenna and insert the SIM card to access internet 3 12 2 ADSL Dialup PPPoE Example Choose ADSL Dialup PPPoE instead of Cellular Configuration procedures of router are as follows Step 1 Disable cellular as shown below 134 InHand Networks www_inhandnetworks com Admini stration Layer Switch Hetwork Link Backup Routing Firewall Connecting Devices Enabling Services Network gt gt Cellular S Eo p Enable B Alem Total Alarms 0 Apply amp Save Cancel Alam Summary Step 2 Establish WAN which is divided into three types static IP type and ADSL dial up PPPoE are respectively shown in Fig 3 12 2 and Fig 3 12 3 Admini stration Layer Switch Hetwork Link Backup Routing Firewall QoS PH Industrial Tools Wizards Admini stration Layer Switch He twork Link Backup Routing Firewall Qos VFH Tools Wizards Wizards gt gt Hew WAH Interface fastethemet 0 1 Type Static IP F Total Alarns 6 Primary IP Alarm Summary Netmask 755 255 255 0 dataa 10 5 3 254 cs 3 5 Stop NAT Apply amp Save Cancel Fig 3 12 2 Wizards gt gt Hey WAN New ma k ae O iatera fastethernet 0 1 Type ADSL Dialup PPPoE 7 Total Alarms 0 Username Alarm Summary Password N
33. other branch subnets to branch routers through the persistent tunnel Therefore the next hop address reaching other branch subnet in the branch router s routing table will be the address of center router s tunnel 110 InHand Networks j www inhandnetworks com O a Connecting Devices Enabling Services port instead of the address of other branch router s tunnel port Thus the data transmission between branches will still pass through the center router To solve this problem it is required to set on the center router When a branch subnet s reachable routing is announced on the port of mGRE tunnel the next hop address is the address of this branch router s tunnel port instead of the address of the center router In RIP or EIGRP equidistant vector routing protocol the function of split horizon is usually achieved to prevent sending the routing information back to its source port and avoid routing loop on the adjacent routers If RIP or EIGRP protocol runs on the DMVPN network it is required to turn off the split horizon function Otherwise the branch routers will not be able to learn the routing to the other branch subnets For RIP this is enough because when RIP sends the routing to the routing information source port its next hop address will not be changed and remains to be the original address When EIGRP sends the routing to the routing information source port its next hop address will change to the address of the
34. show users Command show users Function display the user list of router View all views Parameter No Example input show users Displayed user list of system is as follows User Wherein user marked with is super user 3 7 show startup config Command show startup config Function Display the starting device of router View super user view and configuration view Parameter No Example enter show startup config Display the starting configuration of system 3 8 show running config Command show running config Function display the operational configuration of router View super user view configuration view Parameter No Example Enter show running config Display the operational configuration of system 4 Check the Command of Internet State 4 1 show interface Command show interface Function Display the information of port state of router View all views Parameter No Example enter show interface Display the state of all ports 141 InHand Networks www _inhandnetworks com O a Connecting Devices Enabling Services 4 2show route Command Show ip route Function Display the routing list of router View all views Parameter No Example enter Show ip route Display the routing list of system 4 3 show arp Command show arp Function Display the ARP list of router View all views Parameter No Example enter show arp Display the ARP list of system 5 Internet Testing Comman
35. sv None 36000 100 _ None aa Crypto Map i Feer ISAKMP Transform NE Rekey Rekey ts IDs address CLIP Profile set ie Lifetime wargin sec oa ipPSecwz 1 192 50 50 2 181 ipsecwzi None 3600 540 Ooo MO O O M l None 7 ea oo a Interface lt gt Crypto Map Map Interface Map Name fastethernet 0 1 Y ipsecwz Apply amp Save 3 VPN Status Checking From navigation panel select VPN gt gt IPSec then enter IPSec Status page as shown below VPN gt gt IPSec IPSec Status IPSec Phase 1 IPSec Phase IPSec Setting Name Tunnel Description Status IFSEC_1 Router 203 36 43 169 Conne tad 3 8 2GRE Generic Route Encapsulation GRE defines the encapsulation of any other network layer 106 InHand Networks WWW _inhandnetworks com O a Connecting Devices Enabling Services protocol on a network layer protocol GRE could be used as the L3TP of VPN to provide a transparent transmission channel for VPN data In simple terms GRE is a tunneling technology which provides a channel through which encapsulated data message could be transmitted and encapsulation and decapsulation could be realized at both ends GRE tunnel application networking shown as the following figure RouterA RouterB Along with the extensive application of IPv4 to have messages from some network layer protocol transmitted on IPv4 network those messages could by encapsulated by GRE to solve the trans
36. time zone of router set is east eighth area and the name is CST China s standard time enter default clock timezone in configuration view The time zone of recovered router is at the factory setting 6 4 clock set Command clock set lt YEAR MONTH DAY gt lt HH MM SS gt Function set the date and time of router View Configuration view Parameter lt YEAR MONTH DA Y gt date format Y M D lt HH MM SS gt time format H M S Example enter clock set 2009 10 5 10 01 02 in configuration view The time of router set is 10 01 02 of Oct 5 2009 morning 6 5 ntp server Command ntp server lt hostname gt no ntp server default ntp server 143 InHand Networks aa www _inhandnetworks com O o Connecting Devices Enabling Services Function set the customer end of internet time server View configuration view Parameter lt hostname gt address or domain name of mainframe of time server Example enter sntp client server pool ntp org in configuration view Set the address of internet time server pool ntp org 7 System Management Command 7 1 reboot Command reboot Function System restarts View super user view configuration view Parameter No Example enter reboot in super user view System restarts 7 2enable password Command enable password lt password gt Function modify the password of super user View configuration view Parameter lt password gt new super use
37. under normal working conditions and router B will take over the function when router A closes down or breaks down Setting preemption is to keep the function of router A as gateway under Master when router A returns to work 3 4 4 Interface Backup Interface backup refers to backup relationship formed between appointed interfaces in the same equipment When service transmission can t be carried out normally due to fault of a certain interface or lack of bandwidth rate of flow can be switched to backup interface quickly and the backup interface will carry out service transmission and share network flow so as to raise reliability of communication of data equipment When link state of main interface is switched from up to down system will wait for preset delay first instead of switching to link of backup interface immediately Only if the state of main interface still keeps down after the delay system will switch to link of backup interface Otherwise system will not switch After link state of main interface is switched from down to up system will wait for preset delay first instead of switching back to main interface immediately Only if state of main interface still keeps up after the delay system will switch back to main interface Otherwise system will not switch 3 4 4 1 Interface Backup From navigation panel select Link Backup gt gt Interface Backup then enter Interface Backup page as shown below 68 InHand Net
38. unreachable the static routing will be deleted The reachability test can be performed with InHand SLA to continuously check the reachability of ISP and be associated with static routing Basic principles of InHand SLA 1 Object track Track the reachability of the specified object 2 SLA probe The object track function can use InHand SLA to send different types of detections to 61 InHand Networks www inhandnetworks com O o Connecting Devices Enabling Services the object 3 Policy based routing using route mapping table It associates the track results with the routing process 4 Using static routing and track options SLA Configuration Steps Step 1 Define one or more SLA operations detection Step 2 Define one or more track objects to track the status of SLA operation Step 3 Define measures associated with track objects From navigation panel select Link Backup gt gt SLA then enter SLA page as shown below Link Backup gt gt SLA 5A statue SLA Entry Index Type IP Address Data size Interval Timeout ms Consecutive Life Start tine i icmp ech 56 30 5000 5 foreve T now Apply amp Save Page description 1s shown below Default Index SLAindex orID Type Detection type default is icmp echo the user cannot icmp echo change IP Address Detected IP address None Data Size User define data size 56 Interval User define detection interval 30 Timeout ms User
39. used for communication within 20m RS485 adopts half duplex communication to achieve long distance transmission of serial communication data RS485 is used for communication from tens of meters to kilometers Digital input of IO interface can convert electrical signals into binary digital control signals The digital is a logical variable or switch variable with only two values 0 and 1 Low voltage corresponds to the 0 and high voltage to 1 IO s relay output functions as an auto switch to automatically adjust protect and switch circuit E Instruction This part only applies to InRouter900 with industrial interface 3 9 1 DTU 3 9 1 1 Serial Port Settings Setting the parameters of router s serial port according to the serial port of the terminal device connected with router to achieve the normal communication between router and terminal device From navigation panel select Industrial gt gt DTU then enter DTU page as shown below 122 InHand Networks www _inhandnetworks com ee Connecting Devices Enabling Services I Ne Industrial gt gt DTU ujhand a Seria Port Administration Serial Port 1 Layer Switch I cima Serial Type RS232 Link Backup Baudrate oe Data Bits 8 bits Firewall Parity Stop Bit 1 Software Flow Control O VPN a Description industrial Tools Serial Port 2 Wizards d Serial Type R3485 Y Baudrate Data Bits pariy Stop B
40. with the continuous expansion of network size and complication of network number of computers often exceeds distributable IP addresses Meanwhile in pace with the extensive application of portable devices and wireless network position of computer changes frequently resulting to the frequent upgrade of IP address leading to a more and more complicated network configuration DHCP Dynamic Host Configuration Protocol is a product for such demands InHand Networks r www inhandnetworks com DHCP adopts Client Server communication mode Client sends configuration request to Server which feeds back corresponding configuration information including distributed IP address to the Client to achieve the dynamic configuration of IP address and other information In typical applications of DHCP generally one DHCP Server and a number of Clients PC and Portable Devices are included as the following figure shows DHCP client DHCP client DHCP server L ous DHCP client DHCP client When DHCP Client and DHCP Server are in different physical network segment Client could communicate with Server through DHCP Relay to obtain IP address and other configuration information as the following figure shows DHCP client DHCP client DHCP client DHCP client DHCP server 3 3 5 1 Status From navigation panel select Network gt gt DHCP then enter Status page as shown below Network gt gt DHCP Status DHCP Server
41. 00 sired ay Key v ades v m5_ Gop aad ISAKMP Profile Negotiation Local ID Remote ID z 2 a DPD Name Mod Type Local ID Type Remote ID Policy Keyring DPD Interval ane TTP t t ipsecwz2 IP Address IP Address 1 ipsecwz1 iain Me IP a iP Addr Yippee id Apply amp Save Cancel A Attention No need to fill in Local ID Type and Remote ID Type Step 2 IPSec Setting Phase 2 From navigation panel select VPN gt gt IPSec then enter IPSec Setting Phase 2 page as shown below Transform set Name Encapsulation Encryption Authentication IPSec Mode ipsecwzi esp aides sha Tunnel Mode esp des 9 rn 9 met Moder Apply amp Save Cancel Step 3 IPSec Setting From navigation panel select VPN gt gt IPSec then enter IPSec Setting page as shown below 104 InHand Networks www _inhandnetworks com Connecting Devices Enabling Services IPSec Profile i 2 roti Rekey Rekey Sees Name ISAKMP Profile Transform set PFS Lifetime Margin sec Fuzz Binding SIM P None 540 100 None aa Crypto Map l ISAKMP Transform oe eee Rekey Rekey Name ID PeerAddress ACLID Profile lt a PFS Lifetime Margin sec Fuzz ipsecwz 1 192 100 100 179 161 ipsecwzz ipsecwzi None 3600 540 1 00 O CO ee l d v None 3600 Interface lt gt Crypto Map Map Interface Map Name cellular 1 ipsecwz Cancel A Attention IPSec Profile s
42. 1 System Time 21 InHand Networks p www inhandnetworks com O a Connecting Devices Enabling Services Time synchronization of router with connected host could be set up manually in system time configuration part while system time is allowed to be set as any expected value after Year 2000 manually From the left navigation panel select Administration gt gt System Time then enter System Time page as shown below By clicking lt Syne Time gt you can make the time of router synchronized with the system time of the host Select the expected parameters in Year Month Date and Hour Min Sec colum then click lt Apply amp Save gt The router will immediately set the system time into expected value Administration gt gt System Time Router Time 2015 07 10 11 03 27 PC Time 2013 07 10 11 03 31 Year Month Date 2013 fi 0 T Fi 10 Hour Min Sec at l 03 l a7 Timezone UTC 08 00 China Hong Kong Western Australia Singapore Taiwan Russia Apply amp Save Page description is shown below Router Time System time of Router 1970 01 01 PC Time Time of connected PC None Year Month Da Current Set the expected Year Month Date te Year Month Date Current Hour Min Sec Set the expected Hour Min Sec l Hour Min Sec Timezone Set timezone UTC 08 00 3 3 2 2 SNTP Client SNTP namely Simple Network Time Protocol is a system for synchronizing th
43. 29 TOTOO s E E E E E 129 SAET E E A E E A E 129 310 2 Roun GCI C HO Ue sasn aaa E E TEA aaa iaaa 130 eA AM Sees TCS E EEE T AEE E E AE EE TAE AA AE N 131 J ConneuraNnon Wizardsissa inni a a a ea EEE E E EENE ENES EE Ea E aa 131 SONAL ING WwW LAN erar a E E T E E E A E E E EA ON EE E E E OEA 131 SA NON WAN e E E T E RE E E E E E E R E E E ANE E E EES 132 ALSEN W E E scacueeeceaseeoseauareatearenes 132 SAA New IPsec Tunnel sassen E E E aia 133 SUS NeW Ome V1 IPP i ee E E N A E R A 134 FIZ NEN Ork WOO Ciccssisscterrsaeesrnmareetinninnrnnninnnasitinnenminnaiee namie 134 APARSA A DoT AUD A E A E I E A E A E eva doe E 134 o A VV PAIN AIE E O E PE E TE A E I PE I E T I O E E 134 APPENDIX 1 TROUBLESHOO EIN G wivtsiccasaussvescissisceasersstessbacecsitusssousinsescesssnavesesbececsiacnsioasseacasesssavaaensteaecsdansatoseteene 137 5 InHand Networks wa www_ inhandnetworks com O a Connecting Devices Enabling Services APPENDIX 2 INSTRUCTION OF COMMAND LINE seesssseeessssseesssssesssssseessssocessssscoesssssoesssssoesssossesssossesssssssesssose 139 APPENDIX 3 GLOSSARY OF TERMS iicissscesssccsessceacvesnasnsacsegesenssensonsessseavenpeasosseysaaseacsosansesedeneneatesensesesseeseecoesereaes 145 APPENDIX 4 DESCRIPTION OF LEDS ssassctasssvecceseaseetansseacdagenseetectsenedaseasectousernensdnndeedoatseassedensuedseagvatsedsesencebaeveveaee 147 6 InHand Networks o www inhandnetworks com O a Connecting Devices Enabling Services 1 InRou
44. 55 255 255 0 Remote Subnet Remote Netmask 255 255 255 0 Phase 1 Parameters IKE Policy 3DES MD5 DH2 IKE Lifetime 86400 Local ID Type TP Address Local ID Remote ID Type IP Address Remote ID Authentication Type Shared Key Key Phase 2 Parameters IPSec Policy 3DES MD5 96 IPSec Lifetime S600 z 133 InHand Networks www inhandnetworks com O o Connecting Devices Enabling Services 3 11 5 New Port Mapping Click navigation panel Wizard gt gt New Port Mapping menu enter New Port Mapping interface as shown below ey Rad Wizards gt gt New Port Mapping Administration Total Alarms 0 Alarm Summary Tatvork Protocol TCP Y Outside Interface cellular 1 v Link Backup Service Port Routing Internal Address Firewall y 135 Stop Internal Port VPE Description Apply amp Save Cancel Industrial d d d d gt QoS b Tools b Fizards Page information is shown below Parameter Name Description Default Protocol TCP or UDP for protocol TCP Users select port connecting outer net according to Outside Interface Cellular 1 the demand Service Port TCP or UDP data communication port None Internal Address Equipment address of mapping object None Internal Port TCP or UDP port of mapping
45. A certificate equipment public key certificate A Attention 1 The suffix of CA and public key certificate is crt and the suffix of private key certificate is key equipment private key certificate like ca crt my crt my key 2 The time of equipment must be accurate in using certificate Step 3 Configure OpenVPN server after router is configured Add a static routing to 192 168 2 0 24 route add net 192 168 2 0 netmask 255 255 255 0 dev tunO suppose the net port of OpenVPN server is tunQ 3 8 6 Certificate Management From navigation panel select VPN gt gt Certificate Management then enter Certificate Management page as shown below 121 InHand Networks www _inhandnetworks com O o Connecting Devices Enabling Services VPN gt gt Certificate Management Certificate Management Protect Key Protect Key Confirm Import CA Certificate Export CA Certificate Export CRL Import Public Key Certifical Export Public Key Certificat Import Private Key Certifica Export Private Key Certifics te te tp te pay E E E E Import PECS12 Certificate Export PECS12 Certificate 3 9 Industrial Router s industrial interface has two types serial port and IO interface Serial port has RS232 and RS485 modes and IO interface has digital input and relay output modes RS232 adopts full duplex communication with one transmission line one receiving line and one ground line RS232 is generally
46. AT w TE Apply amp Save Fig 3 12 3 Step 3 Configure corresponding parameters of DNS service in case that static IP type is applied in the step above as shown below Confirm the normal internet access of PC after configuration InHand Networks 135 www inhandnetworks com InHand Networks hy CNS Network gt gt DHS mesae Admini stration j Primary DNS 202 106 0 20 Secondary DNS 8 8 8 4 Apply amp Save Cancel Layer Switch j He twork Total Alarms 0 Alarm Summary Link Backop Routing Firewall j 005 VF j Industrial j Tools i Wizards j 136 Connecting Devices Enabling Services www inhandnetworks com O o Connecting Devices Enabling Services Appendix 1 Troubleshooting 1 InRouter is powered on but can not access Internet Please check Whether the InRouter is inserted with a SIM card Whether the SIM card is enabled with data service whether the service of the SIM card is suspended because of an overdue charge Whether the dialup parameters e g APN dialup number account and password are correctly configured Whether the IP Address of your computer is the same subnet with InRouter and the gateway address is InRouter LAN address 2 InRouter is powered on have a ping to detect InRouter from your PC and find packet loss Please check if the network crossover cable is in good condition 3 Forget the setting after revising IP address a
47. Bandwidth aaa mn Maximum bandwidth in user self definition No ps Local Preference Local preference in selecting strategy Application Qos No No No No 97 InHand Networks _ www _inhandnetworks com O a Connecting Devices Enabling Services Port Control port of selecting flow cellular1 Maximum Input Maximum bandwidth more than input strategy in user No Bandwidth Kbps self definition Maximum Output Maximum bandwidth more than output strategy in user No Bandwidth Kbps self definition Input Strategy Strategy name defined above No Output Strategy Strategy name defined above No 3 7 2 QoS Application Example Example Set router to distribute local preference to different downloading channels Configuration procedures of router are as follows Step 1 Add type to describe downloading flow for example the IP address of local mainframe appointed shall be the destination Step 2 Add strategy to guarantee the bandwidth and local preference of each type Step 3 Select the out port in strategy application and distribute a out maximum bandwidth for port as shown in the following figure Industrial download ftp downl 200 low download ftp down2 200 highest v Tools PD lt yN QoS gt gt Traffic Control Traffic Control f Admini stration gt Classifier Al arn Layer2 Switch gt Hetwork k Hame P m Source Destination Protocol Total Alarns 0 i b i D o
48. KE Strategy list WA Key Ring The defined key set in the key set list N A Used for detection interval of IPSec neighbor state After initiating DPD If receiving end can not receive IPSec cryptographic DPD Interval message sent by peer end within interval of triggering DPD receiving end TA can make DPD check send request message to opposite end automatically detect whether IKE peer pair exists Receiving end will make DPD check and send request message automatically DPD Timeout to opposite end for check If it does not receive IPSec cryptographic message WA from peer end beyond timeout ISAKMP Profile will be deleted GF instruction The security level of three encryption algorithms ranks successively AES 3DES DES The implementation mechanism of encryption algorithm with stricter security is complex and slow arithmetic speed DES algorithm can satisfy the ordinary safety requirements 3 8 1 2IPsec Phase 2 From navigation panel select VPN gt gt IPSec then enter IPSec Phase 2 page as shown below VPN gt gt IPSec l E a Co Transform set Name Encapsulation Encryption Authentication IPSec Mode esp 3des md Tunnel Mode ty Apply amp Save Cancel Page description is shown below Name User define Transform Set name N A Choose encapsulation forms of data packet Encapsulation _ esp AH protect integrity and authent
49. Method List Layer Switch j eines Method Hame Service Type Wl Us exname Password Hostname Total Alarms 0 aa Custom http fwaw example Alam Summary Link Backup j Disable Routing k Firewall j 35 T k 7 fal Specify A Method To Tnterface Stop VFH Interface Method Industrial bridge 1 T aa Tools Add Wizards Save Confizorati on Apply amp Save Cancel Copyright 2001 2013 Fig 3 3 7 2 Dynamic Domain Name tailored domain name parameter a i Admini stration j DDNS Method List Layer Switch j a b Method Hame Service Type Password 11 TymAccess test SOR test dynaccess Alem Summary Link Backup j l z Disable T Routing j Firewall I 3s T a a fay a Specify A Method To Tnterface Stop WFH Interface Method Industrial z bridge 1 v 11 v Tools Add Wizards Save Configuratii on Apply amp Save Cancel Fig 3 3 7 3 Dynamic Domain Name general domain name parameter Second Wait for minutes when dynamic domain names are configured and application is in storage then ping the domain name to confirm the successful configuration of dynamic domain name as shown below IE TE Ping walkeri204 ddns net 211 136 69 1791 BS 32 TRAE 211 136 69 179 AY Fp 32 AY a lt ims TTL 64 H 211 136 69 179 Ff Fp 32 Wyls lt ims TTL 64 211 136 69 179 F F F p32 A lElkims TTL 64 52 211 136 697 179 f 32 Pfjijtims TTL 64 211 136 ii 179 A Ping iria E if D AIE atel ER Cx Ed 3
50. O o Connecting Devices Enabling Services InRouter900 Series User s Manual InHand Network www inhandnetworks com Version V3 0 July 2015 InHand Networks www _inhandnetworks com O a Connecting Devices Enabling Services Preface Thanks for choosing InRouter900 series industrial routers This user s manual will guide you in detail on how to configure InRouter900 The preface includes the following contents Readers Conventions in the Manual Obtaining Documentation Technical Support Information Feedback Readers This manual is mainly intended for the following engineers Network planners On site technical support and maintenance personnel Network administrators responsible for network configuration and maintenance Conventions in the Manual 1 Format Conventions on Command Line Format Significance Bold Keywords of command line the part that should be remained unchanged in command and be entered as it is are expressed with bold font Italic The parameters of command line the part that must be replaced with the actual value in command are expressed in italic Indicating that the part in is optional in command configuration xlyl Indicating to select one from multiple options xlyl Indicating to select one or not to select from multiple options xlyl Indicati
51. P v6 me Intemet Protocol Version 4 TCPY IPy4 wi Link Layer Topology Discovery ae 170 Driver wi Link Layer Topology Discovery Respo Uninstall Transmission Control Protocol Intemet Protocol The default wide area network protocol that provides communication across diverse interconnected networks 4 Select Internet Portocol Version 4 TCP IPv4 click lt Properties gt to enter Internet Portocol Version 4 TCP IPv4 Properties page Select Obtain an IP address automatically and Obtain DNS Server address automatically then click lt OK gt to finish setting as shown below 13 InHand Networks www_inhandnetworks com O a Connecting Devices Enabling Services You can get IP settings assigned automatically if your network supports this capability Otherwise you need to ask your network administrator for the appropriate IP settings Obtain an IP address automatically O Use the following IP address IP address Subnet mask Default gateway 6 Use the following DNS server addresses Preferred DMS server Alternate ONS server Validate settings upon exit 2 1 2 Set a static IP address Enter Internet Portocol Version 4 TCP IPv4 Properties page select Use the following IP address type IP address arbitrary value between 192 168 2 2 192 168 2 254 Subnet Mask 255 255 255 0 and Defafult Gateway 192 168 2 1 then click lt OK gt to finish setting as shown
52. Password Set Email password None Crypt Set the crypt method None Email Addresses Destination address of receiving alarm email 1 10 None A Attention When the email parameters had been configured you should click the send test email button so that ensure the configuration is correct If the test email failed it may the network configuration or mailbox configuration is not correct 3 2 7 4 Alarm Map Alarm Map consists of two mapping ways CLI console interface and Email In case of latter one is selected and then alarm output shall be activated with an email address well configured From the left navigation panel select Administration gt gt Alarm then enter Alarm Map page as shown below 40 InHand Networks i m www inhandnetworks com o a Connecting Devices Enabling Services Administration gt Alarm CS CS Vara Start Cold Start Memory Low FEO 1 Link Down FEO 1 Link Up FEO 2 Link Down FEO 2 Link Up Cellular Up Down ADSL Dialup PPPoE Up Down Ethernet Up Down Apply amp Save uusGancebes 3 2 8 System Log System Log includes massive information about network and devices including operating status configuration changes and so on serving as an important way for network administrator to monitor and control the operation of network and devices System Log could provide information to help network administrator to find network problems or safety
53. S rely DHCP Server has to be closed firstly 3 3 7 Dynamic Domain Name DDNS is the abbreviation of Dynamic Domain Name Server DDNS maps user s dynamic IP address to a fixed DNS service When the user connects to the network the client program will pass the host s dynamic IP address to the server program on the service provider s host through information passing The server program is responsible for providing DNS service and realizing dynamic DNS It means that DDNS captures user s each change of IP address and matches it with the domain name so that other Internet users can communicate through the domain name What end customers have to remember is the domain name assigned by the dynamic domain name registrar regardless of how it is achieved DDNS serves as a client tool of DDNS and is required to coordinate with DDNS Server Before the application of this function a domain name shall be applied for and registered on a proper website such as www 3322 org After the settings of dynamic domain name on WBR204n a corresponding relationship between the domain name and IP address of WAN port of the device is established IR900 DDNS service types include DynAccess QDNS 3322 Dynamic QDNS 3322 Static DynDNS Dynamic DynDNS Static and NoIP 3 3 7 1DDNS 58 InHand Networks www _inhandnetworks com O a Connecting Devices Enabling Services From navigation panel select Network gt gt DDNS then enter DDNS page as shown be
54. Type IP to IP Instruction Private network IP address refers to the IP address of internal network or host while public network IP address is a globally unique IP address on the Internet RFC 1918 three IP address blocks for the private network as follows Class A 10 0 0 0 10 255 255 255 Class B 172 16 0 0 172 31 255 255 Class A 192 168 0 0 192 168 255 255 The addresses within the above three ranges will not be allocated on the Internet Therefore they can be freely used in companies or enterprises without the need to make application to the operator or registration center 3 6 2 1 NAT Click navigation panel Firewall gt gt NAT menu enter NAT interface as shown in the following figure 92 InHand Networks ail www _inhandnetworks com Connecting Devices Enabling Services XS Firewall gt gt HAT unhand mar Admini stration j Network Address Translation HAT Rules Layer Switch A Source ae Translated ees Total H t k j mis 1 1 etwor Action Betcek Match Condi tions Addres lt Description aces Link Backup r SHAT Inside ACL 100 cellular 1 Alarm Summary b SHAT Inside ACL 179 fastethernet O 1 b Add Modi Ey Delete Firewall ye Bs Inside Hetwork Interfaces Stop PH Industrial La In Interface 1 bridge 1 Tools gt 2 F Wi d k Add Qutside Hetwork Interfaces TH Interface 1 cellular 1 z fastethernet 0 1 it X 3 7 Add Apply amp Save Cancel
55. a Stop Default Value eTa Content described in user s self defined channel Closed 119 www inhandnetworks com O o O Connecting Devices Enabling Services Connection Testing Set connecting testing time interval No Interval Connection Testing Set connecting testing overtime No Overtime Expert l Set expert option blank advisable No Configuration CF instruction Import configurations can be directly imported into the configured documents generated from backend server and manual configuration of OPENVPN customer end parameter is in no need after import 3 8 5 2 OPENVPN Application Example Example OpenVPN is based on TCP UDP and can be applied to any port Refer to the following figure for topological graph 192 168 5 2 192 168 5 Po ENV PN Tunne ee 219 239 25 118 LAN 192 168 8 L AN 192 168 9 1 OpenVPN EH 4 a vat J p TTL rr 192 168 9 0 24 192 168 8 0 24 192 168 9 2 192 168 8 2 PC A PC B In the figure an OpenVPN channel is established on equipment A and OpenVPN server The virtual IPs at both sides of the channel are respectively 192 168 5 2 and 192 168 5 1 a If OpenVPN of equipment A is in routing mode the routing to 192 168 8 0 24 will be to OpenVPN channel and OpenVPN server Accordingly a static routing will be added to OpenVPN server so that the packet routing to 192 168 9 0 24 will be to OpenVPN channel In this way PC A and PC B is i
56. a router wants to run the OSPF protocol there should be a Router ID Router ID can be manually configured If no Router ID is configured the system will automatically select one IP address of interface as the Router ID The selection order is as follows If a Loopback interface address is configured then the last configured IP address of Loopback interface will be used as the Router ID If no LoopBack interface address is configured choose the interface with the biggest IP adress from other interfaces as the Router ID OSPF has five types of packets Hello Packet DD Packet Database Description Packet LSR packet Link State Request Packet LSU Packet Link State Update Packet LSAck packet Link State Acknowledgment Packet Neighbor and Neighboring After the start up of OSPF router it will send out Hello packets through the OSPF interface Upon receipt of Hello packet OSPF router will check the parameters defined in the packet If both are consistent a neighbor relationship will be formed Not all both sides in neighbor relationship can form the adjacency relationship It is determined based on the network type Only when both sides successfully exchange DD packets and LSDB synchronization is achieved the adjacency in the true 78 InHand Networks aa www _inhandnetworks com O o Connecting Devices Enabling Services sense can be forme
57. address and subnet mask for interface PPPoE configuration interface as PPPoE Client PPPoE the short form of Point to Point Protocol over Ethernet achieves networking of a large number of hosts through Ethernet connects with internet through a remote access device and carries out control and charging of each connected host High performance and favorable price are the key factors for PPPoE s extensive applications in community networking construction and so on 3 3 1 1 Status From navigation panel select Network gt gt Ethernet then enter Status page as shown below 45 InHand Networks ail www_inhandnetworks com eS Connecting Devices Enabling Services Network gt Ethernet Status i Fastethernet 0 1 i Fastethernet 0 2 Fastethernet 0 1 Connection Type Static IP IP Address 192 168 1 1 Netmask 200 200 200 0 Gateway 0 0 0 0 DNS 0 0 0 0 MTU 1500 Status Up Connection time 0 day 00 31 05 Remaining Lease Fastethernet 0 2 Connection Type Static IP IP Address 192 168 2 1 Netmask 200 200 200 0 Gateway 0 0 0 0 DNS 0 0 0 0 MTU 1500 Status Up Connection time 0 day 00 31 05 Remaining Lease 3 3 1 2 Ethernet Port The connection of Ethernet port here is manual mode namely manually configuring an IP address and subnet mask The configuration of the two Ethernet ports is the same Take Ethernet 0 1 as an example From navigation panel select Network g
58. ame Rule Select the name of network interface Select the rules for in and out and management 3 6 1 2 Access Control Application Example cellular1 none Example a router R900 is connected with intranet at its FE 0 1 the net section of intranet is 192 168 1 2 254 FE 0 2 is connected with intranet net section of intranet is 192 168 2 2 254 configure router for no access into the internet with FE 0 2 and access into Internet can be realized when FE 0 1 is connected with intranet Configuration procedures of router are as follows Step 1 Open ACL click lt add gt for access control list and configure parameters as shown in the following figure InHand Networks 89 WWW _inhandnetworks com InHand Networks CN Firewall gt gt ACL ujhand sex Admini stration Access Control List Layer Switch Heirerk b m Action Protocol Source Destination 0 100 permit ip any any Alarms ckap d 179 permit ip any any Alarm Summary Routing Firewall j Ei QoS Interface List 3s St PH op Interface In ACL Oot ACLs Admin ACL Tadmtrasi cellular 1 none none none l F Tools Add Wizards F Copyright 2001 2013 Apply amp Save TnHand Watwnarkbe Ca Ttd Step 2 Click lt Apply and Store gt when parameter configuration is done then ID 101 can be seen on the newly established access control list SS Firewall gt gt ACL yad Admini stration gt ea
59. ame format based on UDP and information transmission mechanism confirmed UDP Port 1812 as the authentication port Radius Server generally runs on central computer or workstation Radius Client generally is located on NAS Initially Radius is designed and developed against AAA protocol of dial in users Along with the diversified development of user access ways Radius also adapts itself to such changes including Ethernet access and ADSL access Access service is rendered through authentication and authorization Message flow between Radius Client and Server is shown as follows iae name E 2 Request q 8g __ a Response 3 User RADIUS client RADIUS server User name and passport will be sent to the NAS when the user logs on it Radius Client on NAS receives username and password and then sends an authentication request to Radius Server Upon the reception of legal request Radius Server executes authentication and feeds back required user 29 InHand Networks a www _ inhandnetworks com O a Connecting Devices Enabling Services authorization information to Client For illegal request Radius Server will feed back Authentication Failed to Client From the left navigation panel select Administration lt lt AAA then enter Radius page as shown below Administration gt AAA Pr teens rar A Settee server List Server Address
60. annel could be established between SSH Client and SSH Server to achieve WAN connection Following is a figure showing the establishment of a SSH channel in WAN Local LAN Remote LAN SSH Client PC From the left navigation panel select Administration lt lt Admin Access then enter Management Service page as shown below 27 InHand Networks r www inhandnetworks com O a Connecting Devices Enabling Services Administration gt gt Admin Access hI so HTTP Enable Port B0 HTTPS Enable Port 143 Enable Port 23 SSH Enable Port oo Timeout 120 s 0 120 Eey Mode RSA Key Length 1024 Apply amp Save uuGanceliss Page description is shown below Parameters Description Default HTTP Hypertext Transfer Protocol Plaintext Transmission Port 80 On HTTPS Secure SSL Encryption Transmission Protocol Port 443 Off Standard protocol and main way for Internet telnet service TELNET On Port 23 Port 22 Timeout timeout of SSH session No operation within this SSH period on SSH Client SSH Server disconnect Default 120s ort Cipher Mode set up public key encryption method currently only RSA supported Cipher Code Length set up cipher code length 512 or 1024 default 1024 3 2 4 AAA AAA access control is used to control visitors and corresponding services available as long as access is allowed Same method is adopted to configur
61. ansmission mode because GRE has encapsulated the original packet as the unicast IP packet and it is unnecessary to let IPSec re encapsulate a header The transmission mode IPSec requires that the source and destination addresses of encrypted data packet must match with the addresses of the IPSec tunnel s both terminals It means that the addresses of the GRE tunnel s both terminals must be the same with those of the IPSec tunnel s both terminals Since the routers on both terminals of GRE tunnel are the same routers on both terminals of IPSec tunnel so this can be guaranteed Through the combination of GRE tunnel and IPSec encryption we can utilize the dynamic routing protocol to update the routing tables on the routers at both ends of the encrypted tunnel The subnet learned from the tunnel peer will contain the IP address of tunnel s opposite terminal as the next hop address of the opposite terminal s subnet So that in case of change in the network at any terminal of tunnel the other end will dynamically learn this change and maintain the connectivity of network without changing the configuration of router 3 8 3 3 Realization of Dynamic Routing Protocol in DMVPN Network We have mentioned above that in the DMVPN network the Spoke to Hub tunnel once established will persist while there is no persistent tunnel between branches So that after the initialization of router the center router will announce the reachable routings of
62. b tunnel once established will persist while it is not required to directly configure a continuous tunnel between branches When a branch wants to transmit data package to another branch it will use NHRP to dynamically acquire the IP address of destination branch In this process the center router acts as the NHRP server to respond to the request of NHRP and provide the public network address of destination branch to the source branch Hence an IPSec tunnel can be dynamically established between two branches through the mGRE port for data transmission The tunnel will be automatically removed after a predefined cycle Support for Dynamic Routing Protocols DMVPN is based on GRE tunnel while GRE tunnel supports the transmission of multicast or broadcast IP packet in tunnel Therefore DMVPN network supports running dynamic routing protocols on IPSec and mGRE tunnels It should be pointed out that NHRP must be configured as dynamic multicast mapping so that when the branch router registers unicast mapped address on the NHRP server center router NHRP will also establish a multicast broadcast mapping for the branch router We have mentioned above that IPSec tunnel does not support multicast broadcast packet encapsulation while GRE tunnel encapsulates multicast broadcast packet in GRE packet and GRE packet is a unicast packet and can be encrypted by IPSec In encryption of GRE packet with IPSec IPSec can be configured to the tr
63. basic network information and set up connections 3 E i See full map DL PC dz 26 Internet This computer View your active networks Connect or disconnect MES 26 Access type No Internet access Public network Connections H Rimes Change your networking settings ae Set up a new connection or network Set up a wireless broadband dial up ad hoc or VPN connection or set up a router or access point Connect to a network Connect or reconnect to a wireless wired dial up or VPN network connection Choose homegroup and sharing options Access files and printers located on other network computers or change sharing settings 2 Click the button lt Local Connection gt to enter the window of Local Connection Status InHand Networks 11 WWW _inhandnetworks com O o Connecting Devices Enabling Services No network access No network access Enabled 09 36 04 _ Sent Ww Received 471 109 4 678 075 3 Click lt Properties gt to enter the window of Local Connection Properties as shown below 12 InHand Networks www_inhandnetworks com O o Connecting Devices Enabling Services Connect using EP Realtek RTL8168D7 8111D0 3 51 PCI E ake Afk NIC This connection uses the following items IN Client for Microsoft Networks Z VMware Bridge Protocol Z QoS Packet Scheduler J File and Printer Sharing for Microsoft Networks Intemet Protocol Version 6 TCP I
64. below 14 InHand Networks www _inhandnetworks com Internet Protocol Version 4 TCP TPv4 Properties General You can get IP settings assigned automatically if your network supports this capability Otherwise you need to ask your network administrator for the appropriate IP settings Obtain an IP address automatically Use the following IP address IP address 192 168 Subnet mask 255 255 Default gateway 192 168 Obtain DNS server address automatically Use the following DNS server addresses Preferred DNS server 8 8 Alternate DNS server 202 106 Validate settings upon exit Connecting Devices Enabling Services 2 2 Confirm that the network between the supervisory PC and router 1s connected 1 Click the button lt Start gt at the lower left corner to research cmd exe and run cmd exe Microsoft Windows Version 6 1 76B Copyright tc 2669 Microsoft Corporation All rights reserved G Wserssdlz gt 15 InHand Networks m www_inhandnetworks com Ce 2 Enter ping 192 168 2 1 IP address of router it is the default IP address and click the button lt OK gt If the pop up dialog box shows the response returned from the router side it indicates that the network 1s connected otherwise check the network connection Em C Windows system32 cmd exe _ Lo m Microsoft Windows Uersion 6 1 7606 Copyright tc 2609 Microsoft Corporation AL r
65. c Control then enter Traffic Control page as shown below 95 InHand Networks a www _inhandnetworks com O o Connecting Devices Enabling Services QoS gt gt Traffic Control Classifier Any 2 3 Name Source Destination Protocol Packets o E rs Eoo C icmp C igmp C tep C udp C gre CI aap ah E aapi P VEIp lZtp Policy Name Classifier Guaranteed Bandwidth Kbps Max Bandwidth Kbps Priority a a E Apply QoS Interface Ingress Max Bandwidth Kbps Egress Max Bandwidth Kbps Ingress Policy Egress Policy cellular 1 ha Apply amp Save imucancenm Page description is shown below Parameters Description Default Name Name Name Any Packets Click Startup for flow control to any packets Forbidden Source Source address of flow control N A Destination Destination address of flow control N A Protocol Click to select protocol style N A me Name Name of user defined flow control strategy N A Classifier Name of style defined above N A Guaranteed Bandwidth N A User defined guaranteed bandwidth Kbps Maximum Bandwidth N A User defined maximum bandwidth Kbps Local Priority _ Local priority of selection strategy N A Apply Qos Interface Selection of flow control interface cellularl Ingress Max bandwidth User define bigger than maximum bandwidth of input N A Kbps strategy Egress Max bandwidth U
66. cated adding static routing is successful 3 5 2 Dynamic Routing 74 InHand Networks p www inhandnetworks com O a Connecting Devices Enabling Services The routing table entry on dynamic router is obtained in accordance with certain algorithm optimization through the information exchange between the connected routers while the routing information is continuously updating in certain time slot so as to adapt to the continuously changing network and obtain the optimized pathfinding effects at any time In order to achieve efficient pathfinding of IP packet IETF has developed a variety of pathfinding protocols including Open Shortest Path First OSPF and Routing Information Protocol RIP for Autonomous System AS interior gateway protocol The so called autonomous system refers to the collection of hosts routers and other network devices under the management of the same entity e g schools businesses or ISP 3 5 2 1 Dymamic Routing status From navigation panel select Routing gt gt Dynamic Routing then enter Route Table page as shown below Routing gt Dynamic Routing j i Route Tanie l Type Connected Type Destination Netoask Gateway Interface Distance Metric Tine C 127 0 0 0 255 0 0 0 loopback 1 0 0 C 192 168 1 0 255 255 255 0 fastethernet 0 1 0 0 C 192 168 2 0 255 265 255 0 fastethernet 0 2 00 325 2 2 RIP RIP Routing Information Protocol is a relatively simple interior gateway pr
67. ce 203 86 63 233 is the gateway address of enterprise where PC is affiliated as shown in the following figure ink Backup gt SLA SLA Status sra SLA Entry Admini stration j Layer Switch j Total Alarms 0 Index Type IF Address Data size Interval Timeout ms Consecutive Life Start time He twork k 1 iemp echo 203 86 63 233 56 10 2000 5 forever TOW Alam Summary Link Backup j F Ie mm ees 2 icmp echo 56 30 5000 5 forever now Routing l Add gt Firewall Yc T QoS Stop Apply amp Save Cancel FPH j Industrial b Tools Wizards Save Configuration Step 4 Open Link Backup gt gt Track configure corresponding parameters as shown in Fig 3 4 4 5 70 Connecting Devices Enabling Services WWW _inhandnetworks com InHand Networks ee CN Link Backes 3 Waee unhand i i Admim stration Track Object Layer Switch B teerk b Index Type SLA ID Interface Hegative Delays Positive Delays Total Alarms 0 1 sla 1 o 0 t xX Alarm Summary Link Backop j 2 sla JB Jo o Oo f Routing j Add 3 Firewall 34 Qof j lee hea stop Cancel YFH Industrial k Tools Wizards Step 5 Open Link Backup gt gt Interface Backup configure corresponding parameters as shown in the following figure Nl N Link Backup gt Interface Backup me Int
68. ce The output interface for the router to forward package RoutingCost Cost for the router to reach the destination Routing time The time from the last update of router entry to the present Each time the router entry 1s updated the routing time will be reset to 0 From navigation panel select Routing gt gt Dynamic Routing then enter RIP page as shown below Routing gt gt Dynamic Routing i Table ir J Enable Update Timer 30 z Timeout Timer 180 3 Garbage Collection Timer 120 5 Version Default Network IP Address Netoagk Show Advanced Options apply Save Advanced Options are shown as below 76 InHand Networks www inhandnetworks com O a Connecting Devices Enabling Services Routing gt Dynamic Routing l Route Table RIP Filter In Deny Any Filter Out Permit Default route Interface Default Information Originate a Default Metric 1 Distance 120 Redistribute Connected Redistribute Static Redistribute OSPF Passive default Passive default Interface Neighbor IP Address Page description is shown below a RRS Default Enable Enable Disable Disable Update timer It defines the interval to send routing updates 30 It defines the routing aging time If no update package on a routing is received within the aging time the Timeout timer 180 routing s Routing Cost in the routing table will
69. ce port of SNTP server Server Address The meanings of key items in the page are shown in the table below N Attention Before setting a SNTP server should ensure SNTP server reachable Especially when the IP address of SNTP server is domain should ensure DNS server has been configured correctly If you configure a source interface and then cannot configure the source address the opposite is also true Yer Instruction When setting multiple SNTP server system will poll all SNTP servers until find an available SNTP server 23 InHand Networks www inhandnetworks com O a Connecting Devices Enabling Services 3 2 3 Admin Access Admin Access allows the management of users which are categorized into superuser and common user Superuser only one automatically created by the system allocated with the user name of adm and granted with all access rights to the router Common user created by superuser with the right to check rather then modify router configuration 3 2 3 1 Create a User Select Administration gt gt Admin Access then enter Create a User page as shown below Create a user Administration 7 Admin Access Create a user Username New Password Confirm New Password Apply amp Save iiicancemms User Summary Username adm Page description is shown below Username New username None
70. cellular 1 T caer Translated Address i IP Address 192 168 2 23 3s ate Description Birt Industrial b Teal Apply amp Save Cancel Back I 3 7Qos In the traditional IP network all packets are treated equally without distinction Each network device uses first in first out strategy for packet processing The best effort network sends packets to the destination but it cannot guarantee transmission reliability and delay QoS can control network traffic avoid and manage network congestion and reduce packet dropping rate Some applications bring convenience to users but they also take up a lot of network bandwidth To ensure all LAN users can normally get access to network resources IP traffic control function can limit the flow of specified host on local network QoS provides users with dedicated bandwidth and different service quality for different applications greatly improving the network service capabilities Users can meet various requirements of different applications like guaranteeing low latency of time sensitive business and bandwidth of multimedia services QoS can guarantee high priority data frames receiving accelerate high priority data frame transmission and ensure that critical services are unaffected by network congestion IR900 supports four service levels which can be identified by receiving port of data frame Tag priority and IP priority From navigation panel select Qos gt gt Traffi
71. connect to the server Please make sure Shared Connection on Network gt WAN or Network gt Dialup is enabled in the configuration of InRouter 8 InRouter is powered on but the Power LED is not on Check if the protective tube is burn out Check the power supply voltage range and if the positive and negative electrodes are correctly connected 9 InRouter is powered on but the Network LED is not on when connected to PC When the PC and InRouter are connected with a network cable please check whether a network crossover cable is used Check if the network cable is in good condition Please set the network card of the PC to 10 100M and full duplex 10 InRouter is powered on when connected with PC the Network LED is normal but cannot have a ping 137 InHand Networks 5 www inhandnetworks com O o Connecting Devices Enabling Services detection to the InRouter Check if the IP Address of the PC and InRouter are in the same subnet and the gateway address is InRouter LAN address 11 InRouter is powered on but cannot configure through the web interface Whether the IP Address of your computer is the same subnet with InRouter and the gateway address is InRouter LAN address Check the firewall settings of the PC used to configure InRouter whether this function is shielded by the firewall 12 The InRouter dialup always fails I cannot find out why Please restore InRouter to factory default settings and configure the param
72. d LSA describe the network topology around a router LSDB describe entire network topology From navigation panel select Routing gt gt Dynamic Routing then enter OSPF page as shown below Routing gt gt Dynamic Routing jennie Table OSPF Enable Router ID Show Advanced Options Network IP Address Netoask Area ID Interface Hello CEET Retransnit Transmit Interface Cost Tie Dead Interval Hetwork Priority Interval Deylay 10 l10 40 Broadcast 1 5 1 Apply amp Save Page description is shown below Parameters Description Default Enable Enable Disable Disable Router ID RouterID oftheoriginating the LSA None Advanced Options a Default Metric The default overhead of the router reach to None destination Redistribute Router Introduce the directly connected static RIP Disable _ protocols into the OSPF protocol Network IP Ken IP Address of local network None Subnet Mask Subnet Mask of IP Address of local network None Area ID Area ID of router which originating LSA None Interface Interface The interfae None Send interval of Hello packet If the the Hello time Hello Interval between two adjacent routers is different you can None not establish a neighbor relationship Dead Time If no Hello packet is received from the neighbors the neighbor is considered failed If Dead Interval None dead times of two adjac
73. d PIJE Auto Auto Page description is shown below InHand Networks 50 RSSI Poll Interval 120 ls Dial Timeout 120 Is MTU 1500 a ee MRU 1500 Use default asyncmap Use Peer DNS LCP Interval 55 s 0 disable LCP Max Retries 5 Dual SIM Enable Debug Username Fassword apra www inhandnetworks com O a Connecting Devices Enabling Services Default ICMP probe packet Profile Dial up strategy 1 Roaming Enable Disable roaming Enable _ PIN Code _ SIM card PIN code None Network Type _ Three options Auto 2G and 3G _ Auto Enable Static IP if your SIM card can get static IP Static IP Disable _ address Always Connection Mode Optional Always Online connect on demand Online Redial Interval _ the time interval between first dail fials can redial 10s E ICMP Detection Server Set ICMP Detection Server None ICMP Detection Interval Set ICMP Detection Interval 30s E ICMP Detection Timeout Set ICMP Detection Timeout 5s ICMP Detection Max o Set the max number of retries 1f ICMP failed 5 Retries 7 No matter whether InRouter have some data ICMP Detection Strict receive or transmit InRouter always send the Disable i Profile Network Type Choose mobile network type GSM APN parameters provided by Local ISP you can APN set TWO different group of dialup parameters 3gnet _ APN Username Password and s
74. d Router has provided ping telnet and traceroute for internet testing 5 1 ping Command ping lt hostname gt count lt n gt size lt n gt source lt ip gt Function apply ICMP testing for appointed mainframe View all views Parameter lt hostname gt tests the address or domain name of mainframe count lt n gt testing times size lt n gt tests the size of data package byte source lt ip gt IP address of appointed testing Example enter ping www g cn Test www g cn and display the testing results 5 2 telnet Command telnet lt hostname gt lt port gt source lt ip gt Function telnet logs in the appointed mainframe View all views Parameter lt hostname gt in need of the address or domain name of mainframe logged in lt port gt telnet port source lt ip gt appoints the IP address of telnet logged in Example enter telnet 192 168 2 2 telnet logs in 192 168 2 2 5 3 traceroute Command traceroute lt hostname gt maxhops lt n gt timeout lt n gt Function test the acting routing of appointed mainframe View all views Parameter lt hostname gt tests the address or domain name of mainframe maxhops lt n gt tests the maximum routing jumps timeout lt n gt timeout of each jumping testing sec Example enter traceroute www g cn Apply the routing of www g cn and display the testing results 6 Configuration Command In super user view router can use configure command to switch it over configur
75. d by ACL can also be used by other functions requiring flow distinguish From navigation panel select Firewall gt gt ACL then enter ACL page as shown below 86 InHand Networks wa www_inhandnetworks com O a Connecting Devices Enabling Services Firewall gt gt ACL Access Control List ID Action Protocol Source Destination More Conditions Description 100 permit ip any any a eee ae Interface List Interface In ACL Out ACL Admin ACL cellular 1 none none F none Apply amp Save us Gancet Click lt Add gt to add new access control list as shown below Firewall gt gt ACL Type extended ID Action permit Match Conditions Protocol ip source IP source Wildcard Destination IP Destination Wildcard Fragments Log Description Apply amp Save jesGancets aesBack Page description is shown below a Standard ACL can block all communication flows ACL can block all communication flows from a network or allow all communication flows from a particular network or deny all communication flows of a protocol stack e g IP of The extended ACL provides a wider range of control than that provided by the standard ACL For example if the network administrator wants to Type Extended allow external Web communication flows to pass through and reject external communication flows 87 InHand Networks p www inhandnetworks com
76. d key and digital certificate Shared key E 3des encrypt plaintext with three DES cipher codes of 64bit des encrypt a 64bit plaintext block with 64bit cipher code 3des Encryption ae Aes encrypt plaintext block with AES Algorithm with cipher code length of 128bit 192bit or 256bit md5 input information of arbitrary length to obtain 128bit message digest Hash sha 1 input information with shorter length of bit to obtain 160bit message digest B Comparing both md5 is faster while sha 1 is safer Diffie Hellman Three options Group 1 Group 2 and Group 5 _ Key Exchange Lifetime Active time of policy o ISAKMP Profile Name Name of user defined ISAKMP Profile N A EE Main mode as an exchange method of IKE main mode shall be established Negotiation Mode _ in the situation where stricter identity protection is required Aggressivemode as an exchange method of IKE aggressive mode exchanging fewer message can accelerate negotiation in the situation where Main mode 100 InHand Networks www inhandnetworks com O a Connecting Devices Enabling Services ordinary identity protection is required Local ID Type Select type of local identification IP Address Local ID The local ID corresponding to the selected local ID N A Remote ID Type Select type of Remote ID IP Address Remote ID The Remote ID corresponding to the selected peer identification N A Policy The defined strategy identification in the I
77. define Timeout for detection to fail 5000 Connecutive Detection retries 5 Life Default is forever user cannot change forever Start time Detection Start time select now or None now 3 4 2 Track Module Track is designed to achieve linkage consisting of application module Track module and monitoring module Linkage refers to achieve the linkage amongst different modules through the establishment of linkage items namely the monitoring module could trigger application module to take a certain action through Track module Monitoring module is responsible for detection of link status network performance and notification to application module of detection results via Track module Once the application module finds out any changes in network status corresponding measures will be taken on a timely basis so as to avoid interruption of communication or reduction of service quality Track module is located between application module and monitoring module with main functions of shielding the differences of different monitoring modules and providing uniform interfaces for application module Track Module and Monitoring Module Linkage 62 InHand Networks www_inhandnetworks com O o Connecting Devices Enabling Services Through configuration the linkage relationship between Track module and monitoring module is established Monitoring module is responsible for detection of link status network performance and notification to application
78. dress Address of the interface connected to the DHCP N A server 3 3 5 4 DHCP Chent DHCP Client obtains an IP address assigned by DHCP server after logging onto it The IP address is obtained through DHCP From navigation panel select Network gt gt DHCP then enter DHCP Client page as shown below Network gt gt DHCP Fastethernet 0 1 Fastethernet 0 2 sits hu Cancel 56 InHand Networks www_ inhandnetworks com O o Connecting Devices Enabling Services 3 3 6 DNS Services DNA Domain Name System is a DDB used in TCP IP application programs providing switch between domain name and IP address Through DNS user could directly use some meaningful domain name which could be memorized easily and DNS Server in network could resolve the domain name into correct IP address The device supports to achieve following two functions through domain name service configuration DNS Server for dynamic domain name resolution DNS relay the device as a DNS Agent relays DNS request and response message between DNS Client and DNS Server to carry out domain name resolution in lieu of DNS Chent 3 3 6 1 DNS Server Domain Name Server DNS stands for Domain Name System It is a core service of the Internet As a distributed database that can let the domain names and IP addresses mapping to each other it allows people to more conveniently access to the Internet without the need to
79. e clocks of networked computers as a computer network protocol and provides comprehensive mechanisms to access national time and frequency dissemination services organize the time synchronization subnet and adjust the local clock in each participating subnet peer In most places of the Internet today SNTP provides accuracies of 1 50ms depending on the characteristics of the synchronization source and network paths The purpose of using SNTP is to achieve time synchronization of all devices equipped with a clock on network so as to provide multiple applications based on uniform time From the left navigation panel select Administration lt lt System Time then enter SNTP Client page as shown below 22 InHand Networks aii www_inhandnetworks com CS Connecting Devices Enabling Services Administration gt gt System Time E CE A Enable Update Interval 3600 s 60 2592000 Source Interface Source IP SNIF Servers List Server Address Port 123 Page description is shown below g Default Enable Enable Disable SNTP client Disable _ Update Interval Synchronization time intervals with SNTP server 3600 Source Interface Cellular Fastethernet O 1 Fastethernet 0 2 None i Source IP The corresponding IP of source interface None SNTP Servers List SNTP server address domain name IP maximum to e one setlO SNTP server Port The servi
80. e of InHand are described as follows Service Support Document Center Product information in terms of hardware installation software upgrade configuration etc is available Product Technology Documents on product introduction and technology introduction including relevant introduction on product technical introduction technical white papers etc are available Service Support Software Download The supporting information on software version is available Technical Support E mail support inhandneworks com Website www inhandnetworks com Information Feedback If you have any question on product information in use you can feed back through the following ways E mail info inhandnetworks com Thanks for your feedback to let us do better InHand Networks O www inhandnetworks com O a Connecting Devices Enabling Services CONTENTS 1 INROUTER900 INTRODUCTION onna a a a 7 MMW CE VUCW a E E E E E E 7 MZ Froduci CAN CS iE EEEE E NSE EEEN 7 ZLOCIN ROUTER sineira E E A TNE EE E Naa ENE 11 2h Establish NCW OOK GC ONGC hoiii Eaa Aara a a 11 2 1 1 Automatic acquisition of IP address recommended ccccccccececccceeeeeeeeeseeeeeecceeeeeeeeeeeaaeaaeseeseeeeeeeeeeeeeeeaaaas l1 Ae oeta sae IP AGG ie SS aran O EA E 14 2 2 Confirm that the network between the supervisory PC and router is connected sssssssseccccsssssecccccssssscecossssssee 15 TS ane lbe POY SOU
81. e three independent safety functions It provides modularization methods for following services 28 InHand Networks www _inhandnetworks com O o Connecting Devices Enabling Services Authentication verify whether the user is qualified to access to the network Authorization related with services available Charging records of the utilization of network resources User may only use one or two safety services provided by AAA For example the company just wants identity authentication when employees are accessing to some specified resources then network administrator only needs to configure authentication server But if recording of the utilization of network is required then a charging server shall be configured Commonly AAA adopts Client Server structure which is featured by favorable expandability and facilitates centralized management of users information as the following figure shows Internet q J Access users switch AAA server Client Server model of AAA D n PULTE LTTE 3 2 4 1 Radius Remote Authentication Dial in User Service RADIUS an information exchange protocol with a distributive Client Server structure could prevent the network from any disturbance from unauthorized access and is generally applied in various network environments with higher requirements on security and that permit remote user access The protocol has defined the Radius fr
82. e view for management 142 InHand Networks wa www_ inhandnetworks com O a Connecting Devices Enabling Services Some setting command can support no and default wherein no indicates the setting of cancelling some parameter and default indicates the recovery of default setting of some parameter 6 1 configure Command configure terminal Function switchover to configuration view and input the equipment at the terminal end View super user view Parameter No Example enter configure terminal in super user view Switchover to configuration view 6 2 hostname Command hostname lt hostname gt default hostname Function Display or set the mainframe name of router View Configuration view Parameter lt hostname gt new mainframe name Example enter hostname in configuration view Display the mainframe name of router enter hostname MyRouter in configuration view Set the mainframe name of router MyRouter enter default hostname in configuration view Recover the mainframe name of router to the factory setting 6 3 clock timezone Command clock timezone lt timezone gt lt n gt default clock timezone Function set the time zone information of router View Configuration view Parameter lt timezone gt timezone name 3 capitalized English letters lt n gt time zone deviation value 12 12 Example enter clock timezone CST 8 in configuration view The
83. el Wizards j Save Contigurat on Copyright 82001 2013 InHand Hetworks Co Ltd All rights reserved 3 6 Firewall With the expansion of network and increase in flow the control over network safety and the allocation of bandwidth become the important contents of network management The firewall function of the router implements corresponding control to data flow at entry direction from Internet to local area network and exit direction from local area network to Internet according to the content features of message such as protocol style source destination IP address etc and ensures safe operation of router and host in local area network 3 6 1 Access Control ACL namely access control list implements permission or prohibition of access for appointed data flow such as prescribed source IP address and account number etc via configuration of a series of matching rules so as to filter the network interface data After message is received by port of router the field is analyzed according to ACL rule applied on the current port And after the special message is identified the permission or prohibition of corresponding packet is implemented according to preset strategy ACL classifies data packages through a series of matching conditions These conditions can be data packages source MAC address destination MAC address source IP address destination IP address port number etc The data package matching rules as define
84. elow 47 InHand Networks a www _inhandnetworks com O o O Connecting Devices Enabling Services Le 5 Network gt gt Ethernet and TEE iph Fastethernet 0 1 Administration g Bridge ID naiiai i Lo Total Alarms 0 Network Bridge st k Link Backup Primary IP _ Routing IP Address fF S k Netmask aE Secondary IP VPN ene Netmask Industrial Bridge Member vlan 1 dotllradio1 Page description is shown below Parameter Name Description Default Value Ts l Bridge Interface a l IP Address of Main Address Main IP address and subnet mask can be matched and Subnet Mask or modified according to the demand IP Address of Slave Address Users can be matched with IP address and subnet and Subnet Mask mask except for main IP Bridge Member Click through the name of interface starting bridge interface No 3 3 2 Dialup Port SIM card dial out through dial access to achieve the wireless network connection function of router IR900 supports dial SIM card for backup When primary SIM card breaks down or balance insufficiency which results in network disconnection rapid switching to backup SIM card is available which will assume the task of network connection so as to improve the reliability of network connection Dial access supports three ways of connection Always Online Dial on Demand and Manual Dial 3 3 2 1 Status From navigation panel select Network gt gt Cellu
85. en Crypto Map Peer ISAKMP Transform ENE Rekey Rekey Name D Address ACLID Profile set PFS Lifetime Margin sec Fuzz aca Interface lt gt Crypto Map Map Interface Map Name cellular 1 none 7 Apply amp Save Cancel Step 2 Configure GRE Connecting Devices Enabling Services Navigate to VPN gt gt GRE enter the GRE page click on Add configuration is shown below VPN gt gt GRE GRE Enable wt Index 1 Network Type Subnet Local Virtual IP Local Netmask 255 255 255 0 Source Type Interface Local Interface cellulari Peer IP Key MTU NHRP Enable ra NHS IP Address Authentication Key O OE Hold Time Purge Forbid 2 IPSec Profile test Description Cd Apay amp Save Back Step 3 Configure RIP 114 InHand Networks www inhandnetworks com O a Connecting Devices Enabling Services Routing gt gt Dynamic Routing Route Table RiP OSPF Filtering Route Enable w Update Timer 30 5 Timeout Timer 180 s Garbage Collection Timer 120 j5 version Default Show Advanced Options B Network IP Address Netmask 10 10 10 10 255 255 255 0 192 168 77 0 255 255 255 0 anisan 2 Settings of R1 Hub Step 1 Configure IPsec VPN crypto isakmp policy 1 encr aes authentication pre share group 2 crypto isakmp key hola address 0 0 0 0 0 0 0 0 crypto isakmp keepalive 60 crypto ipsec security ass
86. ent routers are different the neighbor relationship can not be established Network Select OSPF network type None 79 InHand Networks a i www inhandnetworks com O o Connecting Devices Enabling Services Priority Set the OSPF priority of interface When the router notifies an LSA to its neighbor it is required to make acknowledgement If no Retransmit Interval acknowledgement packet is received within the None retransmission interval this LSA will be retransmitted to the neighbor 3 5 2 4 Filtering Route Click navigation panel Routing gt gt Dynamic Routing menu enter Filtering Route interface as shown in the following figure N a _ Routing gt gt Dynamic Routing innand a ez Admini stration k Access Control List Alan Layer Switch Hetrark ACL Hame Action Any IP Address Hetmash Total Alarms 0 Alarm Summary emit Of Routing j Add ea Firewall j 35 7 QoS j IP Frefir list Stop FH j z Frefix list Sequence ction Any IP Address H Grand Equal Less Equal permite O E E Apply amp Save Page information is shown below Description Default Parameter Went Lacus Access Control List Access list User defined None Action _ Permit and deny Permit Any Address Any address after clicking no matching IP address and subnet Forbidden mask again IP Address
87. entication key None 3 2 4 3 LDAP One of the great advantages of LDAP is rapid response to users searching request For instance user s authentication which may general a large amount of information sent as the same time If database is adopted for this purpose since it is divided into many tables each time to meet such a simple requirement the whole database has to be searched integrated and filtered slowly and disadvantageously LDAP simple as a table only requires username and command and something else Authentication is met from efficiency and structure From the left navigation panel select Administration lt lt AAA then enter LDAP page as shown below Administration gt gt AAA l ei a oe Server List Name Server Address Port Ease DN Username Password Security a eer a None Y Apply amp Save iiCancezm Page description is shown below _ Name Define server name None Server Address Server address domain name IP None Port Consistent with the server port None Base DN The top of LDAPdirectory tree None Username Username accessing the server None Password lt Password accessing the server None E Security Encryption mod None SSL StartTLS None Verify Peer E Verify Peer 7 o Unopened 3 2 4 4 AAA Settings AAA supports following authentication ways None with great confidence to users legal check omitted generally not recommended
88. epee radius Authentication and Authorization Server tacacs Authentication and Authorization Server Idap Authentication and Authorization Server local The local username and password A Attention Authentication 1 should be set consistently with Authorization 1 Authentication 2 should be set consistently with Authorization 2 Authentication 3 should be set consistently with Authorization 3 lt Instruction When configure radius Tacas local at the same time priority order follow 1 gt 2 gt 3 3 2 5 Configuration Management Here you can back up the configuration parameters import the desired parameters configuration backup and restore the factory settings of the router From the left navigation panel select Administration lt lt Config Management then enter Config 32 InHand Networks ail www _inhandnetworks com O a Connecting Devices Enabling Services Management page as shown below Administration 7 Config Management Configuration En fea Backup running config Backup startup config Auto Save after modify the configuration Restore default configuration Page description is shown below Browse Choose the configuration file None Import Import configuration file to router startup config None Backup running config Backup running config file to host None Backup startup config Backup startup config file to host None Automatically save modified Decide whether to automa
89. equired to configure GRE tunnel according to the external network s public IP address and NHRP protocol of the center router When the branch router is energized and started up the IP address can be obtained through DHCP at ISP and an IPSec encrypted GRE tunnel can be automatically established and the IP address of external port can be registered at the center router through NHRP There are reasons in three aspects 1 Since the IP address of branch router s external network port is automatically obtained the IP address may be different every time Therefore the center router can not be configured based on the address information 2 The center router is not required to configure GRE or IPSec information for all branches which will greatly simplify the configuration of the center router All relevant information can be automatically obtained through NHRP 3 In case of DMVPN network expansion it is not required to change the configuration of the center router and other branch routers The new branch routers will be automatically registered in the center router Through the dynamic routing protocol all other branch routers can learn 109 InHand Networks j www inhandnetworks com O a Connecting Devices Enabling Services this new routing and the new branch routers can also learn the routing information to reach all other routers Dynamic Tunnel Establishment of Spoke to Spoke In DMVPN network the Spoke to Hu
90. er Frame ll staat gt Packet Size 1024 Bytes aa i Force Transmit Timer 100 ns saa Min Reconnect Interval 15 s Max Reconnect Interval 180 s Multi server policy parallel Y Source Interface IP v Local IP Address DTU ID Enable Debug LJ Destination IP Address Server Address Server Port 203 86 63 237 5002 Add Step 3 Establish and start server R900 is connected with server via DTU function and will automatically send DTU marks no sending in case of the blank parameter of DTU mark to server as shown below E TCP cient sever ee li i mT Ar www nsauditor com lent e ioe alls amp Intrusion Detection Systems LEARN MORE ELA Nsauditor Network Security Auditor Scan and cant se ian for vulnerabilities Download Now TCP Client Server Interfac 203 86 63 237 v IP 203 56 63 237 Port 5002 Server Peers 114 242 249 32 21 Close Connection Send C Clien Shutdown Send Receive ime 15 58 54 Received Data From Connection 114 242 249 32 278T 46 65 6C 6C BF 20 54 43 50 20 73 65 T2 T6 65 T2 Hello TCP server 21 20 20 15 56 51 Received Data From Connection 114 242 249 32 2T87 7 a4 58 55 00d JU su de au DTVoOooo0001 15 58 50 New Connection Detected 114 242 249 32 2787 Step 4 Via DTU function the PC connected with IR900 and the server can send data to each other as shown below 127 InHand Networks
91. er Total Alarms 0 902P Alarm Summary 0018 0510 0003 ne 3S 0018 0510 0004 1 0 0 18194 2011 09 13049 2013 07 10 10 17 50 2013 07 10 10 17 53 0 day 00 20 46 0 00 0 00 0 00 247 39MB 216 68MB 87 59 User can define the refresh interval of the screen through the drop down list at the lower right corner of the screen InHand Networks 20 WWW _inhandnetworks com O a Connecting Devices Enabling Services Manual Refresh 4s D s 10 s 15 s 30 s 1 Minute 2 Minutes 3 Minutes 4 Minutes D Minutes 10 Minutes 15 Minutes 20 Minutes 30 Minutes 3 2 1 2 Basic Settings Select Administration lt lt System then enter Basic Setup page You can set the language of Web Configuration Page and define Router Name as shown below Administration gt System Language English Router Name Router Apply amp Save kicancenm Page description is shown below J Description Default Language Select system language of Router English Parameter Name Router Name Define Router Name Router _ 3 2 2 System Time To ensure the coordination between this device and other devices user is required to set the system time in an accurate way since this function is used to configure and check system time as well as system time zone The device supports manual setting of system time and the time to pass self synchronistic SNTP server 3 2 2
92. er of branches in many cities 3 8 3 2 DMVPN Solution DMVPN is achieved through the combination of multi point GRE mGRE and Next Hop Resolution Protocol NHRP In DMVPN solution IPSec is used to achieve encryption GRE or multi point GRE mGRE is used to create a tunnel and NHRP is used to resolve the problem of dynamic address DMVPN only requires that the center nodes must apply for a static public IP address Next Hop Resolution Protocol NHRP is defined in RFC 2332 by the IETF It is used to obtain the interconnected network layer address and NBMA subnetwork address for reaching the next hop of destination nodes for the source node host or router on the non broadcast multiple access NBMA network Automatic Starting of IPSec Encryption be encrypted It means that when there is a data package matching the defined ACL the IPSec encryption tunnel will be created When GRE Over IPSec is used GRE tunnel configuration has included the address of GRE tunnel s opposite end This address is also on the address of the opposite terminal of IPSec tunnel Therefore it is unnecessary to separately define matching ACL for IPSec Through binding GRE tunneling with IPSec once the GRE tunnel is established IPSec encryption will be immediately triggered Dynamic Tunnel Establishment of Spoke to Hub In DMVPN network there is no branch GRE or IPSec configuration information on the center router while it 1s r
93. erface Backup EE Admini stration AL arn 2 Startup z Layer Switch Main Interface Backup Interface Bda Up Delay Down Del ay Track id Hetrerk fastethernet Ol cellular 1 10 a D 1 Total Alarms 0 en celular e ddd Caen Sime a ie Routing j Add 7 Firewall j T QoS Apply amp Save Cancel Stop YEH Industrial j Tools Wizards j Step 6 Open Routing gt gt Static Routing configure corresponding parameters and add 3 routes 10 5 3 234 is the gateway of LAN where PC is affiliated as shown below The distance parameter indicates the priority the smaller the numerical the more the priorities Eo an vith gt gt RSREEH Sp E pass i ELIZE Ie Track pil 203 86 63 233 255 255 255 255 fastethernet 0 1 10 5 3 254 HREH gt 0 0 0 0 0 0 0 0 cellular 1 Zh gt 0 0 0 0 0 0 0 0 fastethernet 0 1 10 5 3 254 Bata QoS g MELE 71 Connecting Devices Enabling Services www inhandnetworks com SC Connecting Devices Enabling Services OS lt Routing gt gt Static Routing nand O Stie atine Admini stration b Type All v Layer2 Switch d na Type Destination Hetmask Gateway Network S 0 0 0 0 0 0 0 0 10 5 3 254 Link Backup b 10 5 3 0 255 255 255 0 127 0 0 0 255 0 0 0 Routing b T 192 168 2 0 255 255 255 0 Firewall 4 c 192 168 2 1 255 255 255 255 QoS gt C 192 168 2 2 255 255 255 255 PH b Industrial b Tools b Wizards b
94. et one as backup Access Number APN parameters provided by Local ISP QO Username APN parameters provided by Local ISP gprs Password APN parameters provided by Local ISP ee Advanced Options n l set this a SIM Cards Initial Commands Used for advanced parameters None RSSI Poll interval Set the signal query interval 120s Dial Timeout Dial timeout the system will redial 120s MTU Set max transmit unit In bytes 1500 MRU Set max receive unit In bytes 1500 Use default asyncmap Enable default asyncmap PPP advanced option Disable Use Peer DNS Receivingmobile operatorsassigned DNS Enable LLCP Interval LCP Detection Interval 55s E LCP Max Retries j et the max retries 1f link detection failed 5 Debug System canprint a moredetailed log i Enable Provide extra PPP parameters normally user needn t Expert Option None Dual SIM Enable Enable dual SIM card mode Disable Main SIM The dual SIM card work mode SIMI Max Number of Dial Reach the maxnumber SIM cardwillbeswitched l 5 Min Connected Time Set min conected time Os i CSQ Threshold Set signal strength threshold the signal strength 0 InHand Networks 51 www inhandnetworks com O a Connecting Devices Enabling Services under this threshold router will redetect the signal strength CSQ Detect Interval Se
95. eters again 13 How to restore InRouter to factory default settings IR900 routers 1 Press and hold the Restore button power on InRouter 2 Release the button until after the STATUS LED flashes and the ERROR LED is on 3 After the button is released the ERROR LED will go off within 30s press and hold the Restore button again until the ERROR LED flashes 4 Release the button the system is now successfully restored to factory default settings 138 InHand Networks aii www _inhandnetworks com O a Connecting Devices Enabling Services Appendix 2 Instruction of Command Line 1 Help Command Help command can be obtained after entering help or into console can be entered at any time during the process of command input to obtain the current command or help from command parameters and command or parameters can be automatically complemented in case of only command or command parameter 1 1 help Command help lt cmd gt Function get help from command View all views Parameter lt cmd gt command name Example enter help Get the list of all current available command enter help show Display all the parameters of show command and using instructions thereof 2 View Switchover Command 2 1 enable Command enable 15 lt password gt Function Switchover to privileged user level View Ordinary user view Parameter 15 User right limit level only supports right limi
96. etting is needed only when it s DMVPN 2 Router B Settings Step 1 IPSec Setting Phase 1 From navigation panel select VPN gt gt IPSec then enter IPSec Setting Phase 1 page as shown below Keyring Name IP Address Netmask Key ipsecwz1 192 50 50 2 255 255 255 0 seese Delete OK Cancel Policy ID Authentication Encryption Hash Diffie Hellman Group Lifetime 1 Shared Key 3des sha Group 2 86400 Shared Key 3des v md5 v Group 2 v 86400 o aa ISAKMP Profile Negotiation Local ID Remote ID e 3 DPD Name Mode Type Local ID Type Remote ID Policy Keyring DPD Interval Timeout ipsecwz1 IP Address IP Address 1 ipsecwz1 Main Mc IP Addr IP Addr 1 v v Step 2 IPSec Setting Phase 2 105 InHand Networks _ www _inhandnetworks com O o Connecting Devices Enabling Services From navigation panel select VPN gt gt IPSec then enter IPSec Setting Phase 2 page as shown below Transform set Name Encapsulation Encryption Authentication IPSec Mode ipsecwzi esp ades sha Tunnel Mode esp v 3ds md Y Tunnel Mode Apply amp Save Step 3 IPSec Setting From navigation panel select VPN gt gt IPSec then enter IPSec Setting page as shown below IPSec Profile Name l aoe fatima ReKey Rekey ae ISAKMP Profile Transform set PFS Lifetime Margin sec Fuzz Binding SIM r
97. evices Enabling Services Automatic configuration Automatic configuration may override manual settings To ensure the use of manual settings disable automatic configuration Use automatic configuration script Proxy server Use a proxy server for your LAN These settings will not apply to dial up or VPN connections Bypass proxy server for local addresses 18 InHand Networks www_inhandnetworks com O o Connecting Devices Enabling Services 3 Web Configuration This chapter includes the following parts Login out Web Configuration Page Management Network Link Backup Routing Firewall QOS VPN Tools Installation Guide 3 1 Login the Web Setting Page of Router Run the Web browser enter http 192 168 2 1 in the address bar and press Enter to skip to the Web login page as shown in Figure 3 1 Enter the User Name default adm and Password default 123456 and click button lt OK gt or directly press Enter to enter the Web setting page The server 192 168 2 1 at welcome to Router requires a username and password Warning This server is requesting that your username and password be sent in an insecure manner basic authentication without a secure connection FF instruction At the same time the router allows up to four users to manage thr
98. gnal strength 20 31 signal strong Ethernet Port Description Yellow LED Green LED Description SIM LED Description SIM Green LED 1 SIM Green LED2 Description VPN LED Description VPN Green LED Description MODEM LED Description MODEM Green LED Description There is wireless module POWER LED Description POWER Red LED Description 147 InHand Networks www _inhandnetworks com O o Connecting Devices Enabling Services InHand Networks InHand Networks provides reliable secured and intelligent M2M solution for electric power industrial automation commercial and medical devices Recognized by world class customers and partners Proven by a large install base Expanding with intensive investments in research and development Enduring for long term support InHand Networks has become leader in industrial grade network technology by providing industrial cellular routers industrial Ethernet switches wireless sensor network devices and cloud based M2M platforms Connecting devices enabling services Encompass aini Product Partner P Electric Deloitte InHand Networks 7926 Jones Branch Dr Suite 110 McLean Virginia 22102 USA T 1 703 348 2988 F 1 703 348 2988 info inhandnetworks com www inhandnetworks com 148 InHand Networks i www inhandnetworks com
99. hazard so as to take more targeted measures 3 2 8 1 Log From the left navigation panel select Administration gt gt Log then enter System Log page as shown below Administration gt gt Log A View recent 20 v Lines Level Time Content info Jul 10 11 30 33 Web 866 log is cleared info Jul 10 11 30 33 redial 821 retry AT_CWD_SCPIN reach max 5 re scan modem Download Log File Download Diagnose Data Clear History Log Download History Log 3 2 8 2 System Log Settings On System Log Settings remote log server could be set Router will have all system logs sent to remote log server depending on remote log software for example Kiwi Syslog Daemon From navigation panel select Administration gt gt Log then enter System Log page as 41 InHand Networks www_inhandnetworks com eS Connecting Devices Enabling Services shown below Administration gt Log Sraten tes Log to Remote System Fi IP Address Port UDP 514 Log to Console Fj Apply amp Save Cancel Page description is shown below Log to Remote System Open close remote log function Close IP Address Port UDP Set remote server s IP address Port 514 Log to Console Open close console log function Open 3 2 8 3 Kiwi Syslog Daemon Kiwi Syslog Daemon is a kind of free log server software used in Windows which could receive record and display logs formed when poweri
100. hes None the destination address Distance Priority smaller value contributes to higher priority None Track ID Select the definedTrack index or ID None 3 5 1 3 Static Routing Application Example Example Establish static routing between two LAN for their intercommunication refer to the following figure for topological graph 73 InHand Networks el www inhandnetworks com Connecting Devices Enabling Services 192 168 2 1 192 168 1 2 l eT ji z i f 192 T68 1 1 192 168 3 1 PC1 192 168 2 22 PC2 192 168 3 33 Configuration procedures of router are as follows Step 1 Configure IR900a the parameter configuration is shown in the following figure Ka NO Routing gt gt Static Routing Admini stration gt Distance Track id Layer2 Switch gt 7 Total Alarms 0 Hetwork 192 168 3 0 255 255 255 0 fastethernet 0 1 v 192 168 1 2 Alarm Summary Link Backup gt Routing gt Firewall gt Apply amp Save NS e Routing gt gt Static Routing ujhand pae l o C N Admini stration d AL eral emal i iaaii Destination Hetmask Interface Gat eway Distance Track id serene 0 0 0 0 0 0 0 0 fastethernet 0 1 10 5 3 254 t x kea gt Total Alarms 0 Alarm Summary Link Backup d Routing d Firewall gt 3s QoS gt Stop PH Industrial d Step 3 PC1 and PC2 can be intercommuni
101. ic network IP addresses and Translation access to the Internet This way can not only shield LAN users but also has the effect of network security Usually broadband routers sharing the Internet use this technology Ping Packet Internet Ping command is a diagnostic tool used to test whether the machine can Grope communicate with other computers on the network Ping command sends 145 InHand Networks 5 www inhandnetworks com Connecting Devices Enabling Services message to the specified computer If the computer receives the message it will return a response message n Quality of Quality of Service is a technology used to solve the problems of network Service delay and obstruction In case of network overload or congestion QoS can ensure that important business volume will not be delayed or discarded while ensuring efficient operation of network RJ 45 Standard plug for connecting Ethernet switches hubs routers and other devices Straight through cable and crossover cable usually use this connector Route Select the outgoing interface or gateway that is able to reach the destination network or address through the effective routing based on the destination address of data and the current network conditions for data forwarding The device with routing functions is called router SNMP Simple Network SNMP is a communication rule between the management device and Management managed device in the network
102. icity of data packet from hacker 101 InHand Networks aii www _inhandnetworks com O a Connecting Devices Enabling Services intercepting data packet or inserting false data packet on the internet ESP encrypt the user data needing protection and then enclose into IP packet for the purpose of confidentiality of data __ m Encryption Three options AES 3DES DES 3des Authentication Alternative authentication md5 and sha 1 md5 Tunnel Mode besides source host and destination host special gateway will be operated with password to ensure the safety from gateway to ateway IPSec Mode u oo Tunnel Mode TransmissionMode source host and destination host must directly be operated with all passwords for the purpose of higher work efficiency but comparing with tunnel mode the security will be inferior 3 8 1 31Psec configuration From navigation panel select VPN gt gt IPSec then enter IPSec Setting page as shown below VPN gt gt IPSec mo IPSec Profile er A a Rekey Rekey Binding Name ISAEMP Profile Transform set PFS Lifetine Me ee teee Facs eed SIM None 3600 540 100 None Crypto Map Peer ISAKMP ede E RKekey Rekey Hame ID Po ae ACL ID Profile Transform set PFS Lifetine E ee ree ra None 3600 540 100 Interface gt Crypto Map Map Interface Map Name cellular 1 nons m Apply amp Save Cancer
103. ights reserved Ci Userssdlz gt ping 192 168 2 1 Pinging 192 168 2 1 with 32 bytes of data Reply from 192 168 2 1 bytes 32 timetims TTL 64 Reply from 192 168 2 1 bhytes 32 timetims TTL 64 Reply from 192 168 2 1 bytes 32 timetims TTL 64 Reply from 192 168 2 1 hytes 32 timetims TTL 64 Ping statistics for 192 168 2 1 Packets Sent 4 Received 4 Lost Ct loss gt Approximate round trip times in milli seconds Mininum Bms Maximum ms Average Bms G Usersdlz gt 2 3 Cancel the Proxy Server If the current supervisory computer uses a proxy server to access the Internet it 1s required to cancel the proxy service and the operating steps are as follows 1 Select Tools Internet OPtions in the browser to enter the window of Internet Options 16 O o Connecting Devices Enabling Services Aa To create home page tabs type each address on its own line a htt Awww duba com f dbs ri Browsing history g gt Delete temporary files history cookies saved passwords F and web form information Delete browsing history on exit Change how webpages are displayed in 2 Select the tab Connect and click the button lt LAN Setting L gt to enter the page of LAN Setting Please confirm if the option Use a Proxy Server for LAN is checked if it is checked please cancel and click the button lt OK gt 17 InHand Networks p www_inhandnetworks com O a Connecting D
104. it Software Flow Control Description SSS Apply amp Save Page description 1s shown below Parameters Description Default Serial Type Serial Port 1 is RS232 Serial Port 2 is RS485 cannot be RS232 RS485 changed Software Flow Click to enable Off Control 123 InHand Networks _ www _inhandnetworks com A Attention O o Connecting Devices Enabling Services The parameters of router s serial port must be the same with that of terminal device connected 3 9 1 2 DTU 1 From navigation panel select Industrial gt gt DTU then enter DTU 1 page as shown below Industrial gt gt DTU on aa oe Administration Enable Layer Switch DTU Protocol Network Protocol Link Backup Connection Type Routing Keepalive Interval Firewall I QoS WPN J Keepalive Retry Serial Buffer Frame Packet Size Industrial Force Transmit Timer Tools j Min Reconnect Interval Max Reconnect Interval Multi server policy Source Interface Local IP Address Enable Debug Destination IP Address Server Address Parameters Description Transparent TCP Protocol Long lived T Default Enable Click to enable Off Transparent and TCP router used as client when Transparent choosed router used as server when TCP DTU Protocol Transparent choosed RFC2217 no need to configure serial port InHand Networks 124 WWW _inhand
105. lar then enter Status page as shown below 48 InHand Networks i www inhandnetworks com CS Connecting Devices Enabling Services Network gt gt Cellular Modem Active SIM SIM 1 IMET Code 357784044005575 IMSI Code Phone Number Signal Level 0 asu 113 dBm Register Status registering Operator Network Type LAC Cell ID Network Status Disconnected IP Address 0 0 0 0 Netmask 0 0 0 0 Gateway 0 0 0 0 DNS 0 0 0 0 MTU 1500 Connection time 0 day 00 00 00 3 3 2 2 Dialup Port In Cellular page wireless dialup can be configured From navigation panel select Network gt gt Cellular then enter Celular page as shown below 49 InHand Networks o www inhandnetworks com Connecting Devices Enabling Services Network gt gt Cellular a SIM1 SIMA Profile ooo o Roaming PIN Code 134 Network Type Auto Static IP Connection Mode Asaya las F Redial Interval io s ICMP Detection Server ICMP Detection Interval 302 Otis ICMP Detection Timeout 5 og ICMP Detection Max Retries z ICMP Detection Strict Show Advanced Options Profile Index pata APN Access Number ran a i Username Password i GSM 3gnet eOGueRTE Anto gprs kkk t x G Auto Advanced Options are shown below Network gt gt Cellular Sam Show Advanced Options Initial Commands Expert Options Profile Index Network Type 1 GSM GSM Senet Auth Access Number Metho
106. lidity 1440 E DNS Server One or two or None N A WINS Setup of WINS generally left blank N A IP A Attention MAC Address address different from other MACs 0000 0000 0000 to avoid confliction Set up a Static specified IP address a IP Address within the scope from start IP to end N A If the host connected with router chooses to obtain IP address automatically then such service must be activated Static IP setup could help a certain host to obtain specified IP address suggested InHand Networks 55 InRouter900 F0 2 enable DHCP server by default obtaining IP address automatically is www inhandnetworks com O a Connecting Devices Enabling Services 3 3 5 3 DHCP Relay Generally DHCP data packet is unable to be transmitted through router That is to say DHCP Server is unable to provide DHCP services for two or more devices connected with a router remotely Through DHCP relay DHCP requests and response data packet could go through many routers Broadband Router From navigation panel select Network gt gt DHCP then enter DHCP Relay page as shown below Network gt gt DHCP Enable DHCP Server 1 DHCP server 2 DHCP Server 3 DHCP Server 4 Source IP Page description is shown below Parameters Description Default Off Enable On Off DHCPSever Set DHCP server up to 4 servers can be N A configured Source ad
107. low Network gt gt DDNS m DDNS method list Method Name Service type Username Password hostname Disable Specify a method to interface Interface Method cellular 1 Apply amp Save usGanceliss Page description is shown below Default Method Name User define None Service Type Select the domain name service providers None User Name User name assigned in the application for dynamic None domain name Password Password assigned in the application for dynamic None domain name Host Name Host name assigned in the application for dynamic None domain name Method The update method of specified interface None A Attention If the IP address obtained via router dialing is a private address the dynamic DNS function is not available 3 3 7 2 DDNS Application Example Example an IR900 is connected with IP of public network via dial mode set DDNS to address map the dynamic IP of users on a fixed domain name service Configuration procedures of router are as follows First Configure the parameters of dynamic domain name of equipment Refer to Fig 3 3 7 2 for configuration in case of tailored domain name parameters and refer to Fig 3 3 7 3 for configuration in case of general domain name parameters InHand Networks ail www _inhandnetworks com Connecting Devices Enabling Services SF Network gt gt DDNS g Ha m Bia Admini stration 5 DONS
108. memorize the IP string that can be directly read by the computer From navigation panel select Network gt gt DNS then enter DNS Server page as shown below In manual setup of DNS Server if it is blank then dial to obtain DNS Generally this item is required to be set when WAN port uses static IP Network gt gt DNS Primary DNS secondary DNS Apply amp Save uusGancelis Page description 1s shown below Primary DNS User define Primary DNS address N A Secondary DNS User define Secondary DNS address N A 3 3 6 2 DNS Relay DNS forwarding DNS forwarding is open by default You can set the specified Domain Name lt gt IP Address to let IP address match with the domain name thus allowing access to the appropriate IP through accessing to the domain name From navigation panel select Network gt gt DNS then enter DNS Relay page as shown below 57 InHand Networks p www inhandnetworks com O o Connecting Devices Enabling Services Network gt gt DNS tas Retay Enable DNS Relay Static Domain Name lt gt IP addresses Pairing Host IP Address 1 IP Address 2 Page description 1s shown below Enable DNS Relay On Off On Host Domain Name N A IP Address 1 Set IP Address 1 N A IP Address 2 Set IP Address 2 N A A Attention Once DHCP is turned on DNS relay will be turned on as default and can t be turned off to turn off DN
109. mission problems between different networks In following circumstances GRE tunnel transmission GRE tunnel could transmit multicast data packets as if it were a true network interface Single use of IPSec can not achieve the encryption of multicast A certain protocol adopted can not be routed A network of different IP address shall be required to connect other two similar networks GRE application example combined with IPSec to protect multicast data GRE can encapsulate and transmit multicast data in GRE tunnel but IPSec currently could only carry out encryption protection against unicast data In case of multicast data requiring to be transmitted in IPSec tunnel a GRE tunnel could be established first for GRE encapsulation of multicast data and then IPSec encryption of encapsulated message so as to achieve the encryption transmission of multicast data in IPSec tunnel From navigation panel select VPN gt gt GRE then enter GRE page as shown below 107 InHand Networks a www _inhandnetworks com O a Connecting Devices Enabling Services VPN gt gt GRE Enable Index Network Type Point to Point Local Virtual IP Peer Virtual IP Source Type IF Local IP Peer IP Ker MIU NHRP Enable IPSec Profile Disabled Description apply Save Page description 1s shown below Enable Click to open Open Index Set GRE tunnel name None
110. n not display the results of configuration which can be checked in corresponding configuration details previously upon the accomplishment 3 11 1 New LAN 131 InHand Networks www inhandnetworks com O a Connecting Devices Enabling Services From navigation panel select Wizards gt gt New LAN then enter New LAN page as shown below Wizards gt New LAN Interface fastethernet 0 2 Primary IP i Netmask 255 955 255 0 DHCP Server Starting Address Ending Address Lease 1440 Minutes 3 11 2 New WAN From navigation panel select Wizards gt gt New WAN then enter New WAN page as shown below Wizards gt gt New WAN Interface fastethernet 0 1 Type Static IP Primary IP A Netmask 255 255 255 0 Gateway NAT Apply amp Save bsCancens 3 11 3 New Cellular From navigation panel select Wizards gt gt New Cellular then enter New Cellular page as shown below 132 InHand Networks www inhandnetworks com O a Connecting Devices Enabling Services Wizards gt gt New Cellular APN Senet Access Number 99 x l Username gprs Password 6666 NAT 3 11 4 New IPSec Tunnel From navigation panel select Wizards gt gt New IPSec Tunnel then enter New IPSec Tunnel page as shown below Wizards gt gt New IPSec Tunnel Tunnel ID 1 Map Interface cellular 1 ha Destination Address Negotiation Mode Main Mode Local Subnet re Local Netmask 2
111. nHand Networks a www _inhandnetworks com O a Connecting Devices Enabling Services and troubleshooting Benefits Network administrators could make use of SNMP to accomplish the information query modification troubleshooting and other jobs on any node on network to achieve higher efficiency Shielding of physical differences between devices SNMP only provides the most basic sets of features for mutual independence between administration and the physical properties network types of devices under administration therefore it could realize the uniform management of different devices at a lower cost Simple design lower cost Simplicity is stressed on addition of software hardware types and formats of message on devices so as to minimize the influence and cost on devices caused by running SNMP Application management of device is achieved through SNMP Administrator is required to carry out configuration and management of all devices in the same network which are scattered making onsite device configuration impracticable Moreover in case that those network devices are supplied from different sources and each source has its independent management interfaces for example different command lines the workload of batch configuration of network devices will be considerable Therefore under such circumstances traditional manual ways will result in lower efficiency at higher cost At that time netw
112. nd IKE is used for cipher code exchange IPSec can establish bidirectional Security Alliance on the IPSec peer pairs to form a secure and interworking IPSec tunnel and to realize the secure transmission of data on the Internet 3 8 1 1 1Psec Phase 1 IKE can provide automatic negotiation cipher code exchange and establishment of SA for IPSec to simplify the operation and management of IPSec The self protection mechanisms of IKE can complete identity authentication and key distribution in an insecure network From navigation panel select VPN gt gt IPSec then enter IPSec Phase 1 page as shown below 99 InHand Networks 5 www inhandnetworks com O o Connecting Devices Enabling Services VPN gt gt IPSec Keyring Name IP Address Netmask Key Policy ID Authentication Encryption Hash Diffie Hellman Group Lifetime Shared Key Sdes mdb Group 2 86400 ISAKMP Profile Negotiation Local ID Remote ID P 2 DPD DPD Name L 1 ID Remote ID Fol Keyri Hode Type Sa Type z mae Interval Tineout Main Mod IP Addr IP Addr r r Page description is shown below Parameters Description Default Keyring Name User define key _ IP Address End to end IP address Subnet Mask End to end subnet mask Key User define key content Policy Identification i Policy identification of user defined IKE Authentication Alternative authentication share
113. nd Networks www inhandnetworks com O a Connecting Devices Enabling Services Administration gt Admin Access Delete i Gancet J 3 2 3 4 Management Service HTTP HTTP shortened form of Hypertext Transfer Protocol is used to transmit Web page information on Internet HTTP is located as the application layer in TCP IP protocol stack Through HTTP user could log on the device to access and control it through Web HTTPS HTTPS Hypertext Transfer Protocol Secure supports HTTP in SSL Security Socket Layer HTTPS depending on SSL is able to improve the device s security through following aspects Distinguish legal clients from illegal clients through SSL and forbidden illegal clients to access the device Encrypt the data exchanged between client and device to guarantee security and integrality of data transmission so as to achieve the safe management of device An access control strategy based on certificate attributions is established for further control of client s access authority so as to further avoid attack for illegal clients TELNET Telnet is an application layer protocol in TCP IP protocol family providing telnet and VT functions through Web Depending on Server Client Telnet Client could send request to Telnet server which provides Telnet services The device supports Telnet Client and Telnet Server Connection of Telnet is
114. nd cannot configure InRouter Method 1 connect InRouter with serial cable configure it through console port Method 2 within 5 seconds after InRouter is powered on press and hold the Restore button until the ERROR LED flashes then release the button and the ERROR LED should goes off press and hold the button again until the ERROR LED blinks 6 times the InRouter is now restored to factory default settings You may configure it now 4 After InRouter is powered on it frequently auto restarts Why does this happen Please check Whether the module works normally Whether the InRouter is inserted with a SIM card Whether the SIM card is enabled with data service whether the service of the SIM card is suspended because of an overdue charge Whether the dialup parameters e g APN dialup number account and password are correctly configured Whether the signal is normal Whether the power supply voltage is normal 5 Why does upgrading the firmware of my InRouter always fail Please check When upgrading locally check if the local PC and InRouter are in the same network segment When upgrading remotely please first make sure the InRouter can access Internet 6 After InRouter establishes VPN with the VPN server your PC under InRouter can connect to the server but the center cannot connect to your PC under InRouter Please make sure the firewall of your computer is disabled 7 After InRouter establishes VPN with the VPN server Your PC cannot
115. need to apply costly private network from telecomm operator and you can build your worldwide M2M system across multiple operators Multiple diagnostic tools supporting 3G 4G modem status IMEI IMSI and registration status of cellular networks help engineer out of complex network circumstance Support dynamic routing of RIP OSPF automatically update routing of whole network largely increase efficiency of large scale deployment Support Dynamic Multipoint VPN DM VPN greatly reduce workload to configure thousands of remote InRouter 900 Establishing a large amp secured remote network never made so easy E Robust Security Secured VPN Connections Support GRE L2TP IPSec VPN DMVPN OpenVPN CA ensure data security Security of Network Support firewall functions to protect from network attacks such as Stateful Packet Inspection SPI Access Control List ACL resist DoS attack intrusion protection attack protection IP MAC Binding and etc Security of Devices Support AAA TACACS Radius LDAP local authentication and multi levels user authority so as to establish a secured mechanism on centralized authentication and 8 InHand Networks O www inhandnetworks com o a Connecting Devices Enabling Services authorization of device access E High Reliability Redundancy WAN Redundancy support link backup VRRP to support automatic switch over between WANS Dual SIM cards backup between different mobile
116. net None 7 interface 52 InHand Networks www _inhandnetworks com O o Connecting Devices Enabling Services Remote IP Address Set the IP of remote device None 3 3 4 Loopback Loopback Interface is to take place of router s ID since as long as an active interface is used when it turns to DOWN ID of router has to be selected again resulting to long convergence time of OSPF Therefore generally Loopback Interface is recommended as the ID of router Loopback Interface is a logic and virtual interface As default a router has no Loopback Interface which can be created for a number Those interfaces are the same as physical interfaces on router addressing information allocated including their network number in router upgrade and even IP connection could be terminated on them From navigation panel select Network gt gt Loopback then enter Loopback page as shown below Network gt gt Loopback IP Address 127 0 0 1 Netmask 2755 0 0 0 Multi IP Settings IP Address Hetmask Apply amp Save Page description is shown below IP Address Users can not change 127 0 0 1 Netmask Users can not change 255 0 0 0 Multi IP Settings Apart from above IP user can configure other IP N A address A Attention Since loopback interface takes up one IP address subnet mask is suggested to be 255 255 255 255 for the purpose of saving resources 3 3 5 DHCP service Along
117. net LINK DOWN On Off LINK Down alarm Off Cellular Up Down On Off Cellular Up Down alarm Off PPPoE Up Down On Off PPPoE Up Down alarm Off Ethernet Up Down On Off Ethernet Up Down alarm Off Instruction For InRouter900 with industrial interface there are two more items on Alarm Input Page Digital Input High and Digital Input Low 3 2 7 3 Alarm Output When an alarm happens the system configured with this function will send the alarm content to intended email address from the mail address where an alarm email is sent in a form of email Generally this function is not configured From the left navigation panel select Administration gt gt Alarm then enter Alarm Output page as shown below 39 InHand Networks a www inhandnetworks com O o Connecting Devices Enabling Services Administration gt Alarm Sea Email Alarm Enable Exsil Alara Wail Server IP Name Mail Server Port 25 Account Name Account FPassword Crypt NO Email Addresses t least one address is needed Apply amp Save uusGamceluss Send Test Email Page description is shown below Default Enable Email Alarm On Off Email Alarm Off Mail Server IP Name Set IP address of Mail Server that send alarm emails None Mail Server Port 7 Set Port of Mail Server that send alarm emails 25 Account Name Set Email address from which alarm emails are sent None Account
118. networks com O o Connecting Devices Enabling Services IEC101 104 for power industry similar with TCP in function Protocol TCP or UDP TCP o Connection Type Long lived or Short lived Long lived 7 Keepalive Interval User define 60 Keepalive Retry User define TOP connection is off when reaching retry 5 limit Serial Buffer User define 4 Frame Pacaket Size User define 1024 Force Transmit l User define 100 o _ Timer Default Min Reconnect User define 15 Interval Max Reconnect User define 180 Interval Parallel connect the center of destination IP address list at the same time Multi server ee Deli Polling connect to the first address in the list if connect Parallel olic fail continue to connect next address until connect one _ successfully then stop Source Interface 4 options No need to choose IP The device s IP when source interface select IP No Local IP Address None need to configure Jo Enable Debug Click to enable Off Destination IP Address C Server Address User define None Server Port User define None a Inshiuction Destination IP Addresses maximum 10 DTU 2 configuration is same with DTU 1 3 9 1 3 DTU Application Example Example An R900 shall be functioned with DTU for the intercommunication between it and server and refer to the following figure for t
119. ng on the host of syslog for example router exchange board Unix host After downloading and installation of Kiwi Syslog Daemon configure necessary parameters on File lt lt Setup lt lt Input lt lt UDP 3 2 9 System Upgrading From navigation panel select Administration gt gt Upgrade then enter Upgrade page as shown below Administration gt Upgrade Select the file to use Current Version 1 0 0 r3194 Click lt Browse gt to upgrade documents and then click lt Upgrade gt to start The whole process takes about Imin upon the completion of which restart the router and new firmware takes effect A Attention Software upgrade takes time during which please do no carry out any operation on Web otherwise interruption may take place 42 InHand Networks www_inhandnetworks com O o O Connecting Devices Enabling Services mstiuction Upgrade consists of two stages first stage read in of upgrade document into backup firmware zone as described in Section of System Upgrade second stage copy of documents in backup firmware zone into main firmware zone which may be executed in system reboot 3 2 10 Reboot From navigation panel select Administration gt gt Reboot then enter Reboot page as shown below Click lt Yes gt to reboot the system Confira Reboot 7 A Attention Please save the configurations before reboot otherwise the configurati
120. ng to select at least one from multiple options Lay eT Indicating to select one or more or not to select from multiple options amp lt 1 n gt Indicating that the parameter in front of the symbol amp can be repeatedly entered for 1 n times The lines starting from no are comment lines 2 Format Conventions on Graphic Interface Format Significance InHand Networks www_inhandnetworks com O a Connecting Devices Enabling Services lt gt The content in angle brackets lt gt indicates button name e g click lt OK gt button The content in square brackets indicates window name menu name or data sheet e g pop up the New User window Multi level menu is separated by For example the multi level menu File New Folder indicates the menu item Folder under the submenu New under the menu File 3 Various Signs The manual also uses a variety of eye catching signs to indicate the places to which special attention should be paid in operation The significances of these signs are as follows It indicates matters to be noted Improper operation may cause Attention data loss or damage to the device The necessary complement or description on the contents of operation 4 us auction Obtaining Documentation The latest product information is available on the website of InHand www inhandnetworks com The main columns related to product information on the websit
121. nger information Forbidden p PFS protected by other cipher codes Lifetime _ Validity of Crypto Map N A Rekey Margin S Reconnection time for the second stage N A Rekey Fuzz a _ Deviation percentage of the reconnection time for the second stage N A Description Default Interface lt gt Crypto Map MAP Interface Select Interface Name _ cellular Map Name Select from defined names of Crypto Map One name is matched none with several marks 3 8 1 4 IPSec VPN Configuration Example Building a secure channel between Router A and Router B to ensure the secure data flow between Customer Branch A s subnet 192 168 1 0 24 and Customer Branch B s subnet 172 16 1 0 24 Security protocol is ESP the encryption algorithm is 3DES and authentication algorithm is SHA The topology is as follows me 192 50 50 2 Router A ae EQUTER 192 100 100 198 5 Internet w sA cA Router B Configuration Steps 1 Router A Settings Step 1 IPSec Setting Phase 1 From navigation panel select VPN gt gt IPSec then enter IPSec Setting Phase 1 page as shown below 103 InHand Networks www_inhandnetworks com Connecting Devices Enabling Services Keyring Name IP Address Netmask aed ipsecwzi 192 100 100 19 255 255 255 0 re Loo DO O E aa Policy ID Authentication Encryption Hash Diffie Hellman Group Lifetime Shared Key ades sha Group 2 864
122. nt can t communicate with external network Increasing exit gateway is a common method for improving system reliability Then the problem to be solved is how to select route among multiple exits VRRP Virtual Router Redundancy Protocol adds a set of routers that can undertake gateway function into a backup group to form a virtual router The election mechanism of VRRP will decide which router to undertake the forwarding task and the host in LAN is only required to configure the default gateway for the virtual router VRRP will bring together a set of routers in LAN It consists of multiple routers and is similar to a virtual router in respect of function According to the vlan interface ip of different network segments it can be virtualized into multiple virtual routers Each virtual router has an ID number and up to 255 can be virtualized VRRP has the following characteristics e Virtual router has an IP address known as the Virtual IP address For the host in LAN it is only required to know the IP address of virtual router and set it as the address of the next hop of the default route e Host in the network communicates with the external network through this virtual router e router will be selected from the set of routers based on priority to undertake the gateway function Other routers will be used as backup routers to perform the duties of gateway for the gateway router in case of fault of gateway router thus to guarantee unin
123. ntercommunicated via OpenVPN and two way visit can be realized b if OpenVPN is in NAT mode via equipment A OpenVPN server is in no need to increase the static routing about 192 168 9 0 24 Now PC A can have access into PC B but PC B cannot directly have access into PC A It is applied to initial uploading Configuration procedures of router are as follows Step 1 Configure relevant parameters of OpenVPN as shown in the following figure 120 InHand Networks a www _inhandnetworks com O a Connecting Devices Enabling Services NS YEN gt gt OpenVP unnand pees rari Admini stration j _ Enable Ed Layer Switch Eak b pues Total Alarms i i Alam Summary D oi OPENVP Server Port Routing p E 1194 ba Firewall A Add 3s QoS Stop FEN 3 Authentication Type User Password T Indastril gt Usernane Show Advanced Options Ei Source Interface Y Network Type net30 T Interface Type tun T Frotocol Type udp T Cipher BF CFB Compression L2Z0 Link Detection Interval 60 z Link Detection Timeout 3000 s MTU 1500 Step 2 Configure different certificates in accordance with different certification demand when the channel is successfully established The type of certification and certificate are as follows None in no need of certificate Pre shared Key in no need of certificate User Password only CA certificate like ca crt X 509 Cert multi client X 509 Cert in need of C
124. nterface Type tun Frotocol Type udp Cipher Default Compression LZO Link Detection Interval o g Link Detection Timeout o Expert Configuration Import Configuration ae 3 8 5 1 OPENVPN Click navigation panel VPN gt gt OPENVPN menu enter OPENVPN customer end menu as shown in the following figure 118 InHand Networks www_inhandnetworks com InHand Networks NS unhand Admini stration Layer Switch He twork Link Backup Routing Firewall Qos FH Industrial Tools YPN gt gt OpenVP nee aie Enable ral Index SSS OPERYPH Server Port it Add Description Show Advanced Options Source Interface OF Network Tape net30 Y Interface Type tun Protocol Type udp Compression Lid O Link Detection Interval 6 fs Link Detection Timeout 3o k m Enable Debug Espert Configuration Refer to Table 3 8 5 1 for page information Table 3 8 5 1 Parameter Description of OPENVPN Customer End Parameter Name Description Keep consistency with server Advanced Options Select name of source port Select type of network Select the data form sending out from the port tun data package tap data frame Protocol in server communication and keep consistency with server protocol Advanced Options Keep consistency with server Default Connecting Devices Enabling Services E a 5 Total Alarms Alam Summary 35
125. ociation lifetime seconds 86400 crypto ipsec transform set ESP_3DES_MDS5 esp 3des esp md5 hmac mode transport crypto ipsec profile abc set security association lifetime seconds 3600 set transform set ESP_3DES_MD5 Step 2 Configure GRE and NHRP interface Tunnel ip address 192 168 77 1 255 255 255 0 ip mtu 1436 ip nhrp map multicast dynamic ip nhrp network id 10 ip nhrp holdtime 180 no ip split horizon 115 InHand Networks www inhandnetworks com o a Connecting Devices Enabling Services tunnel source FastEthernet0 1 tunnel mode gre multipoint tunnel key 123456 tunnel protection ipsec profile abc Step 3 Configure Dynamical Routing HUB config router rip HUB config router network192 168 0 1 255 255 255 0 HUB config router network192 168 77 1255 255 255 0 A Attention For now InRouter900 can only be used as the Spoke for the DMVPN 3 8 4L2TP L2TP one of VPDN TPs has expanded the applications of PPP known as a very important VPN technology for remote dial in user to access the network of enterprise headquarters L2TP through dial up network PSTN ISDN based on negotiation of PPP could establish a tunnel between enterprise branches and enterprise headquarters so that remote user has access to the network of enterprise headquarters PPPoE is applicable in L2TP Through the connection of Ethernet and Internet a L2TP tunnel between remote mobile officers and enterprise headquarters could be established
126. on Protocol dynamically assigns IP address Configuration subnet mask gateway and other information of the host in the network Protocol DHCP Server Dynamic Host Dynamic Host Configuration Protocol Server is a device running DHCP Configuration Dynamic Host Configuration Protocol and is mainly used to assign IP Protocol Server address to the clients of DHCP J Z n Domain Name Domain Name Service resolves domain name into IP address DNS Service information is distributed hierarchically between DNS servers throughout the Internet When we visit a website DNS server views the domain name sending the request and searches for the corresponding IP address If the DNS server can not find the IP address it will submit the request to the superior DNS server and continue to search for the IP address For example the IP address corresponding to the domain name www yahoo com is 216 115 108 243 Firewall Firewall Firewall technology protects your computer or local area network from malicious attacks or access from the external network MAC Media Access Media Access Control address is the permanent physical address assigned address Control address by the manufacturer to the device It is composed of 6 pairs of hexadecimal digits For example OO OF E2 80 65 25 Each network device has a global unique MAC address NAT Network Network Address Translation can convert multiple computers within the Address LAN through NAT to share one or more publ
127. one Interface Configure the interface of Virtual Route None Virtual IP Address Configure the IP address of Virtual Route None The VRRP priority range is 0 255 a larger number indicates Priority a higher priority The router with higher priority will be 100 more likely to become the gateway router Advertisement Heartbeat package transmission time interval between i Interval routers in the virtual ip group If the router works in the preemptive mode once it finds that its own priority is higher than that of the current gateway router it will send VRRP notification package resulting in Preemption Mode Enable re election of gateway router and eventually replacing the original gateway router Accordingly the original gateway router will become a Backup router Track ID Trace Detection select the definedTrack index or ID None 3 4 3 2 VRRP Typical Configuration Example 1 Networking Demand Mainframe A makes VRRP backup combined with router A and router B as its default gateway to visit the mainframe B on internet 65 InHand Networks _ www _inhandnetworks com O o Connecting Devices Enabling Services VRRP backup is composed of Backup group ID 1 IP address of backup group virtual router 192 168 2 254 24 Interchanger A Master Interchanger B backup interchanger preemptive allowable Router Ethernet interface IP address of interface Pri
128. onnecting Devices Enabling Services 3 5 3 3 Multicast Routing Application Example Example Set router to receive the multicast data from network and refer to the following figure for topological graph fastethernet 0 20 fastethernet 0 10 receive server 10 5 4 23 Configuration procedures of router are as follows Step 1 Start multicast routing and configure parameters for multicast routing as shown in the following figure N Routing gt Multicast Routing ap PeT Admini stration Enable Layer Switch k a 3 z Hetwork Multicast Static Route Link Fackap j Hetmask Interface 10 5 3 0 255 255 255 0 fastethernet O 1 255 255 255 0 Source Routing d Firewall cellular 1 gt QoS b PH b Industrial Apply amp Save Cancel Tools Wizards j Save Configuration Copyright 2001 2013 InHand Networks Co Ltd All rishts reserved Step 2 Configure IGMP parameter as shown in the following figure 85 InHand Networks _ www _inhandnetworks com O a Connecting Devices Enabling Services q y a Routing Multicast Routing unnhand Admini stration j Upstream Interface Layer Switch E EE E Upstream Interface fastethernet 0 1 Total G Alarms Link Backup j al g Downstream Interface List mi i Routing j Firewall b Downstream Interface ostream Inter face H QoS 3s Industrial d Tea Apply amp Save Canc
129. ons that are not saved will be lost after reboot 3 2 11 Device Management Device Management is a software platform to manage equipment The equipment can be managed and operated via software platform when Device Management is started so that the internet can be in efficient operation For instance the operating status of equipment can be inspected equipment software can be upgraded equipment can be restarted configuration parameter can be sent down to equipment and transmitting control or message query can be realized on equipment via Device Management 3 2 11 1 Device Management Click navigation panel Management gt gt Device Management menu enter Device Management interface as shown below 15 InHand Networks www_ inhandnetworks com O o Connecting Devices Enabling Services 7 ad Administration gt gt Device Management Device Management Lalog Administration j Alarm Layer Switch Enable Total Alarms 0 Network Mode SHS amp TP e Alarm Link Backup Vendor Default Summary Routing Device ID 312456789 Firewall 2 aii Fort 3 2 AES d a st Login Retries 3 VPN o Heartbeat Interval 120 5 Industrial Serial Type R5232 e Tools t Apply amp Save Page description is shown below Parameter N ame i Description Default Vah Value l Schema Message IP Forbidden Supplier l Set name of equipment s
130. operators to ensure networks availability and bargaining power on data plan Automatic Link Detection amp Recovery PPP Layer Detection keep the connection with mobile network prevent forced hibernation able to detect dial link stability Network connection Detection automatic redial when link broken keep Long Connection VPN Tunnel Detection sustain VPN tunnel to ensure availability of business InRouter Auto recovery InRouter embeds hardware watchdog able to automatically recover from various failure ensure highest level of availability E Entirely Ruggedized InRouter 900 inherits InHand Networks legacy on best in class ruggedized design From component selection to circuit layout InRouter 900 satisfies electric power and industrial applications on EMC IP protection temperature range and etc InRouter 900 is designed to last in harshest circumstances E High Performance High Bandwidth Equipped with powerful Cortex A8 processor and 256MB memory support more application needs Support 4G LTE 100Mbps downlink and SOMbps uplink and HSPA 21 Mbps downlink and 5 76Mbps uplink E InHand Network Operation System INOS 2 0 InHand Network Operation System INOS has been built as the highly reliable amp real time basis for all network functions as well as easy to use configuration interface via Web CLI or SNMP INOS is in modular design expandable and adaptable to various M2M applications E Embed WIFI AP and Client
131. opological graph 125 InHand Networks www inhandnetworks com Connecting Devices Enabling Services 2 A T Server Address 101 227 246 118 Server Port 22010 Configuration procedures of router are as follows Step 1 Configure DTU serial port parameter The serial port parameter shall be kept in consistency with the serial port parameter of end equipment as shown in the following figure y CN Industrial gt gt DTU ToO kat rat TO A k a ape eee Alal Layer Switch Hetrork t Serial Type R5232 Total Alarn Link Backup b Baudrate Alarm Summar Routing Data Bits 8 bits 7 Firewall b Parity None T 3 S Qos r Stop Bit bit Stop Software Flow Control i FH Industrial d Me Serial Fort 2 Wizards d Serial Type RS4A85 T Haudrate 9600 7 Data Bits 8 bits T Parity None Stop Bit i1 bit Software Flow Control Description Step 2 Configure DTU function parameters as shown in the following figure 126 InHand Networks www inhandnetworks com Connecting Devices Enabling Services a d Industrial gt gt DTU mace a e come ean jm e a DTU Protocol Transparent Total Alarms 0 ee Protocol Eis Alarm Summary oe Connection Type Long lived Y es 3 Keepalive Interval 60 s sii Keepalive Retry 5 3s T a il 3 Serial Buff
132. ored to the upstream router Under such circumstances user to configure that once any changes take place in Track item delays a period of time to notify the application module From navigation panel select Link Backup gt gt Track then enter Track page as shown below Link Backup gt gt Track Track Object Negative Positive Delay s Delay s Index Type SLA ID Interface Apply amp Save Page description 1s shown below Index Track index orID 1 Type Default sla User cannot change sla SLA ID Defined SLA Index or ID None Interface Detect interface s up down state cellular 1 In case of negative status switching can be delayed based on Negative Delay oo o the set time 0 represents immediate switching rather than O m immediate switching 63 InHand Networks p www inhandnetworks com O a Connecting Devices Enabling Services K In case of failure recovery switching can be delayed based on Positive Delay m the set time 0 represents immediate switching rather than O immediate switching 3 4 3 VRRP Default route provides convenience for user s configuration operations but also imposes high requirements on stability of the default gateway device All hosts in the same network segment are set up with an identical default route with gateway being the next hop in general When fault occurs on gateway all hosts with the gateway being default route in the network segme
133. ority connected with hostA connected with hostA RA FO I 192 168 2 1 110 preemptive RB F0 1 192 168 2 2 100 preemptive 2 Networking Diagram Host B 10 2 3 1 24 F0 2 Internet F0 2 10 100 10 2 24 10 100 10 3 24 F0 1 192 168 2 2 24 F0 1 192 168 2 1 24 Virtual IP address 192 168 2 254 ip 192 168 2 100 gw 192 168 2 254 Host A 3 Configuration Procedures 1 Configure router A First Configure FO 1 Click navigation panel Link Backup gt gt VRRP enter VRRP interface configure VRRP as shown in the following figure Link Backup gt gt VRRP Enable Virtual Konte IN Interface Variasi IP leer ee pee S ge ton ack iD Interval Mode fastethernet 100 1 Apply amp Save mmicancenss Click navigation panel Link Backup gt gt VRRP enter VRRP interface examine VRRP as shown in the following figure 66 InHand Networks o www inhandnetworks com Connecting Devices Enabling Services Ne Link Backup gt gt VRRP ujnand pee verp ss Administration Virtual Route ID Interface VRRP Status Priority Track Status r a Layer2 Switch 1 fastethernet 0 1 Master 100 3 Network r Second Configure FO 2 Click navigation panel Internet gt gt Ethernet Interface enter Ethernet Interface 0 2 configure Ethernet interface 0 2 as shown in the following figure Administration I Alarm Primary IP 10 100 10
134. ork administrator would make use of SNMP to carry out remote management and configuration of attached devices and achieve real time monitoring Following is a figure showing how to manage devices through SNMP fan LE LAN f NMS a IP Network so SNMP R Agent Lan OE Te LAN To configure SNMP in networking NMS a management program of SNMP shall be configured at the Manager Meanwhile Agent shall be configured as well Through SNMP NMS could collect status information of devices whenever and wherever and achieve remote control of devices under management through Agent Agent could timely send current status information to NMS report device In case of any problem NMS will be notified immediately SNMP Simple Network Management Protocol is an application layer communication protocol through SNMP network administrators can manage network performance find and solve network problems and plan network growth SNMP includes NMS and Agent 34 InHand Networks www _inhandnetworks com O a Connecting Devices Enabling Services NMS Network Management Station is a station which runs client procedure Agent is service software which is running in device The purpose of NMS and Agent is as followed NMS can send getRequest getNextRequest setRequest packets to Agent when the Agent receive these packets it will execute read or write operations according to the type of packe
135. orks com Current version display the current version of equipment Current version of Bootloader display the current version of equipment 3 2 show system Command show system Function display the information of router system View all views Parameter No Example enter show system Display the following information Example 00 00 38 up 0 min load average 0 00 0 00 0 00 3 3 show clock Command show clock Function display the system time of router View all views Parameter No Example enter show clock Display the following information For example Sat Jan 1 00 01 28 UTC 2000 3 4 show modem Command show modem Function Display the MODEM state of router View all views Parameter No Example Enter show modem Display the following information Modem type state manufacturer product name signal level register state 140 InHand Networks a www _inhandnetworks com o a Connecting Devices Enabling Services IMSI number Internet state 3 5 show log Command show log lines lt n gt Function display the log of router system and display the latest 100 logs in default View all views Parameter lines lt n gt limits the log numbers displayed wherein n indicates the latest n logs in case that it is positive integer and indicates the earliest n logs in case that it is negative integer and indicates all the logs in case that it is Q Example enter show log Display the latest 100 log records 3 6
136. otocol IGP mainly used for smaller networks The complex environments and large networks general do not use RIP RIP uses Hop Count to measure the distance to the destination address and it is called RoutingCost In RIP the hop count from the router to its directly connected network is O and the hop count of network to be reached through a router is 1 and so on In order to limit the convergence time the specified RoutingCost of RIP is an integer in the range of O 15 and hop count larger than or equal to 16 is defined as infinity which means that the destination network or host is unreachable Because of this limitation the RIP is not suitable for large scale networks To improve performance and prevent routing loops RIP supports split horizon function RIP also introduces routing obtained by other routing protocols It is specified in RFC1058 RIP that RIP is controlled by three timers i e Period update Timeout and Garbage Collection Each router that runs RIP manages a routing database which contains routing entries to reach all reachable destinations The routing entries contain the following information Destination address IP address of host or network Address of next hop IP address of interface of the router s adjacent router to be passed by on 19 InHand Networks O www inhandnetworks com O a Connecting Devices Enabling Services the way to reach the destination Output interfa
137. ough the Web setting page When multi user management is implemented for the router it is suggested not to conduct configuration operation for the router at the same time otherwise it may lead to inconsistent data configuration For security you are suggested to modify the default login password after the first login and safe keep the password information 19 InHand Networks r www inhandnetworks com Connecting Devices Enabling Services 3 2 Management 3 2 1 System 3 2 2 1 System Status From the left navigation panel select Administration lt lt System then enter System Status page On this page you can check system status and network status as shown below In system status by clicking lt Syne Time gt you can make the time of router synchronized with the system time of the host Click the Set behind Cellular Fastethernet 0 1 and Fastethernet 0 2 respectively on network status to enter into the configuration screen directly For configuration methods refer to Section 3 3 land 3 3 2 N Administration gt gt System uynand eee a Administration System Status Network Link Backup gt Name Routing gt Model Firewall gt Serial Number MAC Address QoS VPN Current Version Tools Current Bootloader Version Wizards Router Time PC Time Up time CPU Load 1 5 15 mins Memory consumption Total Free ES Network Status e Rout
138. pe Select Authentication Type Auto Peer Server username None a Password Peer Server password None Local IP Address Set local IP address None Remote IP Address Set remote IP address None 3 8 5 OPENVPN Single point participating in the establishment of VPN is allowed to carry out ID verification by preset private key third party certificate or username password OpenSSL encryption library and SSLv3 TLSv1 protocol are massively used 117 InHand Networks i www inhandnetworks com O o Connecting Devices Enabling Services In OpenVpn if a user needs to access to a remote virtual address address family matching virtual network card then OS will send the data packet TUN mode or data frame TAP mode to the visual network card through routing mechanism Upon the reception service program will receive and process those data and send them out through outer net by SOCKET owing to which the remote service program will receive those data and carry out processing then send them to the virtual network card then application software receive and accomplish a complete unidirectional transmission vice versa From navigation panel select VPN gt gt OPENVPN then enter OPENVPN Client page as shown below VPN gt gt OPENVPN Index server IP SS Port 1194 Authentication Type Description a Show Advanced Options source Interface rs Network Type wti I
139. port Therefore it is necessary to turn off this feature EIGRP is private protocol of CISCO The IOS command to turn off this feature is no ip next hop self eigrp OSPF is a link status type routing protocol and itself does not have the problem of split horizon However in configuring OSPF network type it is required to be configured as a broadcast rather than the point to multipoint type Otherwise the above problems will be caused In addition it should also be noted that it is required to configure the center router Hub of DMVPN as the designated router DR of OSPF which can be achieved by specifying a higher OSPF priority for the center router Hub 3 8 3 4 DMVPN Configuration Example Topology 111 InHand Networks ail www _inhandnetworks com O a Connecting Devices Enabling Services 192 168 0 100 FO O a 192 168 0 1 Tunnel 0 192 168 77 1 Tunnel 0 Tunnel0O Tunnel0O 192 168 77 2 gy 192 168 77 3 gf 192 168 77 4 be FO 2 o 10 10 10 10 20 20 20 20 30 30 30 30 Networking Environment 1 R1 Must have a fixed and public IP address as HUB 2 R2 R3 R4 Dial up dynamically get public IP address as Spoke 3 Establish DMVPN between R2 R3 R4 and HUB make all the LANs can access each other 4 Related to the points GRE tunnel NHRP Dynamical routing IPsec VP 1 Configuration 1 Settings of R2 R3 R4 Step 1 Configure IPsec Navigate to VPN gt gt IPsec
140. r password Example enter enable password in configuration view Enter password according to the hint 7 3username Command username lt name gt password lt password gt no username lt name gt default username Function set user name password View configuration view Parameter No Example enter username abc password 123 in configuration view Add an ordinary user the name is abc and the password is 123 enter no username abc in configuration view Delete the ordinary user with the name of abc enter default username in configuration view Delete all the ordinary users 144 InHand Networks r www inhandnetworks com O o Connecting Devices Enabling Services Appendix 3 Glossary of Terms 100Base TX 100Base TX 100Mbit s baseband Ethernet specification uses two pairs of category 5 twisted pair connection which can provide the maximum transmission rate of LOOMbit s 10Base T 10Base T 1OMbit s baseband Ethernet specification uses two pairs of twisted pair Abbreviation Full English Name category 3 4 5 twisted pair connection one of which will be used for sending data and the other for receiving data which can provide the maximum transmission rate of 1OMbit s DDNS Dynamic Domain Dynamic Domain Name Service can achieve the resultion between the fixed Name domain name and the dynamic IP address Service DHCP Dynamic Host Dynamic Host Configurati
141. rk facility IGMP is such a signaling mechanism for a host used in the network segment of receiver to the router IGMP informs the router the information about members and the router will acquire whether the multicast member exists on the subnet connected with the router via IGMP Function of multicast routing protocol Discovering upstream interface and interface closest to the source for the reason that multicast routing protocol only cares the shortest route to the source Deciding the real downstream interface via S G A multicast tree will be finished after all routers acquire their upstream and downstream interfaces with root being router directly connected with the source host and branches being routers directly connected via subnet with member discovered by IGMP Managing multicast tree The message can be transferred once the address of next hop can be acquired by unicast routing while multicast refers to relay message generated by source to a group From navigation panel select Routing gt gt Multicast Routing then enter IGMP page as shown below Routing gt gt Multicast Routing ro Upstream Interface Upstream Interface cellular 1 fastethernet 0 1 fastethernet 0 2 Downstream Interface Upstream Interface Downstream Interface List cellular 1 cellular 1 Apply amp Save Cancel 84 InHand Networks a www_inhandnetworks com O a C
142. s Expert Options Page description is shown below Host It requires the destination host address of PING 192 168 2 1 detection Ping Count Set Ping detection count 4 Packet Size Set packet size of ping detection 32 bytes Expert Options Advanced parameters of ping can be used 3 10 2 Routing detection It is used to detect network routing failure From navigation panel select Tools gt gt Traceroute then enter Traceroute page as shown below 130 InHand Networks www _inhandnetworks com O a Connecting Devices Enabling Services Tools gt gt Traceroute I Host Maximum Hops wo Timeout 3 g Protocol UDP Expert Options Page description 1s shown below Parameters Description Default Host E Host address needs to detect 192 168 2 1 Maxium Hops _ Set the maxium hops of routing detection 20 Timeout Set timeout of routing detection 3 secs _ Protocol Select ICMP UDP UDP _ Expert Options _ Advanced parameters of ping can be used 3 10 3 Link Speed Test Through upload and download files link speed can be tested From navigation panel select Tools gt gt Link Speed Test then enter Link Speed Test page as shown below Tools gt gt Link Speed Test C Users Public Music Sample Music Sleep ae 3 11 Configuration Wizard Simplified normal configuration allows the rapid simple and basic configuration of router but ca
143. s E Wizards j Log O Save Configuration Copyright 2001 2013 Description Doo y f nHand Hetworks Co Ltd All rights reserved Page information is shown below Default 88 InHand Networks m www inhandnetworks com O a Connecting Devices Enabling Services Type ID Action Agreement Source IP address Source address wildcard mask Destination IP address Destination address wildcard mask Writing log Description Standard ACL can prevent all the communication flow of some network or permit all the communication flow of some network or refuse all the communication flow of some protocol stack like IP Expanded ACL can provide more extensive control scope than standard ACL does For instance network manager can make use of expanded ACL instead of standard ACL to permit Web communication flow refuse FTP and Telnet because the control of ACL is not as desired User self defined number Permit refuse ACP Source network address blank in case of any configuration Radix minus one complement of mask in source network _ address Destination network address blank in case of any _ configuration Radix minus one complement of mask in destination address Click starting and the log about access control will be recorded in the system after starting Convenient for recording parameters of access control a Expanded No Forbidden No Network Interface List Port n
144. ser define bigger than maximum bandwidth of output N A Kbps strategy ingress Policy Name of policy defined above N A Egress Policy Name of policy defined above N A 3 7 1Qo0S 96 InHand Networks 3 www_inhandnetworks com ee Connecting Devices Enabling Services Click navigation panel QoS gt gt flow control menu enter flow control interface as shown in the following figure Ro N d QoS gt gt Traffic Control Admini stration Classifier Layer Switch He twork Hame P re Source EE PE 8 i Sry Routing a Firewall i a ee Hame Classifier Guaranteed Bandwidth Kbps _ G Wizards F Apply Qos Interface Ingress Max Bandwidth bps Egress Max Bandwidth Kbps Ingress Fo bidet S Apply amp Save Refer to Table 3 7 1 for page information Table 3 7 1 Parameter Description of Flow Control Parameter Name Description Default Value Type Name Name of user self defined flow control Click starting control the flow of any message after Forbidde Any Message d starting n Source address of flow control blank in case of any Source Address configuration rae Destination address of flow control blank in case of Destination Address No any configuration Protocol Click protocol type Strategy Name Name of user self defined flow control strategy Type Name of defined types above No Assured Bandwidth a Assured bandwidth in user self definition No Kbps Maximum
145. serves 3 IP addresses for private network as shown followed A 10 0 0 0 10 255 255 255 B 172 16 0 0 172 31 255 255 C 192 168 0 0 192 168 255 255 The addresses in the three types above will not be distributed on the internet so they can be used in companies or enterprises instead of being applied to operator or registration center 3 6 2 2 NAT Application Example Example a router R900 has access to internet via dial up FE 0 2 is connected with a server whose IP address is 192 168 2 23 Configure router to make public network have access to the server Port mapping way configuration of router is as follows NS Firewall gt gt MAT Pad Admini stration j 1 rene Action DNAT Source Network Outside He twork Translation Type INTERFACE PORT to IP PORT Link Backup j Protocol TCP Routing a a Match Conditions F ir on Interface cellular 1 T E 3s na Port 1000 VEH Stop Translated Address Industrial r IP Address 192 168 223 Tools Port 1000 Apply amp Save Cancel DMZ way configuration of router is as follows 94 InHand Networks www _inhandnetworks com o a Connecting Devices Enabling Services CN Firewall gt gt HAT ujnand Admini stration Layer Suitch b Action DNAT Y a R Source Network Outside Total Link Backup Translation Type INTERFACE to IP T Match Conditions am ummary ae 5 Interface
146. shown in following figure Telnet Session 1 Telnet Session 2 woe See PC RouterA RouterB Router A now functions as the Telnet Server but also provides Telnet Client service Router B and Router A 26 InHand Networks ail www _inhandnetworks com O o Connecting Devices Enabling Services provides Telnet Client function SSH Telnet adopts TCP to execute Plaintext Transmit lacking of secure authentication mode and being vulnerable to DoS Denial of Service Host IP spoofing and routing spoofing and other malicious attacks generating great potential security hazards In comparison with Telnet STelnet Secure Telnet based on SSH2 allows the Client to negotiate with Server so as to establish secure connection Client could log on Server just as operation of Telnet Through following measures SSH will realize the secure telnet on insecure network Support RAS authentication Support encryption algorithms such as DES 3DES and AES128 to encrypt username password and data transmission IR900 only supports SSH Server and could connect with multiple SSH Clients SSH supports local connection and WAN connection Local connection A SSH channel could be established between SSH Client and SSH Server to achieve local connection Following is a figure showing the establishment of a SSH channel in LAN WorkStation SSH Server Server LapTop SSH Client WAN connection A SSH ch
147. t and create Response packet back to NMS When device happens to status change for example port plug Agent will send Trap packet and report all the events to NMS 3 2 6 1 SNMP Basic Setting SNMP agent of device supports SNMPv1 SNMPv2 and SNMPv3 at present SNMPv1 and SNMPv2 adopt community name to authenticate SNMPv3 adopt username and password to authenticate From the left navigation panel select Administration lt lt SNMP then enter SNMP page as shown below Administration gt SNMP sor Enable SNMP Version vic Contact Information Beijing Inhand Networ Location Information Beijing China Community Management Community Name Access Limit MIE View public Read Only defaultView private Read Urite defaultView t Read Only defaultView T Page description is shown below Enable _ Enable Disable SNMP Disable SNMP Version Support SNMP v1 v2c v3 v2c Contact Beiing_Inhand_Networks_Technolo Fill Contact Information Information gy_Co Ltd Location N Fill Location Information Beijing_China Information Community Management Community Name User define Community Name Publi and private Access Limit Select access limit Read only MIB View Select MIB View _ defaultView When choosing SNMPv3 version the corresponding Use and User Group should be configured The 35 InHand Networks www
148. t gt Ethernet then enter Fastethernet 0 1 page as shown below 46 InHand Networks www _inhandnetworks com O a Connecting Devices Enabling Services Network gt gt Ethernet Primary IP 192 168 1 1 Netmask 255 255 255 0 MTU 1500 Speed Duplex Sate Weectintim Track L2 State Description Multi IP Settings Secondary IP Netmask ieoi seve Ecce Page description is shown below Default IP address could be configured or changed Primary IP 192 168 1 1 _ according to demand Subnet Mask Autogeneration 255 255 255 0 MTU Maximal transmission unit byte as the unit 1500 Five options Auto Negotiation 100M Faull uto Speed Duplex Duplex 100M Half Duplex 10M Full Duplex o Negotiation and 10M Half Duplex On Port status after disconnection Down Track L2 State Off Off Port status after disconnection UP Description User defines the description N A In addition to the primary IP user could set Multi IP Settings l N A Secondary IP addresses 10 maximal A Attention In factory default state DNS of PC connected at the lower end of FO 1 can not be applied with the original port IP of FO 1 otherwise public domain can not be visited But visiting public domain can be realized by starting DHCP server or setting other DNS server 3 3 1 3 Bridge Interface Click navigation panel Network gt gt Ethernet menu enter ethernet 0 1 interface as shown b
149. t 15 super users at current lt password gt Password corresponded to privileged user limit level hint of password inputting will be given in case of no entering Example Enterenable adm in ordinary user view Switchover to super users and the password 123456 2 2 disable Command disable Function Exit the privileged user level View Super user view configure view Parameter No Example Enter disable in super user view Return to ordinary user view 2 3 end and Command end or Function Exit the current view and return to the last view View Configure view Parameter No Example Enter end in configured view Return to super user view 2 4 exit Command exit Function Exit the current view and return to the last view exit console in case that it is ordinary user View all views Parameter No Example 139 InHand Networks wa www _inhandnetworks com O o Connecting Devices Enabling Services enter exit in configured view Return to super user view enter exit in ordinary user view Exit console 3 Check system state command 3 1 show version Command show version Function Display the type and version of software of router View all views Parameter No Example enter show version Display the following information Type display the current factory type of equipment Serial number display the current factory serial number of equipment Description www inhandnetw
150. t signal strength detect interval 0 CSQ Detect Retries Set signal strength detect retries o oe Frombeginningto switch to Backup SIM Timeout thebackupcardcounting exceeds the tiemout 0 router will switch to the primarycard 3 3 3 PPPoE PPPoE is a Point to Point Protocol over Ethernet User has to install a PPPoE Client on the basis of original connection way Through PPPoE remote access devices could achieve the control and charging of each accessed user Connection mode at Ethernet port is PPPoE namely configuration interface as PPPoE Client From navigation panel select Network gt gt ADSL Dialup then enter PPPoE page as shown below Network gt gt ADSL Dialup PPPoE Dial Pool Fool ID Interface 1 fastethernet 0 1 PPPoE List Authencation i Local IF Remote IF Enabl ID Pool ID Username P rd Deb Type ig ae Address Address memes i Auto et oT Page description 1s shown below Default Pool ID User define easy to memorize and manage None Interface Fastethernet0 1 Fastethernet0 2 Fastethernet0 1 o PPPoE List ID User define easy to memorize and manage 1 Pool ID Same with the dialup pool None Authentication Type Auto PAP CHAP Auto User Name Operators provide the relevant parameters None _ Password Operators provide the relevant parameters None o Local IP Address Set the IP address assigned for Ether
151. ter900 Introduction This chapter includes the following parts Overview Product Features 1 1 Overview Thanks for choosing IR900 series industrial router InRouter900 IR900 thereinafter is the new generation of industrial router developed by InHand Networks for M2M in 4G era Integrating 4G LTE and various broadband WANs IR900 provides uninterrupted access to internet With the features of complete security and wireless service R900 can connect up to ten thousand devices IR900 has also been built for rapid deployment and easy management which enables enterprises to quickly set up large scale industrial network with minimized cost and time There are currently three IR900 series IR9x2 IR9x5 IR9x8 which can provide up to 8 intelligent ports and they support LAN WAN protocol IR900 products not only offer more options on WAN port access but also effectively save additional purchasing cost on switch equipments 1 2 Product Features E Uninterrupted Access to Internet from Anywhere Redundant WAN connection 2 Ethernet ports 3G 4G embedded various DSL InRouter 900 is built to support various WAN and ensure network availability Whether the device is located in commercial region or wild field it can always keep on line with broadband service or widespread 3G 4G connection Furthermore InRouter 900 can automatically switch over between broadband and 3G 4G when one link is failed so as to ensure uninterrupted WAN connection
152. terrupted communication between the host and external network VRRP Networking Scheme Virtual router Router A As shown in Figure above Router A and Router C compose a virtual router This virtual router has its own IP address The host in LAN will set the virtual router as the default gateway Router A or Router C the one with the highest priority will be used as the gateway router to undertake the function of gateway Another router will be used as a Backup router Monitor interface function of VRRP better expands backup function the backup function can be offered when 64 InHand Networks p www inhandnetworks com O a Connecting Devices Enabling Services interface of a certain router has fault or other interfaces of the router are unavailable When interface connected with the uplink is at the state of Down or Removed the router actively reduces its priority so that the priority of other routers in the backup group is higher and thus the router with highest priority becomes the gateway for the transmission task 3 4 3 1 VRRP Configuration From navigation panel select Link Backup gt gt VRRP then enter VRRP page as shown below e Enable Virtual Route ID Interface Warten TE E en nen teak ai Interval fastethernet 100 1 Apply amp Save Cancel Page description 1s shown below Default Enable Enable Disable Enable Virtual Route ID User define Virtual Route ID N
153. the source of multicast routing From navigation panel select Routing gt gt Multicast Routing then enter Basic page as shown below Routing gt gt Multicast Routing Enable Multicast Static Route Source Netoask Interface 200 200 2090 0 cellular 1 Apply amp Save yasGancel Page description is shown below Parameters Description Default _ Enable _ Open Close _ Close 83 InHand Networks www inhandnetworks com O a Connecting Devices Enabling Services Source IP Address of Source None Netmask Netmask of Source 255 255 255 0 Interface Interface of Source cellular 1 3 5 3 2 IGMP IGMP being a multicast protocol in Internet protocol family which is used for IP host to report its constitution to any directly adjacent router defines the way for multicast communication of hosts amongst different network segments with precondition that the router itself supports multicast and is used for setting and maintaining the relationship between multicast members between IP host and the directly adjacent multicast routing IGMP defines the way for maintenance of member information between host and multicast routing in a network segment In the multicast communication model sender without paying attention to the position information of receiver only needs to send data to the appointed destination address while the information about receiver will be collected and maintained by netwo
154. tically save configuration n configuration after modify the configuration Restore Default Configuration Restore factory configuration None A Attention When import the configuration the system will filter incorrect configuration files and save the correct configuration files when system restarts it will orderly execute theses configuration files If the configuration files didn t be arranged according to effective order the system won t enter the desired state CF instruction In order not to affect current system running when performing the import configuration and restore the default configuration need to reboot the router new configuration will take effect 3 2 6 SNMP Definition SNMP or Simple Network Management Protocol is a standard network management protocol widely used in TCP IP networks and provides a method of managing the device through the running the central computer of network management software Features of SNMP Simplicity SNMP adopts polling mechanism provides the most basic sets of features and could be used in small scale rapid low cost environments SNMP with UDP message as the carrier is supported by a great majority of devices Powerfulness objective of SNMP is to ensure the transmission of management information between any two points so as to facilitate administrator s retrieval of information on any node on network and modification 33 I
155. to establish a private data transmission channel utilizing VPN Backbone so as to realize the transparent message transmission Tunneling technology encloses the other protocol message with one protocol Also encapsulation protocol itself can be enclosed or carried by other encapsulation protocols To the users tunnel is logical extension of PSTN link of ISDN which is similar to the operation of actual physical link The common tunnel protocols include L2TP PPTP GRE IPSec MPLS etc 3 8 11PSec A majority of data contents are Plaintext Transmission on the Internet which has many potential dangers such as password and bank account information stolen and tampered user identity imitated suffering from malicious network attack etc After disposal of IPSec on the network it can protect data transmission and reduce risk of information disclosure IPSec is a group of open network security protocol made by IETF which can ensure the security of data transmission between two parties on the Internet reduce the risk of disclosure and eavesdropping guarantee data integrity and confidentiality as well as maintain security of service transmission of users via data origin authentication data encryption data integrity and anti replay function on the IP level IPSec including AH ESP and IKE can protect one and more date flows between hosts between host and gateway and between gateways The security protocols of AH and ESP can ensure security a
156. upplier default o Equipment ID Unaltered equipment ID server Set IP address of device c inhandnetworks com management Port Set port No of device 9002 E management Login retry times Set retry times 3o Heartbeat interval time Set heartbeat interval 120 sec Serial port type RS232 RS485 RS232 3 2 11 2 Device Management Application Example Applications add equipment to Device Management Configuration procedures of router are as follows Step 1 Configure parameters of Device Management in particular server c2 inhandnetworks com port 20003 as shown below 44 InHand Networks aa www inhandnetworks com O a Connecting Devices Enabling Services Rand Administration gt gt Device Management EE Administration j E Layer2 Switch Enable Hieheork Wode SHS amp IP i Alarms 0 Link Backup Vendor Default ange Routing Device ID 312456789 a Server c2 inhandnetworks com y Port 20003 as a i Login Retries Zooo mi Heartbeat Interval 12307 5 aia d Serial Type R5232 Tools Step 2 Log in device management http c2 inhandnetworks com and add the equipment 3 3 Network 3 3 1 Ethernet Port Ethernet Port supports three connection modes Automatic configuration interface as DHCP Client and IP address obtained by DHCP Manual manually configure IP
157. wired network Enterprise Gateway 203 86 63 233 m LAN Gateway 10 5 3 254 192 168 2 23 Configuration Procedures of router are as follows Step 1 Open Wizards gt gt New WAN configure parameters of wired network as shown in the following figure 69 InHand Networks aii www inhandnetworks com InHand Networks 4 NS Wizards gt gt New WAN Admini stration j Interface fastethernet gi T Layer Switch Tyre Static Total Alarms 0 Link Backup Primary IP 10 5 3 134 Alarm Summary a e r Netmask 255 255 255 0 wl i pr Firewall Gateway 10 5 3 254 T Qos mm NAT FH Apply amp Save Cancel Industrial j Tools Wizards j Step 2 Open DNS in Network gt gt DNS configure corresponding parameters as shown in the following figure Examine PC to ensure its normal access to the internet after configuration Network gt gt DHS Admini stration j l Primary DNS 202 106 0 20 Secondary DNS 6 6 8 6 Layer Switch j Total Alarms 0 He twork j Alam Summary Link Backop b Routing a 35 T stop Firewall gt oS PH gt Industrial k Tools Wizards k Save Configuration Step 3 Open Link Backup gt gt SLA configure corresponding parameters the IP address shall be the host address explored by ICMP in public network or private network for instan
158. wn below 36 InHand Networks www_inhandnetworks com O o Connecting Devices Enabling Services Administration gt gt SNMP Samet ean Configure Somplrap Host address Security Name UDP Port Apply amp Save uusGancels Page description 1s shown below Host Address Fill in the NMS IP address None Fill in the groupname when use the SNMP v1 v2c Fill in the Securtiy Name None username when use the SNMP v3 Length 1 32 characters UDP Port Fill in UDP port the default port range is 1 65535 162 3 2 7 Alarm Alarm function is a way which is provided for users to get exceptions of device which can make the users find and solve exceptions as soon as possible When abnormality happened device will send alarm User can choose many kinds of exceptions which system defined and choose appropriate notice way to get these exceptions All the exceptions should be recorded in alarm log so that user troubleshoot problem According to the type of alarm it can be divided system alarm and port alarm System Alarm It produces because of system or environment happened to some exception divided into temperature hot start cold start power failure power recovery insufficient memory Port Alarm It produces because of the network interface is up or down divided into LINK UP LINK DOWN Alarm status divided into raise confirm clear When alarm occurs it is in the state of raise
159. works wa www_ inhandnetworks com O o Connecting Devices Enabling Services Link Backup gt gt Interface Backup Main Interface Backup Interface Startap Up Delay Down Delay Track id Delay cellular 1 60 tio 0 fastethernet 0 1 fastethernet 0 2 Apply amp Save uuGaneeduss Page description 1s shown below Default Primary Interface The interface being used cellular 1 Backup Interface Interface to be switched cellular 1 Start up Delay Set how long to wait for the start up tracking detection 60 policy to take effect When the primary interface switches from failed detection to successful detection switching can be Up Delay 0 delayed based on the set time 0 represents immediate switching rather than immediate switching When the primary interface switches from successful detection to failed detection switching can be delayed Down Delay a 0 based on the set time 0 represents immediate switching rather than immediate switching Track ID Trace Detection select the definedTrack index or ID None 3 4 4 2 Interface Backup Application Example Example a router IR900 is connected with PC at its fastethernet 0 2 fastethernet 0 1 of IR900 is connected with the internet via wired network topological graph is shown in the following figure Establish interface backup in configuring router so that it can surf the internet through dial up in malfunction of
160. www_inhandnetworks com Connecting Devices Enabling Services GP cient server E _ ee www nsauditor com lient Server lls amp Intrusion Detection Systems LEARN MORE Nsauditor Network Security Auditor Scan i ER APEE vulnerabilities Download Now TCP Client Server Interfac 203 86 63 237 TP 203 86 63 231 Port 5002 Server Listen Feers 114 242 249 32 21 Close Connection Send C Cliew Shutdown Receive Time 15 54 14 Received Data From Connection 114 242 249 32 2785 0000 48 65 6C 6C 6F 20 54 43 50 20 73 65 T2 T6 65 T2 Hello TCP server 0010 21 20 20 Time 15 54 13 Received Data From Connection 114 242 249 32 2795 0000 48 65 6C 6C 6F 20 54 43 50 20 T3 65 72 76 65 T2 Hello TCP server 0010 21 20 20 Time 15 54 12 Received Data From Connection 114 242 249 32 2785 0000 48 65 6C 6C 6F 20 54 43 50 20 73 65 T2 T6 65 72 Hello TCP server 4 File Edit View 1 amp coms Read data 00000000 48 6c 6f 20 44 55 20 21 20 20 48 65 6c Hello DIU Hel 00000010 6c 44 54 55 20 20 20 48 65 6c 6c 6f 20 lo DIU Hello 00000020 44 20 21 20 20 65 6c 6c 6f 20 44 54 55 DTU Hello DIU 00000030 20 20 468 65 6c 6f 20 44 54 55 20 21 20 Helle DTU OO000040 20 Hello TCP server Z Global history Sting OHex Oct Bin Loop this command sending every 2000 krs Por osr oo GPRing GP sre Read 131 write 116 Echo off coms 9600 N81 128
Download Pdf Manuals
Related Search