EDR-G903 User`s Manual
Contents
1. 16 Characters required to retype the password in the Retype new password field before updating the new password The Time configuration page lets users set the time date and other settings An explanation of each setting is given below System Time Time Setting Current Time l i ka ex 04 00 04 Current Date p Si ex 2002 91 13 Daylight Saving Time i Hour Start Date e x sl End Date el El x E Offset Time Update System Up Time OdohOm34s Time Zone GMT Greenwich Mean Time Dublin Edinburgh Lisbon London p a Enable NTP SNTP Server Enable Server synchornize ist Time_Server_IP Name end Time_Server_IP Name E The EDR G903 has a time calibration function based on information from an NTP server or user specified Time and Date information Functions such as Auto warning Email can add real time information to the message NOTE The EDR G903 has a real time clock so the user does not need to update the Current Time and Current Date to set the initial time for the EDR G903 after each reboot This is especially useful when the network does not have an Internet connection for an NTP server or there is no NTP server on the network Current Time User adjustable Time The time parameter allows configuration of the local time in None hh mm ss local 24 hour format 3 6 EDR G903 User s Manual Features and Functions Current Date User adjustable date The date p2. Connection Connect Mode Disable Enable 2 Backup Connect Type Dynamic IP Select Backup for the WAN2 DMZ Connect Mode and then go to the Communication Redundancy gt WAN Backup setting page for the WAN Backup configuration Link Check Ping Check IP Interval sec 1 1000 Retry 1 100 Timeout ms 100 10000 Activate IN Cancel Link Check Enable or Disable Activate Backup function by checking the link status of WAN1 Disabled Ping Check Enable or Disable Activates the Backup function if unable to ping from the Disabled EDR G903 to a specified IP address IP IP address he EDR G903 will check the ping integrity of this IP Address if None the Ping Check function is Enabled NOTE The IP address for Ping Check function should be on the network segment of WAN1 Interval 1 to 1000 sec User can set up a different Ping Interval for a different network 180 sec topology Retry 1 to 100 User can configure the number of retries If the number of 3 continuous retries exceeds this number the EDR G903 will activate the backup path Timeout 100 to 10000 ms The timeout criterion of Ping Check 3000 ms 3 21 EDR G903 User s Manual Features and Functions Static Routing NOTE The Static Routing page is used to configure the EDR G903 s static routing table Static Routing Enable y Name ISP 1 Destination Address 100 10 10 1 Netmask 255 255 255 0 Next Hop 100 10
3. 192 168 127 102 00 09 ad 00 3a 02 Device 03 192 168 127 103 00 09 ad 00 3a 03 In the above example a device named Device 01 was added to the Static DHCP list with static IP address set to 192 168 127 101 and MAC address set to 00 09 ad 00 aa 01 When a device with MAC address of 00 09 ad 00 aa 01 is connected to the EDR G903 the EDR G903 will offer the IP address 192 168 127 101 to this device 3 18 EDR G903 User s Manual Features and Functions Enable or Disable Description Factory Default Enable or Disable Enable or Disable the selected device in the Static DHCP List Disabled Name Description Factory Default The name of the selected device in the Static DHCP List None Max 30 characters Static IP Address Description Factory Default IP Address The IP address of the selected device None MAC Address Description Factory Default The MAC address of the selected device None MAC Address Clickable Buttons Add Use the Add button to input a new DHCP list The Name Static IP and MAC address must be different than for the existing list Delete Use the Delete button to delete the Static DHCP list Click on a list to select it the background color of the device will change to blue and then click the Delete button Modify To modify the information for a particular list click on a list to select it the background color of the device will change to blue modify the information as needed using the chec
4. 2 21 12 47 28 0d0h41m9s admin auth ok 2010 2 21 13 49 55 Od1h43m36s SNMP Enable Fea eseription OOOO The following events will be recorded in the EDR G903 EventLog Table CO SRS SSSCSC SCS Qos _Bandwith QoS Downstream 3 44 EDR G903 User s Manual Features and Functions WAN Accessible IP function Enable Disable Cold start DI transition Off gt On DAA DI transition On gt Off AAA NOTE The maximum number of event entries is 1000 Using Syslog This function provides the event logs for the syslog server The function supports 3 configurable syslog servers and syslog server UDP port numbers When an event occurs the event will be sent as a syslog UDP packet to the specified syslog servers Syslog Setting Enable y Syslog Server 1 192 168 127 100 PortDestination 514 1 65535 Enable Syslog Server 2 Port Destination 1 65535 Enable Syslog Server 3 Port Destination 1 65535 Syslog Server 1 2 3 IP Address Enter the IP address of the Syslog Server used by your None network Port Destination Enter the UDP port of the Syslog Server 514 1 to 65535 Using HTTPs SSL To secure your HTTP access the EDR G903 supports HTTPS SSL to encrypt all HTTP traffic Perform the following steps to access the EDR G903 s web browser interface via HTTPS SSL 1 Open Internet Explorer and type https lt EDR G903 s IP address gt in the address field Press Enter to establish the connecti
5. N 41 WAN IP interface Auto Enable Disable NAT Policy Enable or Disable Enable or disable the selected NAT policy Enabled NAT Mode N 1 Select the NAT types N 1 1 1 Port Forwarding Interface N 1 mode Select the Interface for this NAT Policy The EDR G903 provides a Dual WAN backup function for communication redundancy If the interface is set to Auto the NAT Mode is set to N 1 and the WAN backup function is enabled the primary WAN interface is WAN1 If the WAN1 connection fails the WAN interface of this N 1 policy will apply to WAN2 and switch to WAN2 for N 1 outgoing traffic until the WAN1 interface recovers IP Range IP address Select the Internal IP range for IP translation to WAN IP None address 3 23 EDR G903 User s Manual Features and Functions WAN IP N 1 mode IP address The IP address of the user selected interface WAN1 WAN2 None and Auto in this N to 1 policy NOTE The EDR G903 will add an N 1 policy from the source IP 192 168 127 1 to 192 168 127 252 to the WAN1 interface after activating the Factory Default Port Forwarding If the initial connection is from outside the LAN but the user still wants to hide the Internal IP address one way to do this is to use the Port Forwarding NAT function The user can specify the port number of an external IP address WAN1 or WAN2 in the Port Forwarding policy list For example if the IP address of a web server in the internal network
6. X will increase the loading of the EDR G903 and lower its performance 3 31 EDR G903 User s Manual Features and Functions For example two firewall policies are shown in the following table grdes Input Output O CC Destination IP WAN1 A 40 10 10 10 192 168 127 10 ACCEPT WAN2 20 20 20 10 192 168 127 20 ACCEPT to 20 20 20 30 Suppose the user next adds a new policy with the following configuration AAA ae Destination IP WAN2 LAN 20 20 20 20 192 168 127 20 ACCEPT After clicking the PolicyCheck button the EDR G903 will issue a message informing the user that policy 3 is included in policy 2 because the IP range of policy 3 is smaller than the IP range of policy 2 and the Target action is the same A rule 3 is included in rule 2 Cross Conflict Policy X cross conflicts with Policy Y Two firewall policy configurations such as Source IP Destination IP Source port and Destination port in policy X and policy Y are masked and the action target Accept Drop is different For example two firewall policies are shown in the following table Index Input Output Protocol SourceIP_ Destination IP WAN1 LAN All 10 10 10 10 192 168 127 10 ACCEPT 2 WAN2 LAN All 20 20 20 20 192 168 127 25 ACCEPT to 20 20 20 30 Suppose the user next adds a new policy with the following configuration index Input Output Protocol SourceIP_ DestinationIP 3 WAN2 LAN All 20 20 20 25 192 168 127 20 DROP to
7. automatically such as by using email and relay output It also supports one digital input to integrate sensors with your system and automate alarms using email and relay output Configuring Email Warning The Auto Email Warning function uses e mail to alert the user when certain user configured events take place Three basic steps are required to set up the Auto Warning function 1 Configure Email Event Types Select the desired Event types from the Web Browser Event type page a description of each event type is given later in the Email Alarm Events setting subsection To configure the EDR G903 s email setup from a browser interface enter your Mail Server s IP Name IP address or name Account Name Account Password the sender s email address and the email address to which warning messages will be sent 3 39 EDR G903 User s Manual Features and Functions 3 Activate your settings and if necessary test the email After configuring and activating your EDR G903 s Event Types and Email Setup you can use the Test Email function to see if your e mail addresses and mail server address have been properly configured Event Type Email Warning Event Settings System Events Cold Start Warm Start DI Off rr Bl On Power Transition On Off Power Transition Off On Config Change gt Auth Failure Port Events Link Off WANA E A WAN LAN Email Warning Event Types can be divided into two basic groups System Eve
8. crear are races E wine No eae MUS at ome coaccoae mc EE 3 8 System File Update by Remote TE Paritaria ES 3 9 System File Update by Local Import EXPO iia 3 10 E A Ueanan maa niannEenaanens 3 11 Reset t Factory Defallllanaiiaaaaanar AAN 3 11 NetWork Seta Sn diosa Dil ed A OOO 3 11 WANT ContIQUFACION sissosresarrads nine cip iii cd idad 3 11 WANZ Contiguration Cincludes DMZ Enable lima era idas 3 14 USing DMZ MOG Cr torsvorciorerotalereenie sie ws waets aes basto atlas tadadaadadadadadade dudado decadas 3 16 LAN SIT CS pel CO ii OO EE EE EE EEE EEEE EAA AA A GA N NE E S E 3 17 LS SS AA O O a eg kA ek ie Ca ae te Ia 3 18 Static DINERO AAN 3 18 DYNAMIC DONS yo e o 3 19 communitati RECUNGANCY arrasar iio E e dadadada 3 20 How Dulal WAN BackUp Worker cS AS stu A A EA 3 20 WAN BACKUP CONFUSA eae eeeeeenateees 3 21 Static ROUTING A A AN AA 3 22 Network Address Translation NATI td tds dl to td a eos 3 22 NAT Concise vid vivida aa aia raai 3 22 NAO NAT rta sin 3 23 PORO FWarddetatototo ini tataiotralcaiie tb eddie 3 24 NA TA eee ee ee en ee er ee EA er cr er terry 3 25 Firewall Settings ula alada ll ered i rade dd dado adas 3 27 Firewall PONCY CONC Earn edi 3 27 FIRE Wall POr OVO VIC W EEEE aaa 3 27 FIFSWalrPOleY CONUAT O Macia tada 3 28 QUE KAW COP CON PrO era AAA a N 3 29 A 5 A O O 3 31 Dental oF Service DoS functo N ia AAA 3 33 TEAR GAP WO EAL OU rianan te ieia AENEAN ECEE AAA A AE at AA IEEE 3 34 HOW Traffic Prioritization WOR
9. is 192 168 127 10 with port 80 the user can set up a port forwarding policy to let remote users connect to the internal web server from external IP address 10 10 10 10 through port 8080 The EDR G903 will transfer the packet to IP address 192 168 127 10 through port 80 The Port Forwarding NAT function is one way of connecting from an external insecure area WAN to an internal secure area LAN The user can initiate the connection from the external network to the internal network but will not able to initiate a connection from the internal network to the external network E 10 10 10 1 n Port 8080 gt i as SS 192 168 127 100 A i LT Port 80 Remote user WAN Network EAA LIBtiOn line Enable Fj Protocol NAT Mode Port Forward y WAN Port Interface WAN a LAN DMZ IP LAN DM2Z Part Enable Disable NAT policy Enable or Disable Enable or disable the selected NAT policy Enabled NAT Mode N 1 Select the NAT types N 1 1 1 Port Forward Interface Port Forward mode WAN1 Select the Interface for this NAT Policy WAN1 WAN2 3 24 EDR G903 User s Manual Features and Functions Protocol Port Forward mode Select the Protocol for NAT Policy WAN Port Port Forward mode Description Factory Default 1 to 65535 Select a specific WAN port number None LAN DMZ IP Port Forward mode Description Factory Default IP Address The translated IP address in the internal network None LA
10. or Disable None NMAP ID Scan Description Enable or disable the NMAP ID Scan Factory Default Enable or Disable None SYN RST Scan Description Enable or disable the SYN RST Scan Factory Default Enable or Disable None ICMP Death Enable or Disable Enable or disable the ICMP Death defense Packet Second The limit value to activate ICMP Death defense SYN Flood Enable or Disable Enable or disable the Null Scan function Packet Second The limit value to activate SYN Flood defense 3 33 EDR G903 User s Manual Traffic Prioritization The EDR G903 s traffic prioritization capability provides Quality of Service QoS to your network by making data delivery more reliable You can prioritize traffic on your network to ensure that high priority data is transmitted with minimum delay Traffic can be controlled by a set of rules to obtain the required Quality of Service for your network NOTE The maximum number of Firewall policies for the EDR G903 is 256 How Traffic Prioritization Works Features and Functions The EDR G903 provides four different priorities levels 0 3 high to low for incoming and outgoing traffic The following figure illustrates incoming traffic which refers to the traffic transmitted from WAN1 to LAN or WAN2 to LAN interface Outgoing traffic refers to the traffic transmitted from LAN to WAN1 or from LAN to WAN2 Out going Traffic LAN to WANT Out going Traffic LAN to WANZ Inc
11. this policy it will check with the next policy NOTE The maximum number of Firewall policies for the EDR G903 is 256 Quick Automation Profile Ethernet Fieldbus protocols are popular in industrial automation applications In fact many Fieldbus protocols e g EtheNet IP and Modbus TCP IP can operate on an industrial Ethernet network with the Ethernet port number defined by IANA Internet Assigned Numbers Authority The EDR G903 provides an easy to use function called Quick Automation Profile that includes 45 different pre defined profiles Modbus TCP IP Ethernet IP etc allowing users to create an industrial Ethernet Fieldbus firewall policy with a single click For example if the user wants to create a Modbus TCP IP firewall policy for an internal network the user just needs to select the Modbus TCP IP TCP or Modbus TCP IP UDP protocol from the Protocol drop down menu on the Firewall Policy Setting page Enable W Targets ACCEPT y Interface From All Source IP All F Service IP Filter Destination IF All l Tel lt 0 mea Filter List a gt E es Source Sa ee Destination 3 29 EDR G903 User s Manual Features and Functions The following table shows the Quick Automation Profile for Ethernet Fieldbus Protocol and the corresponding port number Ethernet Fieldbus Protocol EtherNet IP Messaging TCP EtherNet IP Messaging UDP FF Annunciation TCP FF Ann
12. to receive alarm emails None from the EDR G903 Send Test Email After configuring the email settings you should first click Activate to activate those settings and then click Send Test Email to verify that the settings are correct Auto warning e mail messages will be sent through an authentication protected SMTP server that supports the CRAM MD5 LOGIN and PLAIN methods of SASL Simple Authentication and Security Layer authentication mechanism We strongly recommend not entering your Account Name and Account Password if auto warning e mail messages can be delivered without using an authentication mechanism Configuring Relay Warning The Auto Relay Warning function uses relay output to alert the user when certain user configured events take place There are two basic steps required to set up the Relay Warning function 1 Configuring Relay Event Types Select the desired Event types from the Web Browser Event type page a description of each event type is given later in the Relay Alarm Events setting subsection 2 Activate your settings After completing the configuration procedure you will need to activate your EDR G903 s Relay Event Types Relay Warning Event Settings System Events Override Relay 1 Warning Settinas Power Input 1 failure On Off Disable w Power Input 2 failure On Off Disable w DI off Disable r DI On Disable Port Events Ignore w Ignore v Ignore w Event Types can be divided into
13. two basic groups System Events and Port Events System Events are related to the overall function of the router whereas Port Events are related to the activity of a specific port System Events Warning Relay output is triggered when Power Input 1 failure On gt 0ff Power input 1 is down Power Input 2 failure On gt 0ff Power input 2 is down DI Off Digital Input is triggered by on to off transition DI On Digital Input is triggered by off to on transition 3 41 EDR G903 User s Manual Features and Functions Port Events Warning Relay output is triggered when Link ON The port is connected to another device Link OFF The port is disconnected e g the cable is pulled out or the opposing device shuts down Override relay alarm settings Select this option to override the relay warning setting temporarily Releasing the relay output will allow administrators to fix any problems with the warning condition Warning List Use this table to see if any relay alarms have been issued Current Warning List 1 WAN2 Link Off 2 WAN1 Link Off Using Diagnosis The EDR G903 provides Ping tools and LLDP for administrators to diagnose network systems Ping Use Ping Command to test Network Integrity Interface WAN 1 IF address Name The Ping function uses the ping command to give users a simple but powerful tool for troubleshooting network problems The function s most unique feature is that even t
14. 10 254 Metric 10 Static Routing 1 512 Destination Address EELS Next Hop OE o a l a Enable Click the checkbox to enable Static Routing Name The name of this Static Router list Destination Address You can specify the destination IP address Netmask This option is used to specify the subnet mask for this IP address Next Hop This option is used to specify the next router along the path to the destination Metric Use this option to specify a cost for accessing the neighboring network Clickable Buttons Add For adding an entry to the Static Routing Table Delete For removing selected entries from the Static Routing Table Modify For modifying the content of a selected entry in the Static Routing Table The entries in the Static Routing Table will not be added to the EDR G903 s routing table until you click the Activate button Network Address Translation NAT NAT Concept NAT Network Address Translation is a common security function for changing the IP address during Ethernet packet transmission When the user wants to hide the internal IP address LAN from the external network WAN the NAT function will translate the internal IP address to a specific IP address or an internal IP address range to one external IP address The benefits of using NAT include 3 22 EDR G903 User s Manual Features and Functions e Uses the N 1 or Port forwarding Nat function to hide the Internal IP
15. 192 168 127 30 The source IP range in policy 3 is smaller than policy 2 but the destination IP of policy 2 is smaller than policy 3 and the target actions Accept Drop of these two policies are different If the user clicks the PolicyCheck button the EDR G903 will issue a message informing the user that policy 3 is in Cross Conflict with policy 2 A rule 3 is cross conflict with rule 2 3 32 EDR G903 User s Manual Features and Functions Denial of Service DoS function The EDR G903 provides 9 different DoS functions for detecting or defining abnormal packet format or traffic flow The EDR G903 will drop the packets when it detects an abnormal packet format The EDR G903 will also monitor some traffic flow parameters and activate the defense process when abnormal traffic conditions are detected Null Scan Amas Scan NMAP Amas Scan OYNFIN Scan FIN Scan NMAP ID Scan SYMRST Scan ICMP Death Limit pkt s SYN Flood Limit pktis Null Scan Description Factory Default Enable or Disable Enable or disable the Null Scan None Xmas Scan Description Factory Default Enable or Disable Enable or disable the Xmas Scan None NMAP Xmas Scan Description Factory Default Enable or Disable Enable or disable the NMAP Xmas None SYN FIN Scan Description Enable or disable the SYN FIN Scan Factory Default Enable or Disable None FIN Scan Description Enable or disable the FIN Scan Factory Default Enable
16. 2 The EDR G903 will manage the bandwidth for outgoing packets Based on the four outgoing policies below when the source IP of the Ethernet traffic matches the outgoing policies the maximum bandwidth for a packet sent from these source IP addresses will be reserved by its target priority 3 36 EDR G903 User s Manual Features and Functions Bandwidth 192 168 127 10 10KByte s 192 168 127 11 20KByte s 192 168 127 12 30KByte s 192 168 127 13 40KByte s Packet Size 1518 byte Priority 0 192 168 127 10 25Mbps 1 192 168 127 11 25Mbps 2 192 168 127 12 25Mbps 3 192 168 127 13 25Mbps If there are only two kinds of traffic packets priority O and priority 1 then transmission will proceed from LAN to WAN1 and the EDR G903 will reserve the minimum bandwidth 10 KBytes s and 20 Kbyte s based on these two different IP addresses In this case there are still 100 KBytes s 10 KBytes s 20 KBytes s 70 KBytes s that do not belong to any priority So the EDR G903 will increase the bandwidth from highest priority 0 to lowest priority 3 The EDR G903 will add this 70 KBytes s bandwidth to priority O because the maximum bandwidth of priority O is 100 KBytes s The following figure shows the bandwidth arrangement of the EDR G903 based on this configuration Bandwidth 192 168 127 10 80KByte s 192 168 127 11 20KByte s Packet Size 1518 byte Priority 0 192 168 127 10 25Mbps 1 192 168 127 11 25Mbps Con
17. 903 contains 10 10 10 10 which is the IP address of the remote user s PC Ey WAN Network Remote user IP 10 10 10 10 EDR G903 IP WAN1 10 10 10 11 The remote user s IP address is shown below in the EDR G903 s Accessible IP list W Enable the accessible IP list Disable will allow all IP s connection Y LAN Enable Index IP Address Netmask E 1 10 10 10 10 2 Password The EDR G903 provides two levels of access privilege admin privilege gives read write access to all EDR G903 configuration parameters and user privilege provides read access only You will be able to view the configuration but will not be able to make modifications Password Change Admin Old Password New Password Check Password Acie ATTENTION By default the Password field is blank If a Password is already set then you will be required to type the Password when logging into the RS 232 console Telnet console or web browser interface 3 5 EDR G903 User s Manual Features and Functions Account Admin admin privilege allows the user to modify all configurations Admin user privilege only allows viewing device configurations Password Old password Type current password when changing the password None paama A ee New password Type new password when changing the password None AN O fee Retype password If you type a new password in the Password field you will be max
18. EDR G903 User s Manual First Edition April 2010 www moxa com pr t MOXA 2010 Moxa Inc All rights reserved Reproduction without permission is prohibited EDR G903 Series User s Manual The software described in this manual is furnished under a license agreement and may be used only in accordance with the terms of that agreement Copyright Notice Copyright 2010 Moxa Inc All rights reserved Reproduction without permission is prohibited Trademarks The MOXA logo is a registered trademark of Moxa Inc All other trademarks or registered marks in this manual belong to their respective manufacturers Disclaimer Information in this document is subject to change without notice and does not represent a commitment on the part of Moxa Moxa provides this document as is without warranty of any kind either expressed or implied including but not limited to its particular purpose Moxa reserves the right to make improvements and or changes to this manual or to the products and or the programs described in this manual at any time Information provided in this manual is intended to be accurate and reliable However Moxa assumes no responsibility for its use or for any infringements on the rights of third parties that may result from its use This product might include unintentional technical or typographical errors Changes are periodically made to the information herein to correct such errors and these changes are incorp
19. IP Address Liser Name Password DNS Optional for dynamic IP or PPPoE Type Server 1 server 2 Server 3 192 168 2 1 0 0 0 0 0 0 0 0 PPTP Dialup Point to Point Tunneling Protocol is used for Virtual Private Networks VPN Remote users can use PPTP to connect to private networks from public networks PPTP Connection Enable or Disable Enable or Disable the PPTP connection IP Address IP Address The PPTP service IP address 3 14 EDR G903 User s Manual Features and Functions User name Max 30 Characters The Login username when dialing up to PPTP service None Password Max 30 characters The password for dialing the PPTP service None Example Suppose a remote user IP 10 10 10 10 wants to connect to the internal server private IP 30 30 30 10 via the PPTP protocol The IP address for the PPTP server is 20 20 20 1 The necessary configuration settings are shown in the following figure WAN IP WAN IP 61 32 10 10 72 51 30 30 PPTP IP Client PPTP IP Server 20 20 20 2 32 20 20 20 1 32 10 10 10 10 24 30 30 30 10 24 Static Route Static Route Destination Next Hop Destination Next Hop Address Address 30 30 30 0 255 255 255 0 20 20 20 1 10 10 10 0 255 255 255 0 20 20 20 2 Note If the OS is Linux the Next Hop is 20 20 20 1 DNS Doman Name Server optional setting for Dynamic IP and PPPoE types Server 1 2 3 IP Address The DNS IP Address NOTE The priority of a manually configur
20. IP Address Subnet Mask IP Address tion The LAN interface IP address The subnet mask Factory Default 192 168 127 254 Factory Default 255 255 255 0 EDR G903 User s Manual Features and Functions DHCP Server The EDR G903 provides a DHCP Dynamic Host Configuration Protocol server function for LAN interfaces When configured the EDR G903 will automatically assign an IP address to a Ethernet device from a defined IP range DHCP DHCP Configuration Enable W a Time min DNS Server IF for Client 0 0 0 0 Offered IP Range DHCP configuration DHCP Server Enable Disable Description Factory Default Enable or Disable Enable or Disable DHCP server function Enable Lease Time Factory Default 60 min Description gt 5 min The lease time of the DHCP server DNS Server IP for Client Description Factory Default The DHCP server s IP address None IP Address Offered IP Range IP address The offered IP address range for the DHCP server 192 168 127 1 to 192 168 127 252 Static DHCP List Use the Static DHCP list to ensure that devices connected to the EDR G903 always use the same IP address The static DHCP list matches IP addresses to MAC addresses Static DHCP Enable W Name Device 01 Static IP 1192 168 127 101 MAC Address 00 09ad 00 33 01 Ada Delete Activate Static DHCP qu 3 256 Static IP MAC Address BC evict 192 188 127 101 00 09 a0k00 aa0T a Mm Device O2
21. IP address If a host s IP address is in the accessible IP table then the host will have access to the EDR G903 You can allow one of the following cases by setting this parameter e Only one host with the specified IP address can access this device E g enter 192 168 1 1 255 255 255 255 to allow access to just the IP address 192 168 1 1 e Any host on a specific subnetwork can access this device E g enter 192 168 1 0 255 255 255 0 to allow access to all IPs on the subnet defined by this IP address subnet mask combination e Any host can access the EDR G903 Disable this function by deselecting the Enable the accessible IP list option e Any LAN can access the EDR G903 Disable this function by deselecting the LAN option to not allow any IP at the LAN site to access this device E g If the LAN IP Address is set to 192 168 127 254 255 255 255 0 then IP addresses 192 168 127 1 24 to 192 168 127 253 24 can access the EDR G903 3 4 EDR G903 User s Manual Features and Functions The following table shows additional configuration examples Allowable noss imp Frm 192 168 0 1 to 192 168 255 254 192 168 0 0 255 255 0 0 192 168 1 1 to 192 168 1 126 192 168 1 0 255 255 255 128 192 168 1 129 to 192 168 1 254 192 168 1 128 255 255 255 128 The Accessible IP list controls which devices can connect to the EDR G903 to change the configuration of the device In the example shown below the Accessible IP list in the EDR G
22. KS lt s 25 2545 2100 natalia sa 3 34 Bane PROZAC ORIO O errire ienen idea 3 35 COM ICU INGE NMP tetra e a a e o o aE ONG Darah aada a as 3 37 USNO AUTO WarNiN Gerrara EEE EOE AAA AAA AAA 3 39 USING Dla Sis ien a EEA AEE E A E OEA OEO E EE EE EE TE E 0a 3 42 USIMO Monto att mm me AA a 3 43 USMO SV TENE LO demas a 3 44 Unie Mon MR cy Ss bonsai alo ooo ooo coat id dildo coa 3 45 As MIB Group sicscsiiccciccdecadecedacntenadacadacadiudsidsidddeeusedevwvewuwanarcuessnevenevicuavanevenenewebewercenidescnncedeeiienddacatecedexccaden A 1 1 Introduction Welcome to the Moxa EDR G903 Series of Gigabit Firewall VPN secure routers designed for connecting Ethernet enabled devices in industrial field applications The following topics are covered in this chapter O Overview O Package Checklist O Features gt Industrial Networking Capability gt Designed for Industrial Applications gt Useful Utility and Remote Configuration EDR G903 User s Manual Introduction Overview As the world s network and information technology becomes more mature the trend is to use Ethernet as the major communications interface in many industrial communications and automation applications In fact a whole new industry has sprung up to provide Ethernet products that comply with the requirements of demanding industrial applications The EDR G903 series is a Gigabit speed all in one Firewall VPN Router for Ethernet security applications in sensitive remote contr
23. N DMZ Port Port Forward mode Description Factory Default 1 to 65535 The translated port number in the internal network None 1 to 1 NAT If the internal device and external device need to communicate with each other choose 1 to 1 NAT which offers bi directional communication N to 1 and Port forwarding are both single directional communication NAT functions 10 10 10 1 a Remote user WAN Network Pei line 1 to 1 NAT is usually used when you have a group of internal servers with private IP addresses that must connect to the external network You can use 1 to 1 NAT to map the internal servers to public IP addresses The IP address of the internal device will not change The figure below illustrates how a user could extend production lines and the private IP addresses of internal devices The internal private IP addresses of these devices will map to different public IP addresses Configuring a group of devices for 1 to 1 NAT is easy and straightforward NAT List 1 WANT 192 168 100 1 _ 10 10 10 1 2 WAN 192 168 100 2 10 10 10 2 3 WAN 192 168 100 3 10 10 10 3 5 3 25 EDR G903 User s Manual Features and Functions Production line 1 10 10 10 1 10 10 10 2 l AT 192 168 100 1 i l My 4 192 168 100 2 Production Line 2 A l Minny UUM ys 192 168 100 1 r l amp LT 4 192 168 100 2 10 10 10 3 10 10 10 4 Enable 7 LAN DMZ IP NAT Mode 4 w
24. NS settings WAN 1 Configuration WAN1 Configuration Connection Connect Mode Disable Enable Connect Type Dynamic IP Connection Note that there are there are three different connection types for the WAN1 interface Dynamic IP Static IP and PPPoE A detailed explanation of the configuration settings for each type is given below Enable or Disable Enable or Disable the WAN interface Connection Type Connection Mode Static IP Dynamic IP Setup the connection type Dynamic IP PPPoE 3 11 EDR G903 User s Manual Features and Functions Detailed Explanation of Dynamic IP Type WAN1 Configuration Connection 2 Enable Connect Type Dynamic IP PPTP Dialup PPTP Connection C Enable IP Address User Name Password DNS Optional for dynamic IP or PPPoE Type server 1 server 2 server 3 192 168 2 1 0 0 0 0 0 0 0 0 PPTP Dialup Point to Point Tunneling Protocol is used for Virtual Private Networks VPN Remote users can use PPTP to connect to private networks from public networks PPTP Connection Description Factory Default Enable or Disable Enable or Disable the PPTP connection None IP Address Description The PPTP service IP address Factory Default IP Address None User Name Description Factory Default Max 30 Characters The Login username when dialing up to PPTP service None Password Description Factory Default Max 30 characters The password for dialing the P
25. PTP service None Example Suppose a remote user IP 10 10 10 10 wants to connect to the internal server private IP 30 30 30 10 via the PPTP protocol The IP address for the PPTP server is 20 20 20 1 The necessary configuration settings are shown in the following figure WAN IP WAN IP 61 32 10 10 72 51 30 30 PPTP IP Client PPTP IP Server 20 20 20 2 32 20 20 20 1 32 10 10 10 10 24 30 30 30 10 24 Static Route Static Route Destination Next Hop Destination Next Hop Address Address 30 30 30 0 255 255 255 0 20 20 20 1 10 10 10 0 255 255 255 0 20 20 20 2 Note If the OS is Linux the Next Hop is 20 20 20 1 3 12 EDR G903 User s Manual Features and Functions DNS Doman Name Server optional setting for Dynamic IP and PPPoE types Server 1 2 3 IP Address The DNS IP address None NOTE The priority of a manually configured DNS will higher than the DNS from the PPPoE or DHCP server Detailed Explanation of Static IP Type WAN1 Configuration Connection Connect Type Static IP Address Information IP Address 0 0 0 0 Gateway 9 0 0 0 Subnet Mask 0 0 0 0 PP TP Dialup PPTP Connection E Enable IP Address User Name Password DNS Optional for dynamic IP or PPPoE Type server 1 server 2 192 168 2 1 0 0 0 0 Address Information IP Address Description Factory Default IP Address The interface IP address None Subnet Mask Description Factory Default IP Address The subn
26. Packets in previous 5 sec interval update interval of 5 sec Wand 0 0 0 0 Wan2 1 0 4 0 Lan 10198 20 13359 20 Monitor by Port Access the Monitor by Port function by selecting the WAN1 WANZ2 or LAN interface from the left drop down list You can view graphs that show All Packets TX Packets or RX Packets but in this case only for an individual port The graph displays data transmission activity by showing Packets s e packets per second or pps versus sec seconds The graph is updated every few seconds allowing you to analyze data transmission activity in real time 3 43 EDR G903 User s Manual Features and Functions Monitor LAN Total Packets LAN Total Packets M Packetisec TX Packets LAN Total Packets 15 RX Packets 12 9 6 3 i 0 ei 454 Format Total Packets Packets in previous 5 sec interval update interval of 5 sec Wan 1 0 0 0 0 Wan2 1 0 0 Lan 13334 25 16653 30 Using System Log The EDR G903 provides EventLog and Syslog functions to record important events Using EventLog EventLogTable Page 3 8 v 21 30 2010 2112 10 32 58 0d0h0m10s Power 2 Power transition Off On 2010 2 12 10 32 59 0d0h0m10s LAN link on 2010 2 12 10 33 8 0d0h0m19s Cold start 2010 2 12 10 33 30 Od0hOm41s admin auth ok 2010 2 12 10 42 2 0d0h9m13s LAN link off 2010 2 21 12 6 28 0d0h0m9s Power 2 Power transition Off gt On 2010 2 21 12 6 29 0d0h0m10s Cold start 2010 2 21 12 46 16 0d0h39m57s LAN link on 2010
27. The EDR G903 will try to locate the 2nd NTP Server if the 1st IP Name NTP Server fails to connect 3 7 EDR G903 User s Manual Features and Functions SettingCheck Firewall Policy E NAT Policy 52 Accessible IP List 4 Timer 160 sec SettingCheck is a safety function for industrial users using a secure router It provides a double confirmation mechanism for when a remote user changes the security policies such as Firewall filter NAT and Accessible IP list When a remote user changes these security polices SettingCheck provides a means of blocking the connection from the remote user to the Firewall VPN device The only way to correct a wrong setting is to get help from the local operator or go to the local site and connect to the device through the console port which could take quite a bit of time and money Enabling the SettingCheck function will execute these new policy changes temporarily until doubly confirmed by the user If the user does not click the confirm button the EDR G903 will revert to the previous setting Firewall Policy Enables or Disables the SettingCheck function when the Firewall policies change NAT Policy Enables or Disables the SettingCheck function when the NAT policies change Accessible IP List Enables or Disables the SettingCheck function when the Accessible IP List changes Timer 10 to 3600 sec The timer waits this amount of time to double confirm when the 180 sec use
28. address of a critical network or device to increase the level of security of industrial network applications e Uses the same private IP address for different but identical groups of Ethernet devices For example 1 to 1 NAT makes it easy to duplicate or extend identical production lines NOTE The NAT function will check if incoming or outgoing packets match the policy It starts by checking the packet with the first policy Index 1 if the packet matches this policy the EDR G903 will translate the address immediately and then start checking the next packet If the packet does not match this policy it will check with the next policy NOTE The maximum number of NAT policies for the EDR G903 is 128 N to 1 NAT If the user wants to hide the Internal IP address from users outside the LAN the easiest way is to use the N to 1 or N 1 NAT function The N 1 NAT function replaces the source IP Address with an external IP address and adds a logical port number to identify the connection of this internal external IP address This function is also called Network Address Port Translation NAPT or IP Masquerading The N 1 NAT function is a one way connection from an internal secure area to an external non secure area The user can initialize the connection from the internal to the external network but may not be able to initialize the connection from the external to the internal network Enable 2 LAN IP Range 192 168 127 1 NAT Mode
29. again later e If you typed the page address in the Address bar make sure that itis spelled correctly To check your connection settings click the Tools menu and then click Internet Options On the Connections tab click Settings The settings should match those provided by your local area network LAN administrator or Internet service provider ISP See if your Internet connection settings are being detected You can set Microsoft Windows to examine your network and automatically discover network connection settings if your network administrator has enabled this setting 1 Click the Tools menu and then click Internet Options 2 On the Connections tab click LAN Settings 3 Select Automatically detect settings and then click OK If the new configuration does not block the connection from the remote user to the EDR G903 the user will see the SettingCheck Confirmed page shown in the following figure Click Confirm to save the configuration updates Confirm Press Confirm button to save the change System File Update by Remote TFTP The EDR G903 supports saving your configuration file to a remote TFTP server or local host to allow other EDR G903 routers to use the same configuration at a later time or saving the Log file for future reference Loading pre saved firmware or a configuration file from the TFTP server or local host is also supported to make it easier to upgrade or configure the EDR G903 Upgrade Sof
30. all policies by interface direction Interface From To Filter List 5 All All All 6 LAN All i All Select the From interface and To interface and then click the Show button The Policy list table will show the policies that match the From To interface Interface From To All WAN1 WAN2 LAN Select the From Interface and To interface From All to All 3 27 EDR G903 User s Manual Features and Functions Firewall Policy Configuration The EDR G903 s Firewall policy provides secure traffic control allowing users to control network traffic based on the following parameters Enable 4 Targets ACCEPT Interface From All w To All Source IP Protocol All Service P Filter Destination IP Interface From To All WAN1 WAN2 LAN Select the From Interface and To interface From All to All WAN1 WAN2 Quick Automation Profile Refer to the Quick Select the Protocol parameters in this Firewall Policy None Automation Profile section on page 3 29 Service IP Filter This Firewall policy will filter by IP address IP Filter MAC Filter This Firewall policy will filter by MAC address Target Accept The packet will penetrate the firewall when it matches this Accept A ee Drop The packet will not penetrate the firewall when it matches this A E TTTS Source IP All IP Address This Firewall Policy will check all Source IP addresses in the All O nes olSoue ates ne Single IP Address This Firewal
31. and Windows will open it for you Open telnet 192 168 127 254 Cancel Browse Refer to instructions 6 and 7 in the RS 232 Console Configuration 115200 None 8 1 VT100 section on page 2 3 Using a Web Browser to Configure the EDR G903 The EDR G903 s web browser interface provides a convenient way to modify the switch s configuration and NOTE NOTE NOTE NOTE access the built in monitoring and network administration functions The recommended web browser is Microsoft Internet Explorer 6 0 with JVM Java Virtual Machine installed To use the EDR G903 s management and monitoring functions from a PC host connected to the same LAN as the EDR G903 you must make sure that the PC host and the EDR G903 are connected to the same logical subnet Before accessing the EDR G903 s web browser first connect the EDR G903 s RJ45 Ethernet LAN ports to your Ethernet LAN or directly to your PC s Ethernet card NIC You can use either a straight through or cross over Ethernet cable The EDR G903 s default LAN IP address is 192 168 127 254 Perform the following steps to access the EDR G903 s web browser interface 1 Start Internet Explorer and type the EDR G903 s LAN IP address in the Address field Press Enter to establish the connection The web login page will open Select the login account Admin or User and enter the Password this is the same as the Console password and then click Login to continue Leave
32. ane Interface WANT Enable Disable NAT policy Enable or Disable Enable or disable the selected NAT policy NAT Mode Select the NAT types 1 1 Port Forward Interface 1 1 NAT type WAN1 Select the Interface for this NAT Policy WAN1 WAN2 LAN DMZ IP 1 1 NAT type IP Address Select the Internal IP address in LAN DMZ network area WAN IP 1 1 NAT type IP Address Select the external IP address in WAN network area NOTE The EDR G903 can obtain an IP address via DHCP or PPPoE However if this dynamic IP address is the same as the WAN IP for 1 to 1 NAT then the 1 to 1 NAT function will not work For this reason we recommend disabling the DHCP PPPoE function when using the 1 to 1 NAT function 3 26 EDR G903 User s Manual Features and Functions Firewall Settings Firewall Policy Concept A firewall device is commonly used to provide secure traffic control over an Ethernet network as illustrated in the following figure Firewall devices are deployed at critical points between an external network the non secure part and an internal network the secure part y 3 A gt LUITE ll r A My 2 y Py LTE External or Unsecure area Internal or Secure area Firewall Policy Incoming Outgoing IP MAC e Protocol TCP UDP Source IP Port Destination IP Port Accept Drop Firewall Policy Overview The EDR G903 provides a Firewall Policy Overview that lists firew
33. arameter allows configuration of the local date in None yyyy mm dd format yyyy mm dd Daylight Saving Time Daylight Saving Time also know as DST or summer time involves advancing clocks 1 hour during the summer to provide an extra hour of daylight in the evening Start Date User adjustable date The Start Date parameter allows users to enter the date that None daylight saving time begins End Date User adjustable date The End Date parameter allows users to enter the date that None daylight saving time begins Offset User adjustable date The offset parameter indicates how many hours forward the None clock should be advanced System Up Time Indicates the ED G903 s up time from the last cold start The unit is seconds Time Zone User selectable time The time zone setting allows conversion from GMT Greenwich GMT zone Mean Time to local time NOTE Changing the time zone will automatically correct the current time You should configure the time zone before setting the time Enable NTP SNTP Server Enable this function to configure the EDR G903 as a NTP SNTP server on the network Enable Server synchronize Enable this function to configure the EDR G903 as a NTP SNTP client It will synchronize the time information with another NTP SNTP server Time Server IP Name ist Time Server IP or Domain address e g 192 168 1 1 time stdtime gov tw None IP Name or time nist gov 2nd Time Server
34. aution We strongly suggest that you do NOT use more than one connection method at the same time Following this advice will allow you to maintain better control over the configuration of your EDR G903 NOTE We recommend using Moxa PComm Terminal Emulator which can be downloaded free of charge from Moxa s website Before running PComm Terminal Emulator use an RJ45 to DB9 F or RJ45 to DB25 F cable to connect the EDR G903 RS 232 console port to your PC s COM port generally COM1 or COM2 depending on how your system is set up After installing PComm Terminal Emulator perform the following steps to access the RS 232 console utility 1 From the Windows desktop click Start gt Programs gt PCommLite1 3 gt Terminal Emulator T Java Web Start l Windows Live A Acrobat Distiller 7 0 4 Adobe Acrobat 7 0 Professional Adobe Designer 7 0 PEomm Late Terl 2 9 Library Programming Guide Library Reference B FComm Diagnostic sf PComn Monitor gy Pomo Terminal Emulator Br 2 Select Open in the Port Manager menu to open a new connection 2 PComm Terminal Emulator Bii E Profile Port Manager Help Open Ctri Alt 0 T eam pa e 3 The Communication Parameter page of the Property window will appear Select the appropriate COM port for Console Connection 115200 for Baud Rate 8 for Data Bits None for Parity and 1 for Stop Bits Communication Parameter Terminal File Transfer Capturing COM Op
35. e Upgrade Firmware To import a firmware file into the EDR G903 click Browse to select a firmware file already saved on your computer The upgrade procedure will proceed automatically after clicking Import This upgrade procedure will take a couple of minutes to complete including the boot up time Upload Configuration Data To import a configuration file to the EDR G903 click Browse to select a configuration file already saved on your computer The upgrade procedure will proceed automatically after clicking Import 3 10 EDR G903 User s Manual Features and Functions Restart This function will restart the system lactate This function is used to restart the EDR G903 router Reset to Factory Default NOTE Reset to Factory Default This function will reset all settings to their factory default values Be aware that previous settings will be lost acta The Reset to Factory Default option gives users a quick way of restoring the EDR G903 s configuration settings to their factory default values This function is available in the console utility serial or Telnet and web browser interface After activating the Factory Default function you will need to use the default network settings to re establish a web browser or Telnet connection with your EDR G903 Network Settings Network settings include the interface settings for WAN1 WAN2 DMZ and LAN and also include the DHCP Server DHPC List and Dynamic D
36. e UdpStats MIB II 11 SNMP Group SnmpBasicGroup SnmpInputStats SnmpOutputStats Public Traps 1 Cold Start 2 Link Up 3 Link Down 4 Authentication Failure Private Traps 1 Configuration Changed 2 Power On 3 Power Off 4 DI Trap The EDR G903 also provides a MIB file located in the file Moxa EDRG903 MIB my on the EDR G903 Series utility CD ROM for SNMP trap message interpretation
37. e via two different ISPs Internet Service Providers ISP A uses Ethernet and ISP B uses satellite for data transmission with Ethernet used as the major connection and the satellite as the backup connection This makes sense since the cost of transmitting through the satellite is greater than the cost of transmitting over the Ethernet Traditional solutions would use two routers to connect to the different ISPs In this case if the connection to the primary ISP fails the connection must be switched to the backup ISP manually The EDR G903 WAN backup function checks the link status and the connection integrity between the EDR G903 and the ISP or central office When the primary WAN interface fails it will switch to the backup WAN automatically to keep the connection alive ISP A WAN1 Ethernet Primary ISP B Satellite WANZ2 Center site Backup Field site When configuring the EDR G903 choose one of the two following conditions to activate the backup path e Link Check WAN1 link down e Ping Check Sends ping commands to a specific IP address e g the IP address of the ISP s server from WAN1 based on user configurable Time Interval Retry and Timeout When the WAN backup function is enabled and the Link Check or Ping Check for the WAN1 interface fails the backup interface WAN2 will be enabled as the primary interface 3 20 EDR G903 User s Manual Features and Functions WAN Backup Configuration WAN2 Configuration
38. ed DNS will higher than the DNS from the PPPoE or DHCP server Detailed Explanation of Static IP Type WAN2 Configuration Connection eee Enable Backup E DMZ Enable Connect Type Static IP Address Information IP Address 182 168 1 1 Gateway 0 0 0 0 Subnet Mask 255 255 255 PPTP Dialup PPTP Connection E Enable IP Address Wiser Name Password DNS Optional for dynamic IP or PPPoE Type Server 1 Server 2 Sever 3 192 168 2 1 0 0 0 0 0 0 0 0 3 15 EDR G903 User s Manual Address Information IP Address IP Address Subnet Mask IP Address Gateway IP Address Features and Functions The interface IP address None The subnet mask The Gateway IP address None None Detailed Explanation of PPPoE Type WAN2 Configuration Connection Connect Mode Disable Connect Type PPPoE PPPoE Dialup Liser Mame Host Name DNS Optional for dynam server 1 192 168 2 1 PPPoE Dialup User Name Max 30 characters Host Name Max 30 characters Password Max 30 characters Using DMZ Mode Enable Backup Fl DMZ Enable Password ic IP and PPPoE Type Server 2 Server 3 0 0 0 0 0 0 0 0 Description The User Name for logging in to the PPPoE server Description Factory Default None Factory Default User defined host name for this PPPoE server None Description The login password for this PPPoE server Factory Default None A DMZ demilitari
39. et mask None Gateway Description Factory Default IP Address The Gateway IP address None Detailed Explanation of PPPoE Type WAN1 Configuration Connection Connect Type PPPoE PPPoE Dialup User Name Password Host Name DNS Optional for dynamic IP or PPPoE Type Server 1 Server 2 Server 3 192 168 2 1 0 0 0 0 0 0 0 0 PPPoE Dialup User Name Max 30 characters The User Name for logging in to the PPPoE server None 3 13 EDR G903 User s Manual Features and Functions Host Name Max 30 characters User defined Host Name of this PPPoE server None Password Max 30 characters The login password for the PPPoE server None WAN2 Configuration includes DMZ Enable WAN2 Configuration Connection Connect Mode Disable Enable Backup Connect Type Dynamic IP Connection Note that there are there are three different connection types for the WAN2 interface Dynamic IP Static IP and PPPoE A detailed explanation of the configuration settings for each type is given below Connection Mode Enable or Disable Enable or Disable the WAN interface DMZ Enable DMZ mode can only be enabled when the connection type is set to Static IP Connection Type Static IP Dynamic IP Configure the connection type Dynamic IP PPPoE Detailed Explanation of Dynamic IP Type WAN2 Configuration Connection nable O Backup Connect Type Dynamic IP dl PPTP Dialup PPTP Connection Enable
40. figuring SNMP The EDR G903 supports SNMP V1 V2c V3 SNMP Vi and SNMP V2c use a community string match for authentication which means that SNMP servers access all objects with read only permissions using the community string public default value SNMP V3 which requires that the user selects an authentication level of MD5 or SHA is the most secure protocol You can also enable data encryption to enhance data security SNMP security modes and security levels supported by the EDR G903 are shown in the following table Select the security mode and level that will be used to communicate between the SNMP agent and manager Protocol Authentication Type Data Encryption econ ne e A SNMP V1 V2c V1 V2c Read Community string Uses a community string SNMP V3 MD5 or SHA Authentication based Provides authentication based on MD5 or SHA on HMAC MD5 or HMAC SHA algorithms 8 character passwords are the minimum requirement for authentication MD5 or SHA Authentication based Data encryption Provides authentication based on MD5 or SHA key onHMAC MD5 or HMAC SHA algorithms and data encryption key 8 character passwords and a data encryption key are the minimum requirements for authentication and encryption These parameters are configured on the SNMP page A more detailed explanation of each parameter is given below 3 37 EDR G903 User s Manual Features and Functions SNMP Read Settings System Information SNMP Versions V3 only b
41. hough the ping command is entered from the user s PC keyboard the actual ping command originates from the EDR G903 itself In this way the user can essentially control the EDR G903 and send ping commands out through its ports There are two basic steps required to set up the Ping command to test network integrity la Select which interface will be used to send the ping commands You may choose from WAN1 WAN2 and LAN 2 Type in the desired IP address and click Ping LLDP Function Overview Defined by IEEE 802 11AB Link Layer Discovery Protocol LLDP is an OSI Layer 2 Protocol that standardizes the methodology of self identity advertisement It allows each networking device such as a Moxa managed switch router to periodically inform its neighbors about itself and its configuration In this way all devices will be aware of each other LLDP Settings General Settings LLDP Enable v Message Transmit Interval 30 Port Events Neighbor ID Neighbor Port Neighbor Port Description Neighbor System The router s web interface can be used to enable or disable LLDP and to set the LLDP Message Transmit Interval Users can view each switch s neighbor list which is reported by its network neighbors 3 42 EDR G903 User s Manual Features and Functions LLDP Setting Enable LLDP Enable or Disable Enable or disable LLDP function Enable Message Transmit Interval 5 to 32768 sec Set the transmit interval of LLDP messages U
42. ice By IP Select the service type IP address or MAC address for this By IP By MAC policy Target Priority 0 1 2 3 Select the priority for this policy Priority O Source IP Seng Description Factory Default Select the Source IP address for this policy All Source Port All Port number Select the Source port number for this policy All Single Port number Range Port number Destination IP All IP Address Select the Destination IP address for this policy All Single IP Address Range IP Address Destination Port All Port number Select the Destination port number for this policy Single Port number Range Port number The following table shows the management of outgoing traffic The maximum bandwidth from LAN to WAN is 100 Kbytes 10 Kbyte is reserved for traffic that matches the parameters of Priority 0 20 Kbytes is reserved for traffic that matches the parameters of priority 2 and so forth Outgoing Traffic Configuration LAN to WAN Enable E MAX Bandwidth 100 KByte s Default Priority Priority 3 y Priority 0 MIN BY 10 KBytes BW KBytels Priority 1 MIN BW 20 KByte s C BW KBytes Priority 2 MIN BW 3 KBytes BW KBytels Priority 3 MIN BY KBytes KBytes Set up the outgoing policies as below 1 All All All WANT 192168 127 10 All Priority 0 2 WANT All 192 168 127 171 All All All Priority 1 3 WANT All 192 168 127 12 All All All Priority
43. just needs to click the PolicyCheck button to check each policy warning messages will be generated that can be used for further analysis If the user decides to ignore a warning message the EDR G903 firewall will run on the configuration provided by the user The three most common types of configuration errors are related to Mask Include and Cross Conflict Mask Policy X is masked by Policy Y The Source Destination IP range or Source Destination port number of policy X is smaller or equal to policy Y but the action target Accept Drop is different For example two firewall policies are shown below Destination IP Target WAN1 LAN All 10 10 10 10 192 168 127 10 ACCEPT 2 WAN2 LAN All 20 20 20 10 192 168 127 20 ACCEPT to 20 20 20 30 Suppose the user next adds a new policy with the following configuration index Input Output Protocol SourceIP_ Destination IP WAN2 LAN All 20 20 20 20 192 168 127 20 DROP After clicking the PolicyCheck button the EDR G903 will issue a message informing the user that policy 3 is masked by policy 2 because the IP range of policy 3 is smaller than the IP range of policy 2 and the Target action is different A rule 3 is masked by rule 2 Include Policy X ts included in Policy Y The Source Destination IP range or Source Destination port number of policy X is less than or equal to policy Y and the action target Accept Drop is the same In this case policy
44. k boxes and text input boxes near the top of the browser window and then click Modify Dynamic DNS Dynamic DNS Domain Name Server allows you to use a domain name e g moxa edr g903 to connect to the EDR G903 The EDR G903 can connect to 4 free DNS servers and register the user configurable Domain name in these servers Dynamic DNS Dynamic DNS Service Service Disable Server Name User Name Password Verify Password Domain Mame Service gt Disable Disable or select the DNS server Disable gt freedns afraid org gt www 3322 org gt members dyndns org gt dynupdate no ip com User Name Max 30 characters The DNS server s user name EDR G903 User s Manual Features and Functions Password Max 30 characters The DNS server s password None Verify Password Max 30 characters Verifies the DNS server password None Domain name Max 30 characters The DNS server s domain name None Communication Redundancy Use the EDR G903 s WAN backup function for dual WAN redundancy applications The EDR G903 has two WAN interfaces WAN1 is the primary WAN interface and WAN2 is the backup interface When the EDR G903 detects that connection WAN1 has failed Link down or Ping fails it will switch the communication path from WAN1 to WAN2 automatically When WAN1 recovers the major communication path will return to WAN1 How Dual WAN Backup Works A power utility at a field site connects to a central offic
45. l Contact Person admin Auth Type MDS Data Encryption Key Community Community Name 1 public Access Control 1 Read Only Community Name 2 private Access Control 2 Read Only Trap Targets Target IP Address 1 EX 9000 2006 1000 200K Target IF Address 2 Target IP Address 3 a EN SNMP Versions Disable Select the SNMP protocol version used to manage the secure Disable Vi V2c V3 or router Vi V2c or V3 only Contact Person Admin privilege allows access and authorization to read and Admin write the MIB file User privilege only allows reading the MIB file but does give authorization to write Auth Type Provides authentication based on the HMAC MD5 algorithms MD5 8 character passwords are the minimum requirement for authentication Provides authentication based on the HMAC SHA algorithms 8 character passwords are the minimum requirement for authentication Data Encryption Key Max 30 Characters 8 character data encryption key is the minimum requirement None for data encryption Community Name 1 2 Max 30 Characters Use a community string match for authentication Access Control Read only Public MIB Access control type after matching the community string Read only only 3 38 EDR G903 User s Manual Features and Functions Target IP Address IP Address Enter the IP address of the Trap Server used by your network Read only SNMP Trap Type SNMP T
46. l Policy will check single Source IP addresses in the Pree ee Pe ne tase eee Fae ne Range IP Address This Firewall Policy will check multiple Source IP addresses in fore Tbe nme mp soar er Source Port All Port number This Firewall Policy will check all Source port numbers in the All packet Single Port number This Firewall Policy will check single Source Port numbers in the S Oe mete Range Port number _ This Firewall Policy will check multiple Source port numbers in C TTTS 3 28 EDR G903 User s Manual Features and Functions Destination IP All IP Address This Firewall Policy will check all Destination IP addresses in the All packet Single IP Address This Firewall Policy will check single Destination IP addresses in CA a a Range IP Address This Firewall Policy will check multiple Destination IP addresses D G MT Source Port All Port number This Firewall Policy will check all Destination port numbers in All O IN Single Port number This Firewall Policy will check single Destination Port numbers a a Range Port number This Firewall Policy will check multiple Destination port M a e NOTE The EDR G903 s firewall function will check if incoming or outgoing packets match the firewall policy It starts by checking the packet with the first policy Index 1 if the packet matches this policy it will accept or drop the packet immediately and then check the next packet If the packet does not match
47. n console serial or Telnet mode Login by Admin account lan lan ip address A B C D netmask A B C D Set the IP address of LAN interface Example lan ip address 192 168 127 10 netmask 255 255 255 0 password password admin password Set the admin password Example Password admin 1234 password user password Set the user password Example Password user 1234 ping ping IP address Send echo message Example ping 192 168 127 10 reload default config Reload default configuration and Reboot this device 2 3 EDR G903 User s Manual Getting Started telnet IP address Open a telnet connection Example telnet 192 168 127 10 telnet IP address port number Open a telnet connection with port number Example telnet 192 168 127 10 23 ssh IP address Open a ssh connection Example ssh 192 168 127 10 Login by User account ping IP address Ping remote device via IP Example ping 192 168 127 10 ssh IP address Open a ssh connection Example ssh 192 168 127 10 telnet telnet IP address Open a telnet connection Example telnet 192 168 127 10 telnet IP address port number Open a telnet connection with port number Example telnet 192 168 127 10 23 Using Telnet to Access the EDR G903 s Console You may use Telnet to access the EDR G903 s console utility over a network To access the EDR s functions over the network by either Telnet or a web browser from a PC host that is connected
48. nit is in seconds 30 sec LLDT Table Port The port number that connects to the neighbor device Neighbor ID A unique entity that identifies a neighbor device this is typically the MAC address Neighbor Port The port number of the neighbor device Neighbor Port Description A textual description of the neighbor device s interface Neighbor System Hostname of the neighbor device Using Monitor You can monitor statistics in real time from the EDR G903 s web console Monitor by System Access the Monitor by selecting System from the left selection bar Monitor by System allows the user to view a graph that shows the combined data transmission activity of all the EDR G903 s 3 ports Click one of the three options Total Packets TX Packets or RX Packets to view transmission activity of specific types of packets Recall that TX Packets are packets sent out from the EDR G903 and RX Packets are packets received from connected devices The Total Packets option displays a graph that combines TX and RX activity The graph displays data transmission activity by showing Packets s e packets per second or pps versus sec seconds The graph is updated every few seconds allowing you to analyze data transmission activity in real time Monitor System Total Packets System 7 Total Packets w Reset Packetisec TX Packets System Total Packets 15 RX Packets 12 9 6 3 0 0 221 454 Format Total Packets
49. nts and Port Events System Events are related to the overall function of the router whereas Port Events are related to the activity of a specific port System Events Warning email is sent when Cold Start Power is cut off and then reconnected Warm Start The EDR G903 is rebooted such as when network parameters are changed IP address subnet mask etc Port Events Warning email is sent when Link ON The port is connected to another device Link OFF The port is disconnected e g the cable is pulled out or the opposing device shuts down E mail Setup Email Warning Events Settings Email Alert Configuration Email SMTP Server Address PORT User Name Password Sender Address 1stRecipient Address 2nd Recipient Address 3rd Recipient Address 4th Recipient Address Actuate EM MM Sond Test mat Main Server IP Name IP address The IP Address of your email server None Port Port number The port number of your email server None 3 40 EDR G903 User s Manual Features and Functions NOTE Account Name Description Factory Default Max 30 Characters Your email account name typically your user name None Email Password Description Factory Default Max 30 characters The Password of your email account None Sender Email Address Description Factory Default IP address The IP Address of the email sender None Recipient Email Address Max 50 characters You can set up to 4 email addresses
50. ol and monitoring networks The EDR G903 supports one WAN one LAN and a user configurable WAN DMZ interface that provides high flexibility for different applications such as WAN redundancy or Data FTP server security protection The Quick Automation Profile function of the EDR G903 s firewall supports most common Fieldbus protocols including EtherCAT EtherNet IP FOUNDATION Fieldbus Modbus TCP and PROFINET Users can easily create a secure Ethernet Fieldbus network from a user friendly web UI with a single click In addition wide temperature models are available that operate reliably in hazardous 40 to 75 C environments Package Checklist The EDR G903 is shipped with the following items If any of these items are missing or damaged please contact your customer service representative for assistance e 1 Moxa EDR G903 secure router e RJ45 to DB9 console port cable e Protective caps for unused ports e DIN Rail mounting kit attached to the EDR G903 s rear panel by default e Hardware Installation Guide printed e CD ROM with User s Manual and Windows Utility e Moxa Product Warranty statement Features Industrial Networking Capability e Router Firewall VPN all in one e 1 WAN 1 LAN and 1 user configurable WAN or DMZ interface e Network address translation N to 1 1 to 1 and port forwarding Designed for Industrial Applications e Dual WAN redundancy function e Firewall with Quick Automation Profile for Fieldbus pro
51. oming Traffic WAN to LAN or WAN to LAN The following figures show the configuration for incoming and outgoing traffic Users can manage the priority of incoming traffic WAN1 to LAN and WAN2 to LAN and outgoing traffic LAN to WAN1 and LAN to WAN2 Incoming Traffic Configuration WAN1 2 to LAN Enable Y MAX Bandwidth 100 Default Priorit Priority 3 Priority 0 MIN BW 10 Priority 1 MIN BW 20 Priority 2 MIN BW 30 Priority 3 MIN BYY 40 KByte s KByte s KByte s KByte s KByte s Outgoing Traffic Configuration LAN to WAN1 Enable Y MAX Bandwidth 100 Default Priority Priority 3 M Priority 0 MIN BW 10 Priority 1 MIN BW 20 Priority 2 MIN BW 30 Priority 3 MIN BW 40 KByte s KByte s KByte s KByte s KByte s Outgoing Traffic Configuration LAN to WAN2 Enable y MAX Bandwidth 100 Default Priority Priority 3 ha Priority 0 MIN BW 10 Priority 1 MIN BW 20 Priority 2 MIN BW 30 Priority 3 MIN BYY 40 KByte s KByte s KByte s KByte s KByte s 3 34 KByte s KByte s KByte s KByte s KByte s KByte s KByte s KByte s KByte s KByte s KByte s KByte s EDR G903 User s Manual Features and Functions Traffic Prioritization Configuration Enable or Disable Enable or Disable Enable or disable the Traffic Prioritization function Disabled Ma
52. on https 192 168 127 254 3 45 EDR G903 User s Manual Features and Functions 2 A warning message will appear to warn the user that the security certificate was issued by a company they have not chosen to trust Security Alert x Information you exchange with thie site cannot be viewed or y changed by others However there le a problem with the site s secunty certificate ity The secunty certificate was sued by a company you have not chosen to trust View the certificate to determine whether wou want to trust the certifying authority iw The security certificate date is valid it The name on the security certificate is invalid or does not match the name of the site Do you want to proceed Yes View Certificate 3 Select Yes to enter the EDR G903 s web browser interface and access the web browser interface secured via HTTPS SSL 3 46 A MIB Groups The EDR G903 comes with built in SNMP Simple Network Management Protocol agent software that supports cold start trap line up down trap and RFC 1213 MIB II The standard MIB groups that the EDR G903 series Support are MIB II 1 System Group sysORTable MIB 11 2 Interfaces Group ifTable MIB 11 4 IP Group ipAddrTable ipNetToMediaTable IpGroup IpBasicStatsGroup IpStatsGroup MIB II 5 ICMP Group IcmpGroup IcmpInputStatus IcmpOutputStats MIB II 6 TCP Group tcpConnTable TcpGroup TcpStats MIB II 7 UDP Group udpTabl
53. on VV VV Y WV Traffic Prioritization gt How Traffic Prioritization Works gt Traffic Prioritization Configuration Configuring SNMP Using Auto Warning Using Diagnosis Using Monitor Using System Log Using HTTPs SSL EDR G903 User s Manual Features and Functions The Overview page is divided into three major parts Interface Status Basic function status and Recent 10 Event logs and gives users a quick overview of the EDR G903 s current settings s Overview Update Interface Status More Recent 10 EventLog More PPPOE Port 1 WAN Wan 1 N A Connect WAN1 link on 2010 4 7 16 50 49 Port 2 Opt Wan 2 NIA Disconnect WANA link off 2010 4 7 16 51 58 Port 3 LAN LAN N A Connect LAN link off 2010 4 7 16 52 1 WAN1 link on 2010 4 7 16 52 50 LAN link on 2010 4 7 16 52 54 cl CORO Change IS Nanzeachup funcion Dane iii Sones DDNS Disable i Ne AE DoS Disable ARS auth ok 2010 4 7 18 22 49 WAN Backup Disable admin auth ok 2010 4 7 18 38 5 QoS Disable Click More at the top of the Interface Status table to see detailed information about all interfaces Interface Status More PPPOE Port 1 VAN Wan 1 PA Connect Port 2 Opt Wan 2 PLA Disconnect Port 3 LAN LAN PA connect e Detail Interface Status Update WAN1 MAC Address DHGCP_IP 192 168 2 106 255 255 255 0 00 09 ad 00 00 03 PPTP IP Address Disable 0 0 0 0 Disable Connect 531874 3719333 750705528 374644871 o 0 192 168 2 1 0 0 0 0 WANZ2 IP Add
54. orated into new editions of the publication Technical Support Contact Information www moxa com support Moxa Americas Moxa China Shanghai office Toll free 1 888 669 2872 Toll free 800 820 5036 Tel 1 714 528 6777 Tel 86 21 5258 9955 Fax 1 714 528 6778 Fax 86 10 6872 3958 Moxa Europe Moxa Asia Pacific Tel 49 89 3 70 03 99 0 Tel 886 2 8919 1230 Fax 49 89 3 70 03 99 99 Fax 886 2 8919 1231 Table of Contents Ds a cecesenececisasenecesanasanesenacacececssenesenacacscacscdnunndimimnmonanmnmemeendaasnsneesaneenbe ed 1 1 A em PP O o e 1 2 Rackade COCKS tontos sani bebabanibabdadon 1 2 FSA Sir alli dd ASS 1 2 industrial Networking Capability a e EEEE EEEE i 1 2 Designed for Industrial ADPIC iritat A a eae eee 1 2 Useful Utility and Remote Configuration cic ac a a a ead coli aa aA AAAA AUA A AAA AAAA eerie 1 2 Za G tting Started daa A E AAA AAA a A 2 1 RS 232 Console Configuration 115200 None 8 15 VTIDO al 2 2 Using Telnet to Access the EDR G903 S Console assssssssssarsssarnrsnnnrennrnnannssnnnnsnnnrenannenannssannrsnnnennnrerannnn 2 4 Using a Web Browser to Configure the EDR G9038 sssasssssassssarsnsarnrennnrerannnnannnsnnnrenunnsnannssannnsnnnrennnnenannn 2 5 35 Features and FUNCUHONS cia 3 1 CONMGUGING Basie SendSpace 3 3 System Identitica Miss ii 3 3 e SIS IP oaaae eins aps ea a a ae a ang Dea AONE RUAN Daag agate eee 3 4 ES A a 3 5 MUA iS AAA ANA AAA AAA AAA A AAA 3 6 SE ELI CIC A aes
55. ork system Identification Router Name FirewallVPN Router 00000 Router Location Device Location Router Description Maintainer Contact Info Web Configuration http or https M Activate Router name Max 30 Characters This option is useful for specifying the role or application of Firewall VPN router different EDR G903 units Serial No of this E g Factory Router 1 switch Router Location Max 80 Characters To specify the location of different EDR G903 units Device Location E g production line 1 Router Description Max 30 Characters Use this field to enter a more detailed description of the EDR G903 unit 3 3 EDR G903 User s Manual Features and Functions Maintainer Contact Info Max 30 Characters Enter the contact information of the person responsible for None maintaining this EDR G903 Web Configuration http or https Users can connect to the EDR G903 router via http or https http or https protocol https only Users can connect to the EDR G903 router via https protocol only Accessible IP The EDR G903 uses an IP address based filtering method to control access to EDR G903 units Accessible IP List V Enable the accessible IP list Disable will allow all IP s connection y LAN Enable Index IP Address Netmask 1 2 3 Accessible IP Settings allows you to add or remove Legal remote host IP addresses to prevent unauthorized access Access to the EDR G903 is controlled by
56. r changes the policies For example if the remote user IP 10 10 10 10 connects to the EDR G903 and changes the accessible IP address to 10 10 10 12 or deselects the Enable checkbox accidently after the remote user clicks the Activate button connection to the EDR G903 will be lost because the IP address is not in the EDR G903 s Accessible IP list 4 Enable the accessible IP list Disable will allow all IP s connection Ww LAN IP Address Metmask 10 10 10 12 If the user enables the SettingCheck function with the Accessible IP list and the confirmer Timer is set to 15 seconds then when the user clicks the Activate button on the accessible IP list page the EDR G903 will execute the configuration change and the web browser will try to jump to the SettingCheck Confirmed page automatically Because the new IP list does not include the Remote user s IP address the remote user cannot connect to the SettingCheck Confirmed page After 15 seconds the EDR G903 will roll back to the original Accessible IP List setting allowing the remote user to reconnect to the EDR G903 and check what s wrong with the previous setting 3 8 EDR G903 User s Manual Features and Functions il The page cannot be displayed The page you are looking for is currently unavailable The Web site might be experiencing technical difficulties or you may need to adjust your browser settings Please try the following Click the Refresh button or try
57. rap Settings System Events Cold Start Warm Start I Power Transition On Off l Power Transition Of On DI Off fF Dian O Config Change E Auth Failure Port Events Link Off WAN E A WANS LAN SNMP Trap Types can be divided into two basic groups System Events and Port Events System Events are related to the overall function of the router whereas Port Events are related to the activity of a specific port System Events SNMP Trap is sent when Cold Start Power is cut off and then reconnected Warm Start The EDR G903 is rebooted such as when network parameters are changed IP address subnet mask etc Config Change A configuration item has been changed Auth Failure An incorrect password is entered Link ON The port is connected to another device Link OFF The port is disconnected e g the cable is pulled out or the opposing device shuts down Using Auto Warning Since industrial Ethernet devices are often located at the endpoints of a system these devices will not always know what is happening elsewhere on the network This means that an industrial Ethernet router that connects to these devices must provide system maintainers with real time alarm messages Even when control engineers are out of the control room for an extended period of time they can still be informed of the status of devices almost instantaneously when exceptions occur The EDR G903 supports different approaches to warn engineers
58. ress MAC Address STATIC_IP 0 0 0 0 0 0 0 0 00 09 ad 00 00 02 PPTP IP Address Disable 0 0 0 0 Disable Disconnect 0 0 0 0 PPTP Gateway 0 0 0 0 0 0 0 0 0 0 LAN IP Address MAC Address STATIC_IP 192 168 127 254 255 255 255 0 00 09 ad 00 00 01 PPTP Enable PPTP IP Address PPPoE Status PA PILA PLA Connect Tx Packets 386347 538273 41326230 751464253 Gateway PPTP Gateway 0 0 0 0 0 0 0 0 0 0 DNS Server List 192 168 2 1 EDR G903 User s Manual Features and Functions Click More at the top of the Recent 10 Event Log table to open the EventLogTable page Recent 10 Event Log More WANA link on 2010 47 16 50 49 WAN link off 2010 47 16 51 58 LAN link off 201A 16 5271 EventLog Table Page 36 36 System Startup Time 351 63 2010 47 16 52 1 Od0h13m s LAN link off 352 63 2010 47 16 52 50 0d0h13m56s WAN link on 353 63 2010 47 16 52 54 0d0h14mnm0s LAN link on 354 63 2010 47 16 54 32 0d0h15m38s NAT Configuration Change 355 63 2010 47 16 55 12 0d0h16m18s Filter Configuration Change 356 63 2010 47 16 55 27 0doh16m33s Filter Configuration Change AST 53 2010 47 18 22 49 0d1h43m55s Login auth ok 358 63 2010 47 18 38 5 0d1h59m11s admin auth ok Configuring Basic Settings The Basic Settings group includes the most commonly used settings required by administrators to maintain and control the EDR G903 System Identification The system identification section gives you an easy way to identify the different switches connected to your netw
59. the Password field blank if a password has not been set Moxa EtherDevice Secure Router EDR G903 Username Password By default the EDR G903 s password is not set i e is blank 2 5 EDR G903 User s Manual Getting Started You may need to wait a few moments for the web page to be downloaded to your computer Use the menu tree on the left side of the window to open the function pages to access each of the router s functions MOXA EDR G903 Secure Router www moxa com Model EDR G903 Serial NO 1 Firmware V1 0 build 10031916 WAN1 MAC 00 90 e8 00 90 0b WAN2 MAC 00 90 e8 00 90 0a LAN MAC 00 90 e8 00 90 09 WAN IP 192 168 2 71 WAN2 IP 0 0 0 0 LAN IP 192 168 127 254 s Overview E Update Overview Basic Setting ae Recent 10 Event Log_ More cane Communication Redundancy Port 1 WAN Wan 1 N A Connect LAN link off 2000 1 1 1 30 45 Routing Port2 0pt Wan2 N A Disconnect LAN link on 2000 1 1 2 18 14 NAT Port 3 LAN LAN N A Connect LAN link off 2000 1 1 2 18 39 Firewall Poilcy 3 LAN link on 2000 1 1 3 2 8 SNMP LAN link off 2000 1 1 3 2 12 i 1111 3 2 Traffic Prioritization PRI sees Auto Warning Wan 2 Backup Function Disable j ae LAN link on 2000 1 1 7 12 40 Diagnosis DDNS Disable y ge g admin auth ok 2000 1 1 8 14 37 Monitor aes admin auth ok 2000 1 1 8 43 44 V 0 43 Check Alive Disable System Log Qos Disable Best ea with IE 5 above at resolution 1024 x 768 2 6 3 Feat
60. tions Ports Baud Rate Data Bits Dutput State DTA ON OFF l RTS CTS M XON XOFF RTS ON OFF 2 2 EDR G903 User s Manual Getting Started 4 Click the Terminal tab and select VT100 for Terminal Type Click OK to continue on Type 1 to select ansi VT100 terminal type and then press Enter 6 The Console login screen will appear Use the keyboard to enter the login account admin or user and then press Enter to jump to the Password field Enter the console Password this is the same as the Web Browser password leave the Password field blank if a console password has not been set and then press Enter EDR G 83 login admin Password Moxa EtherDevice Secure Router EDR G A3 Moxa Technologies Co Ltd EDR G H3H m 7 Enter a question mark to display the command list in the console EDR G 634 disable Switch the Admin mode to User mode end End current mode and change to enable mode exit Exit this consol mode connection lan Set the IP address of LAN interface list Print command list no Set the admin password to null password Set the admin password ping Send echo messages quit Exit this consol mode connection reboot Reboot this device re load Reload default configuration and reboot this device show Show running system information ssh Open a ssh connection telnet Open a telnet connection EDR G H3H m The following table shows a list of commands that can be used when the EDR G903 is i
61. to the same LAN as the EDR G903 you need to make sure that the PC host and the EDR G903 are on the same logical subnet To do this check your PC host s IP address and subnet mask By default the EDR G903 s LAN IP address is 192 168 127 254 and the EDR G903 s subnet mask is 255 255 255 0 for a Class C subnet If you do not change these values and your PC host s subnet mask is 255 255 0 0 then its IP address must have the form 192 168 xxx xxx On the other hand if your PC host s subnet mask is 255 255 255 0 then its IP address must have the form 192 168 127 xxx NOTE To use the EDR G903 s management and monitoring functions from a PC host connected to the same LAN as the EDR G903 you must make sure that the PC host and the EDR G903 are connected to the same logical subnet NOTE Before accessing the console utility via Telnet first connect the EDR G903 s RJ45 Ethernet LAN ports to your Ethernet LAN or directly to your PC s Ethernet card NIC You can use either a straight through or cross over Ethernet cable NOTE The EDR G903 s default LAN IP address is 192 168 127 254 2 4 EDR G903 User s Manual Getting Started Perform the following steps to access the console utility via Telnet 1 Click Start Run and then telnet to the EDR G903 s IP address from the Windows Run window You may also issue the telnet command from the MS DOS prompt Type the name of a program Folder document or Internet resource
62. tocols e Intelligent PolicyCheck and SettingCheck tools e 40 to 75 C operating temperature T models e Long haul transmission distance of 40 km or 80 km with optional mini GBIC e Redundant dual 12 to 48 VDC power inputs e IP30 rugged high strength metal case e DIN Rail or panel mounting ability Useful Utility and Remote Configuration e Configurable using a Web browser and Telnet Serial console e Send ping commands to identify network segment integrity 1 2 2 Getting Started This chapter explains how to access the EDR G903 for the first time There are three ways to access the switch 1 serial console 2 Telnet console or 3 web browser The serial console connection method which requires using a short serial cable to connect the EDR G903 to a PC s COM port can be used if you do not know the EDR G903 s IP address The Telnet console and web browser connection methods can be used to access the EDR G903 over an Ethernet LAN or over the Internet A web browser can be used to perform all monitoring and administration functions but the serial console and Telnet console only provide basic functions The following topics are covered in this chapter O RS 232 Console Configuration 115200 None 8 1 VT100 O Using Telnet to Access the EDR G903 s Console O Using a Web Browser to Configure the EDR G903 EDR G903 User s Manual Getting Started RS 232 Console Configuration 115200 None 8 1 VT100 NOTE Connection C
63. tware or Configuration TFTP Server IP Name Configuration File Path and Name Firmware File Path and Name Log File Path and Name EDR G903 User s Manual Features and Functions TFTP Server IP Name IP Address of TFTP The IP or name of the remote TFTP server Must be configured None Server before downloading or uploading files Configuration File Path and Name Max 40 Characters The path and filename of the EDR G903 s configuration file in None the TFTP server Firmware File Path and Name Max 40 Characters The path and filename of the EDR G903 s firmware file None Log File Path and Name Max 40 Characters The path and filename of the EDR G903 s log file None After setting up the desired path and filename click Activate to save the setting Next click Download to download the file from the remote TFTP server or click Upload to upload a file to the remote TFTP server System File Update by Local Import Export Upgrade Software or Configuration Configuration File Export Log File EN Upgrade Firmware import Upload Configure Data import Configuration File Click Export to export the configuration file of the EDR G903 to the local host Log File Click Export to export the Log file of the EDR G903 to the local host NOTE Some operating systems will open the configuration file and log file directly in the web page In such cases right click the Export button and then save as a fil
64. unciation UDP FF Fieldbus Message TCP FF Fieldbus Message UDP FF System Management TCP FF System Management UDP FF LAN Redundancy Port TCP FF LAN Redundancy Port UDP Conor TCP LonWorks UDP LonWorks TCP LonWorks UDP Modbus TCP IP TCP 502 Modbus TCP IP UDP 502 PROFInet RT Unicast TCP PROFInet RT Unicast UDP PROFInet RT Multicast TCP PROFInet RT Multicast UDP PROFInet Context Manager TCP PROFInet Context Manager UDP Ne Cr one UDP The Quick Automation Profile also includes the commonly used Ethernet protocols listed in the following table IPSec NAT Traversal UDP IPSec NAT traversal TCP ata TO FTP data UDP FTP control TCP FTP control UDP SSH TCP SSH UDP Telnet TCP Telnet UDP 3 30 EDR G903 User s Manual Features and Functions HTTP TCP TT OF eo 1293 IPSec TCP IPSec UDP 1293 L2F amp L2TP TCP L2F 8 L2TP UDP PPTP TCP PPTP UDP Radius authentication TCP Radius authentication UDP RADIUS accounting TCP 1813 RADIUS accounting UDP 1813 PolicyCheck The EDR G903 supports a PolicyCheck function for maintaining the firewall policy list The PolicyCheck function detects firewall policies that may be configured incorrectly PolicyCheck provides an auto detection function for detecting common configuration errors in the Firewall policy e g Mask Include and Cross conflict When adding a new firewall policy the user
65. ures and Functions In this chapter we explain how to access the EDR G903 s configuration options perform monitoring and use administration functions There are three ways to access these functions 1 RS 232 console 2 Telnet console and 3 web browser The web browser is the most user friendly way to configure the EDR G903 since you can both monitor the EDR G903 and use administration functions from the web browser An RS 232 or Telnet console connection only provides basic functions In this chapter we use the web browser to introduce the EDR G903 s configuration and monitoring functions The following topics are covered in this chapter O Configuring Basic Settings System Identification Accessible IP Password Time SettingCheck System File Update by Remote TFTP System File Update by Local Import Export Restart VV VV VV VV WV Reset to Factory Default O Network Settings WAN1 Configuration WAN2 Configuration includes DMZ Enable Using DMZ Mode LAN Interface DHCP Server Static DHCP List Dynamic DNS O Communication Redundancy gt How Dual WAN Backup Works gt WAN Backup Configuration O Static Routing O Network Address Translation NAT gt NAT Concept gt N to 1 NAT gt Port Forwarding gt 1 to 1 NAT VV VV VV WV 000000 Firewall Settings Firewall Policy Concept Firewall Policy Overview Firewall Policy Configuration Quick Automation Profile PolicyCheck Denial of Service DoS functi
66. x Bandwidth 1 to 1 000 000 The maximum bandwidth for total incoming or outgoing traffic 100 KBytes s KBytes s Default Priority Priority 0 1 2 3 A packet without matching any incoming outgoing policy will Priority 3 adhere to the default priority Minimum Bandwidth of Priority 0 1 2 3 1 to 1 000 000 The minimum bandwidth for Priority 0 1 2 3 Priority 0 10 KBytes s KBytes s Priority 1 20 KBytes s Priority 2 30 KBytes s Priority 3 40 KBytes s Maximum Bandwidth of Priority 0 1 2 3 1 to 1 000 000 The maximum bandwidth for Priority 0 1 2 3 Priority 0 10 KBytes s KBytes s Priority 1 20 KBytes s Priority 2 30 KBytes s Priority 3 40 KBytes s Outgoing Incoming Policy Setup After configuring the ae Targets Priority 3 minimum maximum bandwidth deci Source IP Single 192 168 127 13 for each priority users can set up pi nge bs To the incoming or outgoing policies source Port i EEN Protocol for Ethernet traffic proves the ae Destination IP TA setup meets all of the following Destination Port conditions Enable or Disable Enable or Disable Enable or disable this Incoming or Outgoing Policy Disabled Packet To From Select the direction of Ethernet traffic for this policy All To For outgoing policy From For incoming policy a All Protocol All TCP UDP ICMP Select the Protocol for in this Policy NN TCP 3 35 EDR G903 User s Manual Features and Functions Serv
67. zed zone is an isolated network for devices such as data FTP web and mail servers connected to a LAN network that need to frequently connect with external networks The deployment of an FTP server in a DMZ is il lustrated in the following figure EDR G903 User s Manual Features and Functions DMZ i l WANA IP i i PA Ey Local FTP server 1 IP 192 168 20 20 i iste i ies Cr i E iy g Secure LAN Network r E a C i Local Device EDR G903 2000411 t IP 192 168 100 1 F l gt A A Local Device ALL t IP 192 168 100 2 l l DMZ mode is configured on the WAN2 configuration web page Set Connect Mode to Enable Connect Type to Static IP and checkmark the DMZ Enable check box You will also need to input the IP Address and Subnet Mask Click the Activate button to save the settings Connection ConnectMode Disable Enable Backup W DMZ Enable Connect Type Address Information IF Address 192 166 127 712 Gateway LAN Interface A basic application of an industrial Firewall VPN device is to provide protection when the device is connected to a LAN In this regard the LAN port connects to a secure or trusted area of the network whereas the WAN1 and WAN2 DMZ ports connect to an insecure or untrusted area LAN LAN IP Configuration IP Address 192 166 127 254 ex 192 168 1 1 Subnet Mask SER ORG 96E 255 2755 755 0 LAN IP Configura
Download Pdf Manuals
Related Search