Configuration manual - cd.lucom.de
Contents
1. Enable remote HTTP access on port 80 _ Enable remote HTTPS access on port 443 Enable remote SSH access on port Enable remote SNMP access on port Send all remaining incoming packets to default server Default Server IP Address 192 168 1 2 Figure 32 Example 1 NAT configuration infoolucom de In these configurations it is important to have marked choice of Send all remaining incom ing packets it default server IP address in this case is the address of the device behind the router Connected equipment behind the router must have set Default Gateway on the router Connected device replies while PING on IP address of SIM card www lucom de 48 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB maana 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE Example 2 Configuration with more connected equipment Switch pppO 10 0 0 1 162 209 13 222 192 168 1 2 80 10 0 0 1 83 10 0 0 1 81 192 168 1 3 80 192 168 1 4 80 Figure 33 Example 2 topology of NAT configuration NAT Configuration Public Port Private Port Type Server IP Address 81 80 TCP v 192 168 1 2 82 iow 192 168 1 3_ 83 80 TCP v 192 168 1 4 TCP v infoolucom de C Enable remote HTTP access on port 1 Enable remote HTTPS access on port _ Ena2. O Enable traffic monitoring Figure 18 Example of VRRP configuration main router 24 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de infoolucom de www lucom de BB Ye 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE RRP Configuration Y Enable VRRP Virtual Server IP Address 192 168 1 1 Virtual Server ID Host Priority Check connection Ping IP Address Ping Interval Ping Timout Ping Probes O Enable traffic monitoring Figure 19 Example of VRRP configuration backup router infoolucom de www lucom de 25 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SMARTW RX 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE 4 3 Mobile WAN Configuration Configuration of a connection to the mobile network can be invoked by selecting the Mobile WAN item in the Configuration menu section 4 3 1 Connection to Mobile Network If the Create connection to mobile network item is selected the router automatically tries to establish connection after switching on Following items can be set up for every SIM card separately or as two separate APNs to switch one SIM card between CA AA APN Network identifier Access Point Name Username User name to log into the GSM network Password Password to log into the GSM network Authenti
3. 96 6 6 Unlock SIM Gard 2226225455 omar Soone 4 ep bbe es 97 6 7 Send SMS a a fae vate eee eee ee oe ee 97 6 8 Backup Configuration o e c es o ee e 2 000000 002 eee 98 6 9 Restore Configuration has ar e a 98 D 6 10 Update Firmware 00000022 eee 98 2 A ee oe ee Rees Bee AAR eee 99 z O 7 Configuration in Typ Situations 100 7 1 Access tothe Internet from LAN o e 00000 100 6 7 2 Backed Up Access to the Internet from LAN 000 4 102 o 7 3 Secure Networks Interconnection or Using VPN 106 e 74 Serial Gateway A 38a oe Soe ee et ee ee 108 8 Recommended Literature 110 d O O gt gt iii 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de B B EARN DRA EIS OF FIGURES ENABLING CONNECTED INTELLIGENCE List of Figures 1 Example of the web configuration o 00004 2 2 Mobile WAN status 0 0 0 0 0002 eee e 8 IS E cee Gee ees pe es Gp ee es tee Ge ee 9 4 WIRSCan 2s 252 eee eee eee eee ee eee 11 5Sa Network Statuss a fe gee e 13 6 DHCP stats co t auoe e a hes Bee eee A eee a 14 Zm PSec Stats eras epee A ate ee eg eee 15 8 DynDNSistatuS 22 2264 8 525445 25 Se bee A hee ee 15 9 T System OQ ia a4 RR ee ees pee 17 10 Example program syslogd start with the parameter r 17 11 Example 1
4. Host Priority The active router with highest priority set by the parameter Host Priority is the main router According to RFC 2338 the main router should have the highest possible priority 255 The backup router s have a priority in the range 1 254 default value is 100 A priority value of O is not allowed Table 18 VRRP configuration You may set the Check connection flag in the second part of the window to enable au tomatic test messages for the cellular network In some cases the mobile WAN connection could still be active but the router will not be able to send data over the cellular network This feature is used to verify that data can be sent over the PPP connection and supplements the normal VRRP message handling The currently active router main backup will send test messages to the defined Ping IP Address at periodic time intervals Ping Interval and wait for a reply Ping Timeout If the router does not receive a response to the Ping command it will retry up to the number of times specified by the Ping Probes parameter After that time it will switch itself to a backup router until the PPP connection is restored CAI ET Ping IP Address Destinations IP address for the Ping commands IP Address can not be specified as a domain name infoOlucom de Ping Interval Interval in seconds between the outgoing Pings Ping Timeout Time in seconds to wait for a response to the Ping Ping Probes Maximum number of failed pi
5. HW Mode IEEE 802 11b Channel 1 BW 40 MHz WMM Authentication Encryption WEP Key Type WEP Default Key WEP Key 1 WEP Key 2 WEP Key 3 WEP Key 4 WPA PSK Type 256 bit secret WPA PSK Access List disabled Accept Deny List Syslog Level informational Extra options can be blank Figure 25 WiFi configuration infoolucom de www lucom de 38 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de 17 10 15 BB SMARTW RX 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE 4 6 WLAN Configuration u This item is available only if the router is equipped with a WiFi module The form for configuration of WiFi network and DHCP server functioning on this network can be invoked by pressing the WLAN item in the main menu of the router web interface Enable WLAN interface check box at the top of this form is used to activate WIFi LAN interface It is also possible to set the following properties CAI AAA Operating Mode WiFi operating mode e access point AP router becomes an access point to which other devices in station STA mode can be connected e station STA router becomes a client station it means that receives data packets from the available access point AP and sends data from cable connection via wifi network
6. Network Topology for Dynamic DHCP Server 20 12 Example 1 LAN Configuration Page o 0 o e 20 13 Example 2 Network Topology with both Static and Dynamic DHCP Servers 21 14 Example 2 LAN Configuration Page o o o e 21 15 Example 3 Network Topology a 22 16 Example 3 LAN Configuration Page o oo e eee 22 17 Topology of example VRRP configuration o 0 o 24 18 Example of VRRP configuration main router o o 24 19 Example of VRRP configuration backup router 25 20 Mobile WAN configuration 0 0 0000 eee ee 31 21 Example 1 Mobile WAN configuration 000 4 32 22 Example 2 Mobile WAN configuration o 32 23 Example 3 Mobile WAN configuration 2 o e 32 24 PPPoE configuration ce om aca a 33 2 29 WIFI configuration 43 626 o e o Ea eee a 38 i 26 WLAN configuration aoaaa a 40 E 2f Backup Routes i 2 ace a fw ee eee a a a A 41 2 28 Firewall CONfigurati0N ase a sao sa a e o e ee 44 29 Topology of example firewall configuration 00 4 45 E 30 Example firewall configuration o o 2 8G 45 O 31 Example 1 Topology of NAT configuration 47 e 32 Example 1 NAT configuration 0 00000048 48 33 Example 2
7. topology of NAT configuration 49 34 Example 2 NAT configuration aaa aa a a 49 35 OpenVPN tunnels configuration ooa a a 50 d 36 OpenVPN tunnel configuration o e eo eo 53 O 37 Topology of OpenVPN configuration example 54 38 IPsec tunnels configuration ooe nes 55 S 39 IPsec tunnels configuration o o eee ee 59 5 40 Topology of example IPsec configuration a aooo o 60 z iv 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de B B AAE EIS OF FIGURES ENABLING CONNECTED INTELLIGENCE 41 GRE tunnels configuration 2 e o 61 42 GRE tunnel configuration e 62 43 Topology of GRE tunnel configuration 2 o e 62 44 L2TP tunnel configuration o a 63 45 Topology of example L2TP tunnel configuration 64 46 PPTPtunnelconfiguration 2 000020 eee eee 65 47 Topology of example PPTP tunnel configuration 66 48 Example of DynDNS configuration 00000 67 49 Example of NTP configuration o e 220000000 68 50 Example of SNMP configuration 0000000000 2G 71 51 Example ofthe MIB browser 0000000002 eae 72 52 Example of the SMTP client configuration
8. 10 40 28 0 2 0 0 0 255 255 252 0 U e e etho 192 168 254 254 0 0 0 0 255 255 255 255 UH 0 e usba Figure 5 Network Status www lucom de 13 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SMARTW RX J 3 STATUS ENABLING CONNECTED INTELLIGENCE 3 6 DHCP Status Information about the DHCP server activity is accessible via DHCP item The DHCP server provides automatic configuration of devices connected to the network managed router DHCP server assigns IP address netmask default gateway IP address of router and DNS server IP address of router to each device The DHCP status window displays the following information for each configuration CA A lease Assigned IP address starts Time of assignation of IP address ends Time of termination IP address validity hardware ethernet Hardware MAC unique address uid Unique ID client hostname Computer name Table 14 DHCP status description In the extreme case the DHCP status can display two records for one IP address That could have been caused by resetting of network cards DHCP Status Active DHCP Leases Primary LAN lease 192 168 1 2 starts 1 2011 01 17 08 08 37 ends 1 2011 01 17 06 18 37 hardware ethernet 00 1d 92 25 72 33 wid 01 00 1d 92 25 72 33 client hostname felgr2 Active DHCP Leases WLAN No active dynamic DHCP leases Figure 6 DHCP status i
9. BB SMARTWOBA ENABLING CONNECTED INTELLIGENCE Configuration Manual for v3 Routers Y Le z e S fe tj ES InO In1 Out ETHO ETH USB PWR Ind muu H m PWR int RAN Al aus out POE www lucom de 7 10 15 ENABLING CONNECTED INTELLIGENCE 1 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB Santen j USED SYMBOLS ENABLING CONNECTED INTELLIGENCE Used symbols Danger important notice which may have an influence on the user s safety or the function of the device Attention notice on possible problems which can arise in specific cases Information notice information which contains useful advice or special interest as pb Firmware version Current version of firmware is 5 3 0 October 9 2015 GPL licence Source codes under GPL licence are available free of charge by sending an email to info conel cz oa TUVRheinland COTI ISO 9001 infoolucom de Conel s r o Sokolska 71 562 04 Usti nad Orlici Czech Republic Manual Rev 1 released in CZ October 5 2015 www lucom de 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de 17 10 15 BB SMARTWORX J CONTENTS ENABLING CONNECTED INTELLIGENCE Contents 1 Basic Information 1 2 Access to the Web Conf 2 2 1 Preventing the domain disagreemen
10. CAI LEA Primary NTP Server IP or domain address primary NTP server Address Secondary NTP IP or domain address secondary NTP server Server Address Timezone By this parameter it is possible to set the time zone of the router Daylight Saving Time Using this parameter can be defined time shift e No time shift is disabled e Yes time shift is allowed Table 50 NTP configuration Example of the NTP conf with set primary ntp cesnet cz and secondary tik cesnet cz NTP server and with daylight saving time NTP Configuration C Enable local NTP service Synchronize clock with NTP server Primary NTP Server ntp cesnet cz Secondary NTP Server tik cesnet cal Timezone GMT 01 00 a Daylight Saving Time yes Cese info lucom de Figure 49 Example of NTP configuration www lucom de 68 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SMARTWORX 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE 4 17 SNMP Configuration To enter the SNMP configuration it is possible with SNMP agent v1 v2 or v3 configuration which sends information about the router eventually about the I O inputs SNMP Simple Network Management Protocol provides status information about network elements such as routers or end computers v1 v2 and v3 are just different versions of the SNMP In the version v3 the communication is se
11. ENABLING CONNECTED INTELLIGENCE KC EA Local Protocol Port Encapsulation Mode NAT traversal IKE Mode IKE Algorithm IKE Encryption IKE Hash IKE DH Group ESP Algorithm ESP Encryption ESP Hash PFS PFS DH Group Key Lifetime Continued from previous page Specifies Procokol Port of a local network The general form is protocol port for example 17 1701 for UDP protocol 17 and port 1701 It is also possible to enter only the number of protocol however the above mentioned format is preferred IPsec mode the method of encapsulation choose tunnel en tire IP datagram is encapsulated or transport only IP header If address translation is used between two end points of the tun nel it needs to enable NAT Traversal Defines mode for establishing connection main or aggressive If the aggressive mode is selected establishing of IPsec tunnel will be faster but encryption will set permanently on 3DES MD5 We recommend not to use aggressive mode due to a lower security Way of algorithm selection e auto encryption and hash alg are selected automatically e manual encryption and hash alg are defined by the user Encryption algorithm 3DES AES128 AES192 AES256 Hash algorithm MD5 SHA1 SHA256 SHA384 or SHA512 Diffie Hellman groups determine the strength of the key used in the key exchange process Higher group numbers are more se cure but require additional time to compute the key
12. LAC Location Area Code unique number assigned to each location area Channel Channel the router communicates on E Signal Strength Signal strength of the selected cell AS Signal Quality Signal quality of the selected cell e EC IO for UMTS and CDMA it s the ratio of the signal received from the pilot channel EC to the overall level of the spectral density ie the sum of the signals of other cells 10 e RSRQ for LTE technology Defined as the ratio X23282 e The value is not available for the EDGE technology Continued on next page www lucom de 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB Santen 3 STATUS ENABLING CONNECTED INTELLIGENCE Continued from previous page CA PEA CSQ Cell Signal Quality relative value is given by RSSI dBm 2 9 range means Marginal 10 14 range means OK 15 16 range means Good 20 30 range means excellent Neighbours Signal strength of neighboring hearing cells Manufacturer Module manufacturer Model Type of module Revision Revision of module IMEI IMEI International Mobile Equipment Identity number of module ESN ESN Electronic Serial Number number of module for CDMA routers MEID MEID number of module ICCID Integrated Circuit Card Identifier is international and unique serial number of the SIM card Table 5 Mobile Network Information Highlighted in red adjacent cells hav
13. 42 4 9 NAT Configuration s es adere mie en d a BER a nO O Ta a a e a d E a 46 4 10 OpenVPN Tunnel Configuration o o a 50 4 11 IPsec Tunnel Configuration aooaa pe eee eee 55 4 12 GRE Tunnels Configuration aooaa e 60 ji LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de info lucom de www lucom de BB SMARTWORX j CONT NTS ENABLING CONNECTED INTELLIGENCE 4 13 L2TP Tunnel Configuration aoaaa aaa a 63 4 14 PPTP Tunnel Configuration oaaae a 65 4 15 DynDNS Client Configuration aoaaa aaa a 67 4 16 NTP Client Configuration aoaaa aaa a a 68 4 17 SNMP Configuration oaa o 69 4 18 SMTP Configuration e ia a a G a 73 4 19 SMS Configurati n aa o es 74 4191 Sending SMSa ee acer A a A A g a 76 4 20 Expansion Port Configuration aoaaa aa a 80 4 21 USB Port Configuration aooaa a 84 4 22 Startup Script s ea e a e aan a ke ee 88 4 23 Up Down Scripts eos a o de a e REA ee e a ee eG 89 4 24 Automatic Update Configuration oaoa aaa a a 90 5 Customization 92 A Modules a A ye ate ee eae 92 6 Administration 94 A O NN 94 6 2 Change Profile 2 2 2 225 22 Ae EA eee Le eas 95 63 Change Password 2 lt a ences eae ce e ee oe ee eee 95 6 4 Set Real Time Clock 4 96 6 5 Set SMS Service Center Address o
14. CONFIGURATION ENABLING CONNECTED INTELLIGENCE Continued from previous page KC EA Authenticate Mode Sets authentication mode e none no authentication is set e Pre shared secret sets the shared key for both sides of the tunnel Username password enables authentication using CA Certificate Username and Password X 509 Certificate multiclient enables X 509 authenti cation in multiclient mode X 509 Certificate client enables X 509 authentication in client mode X 509 Certificate server enables X 509 authentication in server mode Pre shared Secret Authentication using pre shared secret can be used for all offered authentication mode CA Certificate Auth using CA Certificate can be used for username password and X 509 Certificate modes DH Parameters Protocol for exchange key DH parameters can be used for X 509 Certificate authentication in server mode Local Certificate This authentication certificate can be used for X 509 Certificate authentication mode Local Private Key Local private key can be used for X 509 certificate auth mode Username Authentication using a login name and password authentication can be used for username password mode Password Authentication using a login name and password authentication can be used for username password mode Extra Options Defines additional parameters of OpenVPN tunnel such as DHCP options etc Parameters are introduced by two dashes For
15. Cable connection Wireless connection Figure 84 Backed up access to the Internet topology of the example In the situation on the fig 84 its necessary to configure all the connections to the Internet in items LAN for Ethernet WLAN and WiFi for WiFi connection and Mobile WAN for mobile connection Then it is possible to configure the priorities of backup routes in the Backup Routes item Status 17 10 15 General Mobile WAN WiFi WiFi Scan Network DHCP IPsec DynDNS System Log Configuration Primary LAN Secondary LAN DHCP Client disabled IP Address 192 168 1 1 Subnet Mask 255 255 255 0 Bridged no disabled 10 40 28 120 255 255 252 0 no Media Type auto negotiation auto negotiation Default Gateway DNS Server Y Enable dynamic DHCP leases 10 40 30 1 192 168 2 27 RRP IP Pool Start 192 168 1 2 a IP Pool End 192 168 1 254 PPPoE WiFi Lease Time 600 sec Figure 85 Backed up access to the Internet LAN configuration LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de 102 infoolucom de www lucom de BB SS MARIWODA IGURATION IN TYP SITUATIONS ENABLING CONNECTED INTELLIGENCE LAN configuration In the LAN item Primary LAN you can leave the factory default configuration as in the previous situation The ETH1 interface on the front panel of the router is use
16. DHCP Client Activates deactivates DHCP client IP Address Fixed set IP address of WiFi network interface Subnet Mask Subnet mask of WiFi network interface Bridged Activates bridge mode e no Bridged mode is not allowed it s default value WLAN network is not connected with LAN network of the router e yes Bridged mode is allowed WLAN network is connected with one or more LAN network of the router In this case the setting of most items in this table is ignored Instead it takes setting of selected network interface LAN Default Gateway IP address of default gateway When entering IP address of de fault gateway all packets for which the record was not found in the routing table are sent to this address DNS Server Address to which all DNS queries are forwarded Table 28 WLAN configuration 39 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de infoOlucom de www lucom de BB SMARTWORX d 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE Use Enable dynamic DHCP leases item at the bottom of this form to enable dynamic allocation of IP addresses using DHCP server It is also possible to specify these values CA EAS IP Pool Start Beginning of the range of IP addresses which will be assigned to DHCP clients IP Pool End End of the range of IP addresses which will be assigned to DHCP clients Lease Time Time in seconds for which the client may use
17. Group with higher number provides more security but requires more pro cessing time Way of algorithm selection e auto encryption and hash alg are selected automatically e manual encryption and hash alg are defined by the user Encryption algorithm DES 3DES AES128 AES192 AES256 Hash algorithm MD5 SHA1 SHA256 SHA384 or SHA512 Ensures that derived session keys are not compromised if one of the private keys is compromised in the future Diffie Hellman group number see KE DH Group Lifetime key data part of tunnel The minimum value of this pa rameter is 60s The maximum value is 86400s Continued on next page 56 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de 4 CONFIGURATION infoo0lucom de www lucom de 17 10 15 BB aro ENABLING CONNECTED INTELLIGENCE IKE Lifetime Rekey Margin Rekey Fuzz DPD Delay DPD Timeout Authenticate Mode Pre shared Key CA Certificate Remote Certificate Local Certificate Local Private Key Local Passphrase Extra Options 4 CONFIGURATION Continued from previous page KC EA Lifetime key service part of tunnel The minimum value of this parameter is 60s The maximum value is 86400 s Specifies how long before connection expiry should attempt to negotiate a replacement begin Maximum value must be less than half of IKE and Key Lifetime parameters Percentage extension of R
18. eth1 are added to the bridge Other interfaces wlanO wifi can be added or deleted to from an existing bridge at any time Moreover the bridge can be created on demand for such interfaces but not configured by their respective parameters The DHCP server assigns the IP address default gateway IP address and IP address of the DNS server to the connected DHCP clients If these values are filled in by the user in the configuration form they are preferred The DHCP server supports both static and dynamic assignment of IP addresses In Dy namic IP address assignment the DHCP server will assign a client the next available IP ad dress from the allowed IP address pool Static DHCP assigns IP addresses that correspond Table 17 Configuration of Static DHCP Server to the MAC addresses of connected clients lt b Lo CI Description Enable dynamic If checked dynamic DHCP server enabled O S DHCP leases IP Pool Start Start of IP addresses allocated to the DHCP clients E IP Pool End End of IP addresses allocated to the DHCP clients O Lease time Client can use the IP address for this amount of time in seconds T Table 16 Configuration of Dynamic DHCP Server CC Description o Enable static If checked static DHCP server enabled O DHCP leases MAC Address MAC address of a DHCP client x IP Address Assigned IP address gt z 19 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 4
19. in the archive tar gz file is controlled By Enable automatic update of configuration it is possible to enable automatic configuration update By Enable automatic update of firmware it is possible to enable firmware update KA AA Source Where the router will download the firmware and configuration from e HTTP S FTP S server updates are downloaded from the Base URL address below Used protocol is specified by that ad dress HTTP HTTPS FTP or FTPS e USB flash drive Router finds current firmware or configuration in the root directory of the connected USB device e Both looking for the current firmware or configuration from both sources Base URL Enter the base part of the domain or IP address to download the up dates from Specify the communication protocol by the address HTTP HTTPS FTP or FTPS Unit ID Name of configuration name of the file without extension If the Unit ID is not filled the MAC address of the router is used as the filename the delimiter colon is used instead of a dot Update Hour Use this item to set the hour range 1 24 when the automatic update will be performed every day If the time is not specified automatic update is performed five minutes after turning on the router and then every 24 hours If the detected configuration file is different from the running one it is downloaded and the router is restarted automatically to make it run infoOlucom de Table 71 Automatic updat
20. properties signal Signal level of access point AP last seen Last response time of access point AP SSID Identifier of access point AP Supported rates Supported rates of access point AP DS Parameter set The channel on which access point AP broadcasts ERP Extended Rate PHY information element providing backward compatibility Extended supported Supported rates of access point AP that are beyond the scope rates of eight rates mentioned in Supported rates item RSN Robust Secure Network The protocol for establishing a se cure communication through wireless network 802 11 Table 11 Information about Neighbouring WiFi Networks infoOlucom de www lucom de 10 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SMARTWORX ENABLING CONNECTED INTELLIGENCE WiFi Scan List of BSSs BSS 00 22 88 02 0b bd on wlan0 TSF 446998707938 usec 5d 04 09 58 freq 2447 beacon interval 100 Capability ESS Privacy ShortSlotTime 0x0411 signal 87 00 dBm last seen 930 ms ago Information elements from Probe Response frame SSID conelguest Supported rates 1 0 2 0 5 5 11 0 6 0 9 0 12 0 18 0 DS Parameter set channel ERP Barker_Preamble_ Mode Extended supported rates 24 0 36 0 48 0 54 0 RSN Version 1 Group cipher CCMP Pairwise ciphers CCMP Authentication suites PSK Capabilities 16 PTKSA RC 0x000c HT capabilit
21. v SSID WiFiNetwork Broadcast SSID enabled v Probe Hidden SSID O l Country Code HW Mode IEEE 802 11b Channel D BW 40 MHz WMM Authentication WPA2 PSK _ Encryption AES v WEP Key Type ASCII v WEP Default Key 1 v WEP Key 1 WEP Key 2 WEP Key 3 WEP Key 4 WPA PSK Type ASCII passphrase v WPA PSK WiFiPassword Secondary SIM card APN Username Password Authentication PAP or CHAP IP Address Phone Number v PAP or CHAP Operator Network Type automatic selection PIN MRU 1500 MTU 1500 DNS Settings DNS Server get from operator Ping IP Address 8 8 8 8 Ping Interval 60 v automatic selection 1500 11500 v get from operator ORATION IN TYP SITUATIONS bytes bytes 3 essary for uninterrupted operation The feature of check connection to mobile i Check Connection enabled bind v disabled sec Figure 88 Backed up access to the Internet Mobile WAN configuration LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de 104 info lucom de www lucom de BB Sm MA IGURATION IN TYP SITUATIONS ENABLING CONNECTED INTELLIGENCE Backup Routes configuration Finally configure the priorities of the backup routes The eth1 wired connection has the highest priority in this situation In case of failure the second priority has WiFi wlanO network interface and t
22. 1 This can be changed after login to the router in the LAN item in the Config uration section see figure 82 In this case there is no need of any additional configuration DHCP server is also enabled by factory default so the first connected computer will get the 192 168 1 2 IP address etc Other configuration possibilities are described in the chapter 4 1 www lucom de 100 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SMARTW RX SIGURATION IN TYP SITUATIONS ENABLING CONNECTED INTELLIGENCE General Mobile WAN WiFi WiFi Scan Network DHCP IPsec Primary LAN Secondary DHCP Client disabled v disabled IP Address 192 168 1 1 Subnet Mask 255 255 255 0 Bridged no v no Media Type auto negotiation X auto negot DynDNS System Log Default Gateway DNS Server Configuration Y Enable dynamic DHCP leases IP Pool Start 192 168 1 2 IP Pool End 192 168 1 254 Lease Time 600 sec Mobile WAN PPPoE WiFi Figure 82 Access to the Internet from LAN LAN configuration Mobile WAN Configuration Connection to the mobile network can be configured in the Mobile WAN item in the Configuration section see fig 83 In this case depending on the SIM card the configuration form can be blank just make sure that Create connection to mobile network on the top is checked factory default For more details
23. 20 0 0 KB 0 KB 0 KB 0 0 0 Mobile Network Connection Log 2013 07 10 11 52 40 Connection successfully established 2013 07 10 21 17 21 Terminated by signal 2013 07 10 21 18 01 Connection successfully established 2013 07 11 08 39 20 Terminated by signal 2013 07 11 08 40 01 Connection successfully established 2013 07 11 09 22 24 Terminated by signal 2013 07 11 09 23 08 Connection successfully established Figure 2 Mobile WAN status www lucom de 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de 17 10 15 BB SMARTWORX 3 STATUS ENABLING CONNECTED INTELLIGENCE 3 3 WiFi db This item is available only if the router is equipped with a WiFi module After selecting the WiFi item in the main menu of the web interface information about WiFi access point AP and associated stations is displayed KC A hostapd state dump Time the statistical data relates to num_sta Number of connected stations num_sta_non_erp Number of connected stations using 802 11b in 802 11g BSS connection num_sta_no_short_slot_ time Number of stations not supporting the Short Slot Time num_sta_no_short_preamble Number of stations not supporting the Short Preamble Table 9 State Information about Access Point More detailed information is displayed for each connected client Most of them has an internal character let us mention only the following KA AA STA MAC ad
24. 6 ADMINISTRATION ENABLING CONNECTED INTELLIGENCE During the firmware update the router will show the following messages The progress is shown in the form of adding dots Firmware jate Do not turn off the router during the firmware update The firmware update can take up to 5 minutes to complete Uploading firmware to RAM ok Checking firmware validity ok Backing up configuration ok PAI Uni a ok Reboot in progress Continue here after reboot After the firmware update the router will automatically reboot a Uploading firmware intended for a different device can cause damage to the router Starting with FW 5 1 0 mechanism to prevent multiple startup of firmware update is added Firmware update can cause incompatibility with the user modules It is recommended that you update user modules to the most recent version Information about the user module and the firmware compatibility is at the beginning of the user module s Application Note 6 11 Reboot To reboot the router select the Reboot menu item and then press the Reboot button Reboot The reboot process will take about 20 seconds to complete Reboot Figure 80 Reboot 99 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de infoolucom de www lucom de BB mao ENABLING CONNECTED INTELLIGENCE GURATION IN TYP SITUATIONS 7 Configuration in T
25. CONFIGURATION ENABLING CONNECTED INTELLIGENCE PLC PC Jii pppO 10 0 0 1 RS232 pppO 10 0 0 2 Settings in the router Settings in the router Mode TCP Client Mode TCP Server Server Addres 10 0 0 2 Server Addres TCP Port 2000 TCP Port 2000 Figure 59 Example 2 expansion port configuration All v3 routers provide a program called getty which allows user to connect to the router via the serial line router must be fitted with an expansion port RS232 Getty displays the prompt and after entering the username passes it on login program which asks for a password verifies it and runs the shell After logging in it is possible to manage the system as well as a user is connected via SSH infoolucom de www lucom de 83 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SMARTW RX 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE 4 21 USB Port Configuration The USB port configuration can be made choosing USB Port option in the menu Config uration can be done if USB RS232 converter connected CA Deseription Baudrate Applied communication speed Data Bits Number of data bits Parity Control parity bit e none will be sent without parity e even will be sent with even parity e odd will be sent with odd parity Stop Bits Number of stop bit Split Timeout Time to rupture reports If you receive will i
26. ENABLING CONNECTED INTELLIGENCE Continued from previous page KC EA HW Mode HW mode of WiFi standard the access point AP will support IEE 802 11b IEE 802 11b g IEE 802 11b g n IEE 802 11a IEE 802 11a n Channel Channel where the WiFi AP is transmitting Channels 12 13 and 14 can be selected only in countries where they are allowed on the basis of country code BW 40 MHz Option for HW mode 802 11n that allows using of two standard 20 MHz channels simultaneously Option is available in the STA mode also and it has to be enabled in both the AP and STA mode if using the high throughput mode WMM Enables basic QoS for WiFi networks This version doesn t guaran tee network throughput It is suitable for simple applications requiring Qos Authentication Provides access control of authorized users in WiFi network e Open authentication is not required free access point e Shared base authentication using WEP key e WPA PSK authentication using better authentication method PSK PSK e WPA2 PSK authentication using AES encryption Encryption Type of data encryption in WiFi network e None No data encryption infoOlucom de e WEP Encryption using static WEP keys This encryption can be used for Shared authentication e TKIP Dynamic management of encryption keys which can be used for WPA PSK and WPA2 PSK authentication e AES Improved encryption used for WPA2 PSK authentication Contin
27. General item This page is also displayed when you login to the web interface Information is divided into a several of separate blocks according to the type of router activity or the properties area Mobile Connection Primary LAN Secondary LAN Peripherals Ports and System Information If the router is SWITCH or RS232 RS485 ETH version there will be Tertiary LAN block displayed If the router is WiFi equipped there will be WiFi block displayed too 3 1 1 Mobile Connection CA EX SIM Card Identification of the SIM card Primary or Secondary Interface Defines the interface Flags Displays network interface flags IP Address IP address of the interface MTU Maximum packet size that the equipment is able to transmit Rx Data Total number of received bytes Rx Packets Received packets Rx Errors Erroneous received packets Rx Dropped Dropped received packets Rx Overruns Lost received packets because of overload Tx Data Total number of sent bytes Tx Packets Sent packets Tx Errors Erroneous sent packets Tx Dropped Dropped sent packets Tx Overruns Uptime Lost sent packets because of overload Indicates how long the connection to mob network is established Table 1 Mobile Connection LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de info lucom de www lucom de 17 10 15 BB SMARTWORX 3 STATUS ENABLING CONNECTED INTELLIGENCE 3 1 2 Primary LA
28. IP address 192 168 1 10 e Client with MAC address 01 54 68 18 ba 7e has IP address 192 168 1 11 E 192 168 1 2 192 168 1 3 re pe ak x BO A GSM GPRS 192 168 1 1 192 168 1 10 192 168 1 11 01 23 45 67 89 ab 01 54 68 18 ba 7e Figure 13 Example 2 Network Topology with both Static and Dynamic DHCP Servers Primary LAN Configuration DHCP Client disabled IP Address 192 168 1 1 Subnet Mask 255 255 255 0 Default Gateway P DNS Server Bridged Media Type auto negotiation PoE PSE disabled 4 Enable dynamic DHCP leases IP Pool Start 192 168 1 2 IP Pool End 192 168 1 4 Lease Time 600 infoolucom de 4 Enable static DHCP leases MAC Address IP Address 01 23 45 67 89 ab 192 168 1 10 01 54 68 18 ba 7e 192 168 1 11 Figure 14 Example 2 LAN Configuration Page www lucom de 21 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de eB SS MARTWDEA 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE Example 3 The network interface with default gateway and DNS server e Default gateway IP address is 192 168 1 20 e DNS server IP address is 192 168 1 20 qe 192 168 1 2 192 168 1 3 ji xo g a E Y 192 168 1 20 GSM GPRS 192 168 1 1 Figure 15 Example 3 Network Topology Primary LAN Configuration DHCP Client disabled IP Address 192 168 1 1 Subne
29. Identification Number code to prevent unauthorized use of the SIM card The PIN code must be entered each time that the SIM card is powered up The SPECTRE v3 cellular router supports the use of a SIM card with a PIN number Enter the PIN number into the SIM PIN field on the configuration page and select Apply dh Access to the SIM card is blocked if the PIN code is incorrectly entered 3 times Contact your SIM card provider if it has been blocked Unlock SIM Card SIM PIN Figure 76 Unlock SIM card 6 7 Send SMS db The SPECTRE v3 ERT routers do not support the Send SMS option You can send an SMS message from the router to test the cellular network To send an SMS message select Send SMS from the configuration menu Enter the phone number and text of the message into the text boxes and click the Send button It may take a few seconds to send the message The maximum length of the SMS is 160 characters To send longer messages install the pduSMS user module Phone number infoolucom de Message Figure 77 Send SMS Itis also possible to send an SMS message using an HTTP request in the form GET send_exec cgi phone 2B4207123456788message Test HTTP 1 1 Authorization Basic cm9vdDpyb290 www lucom de 97 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de 17 10 15 B B SMARTWORX 6 ADMINISFRATIO
30. Note 93 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de info lucom de www lucom de BB Smarivens 6 ADMINISTRATION ENABLING CONNECTED INTELLIGENCE 6 Administration 6 1 Users db This configuration form is not available for users with role User Use Users item in the Administration part of the main menu for managing user accounts The first block of this form contains overview of added users The table below describes mean ing of all buttons in this block CTA AI Lock Locks user account This user is not allowed to log in to the router neither web interface nor SSH Change Password Allows to change password for corresponding user Delete Deletes corresponding user account Table 73 Users overview Be careful If you lock all accounts with permissions role Admin it will not be possi ble to unlock these accounts This also means that the Users item will be unavailable A for all users because all admins are locked and users don t have sufficient per missions The second block contains configuration form which allows you to add new user All items are described in the table below 2 fitem Description E Role Defines type of user account e User user with basic permissions E e Admin user with full permissions O tjaa ES Username Username for logging into the web interface Password Password for l
31. SNMP Object Identifier 8 infooOlucom de www lucom de 70 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SARDARA C 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE SNMP Configuration Y Enable SNMP agent Name Conel Location Usti nad Orlici i Contact Jack Roghul 420 732 123 4 4 Enable SNMPv1 v2 access Community public J Enable SNMPv3 access Username Authentication Authentication Password Privacy Privacy Password W Enable I O extension Enable M BUS extension Baudrate 300 Parity even Stop Bits 1 J Enable reporting to supervisory system IP Address Period can be blank Figure 50 Example of SNMP configuration infoolucom de www lucom de 71 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SMARTWSRX 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE MG SOFT MIB Browser Professional Edition File Edit View SNMP Action Tools Window Help HORM HOLT mas ida3Sosa Query MIB Ping Remote SNMP agent Split 182 168 2 250 AaB a MIB tree Vertical Query results E G MIB Tree A le ccitt Remote address 192 168 2 250 port 161 transport IP UDP SE iso Local address 192 168 2 115 port 4915 transport IP UDP iS Protocol ver
32. Secure Shell SSH Configuration via Web Browser is described in this Configuration Manual Commands and scripts applicable in configuration via SSH are described in Commands and Scripts for v2 and v3 Routers Application Note 1 The standard and optional equipment and technical parameters of your router can be found in User s Manual of your router You can use additional software communication VPN server SmartCluster 2 and software for router monitoring R SeeNet 3 4 infooOlucom de This Configuration Manual describes e Configuration of the router item by item according to the web interface chapters 3 to 6 e Examples of these typical configurations of the router chapter 7 Access to the Internet from LAN Local Area Network via mobile network Backed up access to the Internet from LAN Secure networks interconnection or using VPN Virtal Private Network Serial Gateway connection of serial devices to the Internet www lucom de 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB mao 2 ENABLING CONNECTED INTELLIGENCE 2 Access to the Web Configuration Attention The cellular router will not operate unless the cellular carrier has been correctly Q configured and the account activated and provisioned for data communications For mobile technology carriers a SIM card must be inserted into the router Do not inse
33. be saved The second button Save Report is used for creating detailed report generates all information needed by support in one text file in the txt format statistical data routing and process tables system log configuration The default length of the system log is 1000 lines After reaching 1000 lines the new file is created for storing the system log After completion of 1000 lines in the second file the first file is overwritten with the new one Output of the system log is done by the Syslogd program It can be started with two options to modify its behavior Option S followed by decimal number sets the maximal number of lines in one log file Option R followed by hostname or IP address enables logging to a remote syslog daemon If the remote syslog deamon is Linux OS there has to be remote logging enabled typically running syslogd R If it s the Windows OS there has to be syslog server installed e g Syslog Watcher To start syslogd with these options the etc init d syslog script can be modified via SSH or lines can be added into Startup Script accessible in Configuration section according to figure 10 infoolucom de www lucom de 16 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB Aaa ENABLING CONNECTED INTELLIGENCE System Log System Messages 2013 07 02 12 46 14 System log daemon started 2013 07 02 1
34. connection has to be enabled OpenVPN configuration is accessible in the Configuration section in the OpenVPN item Choose one of two possible tunnels and enable it checking the Create 1st OpenVPN tunnel see fig 91 It s necessary to fill in the protocol and port according to the data about opposite side of the tunnel or Open VPN server Fill in the public IP address of the opposite side of the tunnel including the remote subnet and mask not necessary Important items are Local and Remote Interface IP Address where the interfaces of the tunnel s ends has to be filled in In this situation the pre shared secret was know so choose this option in the Authentication Mode item and insert the secret key into the field Confirm the configuration clicking the Apply button For detailed configuration see chapter 4 10 or Application Note 5 General Create 1st OpenVPN tunnel Mobile WAN Description myTunnel mel Protocol UDP v WiFi Scan TERE UDP Port 3000 DHCP Remote IP Address 10 0 6 239 IPsec Remote Subnet 10 40 28 0 OMENS Remote Subnet Mask 255 255 252 0 System Log x Redirect Gateway no v Configuration Local Interface IP Address 100 100 100 2 LAN Remote Interface IP Address 100 100 100 1 VRRP Ping Interval 10 sec SELLE Ping Timeout 30 sec PPPoE WiFi Renegotiate Interval sec WLAN Max Fragment Size bytes Backup Routes Compression LZO v Firewall NAT Rules not applied v NA r OpenVPN Authenticate Mode pre shared secre
35. possible parameters see the Help in the router via SSH run the openvpnd help command infoOlucom de Table 37 OpenVPN configuration www lucom de 52 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de B B Suara 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE The changes in settings will apply after pressing the Apply button OpenYPN Tunnel Configuration O Create 1st OpenVPN tunnel Description Protocol UDP v UDP port 1194 Remote IP Address Remote Subnet Remote Subnet Mask Redirect Gateway no e Local Interface IP Address Remote Interface IP Address Ping Interval sec Ping Timeout sec Renegotiate Interval sec Max Fragment Size F E bytes Compression LZO v NAT Rules not applied v Authenticate Mode none 2 Pre shared Secret CA Certificate DH Parameters Extra Options can be blank c3 Local Certificate Lo Local Private Key Username G Password O Qo u m Figure 36 OpenVPN tunnel configuration www lucom de 53 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SMARTWORX i 4 CONFIGURATION ENABLING CONNECTED INTE
36. the IP address Table 29 Configuration of DHCP server All changes in settings will apply after pressing the Apply button WLAN Configuration J Enable WLAN interface Operating Mode access point AP DHCP Client disabled IP Address 7 Subnet Mask Bridged Default Gateway DNS Server IP Pool Start IP Pool End 1192 168 3 254 Lease Time 1600 j Figure 26 WLAN configuration infoolucom de www lucom de 40 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de B B SMARTW RX _ 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE 4 7 Backup Routes Using the configuration form on the Backup Routes page can be set backing up primary connection by other connections to internet mobile network For each back up connection can be defined a priority Own switching is done based on set priorities and state of the connection for Primary LAN and Secondary LAN If Enable backup routes switching option is checked the default route is selected accord ing to the settings below Namely according to status of enabling each of backup route i e Enable backup routes switching for Mobile WAN Enable backup routes switching for PPPoE Enable backup routes switching for WiFi STA Enable backup routes switching for Primary LAN or Enable backup routes switching for Secondary LAN according to explicitly set pri orities and according to status of connection c
37. the subject subject body message message and attachment abc doc right from the directory c directory and attempts to send 5 times 4 19 SMS Configuration SMS configuration can be invoked by SMS item in the Configuration section Sending of SMS can be defined in various events and states of the router Sending od SMS can be configured in the first part of the window CI EA Send SMS on power up Automatic sending of SMS messages after power up Send SMS on connect to mobile Automatic sending SMS message after connection to network mobile network Send SMS on disconnect to mo Automatic sending SMS message after disconnection bile network to mobile network Send SMS when datalimit Automatic sending SMS message after datalimit ex exceeded ceeded Send SMS when binary input on Automatic sending SMS message after binary input I O port BINO is active on I O port BINO is active Text of message is in tended parameter BINO Add timestamp to SMS Adds time stamp to sent SMS messages This stamp has a fixed format YYYY MM DD hh mmiss Phone Number 1 Telephone numbers for sending automatically gener ated SMS Phone Number 2 Telephone numbers for sending automatically gener ated SMS Phone Number 3 Telephone numbers for sending automatically gener ated SMS Unit ID The name of the router that will be sent in an SMS BINO SMS SMS text messages when activate the first binary in put on the router Table 56 Send SMS conf
38. time on answer Keepalive Probes Number of tests Table 68 USB PORT configuration 2 When item Use CD as indicator of the TCP connection selected indication of the TCP connection state using signal CD DTR on the router would be activated Active TCP connection is on Nonactive TCP connection is off Table 69 CD signal description When item Use DTR as control of TCP connection selected control of the TCP connection using signal CD DTR on the router would be activated DTR Description client Active The router allows a TCP connection Router starts TCP connection Nonactive The router doesn t allow a TCP conn Router stops TCP connection Table 70 DTR signal description Supported USB RS232 converters e FTDI e Prolific PL2303 e Silicon Laboratories CP210x The changes in settings will apply after pressing the Apply button infoOlucom de www lucom de 85 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB maana 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE USB Port Configuration C Enable USB serial converter access over TCP UDP Baudrate Y Data Bits Parity Stop Bits Split Timeout Protocol Mode Server Address TCP Port Inactivity Timeout 1 Reject new connections Check TCP connection Keepalive Time 13600 Keepalive Interval 1 0 Keepalive Probes 5 j Use CD as indic
39. to the default SIM card or APN CAI EXA Initial timeout The first attempt to switch back to the primary SIM card or APN shall be made for the time defined in the parameter Initial Time out range of this parameter is from 1 to 10000 minutes Subsequent Timeout In an unsuccessful attempt to switch to default SIM card the router on the second attempt to try for the time defined in the parameter Subsequent Timeout range is from 1 to 10000 min Additive constants Any further attempt to switch back to the primary SIM card or APN shall be made in time computed as the sum of the previous time trial and time defined in the parameter Additive constants range is 1 10000 minutes Table 25 Switch between SIM card configurations Example If parameter Switch to default SIM card after timeout is checked and parameters are set as follows Initial Timeout 60 min Subsequent Timeout 30 min and Additive Timeout 20 min the first attempt to switch the primary SIM card or APN shall be carried out after 60 minutes Switched to a failed second attempt made after 30 minutes Third after 50 minutes 30 20 Fourth after 70 minutes 30 20 20 infoOlucom de 4 3 6 PPPoE Bridge Mode Configuration If the Enable PPPoE bridge mode option selected it activate the PPPoE bridge protocol PPPoE point to point over ethernet is a network protocol for encapsulating Point to Point Protocol PPP frames inside Ethernet frames Allows you to create a PPPoE co
40. will be sent out according to the routing table If the forwarding rule does not exist packet will be dropped In tables with rules it is possible to allow all traffic within the selected protocol the rule cd specifies only a protocol Or you can create strict rules by specifying source and destination O IP addresses and ports E 9 IE Description 5 Source IP address of source device 6 Destination IP address of destination device AS Protocol Specifies protocol for remote access e all access is enabled for all protocols e TCP access is enabled for TCP protocol e UDP access is enabled for UDP protocol e ICMP access is enabled for ICMP protocol Target Port The port number on which access to the router is allowed Continued on next page www lucom de 43 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SS MARTWDEA 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE Continued from previous page KC PEA Action Type of action e allow access is allowed e deny access is denied Table 32 Forwarding filtering There is also the possibility to drop a packet whenever request for service which is not in the router comes check box named Enable filtering of locally destinated packets The packet is dropped automatically without any information As a protection against DoS attacks this means attacks during which the targ
41. 00 4 73 53 Example 1 SMSconfiguration 0 0022 0002s 78 54 Example 2 SMSconfiguration 00 200002 eee 78 55 Example 3 SMS configuration 000 22022 eee 79 56 Example 4 SMS configuration 0 00 22002 eee 79 57 Expansion port configuration 2 000 82 58 Example 1 expansion port configuration 20 82 59 Example 2 expansion port configuration 20 83 60 USB configuration o oo a 86 61 Example 1 USB port configuration ooo o e 86 62 Example 2 USB port configuration ooo oa e e 87 63 Startup script es aa uaa aae E AeA EEN EA eee ee G 88 64 Example of Startup script aooaa a 88 65 UP DOWN Scipia r ea a ene a te een OE ee ort ees 89 66 Example of Up Down script 000200000 eee 89 67 Example of automatic update 1 2 22s2 tee ee ei wee ee teces 91 ra 68 Example of automatic update 2 2642 ke ee a eee eee ee ee eee 91 O 69 User modules setas teo e be eee a ia 92 70 Added user module 22434424444 5445 54644548 2556 a ee eS 92 e Alo MUSEtS ea ps ln e a a da e ae 95 72 Change profile s eeso r ec a do 2844 6402 Gi Sted 95 73 Change passWord s s sos aos a atra a See ee oe ee a 96 74 Setreal me clock 2 da ea mr e E a EE E E 96 Q 75 Set SMS service center address aaou aaa a a a a 96 ES 76 Unlock SIM card 2 224 225 52525 24 e a a 97 I
42. 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB Santen E ASOF TABLES ENABLING CONNECTED INTELLIGENCE List of Tables 1 Mobile Connection lt s s ans a a soos aa o e s iE ee 4 2 POE PSE iNforMmatON a es emo re a E a e a a 5 3 Peripheral Ports co ete aee e a tae a a aa 5 4 System Information oaoa 6 5 Mobile Network Information aaa a 7 6 Description of Periods lt uta a le a ee Stee ee 7 7 Mobile Network Statistics ooa eee eee 7 8 Traffic Statistics 2 22 ba bee ee Rh ee eee Seb ee ewe a a 8 9 State Information about Access Point 0 9 10 State Information about Connected Clients 9 11 Information about Neighbouring WiFi Networks 10 12 Description of interface in network StatUS o 12 13 Description of Information in Network Status 13 14 DHCP status descripti0N se lt soi e aosa gae o e 14 15 Configuration of the Network Interface 0 o 19 16 Configuration of Dynamic DHCP Server o e 19 17 Configuration of Static DHCP Server 0 o 19 18 VRRPconfiguration s os oe seee a a a a a aa a a i 23 19 Check connection outra e 52454656 e E a Bee es 23 20 Mobile WAN connection configuration aooaa aa a 26 21 Check connection to mobile network co
43. 2 46 19 pppsd 426 pppsd started 2013 07 02 12 46 19 pppsd 426 module is turned on 2013 07 02 12 46 19 pppsd 426 selected SIM 1st 2013 07 02 12 46 19 dnsmasq 453 started version 2 59 cachesize 150 2013 07 02 12 46 19 dnsmasq 453 cleared cache 2013 07 02 12 46 19 bard 455 bard started 2013 07 02 12 46 19 pppsd 426 selected APN conel agnep cz 2013 07 02 12 46 19 pppsd 426 waiting for registration 2013 07 02 12 46 20 pppsd 426 starting usbd 2013 07 02 12 46 20 usbd 500 usbd started 2013 07 02 12 46 20 usbd 500 establishing connection 2013 07 02 12 46 20 sshd 506 Server listening on 0 0 0 0 port 22 2013 07 02 12 46 29 usbd 500 connection established 2013 07 02 12 46 29 usbd 500 local IP address 10 0 1 229 2013 07 02 12 46 29 usbd 500 primary DNS address 10 0 0 1 2013 07 02 12 46 29 bard 455 backup route selected Mobile WAN 2013 07 02 12 46 29 bard 455 script etc scripts ip up started 2013 07 02 12 46 30 bard 455 script etc scripts ip up finished status 0x0 2013 07 02 12 46 31 dnsmasq 453 reading etc resolv conf 2013 07 02 12 46 31 dnsmasq 453 using nameserver 10 0 0 1453 Save Log Save Report Figure 9 System Log Example of logging into the remote daemon at 192 168 2 115 Startup Script bin sh This script will be executed after all the other init scripts You can put your own initialization stuff in here killall syslogd syslogd R 192 168 2 115 Fi
44. 60 10 Fax 09127 59 460 20 www lucom de BB maana 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE Do not overlap the static IP addresses with the addresses allocated by the dynamic DHCP address pool Otherwise the network may function incorrectly Example 1 The network interface with dynamic DHCP server e The range of dynamic allocated addresses from 192 168 1 2 to 192 168 1 4 e The address is allocated 600 second 10 minutes a a lt 192 168 1 4 GSM GPRS 192 168 1 1 Figure 11 Example 1 Network Topology for Dynamic DHCP Server Primary LAN Configuration DHCP Client disabled IP Address 192 168 1 1 Subnet Mask 255 255 255 0 Default Gateway i 7 DNS Server Bridged no Media Type auto negotiation PoE PSE disabled Y Enable dynamic DHCP leases IP Pool Start 192 168 1 2 IP Pool End 192 168 1 4 Lease Time 600 infoolucom de J Enable static DHCP leases MAC Address IP Address Figure 12 Example 1 LAN Configuration Page www lucom de 20 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB mao 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE Example 2 The network interface with dynamic and static DHCP server e The range of allocated addresses from 192 168 1 2 to 192 168 1 4 e The address is allocated 10 minutes e Client with MAC address 01 23 45 67 89 ab has
45. 8 8 This script will be executed after all the other init scripts You can put your own initialization stuff in here Apply Figure 63 Startup script Change will take effect after shut down and turn on the router This can be done in the Reboot item in the Administration section or by SMS message see SMS Configuration Example of Startup script When start the router stop syslogd program and start syslogd with remote logging on address 192 168 2 115 and limited to 100 entries listing Startup Script infoolucom de Startup Script Hi bin sh 8 This script will be executed after all the other init scripts You can put your own initialization stuff in here killall syslogd syslogd R 192 168 2 115 5 100 Figure 64 Example of Startup script www lucom de 88 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB aro 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE 4 23 Up Down Script In the window Up Down Script it is possible to create own scripts In the item Up script is defined a script which begins after establishing a PPP WAN connection In the item Down Script is defined script which begins after lost a PPP WAN connection The changes in settings will apply after pressing the Apply button Up Down Script Up Script bin sh This script will be executed when PPP WAN connecti
46. 94 ipsecl 500 STATE _MAIN I4 ISAKMP SA established EVENT_SA_REPLACE in 2733s newest ISAKMP lastdpd ls se Figure 7 IPsec Status 3 8 DynDNS status The result of DynDNS record update from the server www dyndns org can be invoked pressing the DynDNS item in the Status menu DynDNS Status Last DynDNS Update Status DynDNS record successfully updated Figure 8 DynDNS status infoolucom de www lucom de 15 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de B B SMARTW RX i J 3 STATUS ENABLING CONNECTED INTELLIGENCE Following messages are possible when detecting the status of DynDNS record update DynDNS client is disabled Invalid username or password Specified hostname doesn t exist Invalid hostname format Hostname exists but not under specified username No update performed yet DynDNS record is already up to date DynDNS record successfully update e DNS error encountered e DynDNS server failure gh For correct function of DynDNS SIM card of router must have public IP address assigned 3 9 System Log In case of any connection problems it is possible to view the system log by pressing the System Log menu item Detailed reports from individual applications running in the router are displayed Use the Save Log button to save the system log to a connected computer the text file with the log extension will
47. CP con estab Router stops TCP connection Table 66 DTR signal description The changes in settings will apply after pressing the Apply button www lucom de 81 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB Santen J 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE Expansion Port 1 Configuration Enable expansion port 1 access over TCP UDP HW flow control not supported Port Type RS 232 Baudrate E Data Bits Parity Stop Bits Split Timeout Protocol Mode Server Address TCP Port Inactivity Timeout Reject new connections LJ Check TCP connection Keepalive Time 3600 Keepalive Interval 10 Keepalive Probes 15 Use CD as indicator of TCP connection Use DTR as control of TCP connection can be blank Figure 57 Expansion port configuration Examples of the expansion port configuration PC ppp0 10 0 0 1 ee 192 168 1 1 Eon pppO 10 0 0 2 infoolucom de 192 168 1 100 Settings in application on PC Settings in the router TCP connection on 10 0 0 2 2000 Mode TCP Server Default Gateway 192 168 1 1 Server Addres TCP Port 2000 Figure 58 Example 1 expansion port configuration www lucom de 82 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB Santen J 4
48. DBUS TCP IP protocol to MDBUS RTU protocol which can be operated on the serial line Provides secure connection of LAN network behind our router with LAN network behind CISCO router NMAP Allows to do TCP and UDP scan Daily Reboot Allows to perform daily reboot of the router at the specified time HTTP Authentication Adds the process of authentication to a server that doesn t pro vide this service BGP RIP OSPF Add support of dynamic protocols PIM SM Adds support of multicast routing protocol PIM SM WMBUS Concentrator Allows to receive messages from WMBUS meters and saves contents of these messages to XML file pduSMS Sends short messages SMS to specified number GPS Allows router to provide location and time information in all weather anywhere on or near the Earth where there is an un obstructed line of sight to four or more GPS satellites Pinger Allows to manually or automatically verify the functionallity of the connection between two network interfaces ping IS IS Add support of IS IS protocol Table 72 User modules Attention In some cases the firmware update can cause incompatibility with used user de modules Some of them are dependent on the version of the Linux kernel e g SmsBE and PoS Configuration lt is recommended that you update user modules to the most recent version Information about the user module and the firmware compatibility is at the beginning of the user module s Application
49. ES MS E a 97 78 Restore configuration ee 98 79 Update Firmware a soa aca escondo Ge a a ee ee 98 Lo o AA A ee eee 99 E 81 Access to the Internet from LAN topology of the example 100 Oo 82 Access to the Internet from LAN LAN configuration 101 S 83 Access to the Internet from LAN Mobile WAN configuration 101 2 84 Backed up access to the Internet topology of the example 102 v 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB Santen LIST OF FIGURES ENABLING CONNECTED INTELLIGENCE 85 Backed up access to the Internet LAN configuration 102 86 Backed up access to the Internet WLAN configuration 103 87 Backed up access to the Internet WiFi configuration 104 88 Backed up access to the Internet Mobile WAN configuration 104 89 Backed up access to the Internet Backup Routes configuration 105 90 Secure networks interconnection topology of the example 106 91 Secure networks interconnection OpenVPN configuration 107 92 Serial Gateway topology ofthe example 00 4 108 93 Serial Gateway konfigurace Expansion Port 00 109 2 z O O O Sees O O gt vi 17 10
50. GENCE ones Checking can be set separately for two SIM cards or two APNs As a ping address can be used an IP address for which it is certain that it is still functional and is possible to send ICMP ping e g DNS server of operator In the case of the enabled option ping requests are sent on the basis of routing table Thus the requests may be sent through any available interface If you require each ping request to be sent through the network interface which was created on the occasion of establishing a connection to the mobile operator it is necessary to set the Check Connection item to enabled bind The disabled variant deactivates checking the connection to mobile network KC EA Ping IP Address Destinations IP address or domain name of ping queries Ping Interval Time intervals between the outgoing pings Table 21 Check connection to mobile network configuration If the Enable Traffic Monitoring option is selected then the router stops sending ping ques tions to the Ping IP Address and it will watch traffic in connection to mobile network If this connection is without traffic longer than the Ping Interval then the router sends ping questions to the Ping IP Address dl Attention The enabling of Check connection to mobile network is necessary for uninterrupted and lasting operation of the router 4 3 4 Data Limit Configuration CAI p PESC riptin Data limit With this parameter you can set the maximum expected amount of da
51. H Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SS MARTWDEA 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE Tips for working with the Mobile WAN configuration form e If the size is set incorrectly data transfer may not be succeeded By setting a lower MTU it occurs to more frequent fragmentation of data which means higher overhead and also the possibility of damage of packet during defragmentation On the contrary the higher value of MTU can cause that the network does not transfer the packet If the IP address field is not filled in the operator automatically assigns the IP address when it is establishing the connection If filled IP address supplied by the operator router accelerate access to the network If the APN field is not filled in the router automatically selects the APN by the IMSI code of the SIM card If the PLMN operator number format is not in the list of APN then default APN is internet The mobile operator defines APN e f the word blank is filled in the APN field router interprets APN as blank db ATTENTION e If only one SIM card is plugged in the router router has one slot for a SIM card router switches between the APN Router with two SIM cards switches between SIM cards e Correct PIN must be filled For SIM cards with two APN s there will be the same PIN for both APN s Otherwise the SIM card can be blocked by false SIM PIN ltems
52. LLIGENCE Example of the OpenVPN tunnel configuration Ia Uz 192 168 1 2 pppO 10 0 0 1 192 168 1 0 Roimela n 16 1 ppp 0 0 META 192 168 2 0 tun0 19 16 2 0 aoe eet Default Gateway 192 168 1 1 Default Gateway 192 168 2 1 aes Figure 37 Topology of OpenVPN configuration example OpenVPN tunnel configuration Configuration ICON ON Protocol UDP UDP UDP Port 1194 1194 Remote IP Address 10 0 0 2 10 0 0 1 Remote Subnet 192 168 2 0 192 168 1 0 2 Remote Subnet Mask 255 255 255 0 255 255 255 0 z Local Interface IP Address 19 16 1 0 19 16 2 0 le Remote Interface IP Address 19 16 2 0 19 18 1 0 Compression LZO LZO 6 Authenticate mode none none O Table 38 Example of OpenVPN configuration Examples of different options for configuration and authentication of OpenVPN tunnel can be found in the application note OpenVPN Tunnel 5 www lucom de 54 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SMARTWSRX 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE 4 11 IPsec Tunnel Configuration IPsec tunnel configuration can be called up by option IPsec item in the menu IPsec tunnel allows protected encrypted connection of two networks LAN to the one which looks like one homogenous In the Psec Tunnels Configuration window are four rows each row for one configured one IPsec tunnel KC PEA Create This item enables t
53. M card from which it will try to establish the connection to mobile network If this parameter is set to none the router launches in offline mode and it is necessary to establish connection to mobile network via SMS message Backup SIM card Defines backup APN or SIM card that the router will switch the defining one of the following rules Table 23 Default and backup SIM configuration If parameter Backup SIM card is set to none then parameters Switch to other SIM card when connection fails Switch to backup SIM card when roaming is detected and switch to default SIM card when home network is detected and Switch to backup SIM card when data limit is exceeded and switch to default SIM card when data limit isn t exceeded switch the router to off line mode CI EA Switch to other SIM card when If connection to mobile network fails then this param connection fails eter ensures switch to secondary SIM card or sec ondary APN of the SIM card Failure of the connection to mobile network can occur in two ways When start the router when three fails to establish a connection to mobile network Or if it is checked Check the con nection to mobile network and is indicated by the loss of a connection to mobile network Switch to backup SIM card when In case that the roaming is detected this parameter en roaming is detected and switch ables switching to secondary SIM card or secondary to default SIM card when home APN of the SIM If home
54. N ENABLING CONNECTED INTELLIGENCE The HTTP request will be sent to TCP connection on router port 80 Router sends an SMS message with text Test SMS is sent to phone number 420712345678 Authorization is in the format user password coded by BASE64 6 8 Backup Configuration You may save the current router configuration to a file using the Backup Configuration menu item Administration section It is recommended that you save the current configuration before a firmware update 6 9 Restore Configuration You may restore the router configuration from a file using the Restore Configuration menu item Administration section Restore Configuration Configuration File Proch zet Figure 78 Restore configuration 6 10 Update Firmware Select the Update Firmware menu item to view the current router firmware version and load new firmware into the router To load new firmware browse to the new firmware file and press the Update button to begin the update Do not turn off the router during the firmware update The firmware update can take up to A five minutes to complete Update Firmware Firmware Version 2 0 7 2010 12 16 New Firmware Proch zet p Figure 79 Update Firmware 98 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de info lucom de www lucom de 17 10 15 B B Santen
55. N Secondary LAN Tertiary LAN WiFi Items displayed in this part have the same meaning as items in the previous part More over the MAC Address item shows the MAC address of the corresponding router s interface Primary LAN eth0 Secondary LAN eth1 Tertiary LAN eth2 WiFi wlan0 Visible information depends on configuration see 4 1 or 4 5 If the router is equipped with PoE PSE board there are also information about it in the Primary LAN or Secondary LAN section see table below for description CA EA PoE PSE Status e Disabled PoE PSE is disabled in the Primary LAN or Sec ondary LAN configuration form e Undervoltage Undervoltage i e a lower voltage than the nominal operating voltage e Overcurrent Overcurrent i e a higher current than the permissible positive difference of the nominal current e Idle PoE PSE is enabled but currently not used e Class 0 Power level classification unimplemented e Class 1 Power level very low power e Class 2 Power level low power e Class 3 Power level mid power e Class 4 Power level high power PoE PSE Power Power of PoE PSE W PoE PSE Voltage Voltage of PoE PSE V PoE PSE Current Current of PoE PSE mA Table 2 PoE PSE information 3 1 3 Peripheral Ports KA Description Expansion Port 1 Expansion port fitted to the position 1 None indicates that this position is equipped with no port Expansion Port 2 Expansion port fitt
56. Password can be blank Figure 44 L2TP tunnel configuration www lucom de 63 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de 17 10 15 BB Smarivene _ 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE Example of the L2TP Tunnel configuration Router A pppO 10 0 0 1 192 168 1 1 AA Default Gateway 192 168 1 1 Default Gateway 192 168 2 1 ici Figure 45 Topology of example L2TP tunnel configuration Configuration of the L2TP tunnel Configuration ICONS CO Mode L2TP Server L2TP Client Server IP Address 10 0 0 1 Client Start IP Address 192 168 1 2 Client End IP Address 192 168 1 254 Local IP Address 192 168 1 1 Remote IP Address Remote Subnet 192 168 2 0 192 168 1 0 Remote Subnet Mask 255 255 255 0 255 255 255 0 Username username username Password password password Table 46 Example L2TP tunel configuration 64 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de e3 O z O S 2 O Gam www lucom de 17 10 15 BB SMARTWORX 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE 4 14 PPTP Tunnel Configuration 40 PPTP is an unencrypted protocol To enter the PPTP tunnels configuration select the PPTP menu item PPTP tunnel allows protected connection by password of two networks LAN to the one which it looks like one h
57. S on serial PORT2 configuration Choosing Enable AT SMS protocol on TCP port and enter the TCP port it is possible to send receive an SMS on the TCP port SMS messages are sent with the help of standard AT commands KC AT TCP Port TCP port the sending receiving SMS messages will be allowed on Table 61 Send SMS on ethernet PORT1 configuration 4 19 1 Sending SMS After establishing connection with the router via serial interface or Ethernet it is possible 3 to use AT commands for work with SMS messages The following table lists the commands that are supported by Conel routers For other AT O commands OK response is always sent There is no support for complex AT commands in S such a case ERROR response is sent by router E E AT CGMI Returns the manufacturer specific identity ES AT CGMM Returns the manufacturer specific model identity AT CGMR Returns the manufacturer specific model revision identity AT CGPADDR Displays the IP address of the pppo interface 2 AT CGSN Returns the product serial number E AT CIMI Returns the International Mobile Subscriber Identity number IMSI O AT CMGD Deletes a message from the location Continued on next page 76 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SMARTW RX 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE Continued from previous page AT Command AT CMGF Sets the presentation forma
58. SMS on connect to mobile network Send SMS on disconnect from mobile network Send SMS when datalimit is exceeded C Send SMS when binary input on I O port BINO is active C Add timestamp to SMS Phone Number 1 Phone Number 2 Phone Number 3 Unit ID BINO SMS 4 Enable remote control via SMS Phone Number 1 728123456 Phone Number 2 766254864 Phone Number 3 J Enable AT SMS protocol on expansion port 1 Baudrate 9600 M O Enable AT SMS protocol on expansion port 2 Baudrate 9600 M O Enable AT SMS protocol over TCP TCP Port can be blank infoolucom de Figure 56 Example 4 SMS configuration www lucom de 79 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SMARTWORX 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE 4 20 Expansion Port Configuration Configuration of the expansion port can be done via Expansion Port 1 or Expansion Port 2 items in the menu e f the version of router is with the RS232 interface configuration of the Expansion Port 1 only is needed Expansion Port 2 item is not used With the RS232 RS485 422 interface present configuration of RS232 interface is ac cessible via Expansion Port 1 item and configuration of RS485 or RS422 via Expansion Port 2 item If the version of router is with the RS232 RS485 ETH interface configuration of RS232 interface is accessible via Expansion Port 1 item configur
59. Subnet mask of the opposite side of the tunnel Redirect Gateway Allows to redirect all traffic on Ethernet Local Interface IP IP address of the local side of tunnel Address Remote Interface IP address of interface local side of tunnel IP Address Ping Interval Parameter in seconds defines how often the router will send a message to the remote end to verify that the tunnel is still con nected Ping Timeout Parameter which defines how long the router will wait for a re sponse to the ping in seconds Ping Timeout must be larger than Ping Interval Renegotiate Interval Sets renegotiate period reauthorization of the OpenVPN tunnel This parameter can be set only when Authenticate Mode is set to username password or X 509 certificate After this time period the router changes the tunnel encryption to ensure the continued safety of the tunnel Max Fragment Size Defines maximum packet size Compression Data compression e none No compression is used e LZO Lossless LZO compression Compression has to be selected on both tunnel ends NAT Rules Applies NAT rules to the OpenVPN tunnel infoOlucom de e not applied NAT rules are not applied to the OpenVPN tunnel e applied NAT rules are applied to the OpenVPN tunnel Continued on next page www lucom de 51 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SMARTW RX i 4
60. about TCP connection e TCP client router will connect to a TCP server on the specified IP address and TCP port Server Address In mode TCP client it is necessary to enter the Server IP address TCP Port TCP UDP port the communication is running on for both modes Inactivity Timeout Time period after which the TCP UDP connection is interrupted in case of inactivity Table 63 Expansion Port configuration serial interface If the Reject new connections item is ticked all other connections are rejected This means that it is not possible to establish multiple connections If Check TCP connection checked the check of the connection would be activated KC PEA Keepalive Time Time after which it will carry out verification of the connection Keepalive Interval Waiting time on answer Keepalive Probes Number of tests Table 64 Expansion Port configuration Check TCP connection Table 65 CD signal description When item Use CD as indicator of the TCP connection selected indication of the TCP 2 connection state using signal CD DTR on the router would be activated z TFF O O Active TCP connection is on 2 Nonactive TCP connection is off Sees ES When item Use DTR as control of TCP connection selected control of the TCP connection using signal CD DTR on the router would be activated DTR Description client Active Router allows TCP connect establishm Router starts TCP connection Nonactive Router does not permit T
61. anel binary input an SMS message or Web interface of the router Change Profile Profile Standard Y O Copy settings from current profile to selected profile Figure 72 Change profile 6 3 Change Password infoolucom de You may change the router password using the Change Password menu item Type the new password twice The new password will be saved after pressing the Apply button The default password is root It is strongly recommended that you change the password A during initial setup for higher security Only the first 8 characters of the password are used for the authentication Longer pass words are meaningless This is the standard Unix Crypt mechanism It won t be possible to enable the remote access to the router in NAT until the change of the password is done www lucom de 95 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SMARTWORX 6 ADMINISTRATION ENABLING CONNECTED INTELLIGENCE Change Password New Password Confirm Password Apply Figure 73 Change password 6 4 Set Real Time Clock The internal clock of the router can be altered by selecting the Set Real Time Clock menu item Date and time can be manually set by changing the Date and Time items The clock can also be adjusted by using a NTP server This would require you to enter the IP address or domain name of the NTP Server a
62. are bracket The following items are used to set the routing of all incoming traffic from the PPP to the connected computer KC AA Send all remaining incoming By checking this item and setting the Default Server item packets to default server it is possible to put the router into the mode in which all incoming data from GPRS will be routed to the computer with the defined IP address Default Server IP Address Send all incoming packets to this IP addresses Table 34 Configuration of send all incoming packets infoOlucom de www lucom de 46 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de 17 10 15 BB SMARTWORX J 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE Enable the following options and enter the port number is allowed remote access to the router from the Internet A Attention Enable remote HTTP access on port activates the redirect from HTTP to HTTPS protocol only Router doesn t allow unsecured HTTP protocol to access the web configuration To access the web configuration always check the Enable remote HTTPS ac cess on port item Never enable the HTTP item only to access the web configuration from the Internet configuration would not be accessible from the internet Always check the HTTPS item or HTTPS and HTTP items together to set the redirect from HTTP item eescription Enable remote HTTP access on port This option sets the r
63. ation 40 L2TP is an unencrypted protocol To enter the L2TP tunnels configuration select the L2TP menu item L2TP tunnel allows protected connection by password of two networks LAN to the one which it looks like one homogenous The tunnels are active after selecting Create L2TP tunnel CAI EAS Mode L2TP tunnel mode on the router side e L2TP server in the case of a server must be defined IP address range offered by the server e L2TP client in case of client must be defined the IP address of the server Server IP Address IP address of server Client Start IP Address Start IP address in range which is offered by server to clients Client End IP Address End IP address in range which is offered by server to clients Local IP Address IP address of the local side of the tunnel Remote IP Address IP address of the remote side of the tunnel Remote Subnet Address of the network behind the remote side of the tunnel Remote Subnet Mask The mask of the network behind the remote side of the tunnel Username Username for login to L2TP tunnel Password Password for login to L2TP tunnel Table 45 L2TP tunnel configuration The changes in settings will apply after pressing the Apply button L2TP Tunnel Configuration Create L2TP tunnel Mode L2TP client x Server IP Address Client Start IP A info lucom de Client End IP Ac Local IP Address Remote IP Address Remote Subnet Remote Subnet Mask Username
64. ation of RS485 via Expansion Port 2 item and configuration of ETH ETH2 interface of the rouetr via LAN item the Tertiary LAN column In case of SWITCH version of router 8x Ethernet ETH2 interface of the router the port can be configured in the LAN item Tertiary LAN column see chapter 4 1 In the upper part of the configuration window the port can be enabled and type of the connected port is shown in the Port Type item Other items are described in the table CA EA Baudrate Applied communication speed Data Bits Number of data bits Parity Control parity bit 2 e none will be sent without parity e even will be sent with even parity 2 e odd will be sent with odd parity 3 Stop Bits Number of stop bit o Split Timeout Time to rupture reports If you receive will identify the gap between two e characters which is longer than the parameter value in milliseconds Then all of the received data compiled and sent the message Protocol Protocol e TCP communication using a linked protocol TCP e UDP communication using a unlinked protocol UDP Continued on next page www lucom de 80 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SmaRTWSRX 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE Continued from previous page CA A Mode Mode of connection e TCP server router will listen to incoming requests
65. ator of TCP connection Use DTR as control of TCP connection Apply Figure 60 USB configuration Examples of USB port configuration Equipment PC USB RS232 pppO 10 0 0 1 Aah 192 168 1 1 An pppO 10 0 0 2 192 168 1 100 infoolucom de Settings in application on PC Settings in the router TCP connection on 10 0 0 2 2000 Mode TCP Server Default Gateway 192 168 1 1 Server Addres TCP Port 2000 Figure 61 Example 1 USB port configuration www lucom de 86 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SMARTWORBX 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE Equipment PC USB RS232 bi ppp0 10 0 0 1 pppO 10 0 0 2 Settings in the router Settings in the router Mode TCP Client Mode TCP Server Server Addres 10 0 0 2 Server Addres TCP Port 2000 TCP Port 2000 Figure 62 Example 2 USB port configuration infoolucom de www lucom de 87 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SMARTWORX 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE 4 22 Startup Script In the window Startup Script it is possible to create own scripts which will be executed after all initial scripts The changes in settings will apply after pressing the Apply button Startup Script bin sh 1
66. ble remote SSH access on port 4 Enable remote SNMP access on port Send all remaining incoming packets to default server Default Server IP Address Y Masquerade outgoing packets Apply Figure 34 Example 2 NAT configuration www lucom de 49 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SMARTWSRX 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE In this example there is more equipment connected behind the router using a Switch Every device connected behind the router has its own IP address and this is the address to fill in the Server IP Address field in the NAT configuration These devices are all communicating on the port 80 but you can set the Port Forwarding in the NAT configuration see Figure 31 Public Port and Private Port fields It is now configured to access 192 168 1 2 80 socket behind the router when accessing 10 0 0 1 81 from the Internet and so on If you send the ping request to the public IP address of the router 10 0 0 1 the router will respond as usual not forwarding If you access the IP address 10 0 0 1 in the browser it is port 80 nothing will happen there is neither 80 port in Public Port list defined nor you have checked the Enable remote HTTP access on port 80 And since the Send all remaining incoming packets to default server is not enabled the attempt of connection will lead t
67. cation Authentication protocol in GSM network e PAP or CHAP authentication method is chosen by router e PAP it is used PAP authentication method e CHAP it is used CHAP authentication method IP Address IP address of SIM card The user sets the IP address only in the case IP address was assigned of the operator Phone Number Telephone number to dial GPRS or CSD connection Router as a de fault telephone number used 99 1 Operator This item can be defined PLNM preferred carrier code 2 Network type e Automatic selection router automatically selects transmission z method according to the availability of transmission technology e e Furthermore according to the type of router it s also possible to select a specific method of data transmission GPRS UMTS E PIN PIN parameter should be set only if it requires a SIM card router SIM 2 card is blocked in case of several bad attempts to enter the PIN S MRU Maximum Receiving Unit It s an identifier of maximum size of packet which is possible to receive in a given environment Default value is 1500 B Other settings may cause incorrect transmission of data MTU Maximum Transmission Unit It s an identifier of max size of packet which is possible to transfer in a given environment Default value is 1500 B Other settings may cause incorrect transmission of data Table 20 Mobile WAN connection configuration www lucom de 26 17 10 15 LUCOM Gmb
68. cured encrypted except of the notification messages such as notifications of events Traps To enable using of SNMP service check the Enable SNMP agent item CA A Name Designation of the router Location Placing of the router Contact Person who manages the router together with information how to contact this person Table 51 SNMP agent configuration Enabling SNMPv1 v2 is performed using the Enable SNMPv1 v2 access item lt is also necessary to define a password for access to the SNMP agent Community Standard public is predefined 40 At SNMPv1 v2 it is possible to define a different password for Read community read only and Write community read and write At SNMPv3 you can define two SNMP users One can read only Read the second can read and write Write The items in the following table can be set up for every user separately These are not router s Web interface users just the SNMP access users used to ensure the identity of users e3 The Enable SNMPv3 access item allows you to enable SNMPv3 Then you must define O the following parameters E O IN TT S Username User name E Authentication Encryption algorithm on the Authentication Protocol that is e Sees Authentication Password Password used to generate the key used for authentication Privacy Encryption algorithm on the Privacy Protocol that is used to ensure confidentiality of data Privacy Password Password for encryption on the Privac
69. d for connection to the Internet It can be configured in Secondary LAN Connect the cable to the router and set appropriate values as in the fig 85 here static IP address default gateway and DNS server are configured Changes will take effect clicking on the Apply button Detailed configuration of LAN is described in the 4 1 chapter WLAN and WiFi configuration Its necessary to enable wlan0 network interface in the WLAN item see fig 86 Check the Enable WLAN interface set the Operating Mode to station STA enable the DHCP client and fill in the default gateway and DNS server for accessing the Internet Click the Apply button to confirm the changes For details see chapter 4 6 Configure connection to a WiFi network in the WiFi item see fig 87 Here check the Enable WiFi and fill in the data for connection SSID security password and confirm clicking the Apply button For detailed configuration see 4 5 chapter To verify successful WiFi connection see Status section WiFi item There will be wpa_state COMPLETED written out if connected successfully General Y Enable WLAN interface Mobile WAN Operating Mode station STA M WiFi WiFi Scan DHCP Client enabled a Network IP Address DHCP Subnet Mask IPsec DynDNS Bridged no X System Log Default Gateway 192 168 3 1 Configuration DNS Server 192 168 3 1 LAN VRRP Enable dynamic DHCP leases Mobile WAN IP Pool Start PPPoE IP Pool End Lease Time 0 sec Backup Ro
70. default pass word is set the menu item Change password is highlighted in red If the green LED is blinking you may restore the router to its factory default settings by pressing RST on rear panel The configuration will be restored to the factory defaults and the router will reboot The green LED will be on during the reboot 2 1 Preventing the domain disagreement message Since the domain name in the certificate is the given MAC address of the router it is necessary to access the router via this domain name use dash separators instead of colons To enable this add a DNS record in your DNS system e Edit etc hosts Linux Unix OS e Edit C WINDOWS system32 drivers etc hosts Windows OS e Configure your own DNS server To access the router with MAC address 00 11 22 33 44 55 securely type the address https 00 11 22 33 44 55 in the web browser When accessing for the first time it will be necessary to install a security certificate If using self signed certificate the files https_cert and https_key has to be uploaded into etc certs directory of the router infoolucom de www lucom de 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de 17 10 15 BB aro 3 STATUS ENABLING CONNECTED INTELLIGENCE 3 Status 3 1 General Status A summary of basic information about the router and its activities can be invoked by se lecting the
71. dentify the gap between two characters which is longer than the parameter value in millisec onds Then all of the received data compiled and sent the message Protocol Communication protocol e TCP communication using a linked protocol TCP e UDP communication using a unlinked protocol UDP the router will communicate on Inactivity Timeout Time period after which the TCP UDP connection is interrupted in case of inactivity Mode Mode of connection e TCP server router will listen to incoming requests about TCP connection e TCP client router will connect to a TCP server on the speci fied IP address and TCP port O O Server Address In mode TCP client it is necessary to enter the Server IP address 5 TCP Port In both modes of connection it is necessary to specify the TCP port G O tjaa ES Table 67 USB port configuration 1 If the Reject new connections item is ticked all other connections are rejected This means that it is not possible to establish multiple connections www lucom de 84 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SMARTWORX 4 C NF GYRATION ENABLING CONNECTED INTELLIGENCE If the Check TCP connection item is ticked check of the established TCP connection is activated KA Description Keepalive Time Time after which it will carry out verification of the connection Keepalive Interval Waiting
72. der for microSD cards maximum capacity of inserted card can be 64 GB 32 GB in case of SDHC cards Optional equipment of the router The router can be equipped with WiFi module on cus tomer s request it is not possible to add it to the router later in the future Other possible inter faces are Three ports SWITCH serial line RS232 combined serial line RS232 RS485 422 combined Ethernet and serial lines with stronger insulation RS232 RS485 ETH Router is sup plied either in a plastic or metal casing based on the requirements of the customer For details see the router s Technical manual Configuration possibilities Statistics about the router activities signal strength detailed system log etc Creation of VPN tunnels using technologies IPSec OpenVPN and L2TP for secure communications Functions such as DHCP NAT NAT T DynDNS NTP VRRP control by SMS backup primary connection and many other Automatic check of PPP connection offering an automatic restart feature in case of connection fail hardware watchdog monitoring the status of the router It s possible to insert Linux scripts for various actions Several different configurations for one LTE wireless router and the option to switch between them e g via SMS binary input status etc Automatic upgrade configuration and firmware update from server This allows mass reconfiguration of many routers at one time Ways of configuration Routers can be configured via web browser or
73. dress of connected device station AID Identifier of connected device 1 2007 If 0 is displayed the station is not currently connected Table 10 State Information about Connected Clients WiFi Status WiFi AP Status hostapd state dump Mon Apr 7 12 49 50 2014 num _sta 1 num_sta_non_erp 0 num _sta_no short_slot_time 1 num _sta_no short_preamble 0 STA 20 02 af 2a 8f b1 AID 1 flags 0xa3 AUTH ASSOC AUTHORIZED SHORT_PREAMBLE capability 0x21 listen _interval 10 supported _rates 82 64 Ob 16 timeout_next NULLFUNC POLL Figure 3 WiFi Status LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de infoolucom de www lucom de BB SMARTW RX J J 3 STATUS ENABLING CONNECTED INTELLIGENCE 3 4 WiFi Scan db This item is available only if the router is equipped with a WiFi module After selecting the WiFi Scan item in the menu of the web interface scanning of neigh bouring WiFi networks and subsequent printing of results are invoked Scanning can be per formed only if the access point WiFi AP is off KC EXI BSS MAC address of access point AP TSF A Timing Synchronization Function TSF keeps the timers for all stations in the same Basic Service Set BSS synchronized All stations shall maintain a local TSF timer freq Frequency band of WiFi network kHz beacon interval Period of time synchronization capability List of access point AP
74. e a close signal quality which means that there is imminence of frequent switching between the current and the highlighted cell The next section of this window displays information about the quality of the connection in each period Today Today from 0 00 to 23 59 Yesterday Yesterday from 0 00 to 23 59 c3 This week This week from Monday 0 00 to Sunday 23 59 gt Last week Last week from Monday 0 00 to Sunday 23 59 E This period This accounting period Last period Last accounting period Table 6 Description of Periods O E item Description Signal Min Minimal signal strength Signal Avg Average signal strength O Signal Max Maximal signal strength Lo Cells Number of switch between cells Availability Availability of the router via the mobile network expressed as a percent 3 age E Table 7 Mobile Network Statistics 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de STATUS BB mara 3 ENABLING CONNECTED INTELLIGENCE Tips for Mobile Network Statistics table 4 e Availability of connection to mobile network is information expressed as a percentage that is calculated by the ratio of time when connection to mobile network is established to the time when the router is turned on e After you place your cursor on the maximum or minimum signal strength the last time when the router reached this signal strength is displayed In the middl
75. e configuration The configuration file name consists of Base URL hardware MAC address of ETHO inter face and cfg extension Hardware MAC address and cfg extension is connected automatically and it isn t needed to enter this By parameter Unit ID enabled it defines the concrete config uration name which will be download to the router When using parameter Unit ID hardware MAC address in configuration name will not be used The firmware file name consists of Base URL type of router and bin extension www lucom de 90 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SMARTWORX 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE It is necessary to load both files bin and ver to the HTTP S FTP S server If only the ate bin file is uploaded and the HTTP server sends the incorrect answer of 200 OK instead of expected 404 Not Found when the device tries to download the nonexistent ver file then there is a risk that the router will download the bin file over and over again The following examples find if there is a new firmware or configuration each day at 1 00 in the morning An example is for the SPECTRE v3 LTE type of router e Firmware http router cz SPECTRE v3 LTE bin e Configuration file http router cz temelin cfg Automatic Update Enable automatic update of configuration Enable automatic update of firm
76. e part of this page is displayed information about transferred data and number of connections for both SIM cards for each period CA EXA RX data Total volume of received data TX data Connections Total volume of sent data Number of connection to mobile network establishment Table 8 Traffic Statistics The last part Mobile Network Connection Log informs about the mobile network connec tion and problems in establishment Mobile WAN Status Mobile Network Information Registration Operator Technology Home Network T Mobile CZ EDGE PLMN 23001 Cell 69A6 LAC 353E Channel 30 Signal Strength 71 dBm Neighbours 83 dBm 80 21 dBm 57 93 dBm 59 More Information Mobile Network Statistics This Week 121 dBm Last Week 121 dBm This Period Last Period 121 dBm 121 dBm Yesterday Signal Min 121 dBm Signal Avg 71 dBm 71 dBm 69 dBm 70 dBm 85 dBm Signal Max 65 dBm 65 dBm 63 dBm 63 dBm 58 dBm Cells 3 261 525 206 730 962 Availability 2 99 7 99 7 99 7 99 7 97 5 Traffic Statistics for Primary SIM card Yesterday This Week Last Week This Period Last Period Rx Data 21 KB 19402 KB 6366 KB 25768 KB 18868 KB Tx Data 19 KB 5167 KB 3382 KB 8549 KB 3726 KB Connections 7 20 36 56 49 infoolucom de Traffic Statistics for Secondary SIM card his Week KB KB y Yesterday TI Last Week This Period Last Period Rx Data 0 KB 0 Tx Data 0 KB 0 o Connections
77. ed on next page www lucom de 36 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SMARTWORX d 4 C NF GURATION ENABLING CONNECTED INTELLIGENCE Continued from previous page KA DeSCription Access List Determines a manner of Access Deny list application e Disabled Access Deny list is not used e Accept Only items mentioned in the Access Deny list have access to the network e Deny Items mentioned in the Access Deny list do not have access to the network Accept Deny List Accept or Denny list of client MAC addresses that set network ac cess Each MAC address is separated by new line Syslog Level Communicativeness level when system writes to the system log e Verbose debugging the highest level of communicativeness e Debugging e Informational default level of communicativeness which is used for writing standard events e Notification e Warning the lowest level of communicativeness Extra options Allows user to define additional parameters Table 27 WiFi configuration infoOlucom de www lucom de 37 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SMARTW RX 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE WiFi Configuration L Enable WiFi Operating Mode access point AP SSID A Broadcast SSID Country Code
78. ed to the position 2 None indicates that this position is equipped with no port Binary Input State of binary input Binary Output State of binary output Table 3 Peripheral Ports LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de info lucom de www lucom de BB SMARTWORX 3 STATUS ENABLING CONNECTED INTELLIGENCE 3 1 4 System Information CA Description Firmware Version Information about the firmware version Serial Number Serial number of the router in case of N A is not available Profile Current profile standard or alternative profiles profiles are used for example to switch between different modes of operation Supply Voltage Supply voltage of the router Temperature Temperature in the router Time Current date and time Uptime Indicates how long the router is used Table 4 System Information 3 2 Mobile WAN Status The Mobile WAN menu item contains current information about connections to the mobile network The first part of this page Mobile Network Information displays basic information about mobile network the router operates in There is also information about the module which is mounted in the router CA DESP tion Registration State of the network registration Operator Specifies the operator s network the router operates in Technology Transmission technology 2 PLMN Code of operator z Cell Cell the router is connected to le
79. edirect from HTTP to HTTPS only disabled in default configuration Enable remote HTTPS access on port __ If this item field and port number is filled in then configuration of the router over web interface is possible disabled in default configuration Enable remote SSH access on port Choice this item and port number makes it pos sible to access over SSH disabled in default configuration Enable remote SNMP access on port Choice this item and port number makes it pos sible to access to SNMP agent disabled in de fault configuration Masquerade outgoing packets Choice Masquerade alternative name for the NAT system item option turns the system ad dress translation NAT Table 35 Remote access configuration Example 1 Configuration with one connection equipment on the router 162 209 13 222 IP 192 168 1 2 Default gateway 192 168 1 1 pppO 10 0 0 1 ethO 192 168 1 1 Figure 31 Example 1 Topology of NAT configuration 47 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de infooOlucom de www lucom de BB Smariene _ 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE NAT Configuration Public Port Private Port Type Server IP Address tor _ TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP ter v TCP TCP v TcP_
80. ekay Margin time Time after which the IPsec tunnel functionality is tested The period during which device waits for a response Using this parameter can be set authentication e Pre shared key sets the shared key for both sides of the tunnel e X 509 Certificate allows X 509 authentication in multi client mode Shared key for both sides for Pre shared key authentication Certificate for X 509 authentication Certificate for X 509 authentication Certificate for X 509 authentication Private key for X 509 authentication Passphrase for X 509 authentication Use this parameter to define additional parameters of the IPsec tunnel for example secure parameters etc Table 40 IPsec tunnel configuration IPsec supports the following types of identifiers ID of both tunnel sides Remote ID and Local ID items e IP address e g 192 168 1 1 e DN e g C CZ O Conel OU TP CN A e FQDN e g director conel cz in front of FQDN must always be O e User FQDN e g director conel cz The certificates and private keys have to be in PEM format As certificate it is possible to use only certificate which has start and stop tag certificate 57 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de infoOlucom de www lucom de BB SMARTWORX 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE Random time the new keys are re exchanged after is defined this
81. er Username Name to e mail account Password Password to e mail account Can contain special characters A EEES A O ES and can not contain special characters amp lt gt Own E mail Address Address of the sender Table 55 SMTP client configuration Mobile operator can block other SMTP servers then you can use only the SMTP server of operator SMTP Configuration SMTP Server Address smtp domain com SMTP Port 465 Secure Method SSUTLS Username name Password pass Own Email Address name domain com Apply Figure 52 Example of the SMTP client configuration E mail can be sent from the Startup script Startup Script item in the Configuration section or via SSH connection The command email is can be used with the following parameters infoolucom de t receiver s E mail address s subject has to be in quotation marks m message has to be in quotation marks a attachment file r number of attempts to send email default 2 attempts set o Commands and parameters can be entered only in lowercase Example of sending an e mail email t name domain com s subject m message a cA directory abc doc r 5 www lucom de 73 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de 17 10 15 BB SMARTW RX 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE This command sends e mail to address name domain com with
82. er devices in station STA mode can be connected e station STA router becomes a client station it means that receives data packets from the available access point AP and sends data from cable connection via wifi network SSID Unique identifier of WiFi network Broadcast SSID Method of broadcasting the unique identifier of SSID network in bea con frame and type of response to a request for sending the beacon frame e Enabled SSID is broadcasted in beacon frame e Zero length Beacon frame does not include SSID Requests for sending beacon frame are ignored e Clear Each SSID character in beacon frame is replaced by 0 However original length is kept Requests for sending beacon frame are ignored Probe Hidden Probes hidden SSID only for station STA mode SSID Country Code Code of the country where the router is used with WiFi This code must be entered in format ISO 3166 1 alpha 2 If country code isn t specified and the router has implemented no system to determine this code it is used US as default country code If no country code is specified or is entered the wrong country code then it may come a pass a breach of regulatory rules for the using of frequency bands in the particular country Continued on next page 34 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de infoOlucom de www lucom de BB SMARTWORX 4 CONFIGURATION
83. et system is flooded with plenty of meaningless requirements is used option named Enable protection against DoS attacks which limits the number of connections to five per second Firewall Configuration C Enable filtering of incoming packets Source Protocol Target Port Action all allow all allow all allow all allow all allow all allow all allow all allow y Enabled filtering of forwarded packets Source Destination Protocol Target Port Action al allow Y all allow al allow al E allow vw all allow info lucom de al allow al allow allow Figure 28 Firewall configuration www lucom de 44 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB AAE J 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE Example of the firewall configuration The router has allowed the following access e from address 171 92 5 45 using any protocol e from address 10 0 2 123 using TCP protocol on port 1000 e from address 142 2 26 54 using ICMP protocol x lt 10 0 2 123 142 2 26 54 171 92 5 45 Figure 29 Topology of example firewall configuration Firewall Configuration f Enable filtering of incoming packets Source Protocol Target Port Action Y 171 92 5 45 lanv _ allow y 2 10 0 2 123 rep _v to00 allo
84. gure 10 Example program syslogd start with the parameter r infoolucom de www lucom de 17 17 10 15 Zirndorf Tel 09127 59 460 10 59 460 20 www lucom de 17 10 15 BB SMARTW RX 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE 4 Configuration 4 1 LAN Configuration Select the LAN menu item to enter the network configuration for the Ethernet ports Pri mary subitem is intended for the first ETH router s interface ETHO Secondary is for the sec ond ETH router s interface ETH1 Tertiary LAN is for the SWITCH 3x Ethernet or RS232 RS485 ETH expansion port if installed it is the ETH2 interface CA AT DHCP Client e disabled The router does not allow automatic allocation IP ad dress from a DHCP server in LAN network e enabled The router allows automatic allocation IP address from a DHCP server in LAN network IP address Fixed set IP address of network interface ETH Subnet Mask IP address of Subnet Mask Bridged e no router is not used as a bridge default e yes router is used as a bridge Media type e Auto negation The router automatically sets the best speed and duplex mode of communication according to the network s possibilities 100 Mbps Full Duplex The router communicates at 100Mbps in the full duplex mode 100 Mbps Half Duplex The router communicates at 100Mbps in the half duplex mode e 10 Mbps Full Duplex The router communicates at 10Mbps i
85. he PPTP Tunnel configuration 192 168 1 2 Router A pppO 10 0 0 1 192 168 1 1 192 168 1 4 Default Gateway 192 168 1 1 Default Gateway 192 168 2 1 ae 16824 Figure 47 Topology of example PPTP tunnel configuration Configuration of the PPTP tunnel Configuration C AN Mode PPTP Server PPTP Client Server IP Address 10 0 0 1 Local IP Address 192 168 1 1 Remote IP Address 2 Remote Subnet 192 168 2 0 192 168 1 0 E Remote Subnet Mask 255 255 255 0 255 255 255 0 e Username username username Password password password 6 Table 48 Example PPTP tunel configuration O www lucom de 66 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SMARTWORX 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE 4 15 DynDNS Client Configuration With the DynDNS service you can access the router remotely using an easy to remember custom hostname This client monitors the router s IP address and update it whenever it changes To make DynDNS work it is necessary to have a public IP address static or dynamic and an active account at www dyndns org Remote Access service DynDNS client Configuration is accessible in the DynDNS item in the menu There has to be registered custom domain third level and account information defined in the configuration form KC ATA Hostname Third order domain registered on server www dyndns org Username Use
86. he individual tunnels Description The name of the tunnel specified in the configuration ofthe tunnel Edit Configuration IPsec tunnel Table 39 Overview IPsec tunnels IPsec Tunnels Configuration Create Description ist no x 2nd no x 3rd no xij ath no Figure 38 IPsec tunnels configuration CA AA Description Name description of the tunnel 2 Remote IP Address IP address of remote side of the tunnel Domain name possible Remote ID Identifier ID of remote side of the tunnel It consists of two parts O hostname and domain name more information under the table Remote Subnet IP address of a network behind remote side of the tunnel Remote Subnet Mask Subnet mask of a network behind remote side of the tunnel Remote Protocol Port Specifies Protocol Port of remote side of the tunnel The general e form is protocol port for example 17 1701 for UDP protocol 17 and port 1701 It is also possible to enter only the number of protocol however the above mentioned format is preferred Local ID Identifier ID of local side of the tunnel It consists of two parts 2 hostname and domain name more information under the table g Local Subnet IP address of a local network ro Local Subnet Mask Subnet mask of a local network Continued on next page 55 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de 17 10 15 BB aro
87. heck if it is enabled In addition network interfaces belonging to individual backup routes have checked a flag RUNNING This check fixes for example disconnecting of an ethernet cable Attention If you want to use connection to mobile WAN as one of the backup routes it dy is necessary to enable Check Connection at Mobile WAN configuration to enable bind option see chapter 4 3 1 Backup Routes Configuration J Enable backup routes switching __ Enable backup routes switching for Mobile WAN Priority 1st v 1 Enable backup routes switching for PPPoE Priority 1st Ping IP Address Ping Interval Enable backup routes switching for WiFi STA Priority 1st Ping IP Address Ping Interval O Enable backup routes switching for Primary LAN Priority 1st Ping IP Address Ping Interval infoolucom de _ Enable backup routes switching for Secondary LAN Priority dst Ping IP Address Ping Interval J Enable backup routes switching for Tertiary LAN Priority 1st Ping IP Address Ping Interval Figure 27 Backup Routes www lucom de 41 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de B B AAE A 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE If Enable backup routes switching option is not checked Backup routes system operates in the so called backward compatibility mode The default route is selected based on im
88. hecked located at the beginning of the configuration form Firewall this element is enabled and all incoming packets are checked against the table with IP addresses This means that incoming packets will be treated according rules specified in the table It is possible to define up to eight rules for incoming packets There are the following parameters www lucom de 42 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SMARTWSRX 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE CA EXA Source IP address from which access to the router is allowed Protocol Specifies protocol for remote access e all access is enabled for all protocols e TCP access is enabled for TCP protocol e UDP access is enabled for UDP protocol e ICMP access is enabled for ICMP protocol Target Port The port number on which access to the router is allowed Action Type of action e allow access is allowed e deny access is denied Table 31 Filtering of incoming packets The following part of the configuration form defines the forwarding policy If Enabled filter ing of forwarded packets item is not checked packets will be accepted automatically If this item is checked and incoming packet is addressed to another network interface it will forward the packet according the rules defined in this second table If the packet is alowed according to the table it
89. hen the mobile connection usb0 network interface See fig 89 for corresponding settings of the Backup Routes item System of backup routes has to be activated by checking the Enable backup routes switching item Then enable backup routes switching at every backup route used and set up the priorities Click the Apply button to confirm the changes For detailed configuration see chapter 4 7 General Enable backup routes switching Mobile WAN WiFi Y Enable backup routes switching for Mobile WAN de WiFi Scan Priority 3rd v Network DHCP Enable backup routes switching for PPPoE IPsec Priority 1st v DynDNS Ping IP Address SEEDERS Ping Interval sec Configuration Enable backup routes switching for WiFi STA LAN Priority 2nd Y eo NER Ping IP Address Mobile WAN 3 PPPoE Ping Interval sec WiFi ALA Enable backup routes switching for Primary LAN Backup Routes Priority 1st v EWa Ping IP Address NAT Ping Interval sec OpenVPN IPsec Y Enable backup routes switching for Secondary LAN LG GRE Priority 1st v pee Ping IP Address PPTP ing re DynDNS Ping Interval sec Figure 89 Backed up access to the Internet Backup Routes configuration The router configured this way now serves to computers in LAN for backed up access to the Internet You can verify the configured network interfaces in the Status section in the Network item There you should see active network interfaces ethO connection to LAN eth1 wired co
90. ies Capabilities 0x0c HT20 SM Power Save disabled No RX STBC Max AMSDU length 3839 bytes No DSSS CCK HT40 Maximum RX AMPDU length 65535 bytes exponent 0x003 Minimum RX AMPDU time spacing 2 usec 0x04 HT RX MCS rate indexes supported 0 7 32 TX unequal modulation not supported HT TX Max spatial streams 1 HT TX MCS rate indexes supported may differ HT operation primary channel 8 secondary channel offset no secondary STA channel width 20 MHz RIFS 0 HT protection non HT mixed non GF present 1 OBSS non GF present 0 dual beacon 0 dual CTS protection 0 STBC beacon 0 L SIG TXOP Prot 0 PCO active 0 PCO phase 0 Parameter version 1 BE CW 15 1023 AIFSN 3 BK CW 15 1023 AIFSN 7 VI CW 7 15 AIFSN 2 TXOP 3008 usec VO CW 3 7 AIFSN 2 TXOP 1504 usec e ee OR OO OO Figure 4 WiFi Scan infoolucom de www lucom de 11 17 10 15 LUCOM G Zirndorf Tel 09 59 460 20 www luc BB SMARTWORX 3 STATUS ENABLING CONNECTED INTELLIGENCE 3 5 Network Status To view system information about the router operation select the Network item in the Sta tus menu The upper part of the window displays detailed information about active interfaces Interface EA ethO eth1 eth2 Network interfaces ethernet connection usbO Active PPP connection to the mobile network wireless module is con nected via USB interface wlan0 WiFi interface pppO PPP interface e g PPPoE tunnel tuno OpenVPN
91. iguration In the second part of the window it is possible to set function Enable remote control via SMS After enabling it is possible to control the router by SMS message 74 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de infoOlucom de www lucom de 17 10 15 BB SMARTWSRX 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE CAI EX Phone Number 1 This control can be configured for up to three numbers If is set Enable remote control via SMS all incoming SMS are processed and deleted In the default settings this parameter is turned on Phone Number 2 This control can be configured for up to three numbers If is set Enable remote control via SMS all incoming SMS are processed and deleted In the default settings this parameter is turned on Phone Number 3 This control can be configured for up to three numbers If is set Enable remote control via SMS all incoming SMS are processed and deleted In the default settings this parameter is turned on Table 57 Control via SMS configuration If no phone number is filled in then it is possible to restart the router with the help of SMS in the form of reboot from any phone number While filling up one two or three numbers it is possible to control the router with the help of an SMS sent only from these numbers While filling up sign x it is possible to control the router with the help of an SMS sent from any nu
92. ipheral Ports Expansion Port 1 RS 232 Expansion Port 2 RS 485 Binary Input Off SMS Binary Input 1 OFF Expansion Port 1 Binary Output OFF Expansion Port 2 System Information USB Port Startup Script infoolucom de Firmware Version 5 3 0 2015 10 01 BETA 120 8 Serial Number N A Up Down Script Profile Standard Automatic Update Supply Voltage 12 0 V Temperature 38 C Time 2000 05 16 00 57 08 Customization e y Uptime days hours 39 minutes User Modules Administration Users Change Profile Change Password Set Real Time Clock Set SMS Service Center Unlock SIM Card Send SMS Backup Configuration Restore Configuration Update Firmware Reboot Logout Figure 1 Example of the web configuration www lucom de 2 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SS MARTWOEA M2 ACCESS TO THEWEB CONF ENABLING CONNECTED INTELLIGENCE When you successfully enter login information on the login page web interface will be displayed The left side of the web interface displays the menu You will find links for the Status Configuration Customization and Administration of the router Name and Location displays the router s name location and SNMP configuration see 4 17 These fields are user defined for each router O For enhanced security you should change the default password If the router s
93. le 13 Description of Information in Network Status It is possible to read status of connection to mobile network from the network information If the connection to the mobile network is active it will be shown in the system information as an usb0 interface At the bottom there is the Route Table displayed Network Status Interfaces Link encap Ethernet HWaddr 7C 66 9D 35 A3 F6 inet addr 10 40 28 66 Bcast 10 40 31 255 Mask 255 255 252 0 UP BROADCAST RUNNING MULTICAST MTU 1500 Metric 1 RX packets 171724 errors dropped 12 overruns 0 frame TX packets 1192 errors dropped overruns carrier collisions txqueuelen 1009 RX bytes 13537612 12 9 MB TX bytes 698267 681 9 KB Interrupt 56 Link encap Local Loopback inet addr 127 0 0 1 Mask 255 0 0 0 UP LOOPBACK RUNNING MTU 65536 Metric 1 RX packets 1 errors dropped overruns frame TX packets 10 errors dropped overruns carrier collisions txquevelen RX bytes 784 784 0 B TX bytes 784 784 0 B Link encap Ethernet HWaddr A6 50 8B AD 3D 84 inet addr 10 0 5 218 Bcast 10 255 255 255 Mask 255 255 255 255 UP BROADCAST RUNNING MULTICAST MTU 1508 Metric 1 RX packets 2 errors dropped overruns frame TX packets 11 errors dropped overruns carrier collisions txqueuelen 1009 RX bytes 568 568 0 B TX bytes 3058 2 9 KB infoolucom de Route Table Destination Gateway Genmask Flags Metric Ref Use Iface 0 0 0 0 192 168 254 254 0 0 0 0 UG 8 e usb
94. marked with an asterisk must be filled in only if this information is required by the operator carrier In case of unsuccessful establishing a connection to mobile network is recommended to check the accuracy of entered data Alternatively try a different authentication method or network type 4 3 2 DNS Address Configuration The DNS Settings item is designed for easier configuration on the client side When this item is set to the value get from opertor router makes an attempt to automatically get an IP address of the primary and secondary DNS server from the operator By way of contrast set manually option allows you to set IP addresses of Primary DNS servers manually using the DNS Server item infooOlucom de 4 3 3 Check Connection to Mobile Network Configuration If the Check Connection item is set to enabled or enabled bind checking the connection to mobile network is activated Router will automatically send ping requests to the specified domain or IP address Ping IP Address item in regular time interval Ping Interval In case of unsuccessful ping a new one will be sent after ten seconds If it fails to ping the IP address of three times in a row the router terminates the current connection and tries to establish new www lucom de 27 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SMARTWORX 4 CONFIGURATION ENABLING CONNECTED INTELLI
95. mber 40 Control SMS message doesn t change the router s configuration If the router is switched to offline mode by the SMS message the router will be in this mode up to next restart This behavior is the same for all control SMS messages It is possible to send controls SMS in the form ES A go online sim 1 Switch to SIM1 card go online sim 2 Switch to SIM2 card go online Switch router in online mode go offline connection termination set out0 0 Set output I O connector on 0 set out0 1 Set output I O connector on 1 set profile std Set standard profile set profile alt1 Set alternative profile 1 set profile alt2 Set alternative profile 2 set profile alt3 Set alternative profile 3 reboot Router reboot get ip Router send answer with IP address SIM card Table 58 Control SMS 75 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de infoOlucom de www lucom de BB SMARTWORX 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE Choosing Enable AT SMS protocol on expansion port 1 and Baudrate it is possible to send receive an SMS on the serial Port 1 EA EXA Baudrate Communication speed on expansion port 1 Table 59 Send SMS on serial PORT1 configuration Choosing Enable AT SMS protocol on expansion port 2 and Baudrate it is possible to send receive an SMS on the serial Port 2 Item EA Baudrate Communication speed on expansion port 2 Table 60 Send SM
96. mes SMS in this form Router Unit ID has established connection to mobile network IP address xxx xxx xXX XXX After disconnect to mobile network at the mentioned phone number comes SMS in this form Router Unit ID has lost connection to mobile network IP address xxx xxx XxX XXX www lucom de 77 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SMARTWORX 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE nfiguration W Send SMS on power up W Send SMS on connect to mobile network W Send SMS on disconnect from mobile network 4 Send SMS when datalimit is exceeded Y Send SMS when binary input on I O port BINO is active iv Add timestamp to SMS Phone Number 1 723123456 Phone Number 2 756858635 Phone Number 3 603854758 Unit ID Router BINO SMS BINO Enable remote control via SMS Phone Number 1 Phone Number 2 Phone Number 3 J Enable AT SMS protocol on expansion port 1 Baudrate 9600 v Enable AT SMS protocol on expansion port 2 Baudrate 9600 M 1 Enable AT SMS protocol over TCP TCP Port can be blank Figure 53 Example 1 SMS configuration Example 2 Configuration of sending SMS via serial interface on the PORT1 SMS Configuration O Send SMS on power up Send SMS on connect to mobile network Send SMS on disconnect from mobile network O Send SMS when datalimit is exceeded Send SMS when binary in
97. n do Attention GRE tunnel doesn t connect itself via NAT The changes in settings will apply after pressing the Apply button www lucom de 61 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SMARTWORX _ 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE GRE Tunnel Configuration _ Create 1st GRE tunnel Description Remote IP Address Remote Subnet Remote Subnet Mask Local Interface IP Address Remote Interface IP Address Multicasts disabled Pre shared Key can be blank Figure 42 GRE tunnel configuration Example of the GRE Tunnel configuration Router A pppo 10 0 0 1 ethO 192 168 1 1 Router B pppO 10 0 0 2 ethO 192 168 2 1 cd 9 O eee Default Gateway 192 168 1 1 a Figure 43 Topology of GRE tunnel configuration 6 GRE tunnel configuration Configuration ICI CI y Remote IP Address 10 0 0 2 10 0 0 1 Remote Subnet 192 168 2 0 192 168 1 0 Remote Subnet Mask 255 255 255 0 255 255 255 0 Table 44 Example GRE tunnel configuration O Examples of different options for configuration of GRE tunnel can be found in the applica tion note GRE Tunnel 7 www lucom de 62 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SMARTWORX 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE 4 13 L2TP Tunnel Configur
98. n reaching 400 MB The start of accounting period is set to the 18th day of the month Data Limit 800 o Warning Threshold 50 Accounting Start 18 Default SIM card primary 2 Backup SIM card secondary _ Switch to other SIM card when connection fails Switch to backup SIM card when roaming is detected and switch to default SIM card when home network is detected Y Switch to backup SIM card when data limit is exceeded and switch to default SIM card when data limit isn t exceeded Switch to backup SIM card when binary input is active and switch to default SIM card when binary input isn t active Switch to default SIM card after timeout Initial Timeout 60 Subsequent Timeout Additive Constant Figure 22 Example 2 Mobile WAN configuration Example 3 Primary SIM card is switched to the offline mode after the router detects roam ing The first attempt to switch back to the default SIM card is executed after 60 minutes the second after 40 minutes the third after 50 minutes 40 10 etc Default SIM card primary y Backup SIM card none z Switch to other SIM card when connection fails Switch to backup SIM card when roaming is detected and switch to default SIM card when home network is detected Switch to backup SIM card when data limit is exceeded and switch to default SIM card when data limit isn t exceeded Switch to backup SIM card when binary input is active and switch to defa
99. n the full duplex mode 10 Mbps Half Duplex The router communicates at 10Mbps in the half duplex mode PoE PSE enabled The router provides power on the Ethernet cable disabled The router does not provide power on the Ethernet cable default Continued on next page 18 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de infoOlucom de www lucom de BB SMARTWORX 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE Continued from previous page CA EA Default Gateway IP address of router default gateway If filled in all packets not fitting the route table rules would have been sent to this adress DNS server IP address of DNS server of the router All the DNS queries are for warded to this address Table 15 Configuration of the Network Interface The Default Gateway and DNS Server items are only used if the DHCP Client item is disabled and if the Primary or Secondary LAN is selected by the Backup Routes system as a default route The backup routes selection algorithm is described in in section 4 7 Backup Routes Since FW 5 3 0 Default Gateway and DNS Server are also supported on bridged interfaces e g ethO eth1 There can be only one active bridge on the router at a time Only the parameters DHCP Client IP address and Subnet Mask can be used to configure the bridge The Primary LAN has the higher priority when both interfaces ethO
100. nd click Apply to set the clock Set Real Time Clock Date 2013 07 08 Time 12 50 17 Apply Figure 74 Set real time clock 6 5 Set SMS Service Center Address O The SPECTRE v3 ERT routers do not support the Set SMS service center address option The SMS service center phone number is normally programmed into the SIM card by the carrier and does not need to be manually entered However in some cases it may be neces sary to set the phone number of the SMS service center in order to send SMS messages This parameter cannot be set if the SIM card already contains the SMSC information The phone number can be entered with or without an international prefix For example 420 XXX XXX XXX If you are unable to send or receive SMS messages contact your carrier to find out if this parameter is required This parameter is provisioned automatically by the carrier on CDMA networks and does not need to be manually entered info lucom de Set SMS Service Center Address Service Center Address Figure 75 Set SMS service center address www lucom de 96 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SMARTWORX 2 6 ADMINISTRATION ENABLING CONNECTED INTELLIGENCE 6 6 Unlock SIM Card db The SPECTRE v3 ERT routers do not support the Unlock SIM Card option You may lock the SIM card with a 4 8 digit PIN Personal
101. network is detected this pa network is detected rameter enables switching back to default SIM card For proper operation it is necessary to have en abled roaming on your SIM card Switch to backup SIM card when This parameter enables switching to secondary SIM data limit is exceeded and switch card or secondary APN of the SIM card when the data to default SIM card when data limit of default APN is exceeded This parameter also limit isn t exceeded enables switching back to default SIM card when data limit is not exceeded infoOlucom de Continued on next page www lucom de 29 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SMARTWSRX 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE Continued from previous page KA eescription Switch to backup SIM card when This parameter enables switching to secondary SIM binary input is active switch to card or secondary APN of the SIM card when binary default SIM card when binary in input binO is active If binary input isn t active this put isn t active parameter enables switching back to default SIM card Switch to default SIM card after This parameter defines the method how the router will timeout try to switch back to default SIM card or default APN Table 24 Switch between SIM card configurations The following parameters define the time after which the router attempts to go back
102. nfiguration 28 22 Data limit configuration aoaaa a 28 23 Default and backup SIM configuration aaou aa a a 29 24 Switch between SIM card configurations ooa oaa a 30 2 25 Switch between SIM card configurations o 30 26 PPPOE configurati0N ce e ee oa e e a 000000002 E E E ee 33 2 NWWIPECOnTIguUraLION lt a O 37 2 28 WLAN configuration c e caosa ee eee ee oe eee ee ee a be 39 29 Configuration of DHCP server 000000000000 2G 40 E 30 Backup ROUES et ras oa oe oR ee ee ees ee 42 O 31 Filtering of incoming packets a 43 e 32 Forwarding filtering 44 33 NAT configuration lt ss cs 4 25 ei ee ee ee eee eee ee ee ES 46 34 Configuration of send all incoming packets 20 46 35 Remote access configuration 2 0 00 000000008 47 36 Overview of OpenVPN tunnels 2 000000000 2G 50 O 37 OpenVPN configuration 0 000002 E a E E 52 e 38 Example of OpenVPN configuration o e e 54 x 39 Overview IPsec tunnels o o 55 5 40 IPsectunnelconfiguration o e 57 ar vii 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SMARTWORX d LISVOF TABLES ENABLING CONNECTED INTELLIGENCE 41 Example IPsec config
103. nfoolucom de Note Records in the DHCP status window are divided into two separate parts Active DHCP Leases Primary LAN and Active DHCP Leases WLAN www lucom de 14 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB Santen i 3 STATUS ENABLING CONNECTED INTELLIGENCE 3 7 IPsec Status Information on actual IPsec tunnel state can be called up in option IPsec in the menu After correct build the IPsec tunnel status display Psec SA established highlighted in red in IPsec status information Other information has only internal character IPsec Tunnels Information interface eth0 eth0 192 168 2 250 interface pppO0 ppp0 10 0 0 132 smyid none debug none ipsecl 192 168 2 0 24 10 0 0 132 10 0 1 228 192 168 1 0 24 erouted eroute owner 2 ipsecl myip unset hisip unset myup etc scripts updow hisup etc scripts updowm ipsecl ike_life 3600s ipsec_life 3600s rekey_margin 540s rekey_fuzz 100 keyingtries 0 ipsecl policy PSE ENCRYPT TUNNEL UP prio 24 24 interface pppO ipsecl newest ISAKMP SA 1 newest IPsec SA 2 ipsecl IKE algorithm newest AES_CBC_128 SHAl1 MODP2048 ipsecl 500 STATE_QUICK_IZ sent QI2 ffllPsec SA established JEVENT_SA REPLACE in 2708s newest IPSEC erout ipsecl esp d07e3080 10 0 1 228 esp 783be7eeM10 0 0 132 tun 0G 10 0 1 228 tun 0 10 0 0 132 ref 0 refhim 42
104. ng requests Table 19 Check connection You may use the DNS server of the mobile carrier as the destination IP address for the test messages Pings www lucom de 23 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de 17 10 15 B B SS MARTWDEA J 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE The Enable traffic monitoring option can be used to reduce the number of messages that are sent to test the PPP connection When this parameter is set the router will monitor the interface for any packets different from a ping If a response to the packet is received within the timeout specified by the Ping Timeout parameter then the router knows that the connection is still active If the router does not receive a response within the timeout period it will attempt to test the mobile WAN connection using standard Ping commands Example of the VRRP protocol Main router Virtual server ID 5 Host priority 255 po gt s lt S 192 168 1 2 ee rere A fe o Backup router Virtual server ID 5 192 168 1 3 Host priority 100 Figure 17 Topology of example VRRP configuration YRRP Configuration Enable VRRP Virtual Server IP Address 192 168 1 1 Virtual Server ID 5 Host Priority 255 Check connection Ping IP Address 10 0 1 3 Ping Interval 10 sec Ping Timout TI sec Ping Probes ho
105. nnection from the device behind router For example from PC which is connected to ETH port router The IP address of the SIM card will be alloted to PC The changes in settings will apply after pressing the Apply button www lucom de 30 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de eB SMARTW RX 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE Mobile WAN Configuration Create connection to mobile network Primary SIM card Secondary SIM card APN conel agnep cz Username Password i l i Authentication PAP or CHAP PAP or CHAP IP Address Phone Number Operator Network Type automatic selection automatic selection PIN MRU 1500 11500 MTU 1500 11500 DNS Settings get from operator get from operator DNS Server The feature of check connection to mobile network is necessary for uninterrupted operation Check Connection disabled Y disabled Mi Ping IP Address 99 98 9796 Ping Interval 10 L Enable traffic monitoring Data Limit Warning Threshold Accounting Start Default SIM card secondary Backup SIM card primary L Switch to other SIM card when connection fails J Switch to backup SIM card when roaming is detected and switch to default SIM card when home network is detected Switch to backup SIM card when data limit is exceeded and switch to defaul
106. nnection to the Internet wlan0 WiFi connection to the Internet and usbO mobile connection to the Internet IP adresses and other data are included At the bottom you can see the Route Table and corresponding changes of it when e g wired connection fails or cable disconnected default route changes to wlan0 And the same if WiFi is not available the mobile connection will be used Backup routes are working even if not activated in the Backup Routes item but with implicit priorities of network interfaces set as factory default These priorities are different from the ones desired in this situation see chapter 4 7 infoolucom de www lucom de 105 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de B B SS MARIWODA IFIGURATION IN TYP SITUATIONS ENABLING CONNECTED INTELLIGENCE 7 3 Secure Networks Interconnection or Using VPN Mobile Conel router network Router OpenVPN Q Tunnel 3 EH a 3 K pa tun0 100 100 100 2 tun0 z public IP 100 100 100 1 10 0 6 239 Tunnel VPN Router Cable connection Wireless connection ETH Network 10 40 28 0 LAN Figure 90 Secure networks interconnection topology of the example VPN Virtual Private Network is a secured encrypted and authenticated verified con nection of two LANs into one so it performs as one homogenous LAN LANs are connected over public un
107. o failure 4 10 OpenVPN Tunnel Configuration Select the OpenVPN item to configure an OpenVPN tunnel OpenVPN is a protocol which is used to create a secure connection between two LANs Up to four OpenVPN tunnels may be created Item Description OOOO O Create Enables the individual tunnels Description Displays the name of the tunnel specified in the configuration form of the tunnel Edit Select to configure an OpenVPN tunnel Table 36 Overview of OpenVPN tunnels ob Open PN Tunnels Configuration Lo Create Description ist no x Eai 2na re HL E x E Figure 35 OpenVPN tunnels configuration Sees _ Ss IE Description O Description Description or name of tunnel Protocol Protocol by which the tunnel will communicate e UDP OpenVPN will communicate using UDP e TCP server OpenVPN will communicate using TCP in server mode e TCP client OpenVPN will communicate using TCP in client mode www lucom de Continued on next page 50 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SMARTW RX i 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE Continued from previous page KC EA UDP TCP port Port by which the tunnel will communicate Remote IP Address IP address of opposite tunnel side domain name can be used Remote Subnet Network IP address of the opposite side of the tunnel Remote Subnet Mask
108. odule compiled module has tgz extension The module is added using the Add button User Modules No user modules installed New Module Prochazet Add or Update Figure 69 User modules Added module appears in the list of modules on the same page If the module contains index html or index cgi page module name serves as a link to this page The module can be deleted using the Delete button Updating of the module can be done in the same way like adding a new module Module with a higher newer version will replace the existing module The current module configura tion is kept in same state Programming and compiling of modules are described in the programming guide User Modules ZEBRA 1 0 5 2014 01 07 Delete EasyVPN Client 1 0 2 2012 09 04 Delete SERIAL2TCP 1 0 2 2014 11 25 Delete OSPF 1 0 5 2014 01 07 Delete Captive Portal 1 0 2 2014 09 01 Delete New Module Vybrat soubor Soubor nevybr n Add or Update infoolucom de Figure 70 Added user module www lucom de 92 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de 17 10 15 BB maana ENABLING CONNECTED INTELLIGENCE 5 CUSTOMIZATION There are for example these user s modules available User modules can be downloaded from web pages www conel cz or can be custom programmed MODBUS TCP2RTU Easy VPN client Provides a conversion of MO
109. ogging into the web interface Confirm Password Confirms the password you specified above Table 74 Add User O Ordinary users are not able to access router via Telnet SSH or SFTP Read only FTP access is allowed for these users www lucom de 94 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SMARTWORX J 6 ADMINISTRATION ENABLING CONNECTED INTELLIGENCE User Administration Admin Lock Change Password User Lock Change Password Delete Role User Username Password Confirm Password Add User Figure 71 Users 6 2 Change Profile Up to three alternate router configurations or profiles can be stored in router non volatile memory You can save the current configuration to a router profile through the Change Profile menu item Select the alternate profile to store the settings to and ensure that the Copy settings from current profile to selected profile box is checked The current settings will be stored in the alternate profile after the Apply button is pressed Any changes will take effect after restarting router through the Reboot menu in the web administrator or using an SMS message Example of usage profiles Profiles can be used to switch between different modes of op eration of the router such as PPP connection VPN tunnels etc It is then possible to switch between these settings using the front p
110. ol in GSM network e PAP or CHAP authentication method is chosen by router e PAP it is used PAP authentication method e CHAP it is used CHAP authentication method MRU Maximum Receiving Unit It is the identifier of the maximum size of packet which is possible to recese in given environment De fault value is set to 1492 bytes Other settings may cause incor rect data transmission MTU Maximum Transmission Unit It is the identifier of the maximum size of packet which is possible to transfer in given environment Default value is set to 1492 bytes Other settings may cause in correct data transmission Table 26 PPPoE configuration If setting bad packet size value MRU MTU the transmission can be unsuccessful 33 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de infooOlucom de www lucom de 17 10 15 BB SMARTWORX 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE 4 5 WiFi Configuration u This item is available only if the router is equipped with a WiFi module The form for configuration of WiFi network can be invoked by pressing the WIFI item in the main menu of the router web interface Enable WiFi check box at the top of this form is used to activate WiFi It is also possible to set the following properties CA EXA Operating mode WiFi operating mode e access point AP router becomes an access point to which oth
111. omogenous It is a similar method of VPN execution as L2TP The tunnels are active after selecting Create PPTP tunnel KC EA Mode PPTP tunnel mode on the router side e PPTP server in the case of a server must be defined IP address range offered by the server e PPTP client in case of client must be defined the IP address of the server Server IP Address IP address of server Local IP Address IP address of the local side of the tunnel Remote IP Address IP address of the remote side of the tunnel Remote Subnet Address of the network behind the remote side of the tunnel Remote Subnet Mask The mask of the network behind the remote side of the tunnel Username Username for login to PPTP tunnel Password Password for login to PPTP tunnel Table 47 PPTP tunnel configuration The changes in settings will apply after pressing the Apply button PPTP Tunnel Configuration E Create PPTP tunnel Mode PPTP client Server IP Address Local IP Address Remote IP Address Remote Subnet Remote Subnet Mask Username Password can be blank Figure 46 PPTP tunnel configuration O Firmware also supports PPTP passthrough which means that it is possible to create a tunnel through router 65 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de infoolucom de www lucom de eB SS MARTWDEA J 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE Example of t
112. on is established Down Script bin sh This script will be executed when PPP WAN connection is lost cd Figure 65 Up Down script Example of UP Down script After establishing or lost a connection the router sends an x email with information about establishing or loss a connection 7 Ada Up Script Q ATRAE ES This script will be executed when PPP WAN connection is established email t namefdomain com s Conel router m PPP connection is established Down Script bin sh This script will be executed when PPP WAN connection is lost email t namefdomain com s Conel router m PPP connection is lost Figure 66 Example of Up Down script www lucom de 89 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SMARTW RX 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE 4 24 Automatic Update Configuration In the Automatic update item it is possible to set the automatic configuration update This choice enables the router to download the configuration and the newest firmware from the server automatically The configuration and firmware files are stored on the server To prevent possible unwanted manipulation of the files downloaded file tar gz format is controlled At first the format of the downloaded file is checked Then the type of architecture and each file
113. onnection 81 65 CDsignal descripti0N 81 66 DTR signalldescriptiOn ii ie ey a ee aia 81 67 USB port configuration 1 o o e 84 ra 68 USB PORT configuration 2 aperos sio 24688 is a AS 85 O 69 CDsignaldescription 2 000000 00022 eee 85 70 DTRsignaldescription 2 0 00 00020000008 85 re 71 Automatic update configuration 000 00000 eee ee 90 O T2 User modules ece ee a e 845544560 44 See ERE E ES 93 TS Users overvieW A d a e 94 E oe ap a ch ts E eine ae me ede 94 2 E c3 z le O gt viii 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de B B Sram ANDRA 1 BASICNNFORMATION ENABLING CONNECTED INTELLIGENCE 1 Basic Information Cellular routers SPECTRE v3 LTE are designed for communication in mobile networks using LTE HSPA UMTS EDGE or GPRS technology Data transfer speed is up to 100 Mbit s download and up to 50 Mbit s upload The router is an ideal solution for wireless connection of traffic and security camera systems individual computers LANs automatic teller machines ATM other self service terminals etc Standard equipment of the router Two Ethernet 10 100 ports one USB 2 0 Host port two binary inputs and one output I O connector Two readers for 3 V and 1 8 V SIM cards memory card rea
114. plicit priorities according to the status of enabling settings for each of network interface as the case may be enabling services that set these network interfaces Names of backup routes and corresponding network interfaces in order of implicit priorities e Mobile WAN pppX usbX e PPPoE ppp0 e WiFi STA wlan0 e Secondary LAN eth1 e Tertiary LAN eth2 e Primary LAN eth0 Example Secondary LAN is selected as the default route only if Create connection to mobile network option is not checked on the Mobile WAN page alternatively if Create PPPoE connection option is not checked on the PPPoE page To select the Primary LAN it is also necessary not to be entered P address for Secondary LAN and must not be enabled DHCP Client for Secondary LAN CAI AI Priority Priority for the type of connection Ping IP Address Destination IP address of ping queries to check the connection address can not be specified as a domain name Ping Interval The time intervals between sent ping queries Table 30 Backup Routes All changes in settings will be applied after pressing the Apply button 4 8 Firewall Configuration infooOlucom de The first security element which incoming packets must pass is check of enabled source IP addresses and destination ports It can be specified IP addresses from which you can remotely access the router and the internal network connected behind a router If the Enable filtering of incoming packets item is c
115. put on I O port BINO is active O Add timestamp to SMS Phone Number 1 Phone Number 2 Phone Number 3 Unit ID BINO SMS L Enable remote control via SMS Phone Number 1 Phone Number 2 Phone Number 3 Y Enable AT SMS protocol on expansion port 1 Baudrate 9600 v info lucom de C Enable AT SMS protocol on expansion port 2 Baudrate 9600 v C Enable AT SMS protocol over TCP TCP Port can be blank Figure 54 Example 2 SMS configuration www lucom de 78 17 10 15 59 460 20 www luco BB SMARTWORX 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE Example 3 Configuration of controlling the router via SMS from any phone number SMS Configuration J Send SMS on power up O Send SMS on connect to mobile network O Send SMS on disconnect from mobile network Y Send SMS when datalimit is exceeded Send SMS when binary input on I O port BINO is active Q Add timestamp to SMS Phone Number 1 Phone Number 2 Phone Number 3 Unit ID BINO SMS Y Enable remote control via SMS Phone Number 1 Phone Number 2 Phone Number 3 O Enable AT SMS protocol on expansion port 1 Baudrate 9600 M C Enable AT SMS protocol on expansion port 2 Baudrate 9600 oY J Enable AT SMS protocol over TCP TCP Port can be blank Figure 55 Example 3 SMS configuration Example 4 Configuration of controlling the router via SMS from the two phone numbers SMS Configuration J Send SMS on power up O Send
116. ration window are four rows each row for one configured GRE tunnel www lucom de 60 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SMARTWORX 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE CA EAS Create Enables the individual tunnels Description Displays the name of the tunnel specified in the configuration form Edit Configuration of GRE tunnel Table 42 Overview GRE tunnels GRE Tunnels Configuration Create Description Figure 41 GRE tunnels configuration CA A Description Description of tunnel Remote IP Address IP address of the remote side of the tunnel Local Interface IP IP address of the local side of the tunnel Address Remote Interface IP IP address of the remote side of the tunnel Address Remote Subnet IP address of the network behind the remote side of the tunnel Remote Subnet Mask Mask of the network behind the remote side of the tunnel Multicasts Enables disables multicast e disabled multicast disabled e enabled multicast enabled Pre shared Key An optional value that defines the 32 bit shared key in numeric format through which the filtered data through the tunnel This key must be defined on both routers as same otherwise the router will drop received packets Using this key the data do not provide a tunnel through infooOlucom de Table 43 GRE tunnel configuratio
117. re shared Key UN CA Certificate Remote Certificate Local Certificate infoolucom de Local Private Key Local Passphrase Extra Options can be blank Figure 39 IPsec tunnels configuration www lucom de 59 17 10 15 59 460 20 www luco BB SMARTWORX _ 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE Example of the IPSec Tunnel configuration Router A pppO 10 0 0 1 192 168 1 0 Router B pppO 10 0 0 2 192 168 2 0 192 168 1 4 Default Gateway 192 168 1 1 Default Gateway 192 168 2 1 Figure 40 Topology of example IPsec configuration IPsec tunnel configuration Configuration CS ICONS Remote IP Address 10 0 0 2 10 0 0 1 Remote Subnet 192 168 2 0 192 168 1 0 Remote Subnet Mask 255 255 255 0 255 255 255 0 Local Subnet 192 168 1 0 192 168 2 0 Local Subnet Mas 255 255 255 0 255 255 255 0 Authenticate mode pre shared key pre shared key Pre shared key test test Table 41 Example IPsec configuration Examples of different options for configuration and authentication of IPsec tunnel can be found in the application note IPsec Tunnel 6 o SC z O S 2 O Gam 4 12 GRE Tunnels Configuration GRE is an unencrypted protocol To enter the GRE tunnels configuration select the GRE menu item The GRE tunnel is used for connection of two networks to one that appears as one homogenous It is possible to configure up to four GRE tunnels In the GRE Tunnels Configu
118. rname for login to DynDNS server Password Password for login to DynDNS server Server If you want to use another DynDNS service than www dyndns org then enter the update server service to this item If this item is left blank it uses the default server members dyndns org Table 49 DynDNS configuration Example of the DynDNS client configuration with domain conel dyndns org DynDNS Configuration Y Enable DynDNS client Hostname conel dyndns org Username conel Password conel Server can be blank Figure 48 Example of DynDNS configuration infoolucom de To access the router s configuration remotely it is neccessary to enable this in the NAT configuration bottom part of the form see chapter 4 9 www lucom de 67 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de B B AAE A 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE 4 16 NTP Client Configuration NTP client Configuration can be called up by option NTP item in the menu NTP Network Time Protocol allows set the exact time to the router from the servers which provide the exact time on the network By parameter Enable local NTP service router is set to a mode in which it operates as an NTP server for other devices in the LAN behind the router By parameter Enable local NTP service it is possible to set the router in mode that it can serve as NTP server for other devices
119. rt the SIM card when the router is powered up You can monitor the status configuration and administration of the router via the Web interface To access the router over the web interface enter http xxx xxx xxx xxx into the URL for the browser where xxx xxx xxx xxx is the router IP address The router s default IP address is 192 168 1 1 and only access via secured HTTPS protocol is available That implies the adress of the router has to be in https 192 168 1 1 syntax When accessing for the first time it will be necessary to install a security certificate To prevent the domain disagreement message of your browser follow the procedure described in the following subchapter Configuration may be performed only by the user root with initial password root SPECTRE v3 LTE Router Status General Status General Mobile Connection Mobile WAN 4 a SIM Card Primary WiFi IP Address Unassigned WiFi Scan State Offline Network More Information DHCP IPsec DynDNS IP Address 10 40 28 66 255 255 252 0 System Log MAC Address 7C 66 9D 38 30 FO Rx Data 4 2 MB Configuration Tx Data 140 8 KB Bridged Yes LAN VRRP Mobile WAN Secondary LAN PPPOE IP Address 10 40 28 66 255 255 252 0 WiFi MAC Address 7C 66 9D 38 30 F0 WLAN Rx Data 08 Tx Data Backup Routes Bridged More Information More Information IP Address Unassigned MAC Address 78 A5 04 22 2A 67 More Information Per
120. see chapter 4 3 1 General Create connection to mobile network Mobile WAN Primary SIM card WiFi Scan a Username Network DHCP Password o IPsec Authentication PAP or CHAP v Lo DynDNS IP Address g See Phone Number Configuration Operator x Network Type automatic selection v 5 RRP PIN A Mobile WAN MRU 1500 G hits MTU 1500 O WiFi l WLAN DNS Settings get from operator v Backup Routes DNS Server Firewall Figure 83 Access to the Internet from LAN Mobile WAN configuration To check whether the connection is working properly go to Mobile WAN item in the Sta tus section Information about operator signal strength etc is available At the bottom the message Connection successfully established will be written out In the Network item there is information about a newly created network interface usbO mobile connection IP address from operator route table etc can be found here Internet is accessible from LAN now www lucom de 101 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB mara IF ENABLING CONNECTED INTELLIGENCE URATION IN TYP SITUATIONS 7 2 Backed Up Access to the Internet from LAN Mobile network A ot a AP oe usbO IP from operator ethO Y 192 168 1 1 3 Poig wlanO IP from DHCP ETH Conel router ia eth1 ETH l 10 40 28 120 l
121. sion SNMPw1 5 mn org Operation Get EE dod _ Request binding E internet 1 sysLocation O DisplayString null o directory Response binding 40 mgmt 4 sysLocation O DisplayString Usti nad Orlici 55 73 74 69 20 6E 61 64 20 4F 72 6C 69 63 69 hex B mib 2 EE system sysDescr sysObjectlD sysUpTime amp ysContact sysName sysLocation OID 1 3 6 1 2 1 1 4 Ssmi COO 8 Figure 51 Example of the MIB browser It is important to set the IP address of the SNMP agent router in field Remote SNMP agent After enter the IP address is in a MIB tree part is possible show object identifier The path to objects is iso org dod internet private enterprises conel protocols The path to information about router is iso org dod internet mgmt mib 2 system infoolucom de www lucom de 72 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de B B SMARTWORX 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE 4 18 SMTP Configuration The item SMTP is used for configuring SMTP Simple Mail Transfer Protocol client for sending e mails CAI EA SMTP Server Address IP or domain address of the mail server SMTP Port Port the SMTP server is listening on Secure Method none SSL TLS or STARTTLS Secure method has to be sup ported by the SMTP serv
122. t M sE gt Pre shared Secret 2048 bit OpenVPN static key Figure 91 Secure networks interconnection OpenVPN configuration In the Status section Network item you can verify the activated network interface tunO for the tunnel with the IP addresses of the tunnel s ends set Successful connection can be verified in the System Log where Initialization Sequence Completed should be written out Networks are now interconnected it can be verified by the ping program also ping between tunnel s endpoints IP addresses from one of the routers console is accessible via SSH 107 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de c3 z le S 2 e Gam www lucom de BB S mar Won IFIGURATION IN TYP SITUATIONS ENABLING CONNECTED INTELLIGENCE 7 4 Serial Gateway Mobile Conel router network Router Sy usbO e aaa 10 0 6 238 RS232 RS485 Router Cable connection Wireless connection PLC ETH SCADA a LAN Figure 92 Serial Gateway topology of the example With the serial gateway you can enable the serial line communicating devices to access the internet or another network These devices meters PLC etc can upload and download the useful data then The situation is depicted in the fig 92 The Conel router has to have serial interface port RS232 or RS232 RS485 422 or RS232 RS485 ETH installed to ser
123. t Mask 255 255 255 0 Default Gateway 192 168 1 20 DNS Server 192 168 1 20 Bridged no Media Type auto negotiation PoE PSE disabled Y Enable dynamic DHCP leases IP Pool Start 192 168 1 2 IP Pool End 192 168 1 4 Lease Time 1600 Enable static DHCP leases MAC Address IP Address infoolucom de h f Figure 16 Example 3 LAN Configuration Page www lucom de 22 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SMARTWORX 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE 4 2 VRRP Configuration Select the VRRP menu item to enter the VRRP configuration VRRP protocol Virtual Router Redundancy Protocol allows you to transfer packet routing from the main router to a backup router in case the main router fails This can be used to provide a wireless cellular backup to a primary wired router in critical applications If the Enable VRRP is checked you may set the following parameters KC AA Virtual Server IP Address This parameter sets the virtual server IP address This ad dress must be the same for both the primary and backup routers Devices on the LAN will use this address as their default gateway IP address Virtual Server ID This parameter distinguishes one virtual router on the net work from another The main and backup routers must use the same value for this parameter
124. t SIM card when data limit isn t exceeded Switch to backup SIM card when binary input is active and switch to default SIM card when binary input isn t active Switch to default SIM card after timeout Initial Timeout 60 min Subsequent Timeout min Additive Constant min Enable PPPoE bridge mode can be blank Apply infoolucom de Figure 20 Mobile WAN configuration www lucom de 31 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de 17 10 15 BB SMARTWORX 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE Example 1 The figure below describes the situation when the connection to mobile network is controlled on the address 8 8 8 8 in the time interval of 60 s for primary SIM card and on the address www google com in the time interval 80 s for secondary SIM card In the case of traffic on the router the control pings are not sent but the traffic is monitored The feature of check connection to mobile network is necessary for uninterrupted operation Check Connection enabled z enabled Ping IP Address 8 8 www google com Ping Interval 80 Enable traffic monitoring Figure 21 Example 1 Mobile WAN configuration Example 2 The following configuration illustrates the situation in which the router switches to a backup SIM card after exceeding the data limits of 800 MB Warning SMS is sent upo
125. t message 3 3 Status 4 3 1 General iStalUs ocean 65 446 S565 SEG Eee a 4 3 1 1 Mobile Connection 2 e a 4 3 1 2 Primary LAN Secondary LAN Tertiary LAN WiFi 5 34 3 Peripheral POrtS 22 0424 cos ea a a a e es 5 3 1 4 System Informati0N o e 6 3 2 Mobile WAN Status o e 6 NR a aa 9 3 4 WIRSCaN sa craon tee Pans a eee ee eee es eee 10 3 5 Network stalUs or jets eens a es ae See ee 12 3 6 DHCP Status 25 42 22 4 8 4 oe eee ee Eee eee Bebe Ad eG 14 37 IPsec Status E oa 15 3 8 IDVHDNStstatuSie eee st ES a a se ra 15 3 9 Systemi Log nia ss a be eee Be ee ee 16 4 Configuration 18 4 1 LAN Configuration Ei s e Anona ee 18 4 2 VRRP Configuration e 23 4 3 Mobile WAN Configuration a ee eee eee 26 4 3 1 Connection to Mobile Network aoaaa a 26 4 3 2 DNS Address Configuration ooa a 27 4 3 3 Check Connection to Mobile Network Configuration 27 4 3 4 Data Limit Configuration aaa ee 28 4 3 5 Switch Between SIM Cards Configuration 29 4 3 6 PPPoE Bridge Mode Configuration 30 4 4 PPPoE Configuration 2 2 2 0 00 A ee 33 4 5 WiFi Configuration 22222 e a ee ew eh oe ante abet bas ee 34 4 6 WLAN Configuration 00 002 ee es 39 A Backup Routes 2 2 a Se oe ee eee o ee ee Oe ee ee 41 4 8 Firewall Configuration 0 o
126. t of short messages AT CMGL Lists messages of a certain status from a message storage area AT CMGR Reads a message from a message storage area AT CMGS Sends a short message from the device to entered tel number AT CMGW Writes a short message to SIM storage AT CMSS Sends a message from SIM storage location value AT COPS Identifies the available mobile networks AT CPIN Is used to query and enter a PIN code AT CPMS Selects SMS memory storage types to be used for short message operations AT CREG Displays network registration status AT CSCA Sets the short message service centre SMSC number AT CSCS Selects the character set AT CSQ Returns the signal strength of the registered network AT GMI Returns the manufacturer specific identity AT GMM Returns the manufacturer specific model identity AT GMR Returns the manufacturer specific model revision identity AT GSN Returns the product serial number ATE Determines whether or not the device echoes characters ATI Transmits the manufacturer specific information about the device Table 62 List of AT commands A detailed description and examples of these AT commands can be found in the application note AT commands 9 Example 1 SMS sending configuration infoOlucom de After powering up the router at the mentioned the phone number comes SMS in this form Router Unit ID has been powered up Signal strength xx dBm After connect to mobile network at the mentioned phone number co
127. ta transmitted sent and received over GPRS in one billing period month Warning Threshold Parameter Warning Threshold determine per cent of Data Limit in the range of 50 to 99 which if is exceeded then the router sends SMS in the form Router has exceeded value of Warning Threshold of data limit Accounting Start Parameter sets the day of the month in which the billing cycle starts SIM card used Start of the billing period defines the op erator which gives the SIM card The router begin to count the transferred data since that day info lucom de Table 22 Data limit configuration If parameters Switch to backup SIM card when data limit is exceeded and switch to default SIM card when data limit isn t exceeded see next subsection or Send SMS when datalimit is exceeded see SMS configuration are not selected the data limit will not count using the oldest versions of Conel routers www lucom de 28 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB S mar Won 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE 4 3 5 Switch Between SIM Cards Configuration At the bottom of configuration it is possible to set rules for switching between two APN s on the SIM card in the event that one SIM card is inserted or between two SIM cards in the event that two SIM cards are inserted CA EI Default SIM card This parameter sets default APN or SI
128. tatus General nable expansion port 1 access over TCP UDP Mobile WAN Port Type Rez yi Baudrate 9600 v WiFi Scan a 3 o Data Bits v DHCP Parity none v IPsec Stop Bits 1 v DynDNS Split Timeout 20 msec System Log Protocol TCP v Configuration Mode server v A LAN Server Address ie o VRRP TCP Port 2345 gt Mobile WAN PPPoE _ Check TCP connection WiFi Keepalive Time 3600 sec WLAN Keepalive Interval 10 sec Ba ts Keepalive Probes 5 Firewall NAT _ Use CD as indicator of TCP connection OpenVPN _ Use DTR as control of TCP connection IPsec GRE L2TP PPTP DynDNS NTP SNMP SMTP Expansion Port 1 Apply Figure 93 Serial Gateway konfigurace Expansion Port 1 To communicate with the serial device PLC connect from the PC in fig 92 labeled as SCADA as a TCP client to the IP address 10 0 6 238 port 2345 public IP address of the SIM card used in the Conel router corresponding to the usb0 network interface Devices can now communicate To check the connection go to System Log Status section and look for the TCP connection established message 109 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de infoolucom de www lucom de BB ARTS Ee PS RECOMMENDED LITERATURE ENABLING CONNECTED INTELLIGENCE 8 Recommended Literature 1 Conel Commands and Scrip
129. trusted network Internet see fig 90 In Conel routers you can use more ways protocols for this reason e OpenVPN it is also configuration item in the web interface of the router see chapter 4 10 or Application Note 5 e Psec it is also configuration item in the web interface of the router see chapter 4 11 or Application Note 6 infoolucom de You can create also non encrypted tunnels GRE PPTP and L2TP with Conel router In combination with IPsec you can use GRE or L2TP tunnel to create VPN There is an example of OpenVPN tunnel in the fig 90 These are the prerequisites for this example knowledge of the opposite router IP address knowledge of the opposite network IP address not necessary and knowledge of the pre shared secret key To create the OpenVPN tunnel it is necessary to configure the Mobile WAN and OpenVPN items in the Configuration section www lucom de 106 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de 17 10 15 B B SMARTARE IGURATION IN TYP SITUATIONS ENABLING CONNECTED INTELLIGENCE Mobile WAN configuration The mobile connection can be configured the same way as in the previous situations router connects itself after inserting the SIM card into SIM1 slot and attaching the antenna to the ANT connector configuration is accessible in the Configuration section the Mobile WAN item see chapter 4 3 1 where mobile
130. ts for v2 and v3 Routers Application Note 2 Conel SmartCluster Application Note 3 Conel R SeeNet Application Note 4 Conel R SeeNet Admin Application Note 5 Conel OpenVPN Tunnel Application Note 6 Conel IPsec Tunnel Application Note 7 Conel GRE Tunnel Application Note 8 Conel SNMP Object Identifier Application Note 9 Conel AT Commands Application Note infoolucom de www lucom de 110 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de
131. tunnel interface ipsecO IPSec tunnel interface gre GRE tunnel interface lo Local loopback interface Table 12 Description of interface in network status Each of the interfaces shows the following information CA PAI HWaddr Hardware unique address of networks interface inet IP address of interface P t P IP address second ends connection Beast Broadcast address cd Mask Mask of network MTU Maximum packet size that the equipment is able to transmit Metric Number of routers over which packet must go trought RX e packets received packets E e errors number of errors O e dropped dropped packets E e overruns incoming packets lost because of overload e frame wrong incoming packets because of incorrect packet size Continued on next page www lucom de 12 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SMARTW RX J 3 STATUS ENABLING CONNECTED INTELLIGENCE Continued from previous page CA PA TX e packets transmit packets e errors number of errors e dropped dropped packets e overruns outgoing packets lost because of overload e carrier wrong outgoing packets with errors resulting from the physical layer collisions Number of collisions on physical layer txqueuelen Length of front network device RX bytes Total number of received bytes TX bytes Total number of transmitted bytes Tab
132. ued on next page www lucom de 35 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SMARTW RX 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE Continued from previous page KC DESC ri ption WEP Key Type Type of WEP key for WEP encryption e ASCII WEP key is entered in ASCII format e HEX WEP key is entered in hexadecimal format WEP Default Key Specifies default WEP key WEP Key 1 4 Items for different four WEP keys e WEP key in ASCII format must be entered in quotes and must have the following lengths 5 ASCII characters 40b WEP key 13 ASCII characters 104b WEP key 16 ASCII characters 128b WEP key e WEP key in hexadecimal format must be entered using only hexadecimal digits and must the following lengths 10 hexadecimal digits 40b WEP key 26 hexadecimal digits 104b WEP key 32 hexadecimal digits 128b WEP key WPA PSK Type The type of encryption when WPA PSK authenticating e 256 bit secret e ASCII passphrase e PSK File WPA PSK Key for WPA PSK authentication This key must be entered accord ing to the selected WPA PSK type as follows e 256 bit secret 64 hexadecimal digits e ASCII passphrase from 8 to 63 characterswhich are subse quently converted into PSK infoOlucom de e PSK File absolute path to the file containing the list of pairs PSK key MAC address Continu
133. ult SIM card when binary input isn t active V Switch to default SIM card after timeout Initial Timeout 60 min min Subsequent Timeout 40 Additive Constant 10 min Figure 23 Example 3 Mobile WAN configuration 32 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de infoolucom de www lucom de 17 10 15 BB SMARTW RX 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE 4 4 PPPoE Configuration To enter the PPPoE configuration select the PPPoE menu item If the Create PPPoE con nection option is selected the router tries to establish PPPoE connection after switching on PPPoE Point to Point over Ethernet is a network protocol which PPP frames encapsulat ing to the Ethernet frames PPPoE client to connect devices that support PPPoE bridge or a server typically ADSL router After connecting the router obtains the IP address of the device to which it is connected All communications from the device behind the PPPoE server is forwarded to industrial router PPPoE Configuration C Create PPPoE connection Username Password Authentication PAP or CHAP a MRU 1492 bytes MTU 11492 bytes Get DNS addresses from server Figure 24 PPPoE configuration KC PA Username Username for secure access to PPPoE Password Password for secure access to PPPoE Authentication Authentication protoc
134. uration 200000000 60 42 Overview GRE tumelS o 00000 eee eee ee 61 43 GRE tunnel configuration 2 000002 ee eee eee 61 44 Example GRE tunnel configuration o o e e 62 45 L2TP tunnel configuration 2 20200 eee 63 46 Example L2TP tunel configuration 0 e e e o 64 47 PPTP tunnel configuration e 65 48 Example PPTP tunel configuration 0 o e 66 49 DynDNS configuration 2 0002 eee ee ee 67 50 NTP configuration 0 000002 ee ee 68 51 SNMP agentconfiguration 0 000 e 69 52 SNMPvS configuration o a 69 53 SNMP configuration R SeeNet 0 e e 70 54 Object identifier for binary input and output o o 70 55 SMTP client configuration o e o 73 56 Send SMS configurati0N 0000 eee ee 74 57 Control via SMS configuration o o 2 0002 75 58 Control SMS 25 2462628252545 25 a A a ees 75 59 Send SMS on serial PORT1 configuration 20 76 60 Send SMS on serial PORT2 configuration 00 76 61 Send SMS on ethernet PORT1 configuration 76 62 ListofATcommands 0 0000 eee ee 77 63 Expansion Port configuration serial interface 81 64 Expansion Port configuration Check TCP c
135. utes Firewall Apply Figure 86 Backed up access to the Internet WLAN configuration o SC z O S 2 e Gam Mobile WAN configuration To configure the mobile connection it is sufficient to insert the SIM card into the SIM1 slot and attach the antenna to the ANT connector as in previous situation depending on used SIM card For using the system of backup routes it s necessary to enable check of connection in the Mobile WAN item see fig 88 Set the Check connection option to enabled bind and fill in an IP adress of e g operator s DNS server or any other surely available server and time interval of the check For detailed configuration see chapter 4 3 1 www lucom de 103 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de 17 10 15 BB aro ENABLING CONNECTED INTELLIGENCE General Mobile WAN WiFi WiFi Scan Network DHCP IPsec DynDNS System Log Configuration LAN VRRP Mobile WAN Backup Routes Firewall NAT OpenVPN IPsec GRE 1 gt TD Figure 87 General Mobile WAN WiFi WiFi Scan Network DHCP IPsec DynDNS System Log Configuration join WiFi WLAN Backup Routes Firewall NAT OpenVPN IPsec GRE L2TP nera Backed up access to the Internet WiFi configuration Create connection to mobile network Primary SIM card Enable WiFi Operating Mode station STA
136. ve as a serial gateway Configuration is done in the Mobile WAN and Expansion Port 1 items or Expansion Port 2 for RS422 and RS485 in the Configuration section of the web interface In this situation the router is equipped with the RS232 interface port Mobile WAN configuration is the same as in the previous situations Just insert the SIM card into the SIM1 slot at the back of the router and attach the antenna to the ANT connector at the front No extra configuration is needed depending on the SIM card used for more details see chapter 4 3 1 infoolucom de Expansion Port 1 configuration The interface RS232 port can be configured in the Con figuration section Expansion Port 1 item see fig 93 It s necessary to enable the RS232 port checking the Enable expansion port 1 access over TCP UDP lt is possible to edit the serial communication parameters not needed in this situation Important are Protocol Mode and Port items where parameters of communication out to the network and internet can be www lucom de 108 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de 17 10 15 B B MARITIMA IFIGURATION IN TYP SITUATIONS ENABLING CONNECTED INTELLIGENCE configured The TCP protocol is chosen in this situation and the router will work as the server listening on the 2345 TCP port Confirm the configuration clicking the Apply button S
137. w y Z 142 2 26 54 ICMP y allow v lall Y allow all allow Y infoolucom de all allow we 1 eee l all allow all y allow Y Figure 30 Example firewall configuration www lucom de 45 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SMARTWORX 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE 4 9 NAT Configuration To enter the Network Address Translation configuration select the NAT menu item NAT Network address Translation Port address Translation PAT is a method of adjusting the net work traffic through the router default transcript and or destination IP addresses often change the number of TCP UDP port for walk through IP packets The window contains sixteen entries for the definition of NAT rules KC EA Public Port Public port Private Port Private port Type Protocol selection Server IP address IP address which will be forwarded incoming data Table 33 NAT configuration If necessary you can set more than sixteen NAT rules insert them into start up script Startup Script item in the Configuration section by typing the following iptables t nat A napt p tcp dport PORT _PUBLIC j DNAT to destination IPADDR PORT1 _PRIVATE Concrete IP address IPADDR and ports numbers PORT_PUBLIC and PORT_PRIVATE are filled up into squ
138. ware Source HTTP S FTP S M Base URL http router cz Unit ID temelin Update Hour 1 can be blank Figure 67 Example of automatic update 1 The following examples find if there is a new firmware or configuration each day at 1 00 in the morning An example is for the SPECTRE v3 LTE type of router with MAC address 00 1 1 22 33 44 55 e Firmware http router cz SPECTRE v3 LTE bin e Configuration file http router cz 00 11 22 33 44 55 cfg Automatic Update W Enable automatic update of configuration Enable automatic update of firmware Source HTTP S FTP S M Base URL http router cz Unit ID infoolucom de Update Hour 1 can be blank Figure 68 Example of automatic update 2 Firmware update can cause incompatibility with the user modules lt is recommended to db update user modules to the most recent version Information about the user module and the firmware compatibility is at the beginning of the user module s Application Note www lucom de 91 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de BB SMARTWORX J 5 CUSTOMIZATION ENABLING CONNECTED INTELLIGENCE 5 Customization 5 1 User Modules Configuration of user modules can be accessed by selecting the User Modules item lt is possible to add new modules delete them or switch to their configuration Use the Browse button to select the user m
139. way Lifetime Rekey margin random value in range from 0 to Rekey margin Rekey Fuzz 100 By default the repeated exchange of keys held in the time range e Minimal time 1h 9m 9m 42m e Maximal time 1h 9m 0m 51m When setting the times for key exchange is recommended to leave the default setting in which tunnel has guaranteed security When set higher time tunnel has smaller operating costs and smaller the safety Conversely reducing the time tunnel has higher operating costs and higher safety of the tunnel The changes in settings will apply after pressing the Apply button infoolucom de www lucom de 58 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de eB SMARTW RX 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE IPsec Tunnel Configuration O Create 1st IPsec tunnel Description Remote IP Address Remote ID Remote Subnet Remote Subnet Mask Remote Protocol Port Local ID Local Subnet Local Subnet Mask Local Protocol Port Encapsulation Mode tunnel NAT Traversal disabled IKE Mode IKE Algorithm IKE Encryption IKE Hash IKE DH Group ESP Algorithm auto ESP Encryption DES ESP Hash MD5 PFS disabled PFS DH Group 2 Key Lifetime IKE Lifetime Rekey Margin Rekey Fuzz DPD Delay DPD Timeout Authenticate Mode pre shared key P
140. y Protocol Table 52 SNMPv3 configuration www lucom de 69 17 10 15 LUCOM GmbH Ansbacher Str 2a 90513 Zirndorf Tel 09127 59 460 10 Fax 09127 59 460 20 www lucom de B B AAE A 4 CONFIGURATION ENABLING CONNECTED INTELLIGENCE By choosing Enable I O extension it is possible to monitor binary inputs I O on the router Enabling Enable M BUS extension has no meaning at this time since v3 routers doesn t allow the installation of the M BUS port yet By choosing Enable reporting to supervisory system and enter the P Address and Period it is possible to send statistical information to the monitoring system R SeeNet CA EX IP Address IP address Period Period of sending statistical information in minutes Table 53 SNMP configuration R SeeNet Every monitor value is uniquely identified by the help of number identifier O D Object Identifier For binary input and output the following range of OID is used CTA AAA 1 3 6 1 4 1 30140 2 3 1 0 Binary input BINO values 0 1 1 3 6 1 4 1 30140 2 3 2 0 Binary output OUTO values 0 1 1 3 6 1 4 1 30140 2 3 3 0 Binary input BIN1 values 0 1 Table 54 Object identifier for binary input and output All SPECTRE v3 routers also provide information about internal temperature of the device OID 1 3 6 1 4 1 30140 3 3 and power voltage OID 1 3 6 1 4 1 30140 3 4 The list of available and supported OIDs and other details can be found in the application note
141. yp Situations Although Conel routers have wide variety of usage they are used in these typical situations mostly In this chapter there are four examples of router s configuration in the typical situations Examples include the configuration of all items needed for router to work properly in that situation 7 1 Access to the Internet from LAN Mobile Conel router network Router usbO IP from operator Q ethO SY LR an e 192 168 1 1 ETH Cable connection Wireless connection Figure 81 Access to the Internet from LAN topology of the example There is topology of this easy example shown on the fig 81 To connect to the Internet via mobile network the SIM card with the data tariff has to be available from the operator This basic router s function does not need any configuration in this case It is sufficient to put the SIM card into the SIM1 slot Primary SIM card attach the antenna to the ANT connector and connect the computer or switch and computers to the router s ETHO interface LAN Wait a moment after turning on the router It will connect to the mobile network and the Internet signalized by LEDs on the front panel of the router WAN and DAT Additional configuration can be done in the LAN and Mobile WAN items in the Configuration section of the web interface infoolucom de LAN configuration The factory default IP adress of the ethO router s interface is in the form of 192 168 1
Download Pdf Manuals
Related Search